-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Atom Smasher wrote:
pgp Key Signing Observations: Overlooked Social and Technical
Considerations
http://www.linuxsecurity.com/content/view/121645/49/
there's a few sections in that article that might be of interest.
Indeed, thank you Atom!
On Thu, 6 Jul 2006, Todd Zullinger wrote:
I was wondering if some folks here have detailed their challenge
policies and procedures and if you'd mind sharing them if you have? Even
handier would be some scripts to help in the automation of this task.
;)
==
pgp Key Signing
Hi,
Alphax schrieb:
Suppose you send an email to Address W and encrypt an authentication
token to Key X. You recieve a reply from Address Y, containing the
authentication token, which has been signed with Key Z.
This tells you that /someone/ with access to W has recieved a message;
On Sunday 09 July 2006 06:27, Alphax wrote:
Michael Kallas wrote:
David Shaw schrieb:
I've been away on vacation and only picked up this thread now.
This statement is not correct. Back in the PGP 2.x days, this
might have been true, but with OpenPGP, there is no particular
requirement
David Shaw schrieb:
I've been away on vacation and only picked up this thread now. This
statement is not correct. Back in the PGP 2.x days, this might have
been true, but with OpenPGP, there is no particular requirement that
the ability to sign and the ability to decrypt are connected. You
Michael Kallas wrote:
David Shaw schrieb:
I've been away on vacation and only picked up this thread now. This
statement is not correct. Back in the PGP 2.x days, this might have
been true, but with OpenPGP, there is no particular requirement that
the ability to sign and the ability to
Am Freitag, 7. Juli 2006 06:31 schrieb Todd Zullinger:
What I don't see in any of the links is more information about
sending an email challenge before signing a key. (My apologies if
I'm overlooking it on your page or any of the others.)
It's been discussed here before but I've not found
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about sending
an email challenge before signing a key. (My apologies if I'm
overlooking it on your page or any of the others.)
Before I used a protocol to signing keys where I sent out random
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Klöcker wrote:
Try CA-Bot (http://cabot.alioth.debian.org/).
Thanks Ingo.
I haven't used it myself because I'm using a self-written script for
creating challenges with KMail.
Could you elaborate a little on the procedure you use to generate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus Frings wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about
sending an email challenge before signing a key. (My apologies if
I'm overlooking it on your page or any of the
On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about sending
an email challenge before signing a key. (My apologies if I'm
overlooking it on your page or any of the others.)
Before I
On Friday 07 July 2006 16:56, Todd Zullinger wrote:
Ingo Klöcker wrote:
I haven't used it myself because I'm using a self-written script
for creating challenges with KMail.
Could you elaborate a little on the procedure you use to generate the
challenges? I'd love to have some examples of
On Friday 07 July 2006 17:09, Todd Zullinger wrote:
Marcus Frings wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about
sending an email challenge before signing a key. (My apologies if
I'm overlooking it on your page or any of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ingo Klöcker wrote:
On Friday 07 July 2006 17:09, Todd Zullinger wrote:
[...]
But that does mean that you can't get a signed key to someone if
the key you've signed doesn't have any encryption capabilities,
correct?
That's obviously correct. In
On Fri, Jul 07, 2006 at 11:19:47AM +0200, Marcus Frings wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about sending
an email challenge before signing a key. (My apologies if I'm
overlooking it on your page or any of the others.)
On Fri, Jul 07, 2006 at 08:39:37PM +0200, Ingo Klöcker wrote:
On Friday 07 July 2006 17:09, Todd Zullinger wrote:
Marcus Frings wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about
sending an email challenge before signing a
On Fri, Jul 07, 2006 at 04:15:03PM -0400, Todd Zullinger wrote:
Ingo Klöcker wrote:
On Friday 07 July 2006 17:09, Todd Zullinger wrote:
[...]
But that does mean that you can't get a signed key to someone if
the key you've signed doesn't have any encryption capabilities,
correct?
* Ingo Klöcker [EMAIL PROTECTED] wrote:
On Friday 07 July 2006 17:09, Todd Zullinger wrote:
Have you found in practice that you don't run into many sign-only
keys that you are asked to certify?
Among a few hundreds keys I've signed so far only a handful were
sign-only or certification-only
On Fri, Jul 07, 2006 at 07:22:40PM +0200, Mark Kirchner wrote:
On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
What I don't see in any of the links is more information about sending
an email challenge before signing a key. (My apologies if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi David,
David Shaw wrote:
I've been away on vacation and only picked up this thread now.
Hope it was relaxing. Welcome back seems like a negative thing to
say. ;)
This statement is not correct. Back in the PGP 2.x days, this might
have been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I'm putting together a short talk for my local LUG as we're planning
to have a keysigning party in the near future and some folks want to
hear more details so they'll understand better.
I was wondering if some folks here have detailed their
* Todd Zullinger [EMAIL PROTECTED] wrote:
I was wondering if some folks here have detailed their challenge
policies and procedures and if you'd mind sharing them if you have?
Even handier would be some scripts to help in the automation of this
task. ;)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus Frings wrote:
* Todd Zullinger [EMAIL PROTECTED] wrote:
I was wondering if some folks here have detailed their challenge
policies and procedures and if you'd mind sharing them if you have?
Even handier would be some scripts to help in the
23 matches
Mail list logo