Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Manoj Srivastava a écrit : Again, not a devotee problem. Just for information, I get an error message when voting with icedove and the enigmail extension (see the text at the end of the message). The error was not clear at all for me. All I did was to clic on the encryption and sign icons. I tried with only sign but it fails again. In this case, I understand the error message: gpg: invalid dash escaped line: -=3D-=3D-=3D-=3D-=3D-=3D-=3D-\n But I understand it only because I read other mails here and see that there can be some problems with encoding (quoted-printable). The 'solution' comes again from mails of this list talking about PGP/MIME. In the 'OpenPGP' menu of IceDove, they was an entry with 'Use PGP/MIME for this message'. Clicking on it and clicking on the encryption and sign icons make my vote accepted. I think I understand why my first and second vote have been rejected now, but I still find the error messages not useful at all: without these threads on debian-devel, I would have be unable to understand the problems and to find a way to send a good vote. Best regards, Vincent Danjean First error message (encrypted and signed from IceDove without selecting Use PGP/MIME for this message): This is an error report about your vote [record msg00675.raw] for the vote Debian Project Leader 2007 Election Statistics sent in on Fri, 06 Apr 2007 15:17:24 +0200, with the subject Re: Second call for votes for the debian project leader election 2007 The message ID is [EMAIL PROTECTED]. The folowing errors were reported: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There was a problem verifying the signature on the ballot. FAILURE: Reason: MIME::Parser: couldn't open /org/vote.debian.org/data/leader2007/body/msg00675.body: No such file or directory at /usr/share/perl5/MIME/Parser.pm line 1174. The ballot decrypted correctly, but was not signed So this means that eithe the ballot was not signed at all or that it uses RFC 1847 Encapsulation, where the ballot is first signed as a multipart/signature body, and then encrypted to form the final multipart/encrypted body -- but something went wrong in verifying the signature. In either case, the ballot is being rejected. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= gpg: WARNING: unsafe permissions on homedir `/org/vote.debian.org/data/leader2007' gpg: CRC error; 406C8D - DC3406 gpg: encrypted_mdc packet with unknown version 255 gpg: quoted printable character in armor - probably a buggy MTA has been used [GNUPG:] NODATA 3-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This ballot is being rejected. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Mon, 09 Apr 2007 11:07:09 +0200, Vincent Danjean [EMAIL PROTECTED] said: Manoj Srivastava a écrit : Again, not a devotee problem. Just for information, I get an error message when voting with icedove and the enigmail extension (see the text at the end of the message). The error was not clear at all for me. All I did was to clic on the encryption and sign icons. Working patches for improved error messages gladly accepted. First error message (encrypted and signed from IceDove without selecting Use PGP/MIME for this message): This is an error report about your vote [record msg00675.raw] for the vote Debian Project Leader 2007 Election Statistics sent in on Fri, 06 Apr 2007 15:17:24 +0200, with the subject Re: Second call for votes for the debian project leader election 2007 The message ID is [EMAIL PROTECTED]. The folowing errors were reported: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There was a problem verifying the signature on the ballot. FAILURE: Reason: MIME::Parser: couldn't open /org/vote.debian.org/data/leader2007/body/msg00675.body: No such file or directory at /usr/share/perl5/MIME/Parser.pm line 1174. The ballot decrypted correctly, but was not signed So this means that eithe the ballot was not signed at all or that it uses RFC 1847 Encapsulation, where the ballot is first signed as a multipart/signature body, and then encrypted to form the final multipart/encrypted body -- but something went wrong in verifying the signature. In either case, the ballot is being rejected. In this case, the ballot was first signed as a multipart/signature body, and then encrypted to form the final multipart/encrypted body -- but something went wrong in verifying the signature. The mail gave verbose logging of all the errors that happened during processing, along with a human parseable probable explanation. manoj -- The fancy is indeed no other than a mode of memory emancipated from the order of space and time. -- Samuel Taylor Coleridge Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sun, 1 Apr 2007 22:02:18 +0200, Michal Čihař [EMAIL PROTECTED] said: Maybe I read RFC 3156 wrong, but I think it says exactly what I sent: 6.1. RFC 1847 Encapsulation In [2], it is stated that the data is first signed as a multipart/signature body, and then encrypted to form the final multipart/encrypted body. This is most useful for standard MIME- compliant message forwarding. No, you were quite correct; I had zone on RFC 1847 Encapsulation while writing up dvt-gpg. Mind you, implementing this was icky, since this breaks the nice little work-flow where first we do mime decoding, and then gpg verifications; now devotee has to decrypt the mail message, note that there did not seem to be any signatures on the message, run the mime parser on the newly decrupted body, see if there are exactly two parts with the proper mime encoding, save the body and the signature, and then run gpg again over the new body and sig, and properly bubble up any errors at any stage of the processing. No wonder people tried to warn me away from implementing my own mail handling and mime and gpg parsing when I started thinking about writing devotee. I added all this icky code to devotee, and now devotee is indeed fully compliant with RFC 3156. Anyway, there were 10 ballots which could have been affected, so I re-ran these ballots through devotee. 9 failed to verify the sig. One of your ballots (msg00250) did pass the gpg check -- but you must have voted with the same ballot, since devotee says: Failure: The signature on the message, though valid, has been seen before. This could be a potential replay attack So, after all this, no rejected ballot has been accepted -- and indeed, 9 of the 10 were correctly rejected in the first place. But I'm happy to say that any RFC 3156 compliant message should now be correctly interpreted by devotee. manoj -- Authors (and perhaps columnists) eventually rise to the top of whatever depths they were once able to plumb. -- Stanley Kaufman Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hi On Wed, 04 Apr 2007 02:21:48 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: One of your ballots (msg00250) did pass the gpg check -- but you must have voted with the same ballot, since devotee says: Failure: The signature on the message, though valid, has been seen before. This could be a potential replay attack I resent same mail only not encrypted, so this is quite correct. Thanks for fixing this issue (especially when the only reject caused by this seems to be mine). -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sunday 01 April 2007 23:19, Henrique de Moraes Holschuh wrote: On Sun, 01 Apr 2007, Adrian von Bidder wrote: IIRC signing subkeys are not accepted at package uploads, so maybe that's what you were thinking about. AFAIK, they are. Policy URLs are not accepted, that's what I was thinking about. I use signing subkeys and usually a policy URL, so I just remembered that I have to take special steps before signing packages. Sorry about the confusion. cheers -- vbi -- You will be awarded some great honor. pgpxvKOyqFFFP.pgp Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hello On Fri, 30 Mar 2007 11:02:49 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: It turns out that it was indeed encrypted, but the message was not signed; which means there is no information about who is sending the ballot. This is a legitimate addition to the ballot; I'll point it out in the next CFV. It of course was signed, I simply don't know what went wrong, but it seems that something fooled script which is handling votes (signature won't verify, because I deleted the votes): [EMAIL PROTECTED]:/tmp/vote$ gpg --decrypt mail decrypted You need a passphrase to unlock the secret key for user: Michal Čihař [EMAIL PROTECTED] 2048-bit ELG-E key, ID 05C78623, created 2004-01-10 (main key ID 36E75604) gpg: encrypted with ELG-E key, ID 43C42E9B gpg: encrypted with 2048-bit ELG-E key, ID 05C78623, created 2004-01-10 Michal Čihař [EMAIL PROTECTED] [EMAIL PROTECTED]:/tmp/vote$ cat decrypted Content-Type: multipart/signed; boundary=Sig_RW14tDhEezNYBYqzBFPkcVG; protocol=application/pgp-signature; micalg=PGP-SHA1 --Sig_RW14tDhEezNYBYqzBFPkcVG Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable - - -=3D-=3D-=3D-=3D-=3D- Don't Delete Anything Between These Lines =3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D- e0acebd2-71f1-4df8-ae4d-50355ad7aa81 [ ] Choice 1: Wouter Verhelst [ ] Choice 2: Aigars Mahinovs [ ] Choice 3: Gustavo Franco [ ] Choice 4: Sam Hocevar [ ] Choice 5: Steve McIntyre [ ] Choice 6: Rapha=C3=ABl Hertzog [ ] Choice 7: Anthony Towns [ ] Choice 8: Simon Richter [ ] Choice 9: None Of The Above - - -=3D-=3D-=3D-=3D-=3D- Don't Delete Anything Between These Lines =3D-= =3D-=3D-=3D-=3D-=3D-=3D-=3D- --=20 Michal =C4=8Ciha=C5=99 | http://cihar.com | http://blog.cihar.com --Sig_RW14tDhEezNYBYqzBFPkcVG Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGCMIx3DVS6DbnVgQRAtJlAKDoXjrx49GJ2zTSP1PZt2CVcpo6fACglVXk VMIjrLiaxHRdJj3wHqjGjDU= =JGT1 -END PGP SIGNATURE- --Sig_RW14tDhEezNYBYqzBFPkcVG-- -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sun, Apr 01, 2007 at 06:11:38PM +0200, Michal Čihař wrote: It of course was signed, I simply don't know what went wrong, but it seems that something fooled script which is handling votes (signature won't verify, because I deleted the votes): You had your message signed, then put the signature into a separate MIME part and then finally encrypted the whole kaboodle? Does that make any sense? /* Steinar */ - who obviously does not know PGP/MIME very well -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hello On Sun, 1 Apr 2007 18:15:40 +0200 Steinar H. Gunderson [EMAIL PROTECTED] wrote: On Sun, Apr 01, 2007 at 06:11:38PM +0200, Michal Čihař wrote: It of course was signed, I simply don't know what went wrong, but it seems that something fooled script which is handling votes (signature won't verify, because I deleted the votes): You had your message signed, then put the signature into a separate MIME part and then finally encrypted the whole kaboodle? Does that make any sense? Well it did Claws mail for me and I didn't investigate this. I also didn't have problem with signed and encrypted mails so far. And why it wouldn't make sense? Or I have to use inline PGP when encrypting? -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař [EMAIL PROTECTED] said: Hello On Fri, 30 Mar 2007 11:02:49 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: It turns out that it was indeed encrypted, but the message was not signed; which means there is no information about who is sending the ballot. This is a legitimate addition to the ballot; I'll point it out in the next CFV. It of course was signed, No, it was not. The body of the encrypted but not signed email contained a signed vote, but the email itself was not signed. I simply don't know what went wrong, but it seems that something fooled script which is handling votes (signature won't verify, because I deleted the votes): I do know what went wrong. This is the most creative and weird action I have seen in the last few elections. You send an encrypted mail, which was not itself signed. This caused the vote to be rejected. Now, the body of the mail, once you decrypted it, did contain a signed vote -- but this is too late, since the outer mail was not signed, nothing processed the decrypted body. And no, you do not need to send in inline PGP when encrypting ballots; you can send a signed *AND* encrypted RFC 3156 mail message. manoj -- Successful and fortunate crime is called virtue. Seneca Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hi On Sun, 01 Apr 2007 13:04:12 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: This is the most creative and weird action I have seen in the last few elections. You send an encrypted mail, which was not itself signed. This caused the vote to be rejected. Now, the body of the mail, once you decrypted it, did contain a signed vote -- but this is too late, since the outer mail was not signed, nothing processed the decrypted body. And no, you do not need to send in inline PGP when encrypting ballots; you can send a signed *AND* encrypted RFC 3156 mail message. Maybe I read RFC 3156 wrong, but I think it says exactly what I sent: 6.1. RFC 1847 Encapsulation In [2], it is stated that the data is first signed as a multipart/signature body, and then encrypted to form the final multipart/encrypted body. This is most useful for standard MIME- compliant message forwarding. -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sun, Apr 01, 2007 at 01:04:12PM -0500, Manoj Srivastava wrote: On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař [EMAIL PROTECTED] said: Hello On Fri, 30 Mar 2007 11:02:49 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: It turns out that it was indeed encrypted, but the message was not signed; which means there is no information about who is sending the ballot. This is a legitimate addition to the ballot; I'll point it out in the next CFV. It of course was signed, No, it was not. The body of the encrypted but not signed email contained a signed vote, but the email itself was not signed. Hrm, is there really an RFC that specifies encryption before signing? That would violate the expectation that people other than the intended recipient of the mail should not be able to verify the source. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Sun, 01 Apr 2007, Adrian von Bidder wrote: IIRC signing subkeys are not accepted at package uploads, so maybe that's what you were thinking about. AFAIK, they are. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Scribit Steve Langasek dies 01/04/2007 hora 13:09: Hrm, is there really an RFC that specifies encryption before signing? AFAIK, the RFC specifies how to build an encrypted MIME body and a signed body. When you want both, you can either store a signed body in the encrypted one, or an encrypted and signed PGP data as an encrypted body... That would violate the expectation that people other than the intended recipient of the mail should not be able to verify the source. Which provides you with repudiability for non-recipients, which can be an expectation too. Differently, Pierre -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A signature.asc Description: Digital signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Thursday 29 March 2007 06.24:52 Henrique de Moraes Holschuh wrote: On Wed, 28 Mar 2007, Manoj Srivastava wrote: On Wed, 28 Mar 2007 12:52:33 -0300, Henrique de Moraes Holschuh [EMAIL PROTECTED] said: You do not handle signing subkeys? What makes you think that? Any key that is used needs to be in the debian keyring, is all. I just checked, and yes, subkeys are handled just fine. Sorry about the confusion. IIRC signing subkeys are not accepted at package uploads, so maybe that's what you were thinking about. cheers -- vbi -- Today is Sweetmorn, the 18th day of Discord in the YOLD 3173 pgp4Wqhb91miP.pgp Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hi On Thu, 29 Mar 2007 21:23:28 +0200 Kurt Roeckx [EMAIL PROTECTED] wrote: If you encrypt to yourself, how is the voting system supposed to decrypt it? It was encrypted for two keys, both of them can decrypt it. You also encrypted to the key that was generated for this vote, which looks good. Did you encrypt it twice or something? Yes, this is way I send out all encrypted mails so that I can read them in Sent mail: gpg --encrypt -a --recipient [EMAIL PROTECTED] --encrypt-to DC3552E836E75604 -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Fri, 30 Mar 2007 09:23:38 +0200, Michal Čihař [EMAIL PROTECTED] said: Hi On Thu, 29 Mar 2007 21:23:28 +0200 Kurt Roeckx [EMAIL PROTECTED] wrote: If you encrypt to yourself, how is the voting system supposed to decrypt it? It was encrypted for two keys, both of them can decrypt it. It turns out that it was indeed encrypted, but the message was not signed; which means there is no information about who is sending the ballot. This is a legitimate addition to the ballot; I'll point it out in the next CFV. manoj -- Time will end all my troubles, but I don't always approve of Time's methods. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Fri, 30 Mar 2007 11:02:49 -0500, Manoj Srivastava [EMAIL PROTECTED] said: On Fri, 30 Mar 2007 09:23:38 +0200, Michal Čihař [EMAIL PROTECTED] said: Hi On Thu, 29 Mar 2007 21:23:28 +0200 Kurt Roeckx [EMAIL PROTECTED] wrote: If you encrypt to yourself, how is the voting system supposed to decrypt it? It was encrypted for two keys, both of them can decrypt it. It turns out that it was indeed encrypted, but the message was not signed; which means there is no information about who is sending the ballot. This is a legitimate addition to the ballot; I'll point it out in the next CFV. Hmm. Turns out, that ballot already mentioned that you may, if you wish, choose to send a signed, encrypted ballot. The operative word is signed, which the ballot in question was not. manoj -- No matter how good she looks, some other guy is sick and tired of putting up with her shit. Men's Room, Linda's Bar and Grill. Chapel Hill, North Carolina. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hi On Wed, 28 Mar 2007 07:52:38 -0500 Manoj Srivastava [EMAIL PROTECTED] wrote: This seems to indicate that the key was not in the keyring. 2048-bit ELG-E key, ID 43C42E9B, created 2007-03-09 __ gpg --homedir=. --keyring debian-keyring.gpg --keyring debian-keyring.pgp --with-colons --list-keys 0x05C78623 tru::1:1173480793:0:3:1:5 pub:-:1024:17:DC3552E836E75604:2004-01-10:::-:Michal �x8ciha�x99 [EMAIL PROTECTED]::scESC: uid:-2004-01-10::F480D937920614DA2771B2AC795928D40377D5D6::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2005-06-24::116BDA5CF8D36EE8B1292D3E92D36255A5FB6B84::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:r::D1EC97D564177B3B1353C10890FC7E2587E036F3::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2005-06-24::6688FC339BECDD0C786D57C010DAD2CA2556D79A::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2004-01-17::D8B33E3CA038B007EDF62CD1A62B21074C7A989A::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2007-03-14::CA412CA1B1E145B6CE7FABC55F4AC57FD8E6190F::Michal �x8ciha�x99 [EMAIL PROTECTED]: sub:-:2048:16:6EFA5AE205C78623:2004-01-10::e: See? Don't sign with a key that is not in the debian keyring yet. I really don't get which key is not there. I signed with my same key, which worked for unencrypted voting and which worked on previous GR vote. I was really not able to decode what went wrong from message I got, it seems to complain about missing secret key for my key, which is okay. Does encrypt to self break voting? -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Thu, Mar 29, 2007 at 10:00:19AM +0200, Michal ?iha? wrote: Hi __ gpg --homedir=. --keyring debian-keyring.gpg --keyring debian-keyring.pgp --with-colons --list-keys 0x05C78623 pub:-:1024:17:DC3552E836E75604:2004-01-10:::-:Michal ?x8ciha?x99 [EMAIL PROTECTED]::scESC: [...] See? Don't sign with a key that is not in the debian keyring yet. DC3552E836E75604 seems to be in the keyring to me. I really don't get which key is not there. I signed with my same key, which worked for unencrypted voting and which worked on previous GR vote. I was really not able to decode what went wrong from message I got, it seems to complain about missing secret key for my key, which is okay. Does encrypt to self break voting? If you encrypt to yourself, how is the voting system supposed to decrypt it? You also encrypted to the key that was generated for this vote, which looks good. Did you encrypt it twice or something? Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
* Kurt Roeckx [EMAIL PROTECTED] [2007-03-29 21:23:28 +0200]: On Thu, Mar 29, 2007 at 10:00:19AM +0200, Michal ?iha? wrote: Hi __ gpg --homedir=. --keyring debian-keyring.gpg --keyring debian-keyring.pgp --with-colons --list-keys 0x05C78623 pub:-:1024:17:DC3552E836E75604:2004-01-10:::-:Michal ?x8ciha?x99 [EMAIL PROTECTED]::scESC: [...] See? Don't sign with a key that is not in the debian keyring yet. DC3552E836E75604 seems to be in the keyring to me. I really don't get which key is not there. I signed with my same key, which worked for unencrypted voting and which worked on previous GR vote. I was really not able to decode what went wrong from message I got, it seems to complain about missing secret key for my key, which is okay. Does encrypt to self break voting? If you encrypt to yourself, how is the voting system supposed to decrypt it? You also encrypted to the key that was generated for this vote, which looks good. Did you encrypt it twice or something? Kurt He likely ran $gpg --encrypt foo, which by default encrypts with your own key as well. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Hi On Wed, 28 Mar 2007 07:56:23 +0200 Bart Martens [EMAIL PROTECTED] wrote: On Wed, 2007-03-28 at 07:43 +0200, Andreas Tille wrote: The relation between Rejects and Voters is currently the highest we ever had. I'm just asking whether we need some technical improvement here because I personally add a count of three to the rejects and have no idea how to vote successfully. I had problems with encrypted voting. Unencrypted voting worked for me. Same here, tried encrypted first, it failed (see bellow), then unencrypted and it worked fine. The folowing errors were reported: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There was a problem verifying the signature on the ballot. GPG did not return a fingerprint or key id -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= gpg: WARNING: unsafe permissions on homedir `/org/vote.debian.org/data/leader2007' gpg: encrypted with 2048-bit ELG-E key, ID 05C78623, created 2004-01-10 gpg: encrypted with 2048-bit ELG-E key, ID 43C42E9B, created 2007-03-09 [GNUPG:] ENC_TO E1427DEB43C42E9B 16 0[GNUPG:] USERID_HINT E1427DEB43C42E9B DPL Vote 2007 (Ephemeral Key) [EMAIL PROTECTED][GNUPG:] NEED_PASSPHRASE E1427DEB43C42E9B 7C9FC748EBF31170 16 0[GNUPG:] GOOD_PASSPHRASE[GNUPG:] ENC_TO 6EFA5AE205C78623 16 0[GNUPG:] NO_SECKEY 6EFA5AE205C78623[GNUPG:] BEGIN_DECRYPTION[GNUPG:] PLAINTEXT 62 1174979122 [GNUPG:] DECRYPTION_OKAY[GNUPG:] GOODMDC[GNUPG:] END_DECRYPTION-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Le mercredi 28 mars 2007 09:31, Michal Čihař a écrit : Same here, tried encrypted first, it failed (see bellow), then unencrypted and it worked fine. Precisly the same issue here. It has been reported to work on mutt, and it failed here with kmail. Is the crypt+sign mail format standard ? Romain
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, Mar 28, 2007 at 12:12:55PM +0200, Romain Beauxis wrote: Le mercredi 28 mars 2007 09:31, Michal ??iha?? a écrit : Same here, tried encrypted first, it failed (see bellow), then unencrypted and it worked fine. Precisly the same issue here. It has been reported to work on mutt, and it failed here with kmail. Is the crypt+sign mail format standard ? The last vote (on the package upload rules) worked for me sending encrypted from mutt. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007 12:12:55 +0200, Romain Beauxis [EMAIL PROTECTED] said: Le mercredi 28 mars 2007 09:31, Michal Čihař a écrit : Same here, tried encrypted first, it failed (see bellow), then unencrypted and it worked fine. Precisly the same issue here. The issue there was using a signing key not in the debian keyring. If you are doing the same, please stop. It has been reported to work on mutt, and it failed here with kmail. Is the crypt+sign mail format standard ? Yup. MIME type application/pgp-encrypted is how it is done. manoj -- All the really good ideas I ever had came to me while I was milking a cow. Grant Wood Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007 09:31:10 +0200, Michal Čihař [EMAIL PROTECTED] said: Hi On Wed, 28 Mar 2007 07:56:23 +0200 Bart Martens [EMAIL PROTECTED] wrote: On Wed, 2007-03-28 at 07:43 +0200, Andreas Tille wrote: The relation between Rejects and Voters is currently the highest we ever had. I'm just asking whether we need some technical improvement here because I personally add a count of three to the rejects and have no idea how to vote successfully. I had problems with encrypted voting. Unencrypted voting worked for me. Same here, tried encrypted first, it failed (see bellow), then unencrypted and it worked fine. The folowing errors were reported: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There was a problem verifying the signature on the ballot. GPG did not return a fingerprint or key id -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= gpg: WARNING: unsafe permissions on homedir `/org/vote.debian.org/data/leader2007' gpg: encrypted with 2048-bit ELG-E key, ID 05C78623, created 2004-01-10 gpg: encrypted with 2048-bit ELG-E key, ID 43C42E9B, created 2007-03-09 [GNUPG:] ENC_TO E1427DEB43C42E9B 16 0[GNUPG:] USERID_HINT E1427DEB43C42E9B DPL Vote 2007 (Ephemeral Key) [EMAIL PROTECTED][GNUPG:] NEED_PASSPHRASE E1427DEB43C42E9B 7C9FC748EBF31170 16 0[GNUPG:] GOOD_PASSPHRASE[GNUPG:] ENC_TO 6EFA5AE205C78623 16 0[GNUPG:] NO_SECKEY 6EFA5AE205C78623[GNUPG:] BEGIN_DECRYPTION[GNUPG:] PLAINTEXT 62 1174979122 [GNUPG:] DECRYPTION_OKAY[GNUPG:] GOODMDC[GNUPG:] END_DECRYPTION-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This seems to indicate that the key was not in the keyring. 2048-bit ELG-E key, ID 43C42E9B, created 2007-03-09 __ gpg --homedir=. --keyring debian-keyring.gpg --keyring debian-keyring.pgp --with-colons --list-keys 0x05C78623 tru::1:1173480793:0:3:1:5 pub:-:1024:17:DC3552E836E75604:2004-01-10:::-:Michal �x8ciha�x99 [EMAIL PROTECTED]::scESC: uid:-2004-01-10::F480D937920614DA2771B2AC795928D40377D5D6::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2005-06-24::116BDA5CF8D36EE8B1292D3E92D36255A5FB6B84::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:r::D1EC97D564177B3B1353C10890FC7E2587E036F3::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2005-06-24::6688FC339BECDD0C786D57C010DAD2CA2556D79A::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2004-01-17::D8B33E3CA038B007EDF62CD1A62B21074C7A989A::Michal �x8ciha�x99 [EMAIL PROTECTED]: uid:-2007-03-14::CA412CA1B1E145B6CE7FABC55F4AC57FD8E6190F::Michal �x8ciha�x99 [EMAIL PROTECTED]: sub:-:2048:16:6EFA5AE205C78623:2004-01-10::e: See? Don't sign with a key that is not in the debian keyring yet. Again, not a devotee problem. manoj -- You don't become a failure until you're satisfied with being one. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007 08:05:27 +0200 (CEST), Andreas Tille [EMAIL PROTECTED] said: On Wed, 28 Mar 2007, Bart Martens wrote: On Wed, 2007-03-28 at 07:43 +0200, Andreas Tille wrote: The relation between Rejects and Voters is currently the highest we ever had. I'm just asking whether we need some technical improvement here because I personally add a count of three to the rejects and have no idea how to vote successfully. I had problems with encrypted voting. Unencrypted voting worked for me. I tried signed mails with pine (ups, sorry, I know it's non-free) and after this I sended (according to Manoj's hint) mails using mailx one time with --sign --armor and one tim ewith --clearsign --armor which failed both. I never sended encrypted votings. Well, in either case, something intervened along the way (some MTA) and protected the accented char after you had sent the mail. The solution is to use a MYA that does properly do PGP/MIME -- or send in an encrypted ballot, which is base64 encoded, I think, and should not trigger ther helpful MTA enroute. manoj -- Mind if I smoke? Yes, I'd like to see that, does it come out of your ears or what? Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007, Manoj Srivastava wrote: Well, in either case, something intervened along the way (some MTA) and protected the accented char after you had sent the mail. The solution is to use a MYA that does properly do PGP/MIME -- or send in an encrypted ballot, which is base64 encoded, I think, and should not trigger ther helpful MTA enroute. Yould you be so kind and turn these advises into lines of example code like Lars did - just in case my vote will be rejected again? Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007, Manoj Srivastava wrote: The issue there was using a signing key not in the debian keyring. If you are doing the same, please stop. You do not handle signing subkeys? That would mean one has to add that dreaded ! to the keyid, so as to make gpg not use any subkeys. Or did I misunderstand? -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007 12:52:33 -0300, Henrique de Moraes Holschuh [EMAIL PROTECTED] said: On Wed, 28 Mar 2007, Manoj Srivastava wrote: The issue there was using a signing key not in the debian keyring. If you are doing the same, please stop. You do not handle signing subkeys? What makes you think that? Any key that is used needs to be in the debian keyring, is all. manoj -- Lead a life of righteousness, and not a life of wrong-doing. He who follows righteousness lives happily in this world and the next. 169 Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Manoj Srivastava [EMAIL PROTECTED] writes: The solution is to use a MYA that does properly do PGP/MIME -- or send in an encrypted ballot, which is base64 encoded, I think, and should not trigger ther helpful MTA enroute. I had to fall back on doing an encrypted ballot because I completely failed Gnus. No matter what I did to Gnus, it insisted on sending the mail quoted-printable. When I changed mm-body-charset-encoding-alist, it still did quoted-printable. When I explicitly tagged the body with mml to use 8bit encoding, it inserted random control characters in the body. There's clearly some setting that I missed, but I don't know what it is. Sending an encrypted ballot worked fine. Probably part of the problem is that I haven't yet figured out the correct way to do PGP/MIME in Gnus (mostly because I haven't looked very hard). -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007 12:47:09 -0700, Russ Allbery [EMAIL PROTECTED] said: Probably part of the problem is that I haven't yet figured out the correct way to do PGP/MIME in Gnus (mostly because I haven't looked very hard). Here is what I use (I am using emacs23, but this should work with the emacs-snapshot package in Etch as well) ,[ Gnus and easypg ] | ;; The package used for PGP/MIME. | ;; Valid packages include `epg', `pgg', `gpg' and `mailcrypt'. | (setq mml2015-use 'epg) | ;; My key ids | ;;(setq mml2015-signers '(BF24424C C7261095)) | (require 'epa-setup) | (setq | mml2015-passphrase-cache-expiry 30 ;; in seconds | mml2015-verbose t | mml2015-encrypt-to-self t | ) | ;;; This was getting too annoying | ;; (setq mm-verify-option 'known | ;; mm-decrypt-option 'known | ;; gnus-message-replysign t | ;; gnus-message-replyencrypt t) | | ;; Use PGP/MIME by default. Look up mml-sign-alist | (setq mml-default-sign-method pgpmime | mml-default-encrypt-method pgpmime) | ;; Convenience keystrokes | (define-key message-mode-map [f7] 'mml-secure-sign-pgpmime) | (define-key message-mode-map [f8] 'mml-secure-encrypt-pgpmime) | ;;(define-key message-mode-map \C-c\C-a 'mail-interactive-insert-alias) | | ;;; Obsolete, from when I used pgg | (autoload 'pgg-encrypt-region pgg Encrypt the current region. t) | (autoload 'pgg-decrypt-region pgg Decrypt the current region. t) | (autoload 'pgg-sign-region pggSign the current region. t) | (autoload 'pgg-verify-region pgg Verify the current region. t) | (autoload 'pgg-insert-key pgg Insert the ASCII armored public key. t) | (autoload 'pgg-snarf-keys-region pgg | Import public keys in the current region. t) | (require 'pgg) | (setq pgg-passphrase-cache-expiry 30 | pgg-gpg-use-agent t) | (setq crypt-confirm-password t | crypt-encoded-disable-auto-save t | crypt-no-extension-implies-plain t | ; crypt-ignored-filenames ... ; this could be useful | ) | ;; gpg | ;; | (setq gpg-command-program gpg ) ` manoj -- Avec! Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, Mar 28, 2007 at 03:28:04PM -0500, Manoj Srivastava wrote: On Wed, 28 Mar 2007 12:47:09 -0700, Russ Allbery [EMAIL PROTECTED] said: Probably part of the problem is that I haven't yet figured out the correct way to do PGP/MIME in Gnus (mostly because I haven't looked very hard). Here is what I use (I am using emacs23, but this should work with the emacs-snapshot package in Etch as well) s/Etch/Sid/; the emacs-snapshot package is not a release candidate. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007, Manoj Srivastava wrote: On Wed, 28 Mar 2007 12:52:33 -0300, Henrique de Moraes Holschuh [EMAIL PROTECTED] said: You do not handle signing subkeys? What makes you think that? Any key that is used needs to be in the debian keyring, is all. I just checked, and yes, subkeys are handled just fine. Sorry about the confusion. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
On Wed, 28 Mar 2007, Bart Martens wrote: On Wed, 2007-03-28 at 07:43 +0200, Andreas Tille wrote: The relation between Rejects and Voters is currently the highest we ever had. I'm just asking whether we need some technical improvement here because I personally add a count of three to the rejects and have no idea how to vote successfully. I had problems with encrypted voting. Unencrypted voting worked for me. I tried signed mails with pine (ups, sorry, I know it's non-free) and after this I sended (according to Manoj's hint) mails using mailx one time with --sign --armor and one tim ewith --clearsign --armor which failed both. I never sended encrypted votings. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]