Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 16.12.2018, 22:06 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > > My proposal could be run also in parallel. I think it would be > > > only a weekend job for

Re: Garbled data in keyservers

On Sun, 16 Dec 2018 22:06:55 +0100, Stefan Claas wrote: > While testing today how to make someones pub key non-importable,non- > receivable, For the interested reader: and : gpg --keyserver-option import-clean --keyserver

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > My proposal could be run also in parallel. I think it would be > > only a weekend job for a programmer to modify the server code, > > so that it accepts only incoming and

Re: Garbled data in keyservers

On Mon, 10 Dec 2018 18:34:49 +0100, Wiktor Kwapisiewicz wrote: > On 10.12.2018 17:32, Stefan Claas wrote: > > As per Werner's suggestion to make only the fingerprint available for > > (Web/API) searches, > > is also a thing, because like i previously said a list of fingerprints for > > example

Re: Garbled data in keyservers

On 10.12.2018 17:32, Stefan Claas wrote: > Yes, it seems it would be a good start. However, if unwanted data can then be > still > submitted remains to bee seen, because what if anonymous email services would > use > DKIM too? Well it depends on the implementation. In current keyserver model

Re: Garbled data in keyservers

On Mon, 10 Dec 2018 14:25:08 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > That's an interesting idea, it seems GnuPG has some support for sending keys > via > e-mail. > By the way validation of keys sent from e-mail would require DKIM as it's easy > to spoof "From" (that's why most

Re: Garbled data in keyservers

Hi, I use an address I control, but the email was not even sent so I guess the error happened before the key hit the network. Kind regards, Wiktor Dnia December 10, 2018 2:56:54 PM UTC, Damien Goutte-Gattat napisał(a): >On Mon, Dec 10, 2018 at 02:25:08PM +0100, Wiktor Kwapisiewicz via

Re: Garbled data in keyservers

On Mon, Dec 10, 2018 at 02:25:08PM +0100, Wiktor Kwapisiewicz via Gnupg-users wrote: > On 09.12.2018 20:48, Stefan Claas wrote: > > Mind you in the 90's PGP key servers accepted also email and Usenet > > submissions, if i remember correctly. The keyword was then simple > > the word "add" in the

Re: Garbled data in keyservers

On 09.12.2018 20:48, Stefan Claas wrote: > Mind you in the 90's PGP key servers accepted also email and Usenet > submissions, if i remember correctly. The keyword was then simple > the word "add" in the subject line of an email. > > That's an interesting

Re: Garbled data in keyservers

On December 9, 2018 11:17:34 AM AKST, Stefan Claas wrote: >On Sun, 9 Dec 2018 21:11:12 +0100, Juergen Bruckner wrote: >> Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: >> > And further, why should anyone run something like a ca CA for free. >> > Sure, CAcert does it. But that's

Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 09.12.2018, 21:13 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 20:55:36 +0100, Dirk Gottschalk wrote: > > Hello Dirk, > > > That I mentioned in the other reply I have sent a few seconds ago. > > > > > right? A key which would bear a CA sig would imho not have

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 21:11:12 +0100, Juergen Bruckner wrote: > Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: > > And further, why should anyone run something like a ca CA for free. > > Sure, CAcert does it. But that's the onlöy organisation I know who > > does this. > > Also WPIA

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 20:55:36 +0100, Dirk Gottschalk wrote: Hello Dirk, > That I mentioned in the other reply I have sent a few seconds ago. > > > right? A key which would bear a CA sig would imho not have such > > additional and funny UID's or sigs, because it would make the key > > owner look

Re: Garbled data in keyservers

Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: > And further, why should anyone run something like a ca CA for free. > Sure, CAcert does it. But that's the onlöy organisation I know who does > this. Also WPIA [1] plans to do this and started a audit process for their CA. regards

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: Hi Dirk, > A weekend job... Muhahahahahahaha, you don't do much programming, > don't you? One would have to write an email bot, change the keyserver > code to no longer

Re: Garbled data in keyservers

On 09.12.2018 20:03, Stefan Claas wrote: > To bad that Werner's WKD is not widely adopted from email > service providers... Just for the record but it is adopted by e-mail service providers that are interested in OpenPGP (like ProtonMail and Posteo.de, see https://wiki.gnupg.org/WKD). As for

Re: Garbled data in keyservers

Hello Stefan. Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > Get a sig from a CA and then upload your key via email. > > > > >

Fw: Garbled data in keyservers

Beginn der weitergeleiteten Nachricht: Datum: Sun, 9 Dec 2018 20:35:41 +0100 Von: Stefan Claas An: Dirk Gottschalk Betreff: Re: Garbled data in keyservers On Sun, 09 Dec 2018 20:26:21 +0100, Dirk Gottschalk wrote: Hi Dirk, > > I don't think so. Create an anon account at ProtonMail v

Re: Garbled data in keyservers

Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote: > > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > > wrote: > > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > > wrote:: > > > > Get a sig from a

Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > Get a sig from a CA and then upload your key via email. > > > > >

Re: Garbled data in keyservers

Am Sonntag, den 09.12.2018, 19:54 +0100 schrieb Stefan Claas: > On Sun, 9 Dec 2018 19:51:37 +0100, Stefan Claas wrote: > > On Sun, 09 Dec 2018 18:24:38 +0100, Dirk Gottschalk wrote: > > Hi Dirk, > > > Get a sig from a CA and then upload your key via email. > > > Then the key servers do something

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > > > >Get a sig from a CA and then upload your key via email. > > > > > That's a bit

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 19:51:37 +0100, Stefan Claas wrote: > On Sun, 09 Dec 2018 18:24:38 +0100, Dirk Gottschalk wrote: Hi Dirk, > > > Get a sig from a CA and then upload your key via email. > > Then the key servers do something like a gpg --check-sigs > > to see if a key bears a valid CA sig and

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users wrote: > On December 9, 2018 7:54:01 AM EST, Stefan Claas > wrote:: > > > >Get a sig from a CA and then upload your key via email. > > > That's a bit steep, and was never the original goal of PGP or GPG. No, in 2018 i think it

Re: Garbled data in keyservers

Hello Justina Am Sonntag, den 09.12.2018, 08:23 -0900 schrieb justina colmena via Gnupg-users: > On December 9, 2018 7:54:01 AM EST, Stefan Claas < > stefan.cl...@posteo.de> wrote:: > > Get a sig from a CA and then upload your key via email. > > > That's a bit steep, and was never the original

Re: Garbled data in keyservers

Hi. Am Sonntag, den 09.12.2018, 13:54 +0100 schrieb Stefan Claas: > On Thu, 06 Dec 2018 15:22:14 +0100, Werner Koch wrote: > > > > That's right, but my thought is / was someone can (ab)use key > > > servers as data storage / retrieval system and then only provides > > > the key id > > > > As

Re: Garbled data in keyservers

On December 9, 2018 7:54:01 AM EST, Stefan Claas wrote:: > >Get a sig from a CA and then upload your key via email. > That's a bit steep, and was never the original goal of PGP or GPG. If the goal is to eliminate the bulk of bad keys and junk from key servers, an account creation with basic

Re: Garbled data in keyservers

On Thu, 06 Dec 2018 15:22:14 +0100, Werner Koch wrote: > > That's right, but my thought is / was someone can (ab)use key > > servers as data storage / retrieval system and then only provides > > the key id > > As it has been commeted, there are easier ways to do that. I have read also the

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 14:05, stefan.cl...@posteo.de said: > Understood. Please check this example, a key with with plenty of data, > which only needs to be extracted. > > https://pgp.circl.lu/pks/lookup?op=get=0x73253A1F090C53B6 Surely you can put arbitrary data into into a user-id. > That's

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 14:05:37 +0100, Stefan Claas wrote: > On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote: > > On Thu, 6 Dec 2018 10:22, stefan.cl...@posteo.de said: > > > > > As long as we have the option to add additional UID's to a key > > > my > > > > You can't add an UID to a

Re: Garbled data in keyservers

On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote: > On Thu, 6 Dec 2018 10:22, stefan.cl...@posteo.de said: > > > As long as we have the option to add additional UID's to a key my > > You can't add an UID to a key without having a signature from the > primary key. If the keyservers

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 11:09:04 +0100, Wiktor Kwapisiewicz wrote: > >> But that "little program" would have to download the entire dump > >> and provide search feature itself, making it non-trivial for most > >> users. > > I don't think so... > > > > https://github.com/yakamok/keyserver-fs > >

Re: Garbled data in keyservers

>> But that "little program" would have to download the entire dump and >> provide search feature itself, making it non-trivial for most users. > I don't think so... > > https://github.com/yakamok/keyserver-fs Yes: > WARNING: this may break easily and is intended for use only on linux >

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 10:39:24 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > On 06.12.2018 10:24, Stefan Claas wrote: > > As long as we have the option to add additional UID's to a key my > > thinking was, after reading the links from Yegor, that one appends > > arbitrary data to a key and

Re: Garbled data in keyservers

On 06.12.2018 10:24, Stefan Claas wrote: > As long as we have the option to add additional UID's to a key my > thinking was, after reading the links from Yegor, that one appends > arbitrary data to a key and provides a link, at some other place, to > that key, in the form of

Re: Garbled data in keyservers

On Thu, 06 Dec 2018 09:03:32 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said: > > > Well, my understanding would be that a least one (search) criteria > > would be needed to fetch a key, right? And if so i could also > > imagine > > Right, the fingerprint.

Re: Garbled data in keyservers

On Wed, 5 Dec 2018 19:56, stefan.cl...@posteo.de said: > Well, my understanding would be that a least one (search) criteria > would be needed to fetch a key, right? And if so i could also imagine Right, the fingerprint. And maybe the long keyid for a transitional period because not all

Re: Garbled data in keyservers

On Wed, 05 Dec 2018 11:24:10 -0900, justina colmena via Gnupg-users wrote: > A keyserver is a convenience. Of course it's not magic. Right now I > am using K-9 Mail and OpenKeychain on Android. When I received the > above message from the list, K-9 Mail informed me that it was signed > with a key

Re: Garbled data in keyservers

A keyserver is a convenience. Of course it's not magic. Right now I am using K-9 Mail and OpenKeychain on Android. When I received the above message from the list, K-9 Mail informed me that it was signed with a key with fingerprint "0xff80ae9d1dec358d", and referred me to the OpenKeychain app,

Re: Garbled data in keyservers

On Wed, 05 Dec 2018 18:53:20 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > > > Can you give more details about the security aspect? > > People believe that the keyservers magically return a matching key > for a mail address. There is no guarantee for

Re: Garbled data in keyservers

On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > Can you give more details about the security aspect? People believe that the keyservers magically return a matching key for a mail address. There is no guarantee for this. In fact all people from the strong had meanwhile expired faked

Re: Garbled data in keyservers

On Wed, 05 Dec 2018 13:28:50 +0100, Werner Koch wrote: > A better way of using keyservers would be to entire disable their > search by name or mail address capabilities. Not only in the web > interface but also in their API. Of course that will be a radical > change but I consider it better for

Re: Garbled data in keyservers

On Wed, 5 Dec 2018 10:31, c...@cod-web.net said: > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know exactly why it's included in search There are several problem with the

Re: Garbled data in keyservers

Thank you. Fun fact: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 > https://bitbucket.org/skskeyserver/sks-keyserver/issues/60 > were opened by Yegor Timoshenko himself ^__^ Thank you again for your quick and sharp answer! -- CoD

Re: Garbled data in keyservers

Hi Claudio, You may find these SKS issues relevant: https://bitbucket.org/skskeyserver/sks-keyserver/issues/41 https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 https://bitbucket.org/skskeyserver/sks-keyserver/issues/60 I'm not able to comment on the specifics of search implementation

Garbled data in keyservers

Hi everyone, I'm experiencing a strange behavior when looking for my email address on many keyserver web interfaces: I get al lot of garbled output from a key of someone else. I can't find and answer in this mailing list archives, so I decided to ask directly. Forgive me if it's a silly question.