ol due to
expiry of the CRL
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
--
cceptance information in the
package.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60
On 14.10.2019 22:45, Werner Koch wrote:
> On Mon, 14 Oct 2019 20:43, Kristian Fiskerstrand said:
>
>> was suggested by Kristian and Andre: talking to SCDaemon (scd) with IPC.
>> Details need to be discussed, but it would be an optional solution, that
>
> Given that
ndows) with usual user
system protection? Or... extend the RNP library to talk to scd? Needs
discussion and contributors, but that should wait until we're certain
what library TB will use.
"""
References:
[notes]
https://wiki.gnupg.org/OpenPGPEmailSummit201910Notes
--
-
On 30.08.2019 01:02, Brian Minton wrote:
> On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote:
>> On 4/25/19 9:20 AM, Bernhard Reiter wrote:
>>> Wikipedia points out a strong sensitivity of the algorithm to the quality
>>> of
&
ion]
https://gnupg.org/faq/subkey-cross-certify.html
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD
On 7/3/19 3:20 PM, Andrew Gallagher wrote:
> On 03/07/2019 13:45, Kristian Fiskerstrand wrote:
>> There are various ways this can be used for other
>> attack vectors as well, so they are mostly just ignored.
>
> Any of those attack vectors applicable to keyservers attempt
specification of TPK URI for refresh is privacy issues related to
callbacks and/or DoS. There are various ways this can be used for other
attack vectors as well, so they are mostly just ignored.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
h
> keys.
This isn't really a major point given rfc6979 (
https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the
Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature
Algorithm (ECDSA)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital
ble anyways by updating the flags on its self-signature)
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE
> On 17 Oct 2018, at 14:26, Sandro Knau� wrote:
>
> Hey,
>
>> - Friday evening: we will meet at the Winery (Trois Tilleuls Street 1, 1170
>> – Brussels, www.winery.be ). People from Mailfence will be there from
>> 19:30, I will arrive a little later.
I’ve arrived in brussels and checked into
On 9/7/18 9:19 PM, Daniel Kahn Gillmor wrote:
> On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote:
>> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote:
>>> I'm unable to replicate this. here's a transcript of my session,
>>> testing pinentry-qt 1.1.0-1+b1 a
On 9/7/18 2:31 PM, Kristian Fiskerstrand wrote:
> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote:
>> I'm unable to replicate this. here's a transcript of my session,
>> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian
>> testing/unstable:
>
> which desktop
n testing with Cinnamon selected during install.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60
On 9/5/18 9:39 AM, Kristian Fiskerstrand wrote:
> without DISPLAY env var, qt version automatically falls back to curses
> variant despite the argument
Wrote too quickly there; This is actually wrong, it never actually falls
back to curses, it just
n pinentry 1.1.0 on gnupg 2.2.10
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
On 08/29/2018 12:41 AM, Kristian Fiskerstrand wrote:
> On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote:
>> On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote:
>>> Hi all, since some days I'm having an issue with pinentry, I've set the
>>> default agent as p
ISPLAY (as far as I've gotten in
my debugging that is the only diff in the env vars between the direct
invocation and the bash propmpted one, it might not be ultimately relevant)
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
ut why would it respond to such a host on
port 80? it responds to keys.gnupg.net on 11371 (default HKP port) as it
should. Fut for HKPS/HTTPS there aren't any expectations for
certificates for the SNI etc, hkps.pool.sks-keyservers.net is used for
that by default.
--
----
Kristian
ely, in case there is sync issue
and that has been updated without secring being updated.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3
m path length is three."
>
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
Kristian Fiskerstrand
Blog: https://bl
On 04/17/2018 10:48 PM, Paul H. Hentze wrote:
>
>
> On 17.04.2018 17:48, Daniel Kahn Gillmor wrote:
>> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote:
>>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote:
>>>> Actually those commands
>>>
rsion if needed.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Hi
changed. This is not allowed." and it did that with every file in that
> folder.
Seems like a mixup of chmod and chown there, although make sure the user
is correct as well.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifis
On 02/22/2018 11:13 PM, Kristian Fiskerstrand wrote:
> On 02/22/2018 11:03 PM, Henry wrote:
>> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
>> <kristian.fiskerstr...@sumptuouscapital.com>:
>>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>>> Touché :) I
On 02/22/2018 11:03 PM, Henry wrote:
> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
> <kristian.fiskerstr...@sumptuouscapital.com>:
>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>> Touché :) Indeed, didn't notice it was an old file/signature , then
>> gnupg 1
On 02/21/2018 11:53 AM, Peter Lebbing wrote:
> On 21/02/18 10:48, Kristian Fiskerstrand wrote:
>>>gpg: Signature made Tue May 4 23:03:11 2004 JST
>> [...]
>>
>> The author should sign the package using a more modern and secure keyblock.
> Note that not the ke
be doing
> wrong. Any help or suggestions much appreciated. TIA
The author should sign the package using a more modern and secure keyblock.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPG
ularly.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Manus manum lavat
On
On 02/03/2018 04:15 PM, Pijus Kar wrote:
> Is it something for the version incompatibility or in the key?
As far as I can see the keyblock referenced is DSA2, which is specified
in FIPS-186-3 from 2009, and you're using a gnupg version from 2002.
--
----
Krist
On 01/22/2018 08:33 AM, Werner Koch wrote:
> That is an acceptable user-id. I would have used a dot as delimiter but
> that is a personal taste.
Dot is a permitted part of username in POSIX though, while : is not :)
--
----
Kristian Fiskerstrand
Blog:
sed by gpgscm by default.
* Parallel tests fail if building without tofu support
* sparc architecture has a failure in
tests/openpgp/quick-key-manipulation.scm:219 on assert
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
---
On 01/17/2018 01:20 AM, Daniel Kahn Gillmor wrote:
> On Tue 2018-01-16 22:56:58 +0100, Kristian Fiskerstrand wrote:
>> thanks for this post Daniel, my primary question would be what advantage
>> is gained by this verification being done by an arbitrary third party
>> rathe
erver action doing this would just shift
responsibilities to a third party for something better served (and
already happens) locally.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at h
On 01/16/2018 10:33 PM, Matthias Mansfeld wrote:
> On 16 Jan 2018 at 20:08, Kristian Fiskerstrand wrote:
>
>> On 01/16/2018 07:50 PM, Andrew Gallagher wrote:
>>> Agreed. I was thinking more along the lines of having some method of
>>> causing signature vandalism t
On 01/16/2018 11:40 AM, Stefan Claas wrote:
> Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
>
>> On 01/15/2018 09:23 PM, Stefan Claas wrote:
>>> No? I for one would like to be sure that i am the only person who
>>> can upload my public key to a key s
ernmental issued ID at some point.
But yes, this comes back to security != privacy
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB A
nny sks"]
https://sks-keyservers.net/pks/lookup?op=vindex=0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyserv
of any production rollout, although I believe a
proof of concept was written based on it for a thesis.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fp
is also a questionable matter,
as the full data store is downloadable, so anyone can download it
containing the data wanting to be hidden.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public Open
EmailValidation?action=AttachFile=get=EmailValidation20151207.pdf
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 30
fic CA is left to the user performing the trust calculation,
incidentally also allowing for signatures from multiple CAs.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://po
On 01/06/2018 12:23 AM, Lou Wynn wrote:
> On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote:
>> On 01/05/2018 05:29 PM, Lou Wynn wrote:
>>> The auditing key is certified by the root key and stays with the latter
>>> in my design. Only the administrator can make policy
On 01/05/2018 05:29 PM, Lou Wynn wrote:
> On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote:
>> There are easily scenarios where a customer forgets to add the "auditing
>> key", making the data unavailable to the organization, in particular in
>> context of loss
ith libgcrypt's gcry_pk_get_keygrip()
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-
oyee has private key for
primary the individual can create new subkeys, and the primary will
always have signing capability (if not always specified as usage flag).
In most setups the employee won't need/shouldn't have the private key
info for the primary for this (and a few other) reasons.
--
On 01/05/2018 09:41 AM, Lou Wynn wrote:
> On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote:
>> Businesses have reasonable need to access their data, so they need to
>> have access to his private keys, which contradicts "which
>> is meant to prevent others from using h
On 01/05/2018 01:46 AM, Lou Wynn wrote:
> On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote:
>> On 01/05/2018 01:12 AM, Lou Wynn wrote:
>>> I guess that you've missed somewhere I said in my previous posts that
>>> the end user chooses his own password to prot
riorities, if the corporation
doesn't have access to the data (without the specific encryption key
being included) what is the value?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblo
On 01/05/2018 01:04 AM, Lou Wynn wrote:
> On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote:
>> On 01/04/2018 11:24 PM, Lou Wynn wrote:
>> but you add the requirement that all end users sending email to you
>> require to validate the auditing key as well (auditing is
proposal would
require client handling of e.g notation data?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109
validate the auditing key as well (auditing is likely wrong
word, archiving is more likely relevant). for auditing you certainly
want gpg-agent monitoring of assuan channel in separate domain.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter:
l
> client, which includes the client plugin.
I don't see this as disagreeing, this means you don't have any benefit
from storing the email in encrypted form once it hits the corporate
network, so you're better off decryption it at gateway anyways.
--
--
On 01/04/2018 10:38 PM, Lou Wynn wrote:
> On 01/04/2018 03:02 AM, Kristian Fiskerstrand wrote:
>> On 01/04/2018 02:34 AM, Lou Wynn wrote:
>>> No, there is no business unit level certifying key. An enterprise only
>>> has one root key, which is the ultimate certificat
alive) ? That never exposes key material to client, i.e always operates
within corporate infrastructure and removes a lot of complexity and
allows for easier indexing/searching.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @k
material (but it would require some setup to ensure they don't have
it, so smartcard is generally easier)
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
gt;
> - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“)
> not work?
Algorithm IDs are not directly tied to curves, so that would be more
related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs.
--
----
Kristian Fis
ame
Name-Email: m...@example.com
Creation-Date: 20170801T18
Expire-Date: 0
%commit
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3
ice.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Expect the best.
rks quite well with K9Mail from
OpenKeychain.. Not that it should be used too much, a smartphone is one
of the least secure devices around.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP
y any chance of a proper security for others.
Which incidentally is similar to a lot of other over-simplification and
interconnections throughout the world, but that is a separate
discussion. Finding the least common denominator and simplify everything
to the absurd, no matter the consequences.
--
has to be a binary obfuscated mess instead of
trying to re-use well-established protocols in text form, just in case
the user walks into the maze for some reason.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
itionally, they are stubs, as indicated by the "#"-sign, so not
available on the computer you're executing the signature operation on.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keybloc
On 09/22/2017 10:48 PM, Stefan Claas wrote:
> On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote:
>>> And in place of the fake sigs it says erroneous MPI value. :-)
>>
>> And what happens if you do gpg --import-options import-clean
>> --recv-key ? is
On 09/22/2017 10:29 PM, Stefan Claas wrote:
> On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote:
>> On 09/22/2017 10:08 PM, Stefan Claas wrote:
>>> Thanks for the information! Can you tell me please how to import
>>> a pub key with a local client, so that
--check-sigs report?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
---
On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote:
> So all is as it is supposed to be
Just to add, the alternative if not considering WoT is a direct
validation structure, a user in this case should only (locally) sign
keyblock information of communication peers after a direct fingerpr
alid data, including invalid signatures,
results in discarding of the data, which would filter out the signature
in this case.
So all is as it is supposed to be
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
---
COURT OF APPEALS
No. 15-CF-322
09/21/2017
P RINCE J ONES , A PPELLANT ,
V .
U NITED S TATES , A PPELLEE .
Appeal from the Superior Court
of the District of Columbia
(CF1-18140-13)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
T
o I'd likely use a custom pinentry, that'd be the same
recommendation for a password manager etc, as for security info is
passed in the socket that is protected using regular unix user
permissions / ACLs and anyways same as regular pinentry uses.
--
----
Kristian Fiskerstrand
On 07/27/2017 05:29 PM, Stefan Claas wrote:
> On Wed, 26 Jul 2017 23:41:23 +0200, Kristian Fiskerstrand wrote:
>> On 07/24/2017 04:27 PM, Stefan Claas wrote:
>>> The file is signed and can be verified. Just wondering (after
>>> googling) what this means, becaus
5c80f2
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Amantes sunt a
g the
particular keys (as well as protecting against several other threat
vectors)?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-ke
em directory?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Histo
sers/2017-March/057877.html
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Better to keep your
On 06/14/2017 07:38 AM, Yanzhe Lee wrote:
> Maybe there was a priority when sign files with RSA and ECC keys? How
> can I override it?
Try adding a "!" suffix to the fingerprint specification of the subkey
--
----
Kristian Fiskerst
tion, you'd want the
tofu model in gpg 2.1?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED
d by a local
CAkey anyways? Doing a manual graphical verification doesn't seem to
provide anythin in terms of security here.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock
, those got
lost at the revocation point, but your new contacts can sign the new UID
without issue.
Deleting the old UID will have no practical effect if it has been
distributed to a keyserver historically.
--
----
Kristian Fiskerstrand
Blog: https://blog.sump
r versions of
2.1 this requires allow-pinentry-loopback for the gpg-agent but in
recent versions that is defaulted to on.
Can you provide the information when this argument is used and the
scenario that fails including explicit error messages?
--
----
Kristian Fiskerstrand
Bl
e. I'm using a default installation of GnuPG 2.1.19 on Windows 7 (it
> may go on a Win Server 2012 box for production).
look into --pinentry-mode loopback
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote:
> On 04/20/2017 09:17 PM, Paul Taukatch wrote:
>> I've attached my public key and debug log but please let me know if there
>> is any other information that might be helpful.
>
> The first reference that springs to mind
https://tools.ietf.org/rfc/rfc4880.txt
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E
focus on algorithms
in general likely so, the likelihood of operational security being the
issue is far greater
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.n
more details
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Qui audet vincit
W
On 02/21/2017 03:15 PM, Peter Lebbing wrote:
> If Kristian Fiskerstrand says it's okay for SSH servers to refresh their
> keyring every 20 or 30 minutes from the public keyserver netowrk, then I
> guess it really is :-). I had estimated it as inappropriate.
Keep in mind, the keyring in
> painful step in the process.
... it depends...
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED F
ompromised devices.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Qui audet vin
avoid having to revoke all if
one is compromised.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E
On 02/17/2017 09:46 PM, si...@web.de wrote:
> Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand:
>> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
>>
>> That change would also be consistent with
>> https://git.gnupg.org/cgi-bin/gitweb
On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
> On 02/17/2017 07:00 PM, si...@web.de wrote:
>> keyserver hkps://jirk5u4osbsr34t5.onion
>> keyserver hkps://keys.gnupg.net
>>
>> would solve this I guess.
>
> No, that'd result in certificate errors and non
On 02/17/2017 07:00 PM, si...@web.de wrote:
> keyserver hkps://jirk5u4osbsr34t5.onion
> keyserver hkps://keys.gnupg.net
>
> would solve this I guess.
No, that'd result in certificate errors and non-responsive servers
--
----
Kristian Fiskerstrand
ges this
behavior.
Whether that is intended or not is a question for your distribution's
package maintainer.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.
On 02/15/2017 03:27 PM, Adam Sherman wrote:
> On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote:
>>> Do I need access to my master key in order to expand my web of
>>> trust? This seems like quite a restriction.
>> Yes, although you can generate a local CA
exportable) signature
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Qui a
On 02/14/2017 07:51 PM, Marko Bauhardt wrote:
> The trust level of my two IDs was `unknown` in the one public key and
> `ultimate` in the other key.
Trust level is not a property of the public key, it is stored out of
band (in the local trustdb)
--
----
Kr
h for removal event?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-
On 01/04/2017 03:00 PM, Peter Lebbing wrote:
> On 04/01/17 14:56, Kristian Fiskerstrand wrote:
>> What gives you the indication that the UAT is about to be signed?
>
> First and foremost, that it was actually signed when I agreed. I deleted the
> signature afterwards.
>
>
that the UAT is about to be signed? (can
try it and not save/delete public key without publishing to see actual
result)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://p
ion)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Nulla regula sine excepti
1 - 100 of 290 matches
Mail list logo