Re: pgp question

1999-09-12 Thread Martin Fluch 
On Sat, 11 Sep 1999, Peter Palfrader aka Weasel wrote:

 I'm a bit puzzled about the validy of keys that pgp (6.5.1) tells me.

I don't trust pgp 6.5.1.
Martin

-- 
For public PGP-key:  finger [EMAIL PROTECTED]

pgp question

1999-09-11 Thread Peter Palfrader aka Weasel 
I'm a fairly new pgp user and hope that the gurus here can bring some
light into my dark.

I'm a bit puzzled about the validy of keys that pgp (6.5.1) tells me.

Here's what I have:
  KeyID  Trust Validity  User ID
  0x...  marginal  complete  Dillo [EMAIL PROTECTED]
cultimate Peter Palfrader [EMAIL PROTECTED]

I signed Dillo's key after we'd exchanged passphrases and since I
trust my own signature ultimately Dillo's key is completely
valid. I usually trust dillo to do a good job when certifying
signatures.

Now there's a third user name Konrad which I've never met in person
but Dillo knows him.

  KeyID Trust Validity  User ID
  0x... untrusted marginal  Konrad [EMAIL PROTECTED]
c   marginal Dillo [EMAIL PROTECTED]
  complete  Konrad [EMAIL PROTECTED]
c   marginal Dillo [EMAIL PROTECTED]
  complete  Konrad [EMAIL PROTECTED]
c   marginal Dillo [EMAIL PROTECTED]

Now the first two lines look quite good. I marginally trust Dillo who
signed Konrad's key so Konrad's key is marginally valid.

However what puzzles me is why on earch are the two other user id's on
Konrad's key completely valid.

Perhaps you can help me?


-- 
Weasel http://www.cosy.sbg.ac.at/~ppalfrad/
PGP encrypted messages prefered.  See my site or finger -l ppalfrad
---
 A friend is someone who knows the song in your heart and
can sing it back to you when you have forgotten the words.


pgpv4P1rVHbZg.pgp
Description: PGP signature

RE: pgp question

1999-09-11 Thread Pollywog 

On 11-Sep-99 Peter Palfrader aka Weasel wrote:
 I'm a fairly new pgp user and hope that the gurus here can bring some
 light into my dark.
 
 I'm a bit puzzled about the validy of keys that pgp (6.5.1) tells me.
 
 Here's what I have:
   KeyID  Trust Validity  User ID
   0x...  marginal  complete  Dillo [EMAIL PROTECTED]
 cultimate Peter Palfrader [EMAIL PROTECTED]
 
 I signed Dillo's key after we'd exchanged passphrases and since I
 trust my own signature ultimately Dillo's key is completely
 valid. I usually trust dillo to do a good job when certifying
 signatures.

You exchanged passphrases??  I don't think you should do that.
Your passphrase is for your own use when you encrypt or sign something.

--
Andrew

-
GnuPG Public KeyID: 0x48109681

Re: pgp question

1999-09-11 Thread Peter Palfrader aka Weasel 
On Sat, Sep 11, 1999 at 10:08:09PM -, Pollywog wrote:
 You exchanged passphrases??  I don't think you should do that.
 Your passphrase is for your own use when you encrypt or sign something.

oops, fingerprints  :)

-- 
Weasel http://www.cosy.sbg.ac.at/~ppalfrad/
PGP encrypted messages prefered.  See my site or finger -l ppalfrad
---
 A friend is someone who knows the song in your heart and
can sing it back to you when you have forgotten the words.


pgp2rB2mu7iLT.pgp
Description: PGP signature

PGP question

1999-02-23 Thread Stephen Pitts 
Reply-To: 
This is just out of curiosity..not meant to be flamebait :-)
Those of you who PGP sign your messages, why do you do it?
I've looked into getting PGP several times, and I have a PGP-
compliant mail-reader, but is there any advantage in signing
your messages?
-- 
Stephen Pitts
[EMAIL PROTECTED]
webmaster - http://www.mschess.org

RE: PGP question

1999-02-23 Thread Pollywog 

On 23-Feb-99 Stephen Pitts wrote:
 Reply-To: 
 This is just out of curiosity..not meant to be flamebait :-)
 Those of you who PGP sign your messages, why do you do it?
 I've looked into getting PGP several times, and I have a PGP-
 compliant mail-reader, but is there any advantage in signing
 your messages?

On many lists, people will get annoyed by the sigs, almost as though one had
used HTML.

That is why I quit doing it :)

--
Andrew

RE: PGP question

1999-02-23 Thread Christopher J. Morrone 
On Tue, 23 Feb 1999, Pollywog wrote:

 
 On 23-Feb-99 Stephen Pitts wrote:
  Reply-To: 
  This is just out of curiosity..not meant to be flamebait :-)
  Those of you who PGP sign your messages, why do you do it?
  I've looked into getting PGP several times, and I have a PGP-
  compliant mail-reader, but is there any advantage in signing
  your messages?
 
 On many lists, people will get annoyed by the sigs, almost as though one had
 used HTML.
 
 That is why I quit doing it :)

I don't really think PGP signatures are that bad.  Some people get annoyed
when they can't figure out how to read the signature...

The reason that PGP signatures are used is so that you can verify that the
email REALLY came from the person that signed it.  An email is
rediculously easy to fake, while a PGP signature is virtually impossible
to falsify.

Re: PGP question

1999-01-26 Thread Joachim Trinkwitz 
Daniel González Gasull [EMAIL PROTECTED] writes:
 
 I'm still using PGP 2.6.3in, a modified version PGP
 2.6.3i.  I'm gonna switch to GNU Privacy Guard.  Now I
 have no time.  I think it's the best solution.  You
 can get it from http://www.d.shuttle.de/isil/gnupg .
 
Try the gpg Debian packages from non-us.debian.org instead.

Greetings,
joachim

PGP question

1999-01-24 Thread Shane Wegner 
Hi,

I have a question about PGP which I am hoping someone can help me with.  I
live in Canada and I am wondering what version of PGP I should use.  Being
a Canadian citizen, I can download the US version or the international
version I believe so I am wondering what version, technically speaking,
gives the most flexability.  I am currently using pgp 2.6.3-us due to the
fact that it's opensource but am wondering if I am losing anything by
that.

Also, since I am running a multiuser system, is it ok to let others have
access to PGP who may be outside the US or Canada when logged into my
system?

Thank in advance,
Shane

-- 
Shane Wegner: [EMAIL PROTECTED]
Tel: (604) 930-0530
Sysadmin, Continuum Systems: http://www.cm.nu
Personal website: http://www.cm.nu/~shane
PGP key: http://www.cm.nu/~shane/pgp.shtml

RE: PGP question

1999-01-24 Thread J.T. Wenting 
I believe you are allowed to use the US version yourself if you live in
Canada, but any users who log in from outside the US or Canada will not be
allowed to do so. I think that in your case it would be best to use the
international version (www.pgpi.com).


J.T. Wenting

[EMAIL PROTECTED]
www.geocities.com/CapeCanaveral/hangar/9203


 -Original Message-
 From: Shane Wegner [mailto:[EMAIL PROTECTED]
 Sent: Sunday, January 24, 1999 8:45 AM
 To: debian-user@lists.debian.org
 Subject: PGP question


 Hi,

 I have a question about PGP which I am hoping someone can
 help me with.  I
 live in Canada and I am wondering what version of PGP I
 should use.  Being
 a Canadian citizen, I can download the US version or the international
 version I believe so I am wondering what version, technically
 speaking,
 gives the most flexability.  I am currently using pgp
 2.6.3-us due to the
 fact that it's opensource but am wondering if I am losing anything by
 that.

 Also, since I am running a multiuser system, is it ok to let
 others have
 access to PGP who may be outside the US or Canada when logged into my
 system?

 Thank in advance,
 Shane

 --
 Shane Wegner: [EMAIL PROTECTED]
 Tel: (604) 930-0530
 Sysadmin, Continuum Systems: http://www.cm.nu
 Personal website: http://www.cm.nu/~shane
 PGP key: http://www.cm.nu/~shane/pgp.shtml


 --
 Unsubscribe?  mail -s unsubscribe
 [EMAIL PROTECTED]  /dev/null

Re: PGP question

1999-01-24 Thread John Hasler 
J.T. Wenting writes:
 I believe you are allowed to use the US version yourself if you live in
 Canada, but any users who log in from outside the US or Canada will not
 be allowed to do so.  I think that in your case it would be best to use
 the international version (www.pgpi.com).

You are confounding two unrelated issues. Pgp-i may not be used in the US
because it infringes a patent.  The patent is only enforceable in the US,
so pgp-i may be used outside the US.  Pgp-us does not infringe that patent,
and so may be used anywhere.

Neither pgp-i nor pgp-us may be exported from the US because of US export
laws.  These laws have nothing to say about usage, though.  Users who log
in from outside the US can use pgp without violating the export laws.  They
just can't download a copy.
-- 
John Hasler
[EMAIL PROTECTED] (John Hasler)
Dancing Horse Hill
Elmwood, WI

Re: PGP question

1999-01-24 Thread Daniel González Gasull 
Hi!

J.T. Wenting [EMAIL PROTECTED] wrote:

 I believe you are allowed to use the US version yourself if you live in
 Canada, but any users who log in from outside the US or Canada will not be
 allowed to do so. I think that in your case it would be best to use the
 international version (www.pgpi.com).

  From: Shane Wegner [mailto:[EMAIL PROTECTED]

  I live in Canada and I am wondering what version
  of PGP I should use.

Now you know you can use the international version,
let me say that you can choose between:

a) PGP 2 i
b) PGP 5 i
b) GNU Privacy Guard

PGP 2 i only works with RSA PGP keys.

PGP 5 i works with RSA and also with new
DSS/Diffie-Helman keys.  But the command line sintax
is different.

GNU Privacy Guard (GPG or GnuPG) works with DSS/ElGamal keys. 
But there is a patch to make it works also with RSA
and DSS/Diffie-Helman keys.  It cannot generate these
keys, but can work with them.

I'm still using PGP 2.6.3in, a modified version PGP
2.6.3i.  I'm gonna switch to GNU Privacy Guard.  Now I
have no time.  I think it's the best solution.  You
can get it from http://www.d.shuttle.de/isil/gnupg .

BTW, if you're looking 4 a good mailer that supports
PGP 2, PGP 5 or GnuPG, try Mutt (http://www.mutt.org).

C U L8R.

-- 
   ___  
Daniel González Gasull   __|_|__Un sólo muerto es
mailto:[EMAIL PROTECTED] (o o) ya demasiado.
PGP RSA key 1024/EEA93A69 ( - ) -- Nelson Mandela
 (  .  )
(   .   )   
   (_)  
 Hi!  I'm Signature Virus 99!  Copy me into your signature and join the fun!


pgpbyWf7Copbh.pgp
Description: PGP signature

pgp question

1998-07-29 Thread Hamish Moffatt 
How do I sign somebody's key? Here's an example of the problem
I'm having;

[1:14am] [EMAIL PROTECTED]:~ pgp -ks ahpee
Pretty Good Privacy(tm) 2.6.3ia - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-03-04
International version - not for use in the USA. Does not use RSAREF.
Current time: 1998/07/29 15:14 GMT

A secret key is required to make a signature. 
You specified no user ID to select your secret key,
so the default user ID and key will be the most recently
added key on your secret keyring.

Looking for key for user 'ahpee':

Key for user ID: Timothy Ahpee [EMAIL PROTECTED]
1024-bit key, key ID 6C794091, created 1997/03/26
Key fingerprint = CD 51 BA 6D 15 C8 CB 9C  DF A1 05 3D 9A 18 F7 DF

Key is already signed by user ''.
Key signature error. 
For a usage summary, type:  pgp -h
For more detailed help, consult the PGP User's Guide.

This happens even if I try to sign my own key.


Hamish
-- 
Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome.   http://hamish.home.ml.org


--  
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

Re: pgp question

1998-07-29 Thread Martin Bialasinski 

 HM == Hamish Moffatt [EMAIL PROTECTED] writes:

HM [1:14am] [EMAIL PROTECTED]:~ pgp -ks ahpee
[...]
HM Key is already signed by user ''.

HM This happens even if I try to sign my own key.

pgp signs your own key by default, so they are already signed.

I believ you also already signed ahpee's key. Check with 
pgp -kvv ahpee.

Ciao,
Martin


--  
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

Re: Debian Pgp question...

1998-01-15 Thread Adam Heath 
| On Tuesday, 13 January 98, at 12:14:19 PM
| Smorrill wrote about Debian  Pgp question...
 I have used Pgp for quite awhile with Win95, and thus have already made
 my secret key  id number, etc.  I would like to get pgp set up with
 Linux as I would like to move to using Debian exclusively.  Anybody out
 there familiar with this issue of how I would use my same 1028 bit key
 (created under Dos, MIT pgp...2.6.2) without having to revoke the
 existing key a create a new one?

Mount the drive that contains your pgp directory in windows.  In your home
directory, link .pgp to the win95 pgp directory.  On my machine, ln -s
/dr_c/pgp ~/.pgp

2B OR NOT 2B=FF

Adam Heath of Borg-Linux [EMAIL PROTECTED] Join the H.323 effort.  Email
http://www.debian.org - Get Your Own Linux! [EMAIL PROTECTED] with
http://wwp.mirabilis.com/3375265 - Page Me  the word subscribe in the body.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Debian Pgp question...

1998-01-15 Thread fpolacco 
On 13 Jan, Scott Ellis wrote:
 
 Copy your secret and public key files to your linux machine

And when you do this copy, be really carefull with what you do; it
would be very easy to leave around copies of the secret key, thus
compromizing the key.

As a thumb's rule, re-format all the floppy disks that you have used to
move your secret key.
Don't trust delete or rm. it is very easy to undelete a file under M$,
but even with rm it is possible to get the content of the file using a
disk editor.
A safe remove is to copy a file over the file to be removed and then
remove it.

Be paranoic with your secret key!
Using pgp is an annoyance needed to get trust, but being annoyed
without the advantages is much worse.

Fabrizio
-- 
| [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
| Pluto Leader - Debian Developer  Happy Debian 1.3.1 User - vi-holic
| 6F7267F5 fingerprint 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
 more than 35 months are needed to get rid of the millennium. [me]
If NT is your answer, means you didn't understand the question.[som1]


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Debian Pgp question...

1998-01-13 Thread smorrill 
I have used Pgp for quite awhile with Win95, and thus have already made
my secret key  id number, etc.  I would like to get pgp set up with
Linux as I would like to move to using Debian exclusively.  Anybody out
there familiar with this issue of how I would use my same 1028 bit key
(created under Dos, MIT pgp...2.6.2) without having to revoke the
existing key a create a new one?

TIA
--
 Steve Morrill


 Reply to [EMAIL PROTECTED]
 PGP Pub key id: 0xF2459FCD
 Debian LINUX Where I really want to go today!



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Debian Pgp question...

1998-01-13 Thread Scott Ellis 
On Tue, 13 Jan 1998, smorrill wrote:

 I have used Pgp for quite awhile with Win95, and thus have already made
 my secret key  id number, etc.  I would like to get pgp set up with
 Linux as I would like to move to using Debian exclusively.  Anybody out
 there familiar with this issue of how I would use my same 1028 bit key
 (created under Dos, MIT pgp...2.6.2) without having to revoke the
 existing key a create a new one?

Get the debian package of pgp from nonus.debian.org if you haven't
already.

Copy your secret and public key files to your linux machine

Backup any existing key files on your linux machine.

run pgp -ka on your secret key ring and your public key ring.

Enjoy :)

-- 
Scott K. Ellis [EMAIL PROTECTED] http://www.gate.net/~storm/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Debian Pgp question...

1998-01-13 Thread dg 
-BEGIN PGP SIGNED MESSAGE-

On Tue, 13 Jan 1998, Scott Ellis wrote:
 On Tue, 13 Jan 1998, smorrill wrote:
  I have used Pgp for quite awhile with Win95, and thus have already made
  my secret key  id number, etc.  I would like to get pgp set up with
  Linux as I would like to move to using Debian exclusively.  Anybody out
  there familiar with this issue of how I would use my same 1028 bit key
  (created under Dos, MIT pgp...2.6.2) without having to revoke the
  existing key a create a new one?
 Get the debian package of pgp from nonus.debian.org if you haven't
 already.
 Copy your secret and public key files to your linux machine
 Backup any existing key files on your linux machine.
 run pgp -ka on your secret key ring and your public key ring.

And if you have PGP 5.0 keys (the yellow ones) in your key file under
Win95. Remove these first by simple make backup copies of your key files,
remove the keys (even when they are only used to sign AFAIK) take these
file for Linux, and restore the original key file from you backup copies.

Enjoy ;-)

Daniel

- -
- - Daniel Gross [EMAIL PROTECTED] -
- - Ingolstadt, Germany  [EMAIL PROTECTED] -
- - If Win95 is the answer, it must have been a real foolish question ! -
- -

-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: noconv
Comment: Requires PGP version 2.6 or later.

iQEVAwUBNLu1sAnLrgqPNGtBAQEBnAf+Mu77I9A9q/1IOg/fA2tdZ7xdpJ9QISO1
88sn2/xXKI1LBGxIbM6W0Zkft0qiBujnjjT2brULj1Va+w6HxWcB+CBZfTQ91dLo
VG6Sx3o3czAlvFC/EYS3La3zALAuQb79swpwrCUMZo3/XSecb5CuP2jObMtjAl7Q
stFizHEBpbwU5QUkaS763bANoElKXxiLSjjgK7oTQVIuB3llpayRpgvLGpVpXYeU
OtKXnuvgQo1GQvxe1fX0zDOkB1SHYazvarpJX3e6d8fHqqMQm4eIByGgZuiJB+pb
DDFfqOs8d/fEBuh+FyMVGKmkmVILM0Y0QKr2jRkjGsAk7AfvZ3QTig==
=5adi
-END PGP SIGNATURE-


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Stupid PGP question

1996-12-21 Thread George Bonser 
Is there a US PGP .deb package anywhere? I will be darned if I can
locate it. I am probably staring right at the thing. I seemed to be
able to find pointers to the non-us PGP but where is the US version?

Thanks.

-- 
George Bonser
[EMAIL PROTECTED], [EMAIL PROTECTED]


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: Stupid PGP question

1996-12-21 Thread Rob Browning 
George Bonser [EMAIL PROTECTED] writes:

 Is there a US PGP .deb package anywhere? I will be darned if I can
 locate it. I am probably staring right at the thing. I seemed to be
 able to find pointers to the non-us PGP but where is the US version?

The US version is on the same site, outside the US, so no one has to
feed the lawyers over stupid US export laws.

See the relevant ftp README file at the top level of any debian mirror
site.

--
Rob


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]

Re: Stupid PGP question

1996-12-21 Thread George Bonser 

That raises the question of how the US version got on the non-US server :)
but thanks!



George Bonser
[EMAIL PROTECTED], [EMAIL PROTECTED]

On 21 Dec 1996, Rob Browning wrote:

 George Bonser [EMAIL PROTECTED] writes:
 
  Is there a US PGP .deb package anywhere? I will be darned if I can
  locate it. I am probably staring right at the thing. I seemed to be
  able to find pointers to the non-us PGP but where is the US version?
 
 The US version is on the same site, outside the US, so no one has to
 feed the lawyers over stupid US export laws.
 
 See the relevant ftp README file at the top level of any debian mirror
 site.
 
 --
 Rob
 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]