Re: Quieten gpg-agent output?
On Thu, 15 Dec 2011 18:47, li...@chrispoole.com said: > Is there a better way to get rid of these "errors"? Yes, use gpg2. Using gpg and gpg-agent is just a kludge. gpg2 requires gpg-agent and thus we don't need those messages there anymore. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Bad Signatures when using check-sigs
When executing gpg --check-sigs, there are reports of "bad signatures." What makes a signature "bad"? For example, on a key I signed that has several UIDs, one of my signatures on one UID is reported as bad, but the rest are fine. I looked in the docs, but didn't find anything... hope I'm not missing something obvious. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
keyserver spam
I understand that once you've uploaded something to the keyservers, it can't be removed. Eg, if I sign someone elses key and upload that, it will be attached to their key permanently? What if someone were to generate say, 10,000 keypairs with "offensive" uid names, and then sign my key with each of them, and then upload that to the keyservers? Is there anything to stop that? Is there anything to stop a spammer generating a key with their URL in the uid name and then signing every key they can find and uploading that to the keyservers? Has anything like this happened before? -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyserver spam
On 12/16/2011 10:51 AM, gn...@lists.grepular.com wrote: > I understand that once you've uploaded something to the keyservers, it > can't be removed. Eg, if I sign someone elses key and upload that, it > will be attached to their key permanently? yes, this is correct. :( > What if someone were to generate say, 10,000 keypairs with "offensive" > uid names, and then sign my key with each of them, and then upload that > to the keyservers? Is there anything to stop that? nope. flooding like this is currently possible. :( > Is there anything to > stop a spammer generating a key with their URL in the uid name and then > signing every key they can find and uploading that to the keyservers? nope, this is also possible. :( > Has anything like this happened before? well, there's the JBARSE key, which i vaguely recall having been created in a joking way to threaten character assassination, but i can't find any keys that it has actually signed, nor any documentation to explain why i have this recollection, so please take with a grain of salt. --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyserver spam
On Dec 16, 2011, at 10:51 AM, gn...@lists.grepular.com wrote: > I understand that once you've uploaded something to the keyservers, it > can't be removed. Eg, if I sign someone elses key and upload that, it > will be attached to their key permanently? Essentially, yes. Things are theoretically removable, but it takes carefully-timed manual editing on the part of all the keyserver operators to expunge something (or the bad data will just come back). The system is just not designed for that. > What if someone were to generate say, 10,000 keypairs with "offensive" > uid names, and then sign my key with each of them, and then upload that > to the keyservers? Is there anything to stop that? Nope. > Is there anything to > stop a spammer generating a key with their URL in the uid name and then > signing every key they can find and uploading that to the keyservers? Nope. > Has anything like this happened before? Yes, but only in a few smallish cases. As far as I recall, nobody has ever done multiple thousands of keys. I'd be more worried about photo IDs on keys. Imagine what could be done with someone using the keyserver network to distribute illegal photos. To be sure, if the point is photo distribution, there are more efficient ways to go about it, but if your goal is to hurt the keyserver network… David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyserver spam
On 16-12-2011 16:51, gn...@lists.grepular.com wrote: > I understand that once you've uploaded something to the keyservers, it > can't be removed. Eg, if I sign someone elses key and upload that, it > will be attached to their key permanently? Yes. Of course, you can remove it locally. > What if someone were to generate say, 10,000 keypairs with "offensive" > uid names, and then sign my key with each of them, and then upload that > to the keyservers? Then you might have a problem. > Is there anything to stop that? Not really. > Has anything like this happened before? The only thing that comes close is the keyserver at (I believe) pgp.com, who issues a new signature every few months clogging your key with expired signatures. -- Met vriendelijke groet, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: keyserver spam
What if keyservers were to limit the amount of keys generated or uploaded to a 'reasonable' amount which no 'real' user would exceed? (i.e. 10/day, or some other number discussed and agreed upon by the various keyservers?) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keyserver spam
On 2011-12-16 20:07, ved...@nym.hush.com wrote: > What if keyservers were to limit the amount of keys generated or > uploaded to a 'reasonable' amount which no 'real' user would > exceed? > > (i.e. 10/day, or some other number discussed and agreed upon by the > various keyservers?) What problem are we solving? Keyserver spam isn't an issue yet. We don't know if it will ever be. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
