Re: Testing GPG EMail encryption

2012-05-23 Thread Steve 
Hey Robin,

I'll send you a testmail in a minute. I'm the guy from the GPGTools support 
discussion we had today.

Talk to you off-list.

If any of the GnuPG wizards like to chime in on the technical side on the bug 
tracker we're happy about any input.

Cheers,
steve


Am 22.05.2012 um 20:06 schrieb Robin Kipp:

 Hello all,
 well, as of today, I finally decided to start signing my EMail messages using 
 GPG to prove the integrety of my messages. As I am primarily using Mac OS, I 
 downloaded MacGPG (http://gpgtools.org), installed it and set it all up. As 
 I'm completely blind, I first had some issues with MacGPG, as it uses a 
 special window (called, I think, the PINEntry window) to ask for the 
 passphrase. Unfortunately, this window isn't accessible using VoiceOver, the 
 screenreader built into Mac OS. However, I was now able to come up with a 
 workaround and now it seems as if I can sign and encrypt messages without 
 much trouble. I've informed the MacGPG developers about the accessibility 
 issues in their software, and they seem very committed  to solving it in an 
 upcoming version. If anyone is interested, the related ticket can be found at 
 http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/94-pinentry-window-not-recognized-by-voiceover
 
 Now, I'd really like to test out EMail encryption so that I can verify this 
 works properly, but for that, of course, I need one other party also using 
 GPG. So, I was wondering, would it be possible for any of the GPG users on 
 here to contact me offlist so that we could try this out once? If anyone on 
 here would be willing to do that, I'd greatly appreciate that!
 Thanks for any help :-)
 Best regards,
 Robin.
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Steve 
 I don't know how much the demand is (or could be) but perhaps it would help 
 make more people use OpenPGP to have a round-robin email contact system. 
 Whoever is willing to help new users (like in this case) registers his email 
 address with the languages he's capable of communicating in. A new user could 
 send a mail to
 
 d...@newusers.gnupg.org
 e...@newusers.gnupg.org
 ...
 
 and the mail would be forwarded to one or two people. OpenPGP-Addons for 
 email 
 software (like Enigmail) could hint the user at this service.

Hi all,

I absolutely agree. At GPGTools we thought about an automatic testing system. 
Checking if the mail was encrypted and / or signed and then sending out the 
according reply.

As with so many things and I assume Werner and the Enigmail people know the 
problem, we never managed to get it done. I'm not sure if one system to rule 
them all is ideal. Since if a user of GPGTools sendss an unencrypted but signed 
mail we'd direct him at the according knowledge base article. If we'd use one 
mail address for GPTools / Enigmail / terminal users, it might be hard to 
provide the correct information to help users. So it might not be automatable 
thus create more work.

Currently we encourage the user to send a test mail and do all this manually.

All the best,
steve

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Werner Koch 
On Tue, 22 May 2012 21:28, steveb...@gulli.com said:

 If any of the GnuPG wizards like to chime in on the technical side on the bug 
 tracker we're happy about any input.

AFAIK a Mac specific PINentry is used and not the GTK+ or QT version.
Thus I can't help.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Some people say longer keys are silly. I think they should be supported by gpg.

2012-05-23 Thread da...@gbenet.com 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 22/05/12 19:40, Robert J. Hansen wrote:
 On 5/22/12 2:26 PM, Hauke Laging wrote:
 Given the frequency of this discussion and the amount of effort takes by the 
 participants: Wouldn't it make sense to make this a FAQ entry?
 
 I think so, yes.  The question is who's going to write it?  I suspect Werner 
 doesn't
 have the time.  If he wants, I would be happy to take a stab at writing it.
 
 
 ___ Gnupg-users mailing list 
 Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
A good idea Robert!

David


- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of 
the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of 
death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvKNjAAoJEOJpqm7flRExCLwH/RkpUwsTVZhXog8abFgosJqe
th4H1d3yejkbO1fxytyxwufQEZmzruz4SPpoWT2TcZ71SmznoSWXqWm5rQ53K1sD
WoRvGdutOiVRTghR1wS3bvsR+BcH2lUXQqvWqqiu0WYkEvKierEpR+rw+p5vrEsS
P2CQ8GqKDwNeipZn+7zcx5ZE2jykSk/Yzc47ptEv9PrKuIA4R7Gs8FqZ3Hbr4gCM
wWPz+YmjIlvl3YSncMOOWnMbFD2HqJhVB6kQN/9rGVUy3H09aqhbQSYFUwwns/tE
1AnrZ8VytiMJGUGt8il0KWZtTtHkqs1Rzn6nOrtHo2agxb0ELpECXDqFTnI1fLs=
=yP71
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Mika Suomalainen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

On 22.05.2012 21:06, Robin Kipp wrote:
 Hello all, well, as of today, I finally decided to start signing my
 EMail messages using GPG to prove the integrety of my messages. As
 I am primarily using Mac OS, I downloaded MacGPG
 (http://gpgtools.org), installed it and set it all up. As I'm
 completely blind, I first had some issues with MacGPG, as it uses a
 special window (called, I think, the PINEntry window) to ask for
 the passphrase. Unfortunately, this window isn't accessible using
 VoiceOver, the screenreader built into Mac OS. However, I was now 
 able to come up with a workaround and now it seems as if I can sign
 and encrypt messages without much trouble. I've informed the
 MacGPG developers about the accessibility issues in their software,
 and they seem very committed  to solving it in an upcoming version.
 If anyone is interested, the related ticket can be found at
 http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/94-pinentry-window-not-recognized-by-voiceover

  Now, I'd really like to test out EMail encryption so that I can
 verify this works properly, but for that, of course, I need one
 other party also using GPG. So, I was wondering, would it be
 possible for any of the GPG users on here to contact me offlist so
 that we could try this out once? If anyone on here would be willing
 to do that, I'd greatly appreciate that! Thanks for any help :-) 
 Best regards, Robin.

I cannot verify your signature, because you use PGP/MIME and this
mailing list uses mailing list software which somehow messes up with
headers and makes PGP/MIME signatures unverifiable.

You can test email encryption by emailing Adele.
pub   1024D/92AB3FF7 2002-03-06
uid  Adele (The friendly OpenPGP email robot)
adele...@gnupp.de
uid  Adele (Der freundliche E-Mail-Roboter)
ad...@gnupp.de
sub   1024g/62BDBFD4 2002-03-06




- -- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvK5LAAoJEE21PP6CpGconqIQAKwRD5G/NPh9Yqr9atTjVXEH
7X11ttimt2cmON8MExymAu+fPpEqejriSKqppazwaBTvtxhonBoJ528/3VkZzn98
ZYz7dujDBKp6ws203DD21sbO/3XMWOJqghqXvdiQSML8h5k6RLCOgfE7G1NIhra3
NhtJouaJ9zTyEObFseF3H/vpQPFFtm+drSbRMXSbD9OPeK+OLvWRvcTTWxmTc4tJ
adGhcvuj7C0tAXQ6yf6BquWv1S8AnepZnpQ4+hHmxalip2wLBKcBgM/vJFwEzR2Z
9nUO7d4XLpFCkIsalOFmylBPqunndF6amqHqkWOFj8meZ3j8xqFMbaLXsA2N7hrv
0apdHvt3UKoyEamHQb9QxOUe3qZ6Q2sAFcY3lLG15zXBuXcyfhW+/VtIKvAH7eAX
3fKycZXEQT7/MFH9xWgDxpa6tymdYtZqMcQBbtsokiSXtuK0rVb0XLJdhQYtBDsi
btPeI6CCLUTArYFDXUDnCEQlljIOwJq8/QKsIyGlim4N9tL/axJLzu04+GQbqRY5
YDZbg6T9zgGLfPN2T5A21NnqWufzdDYtwFg4iwyFLgyCiA/9sUt80ysUqUS5UCax
cx2JhMCC0X2lef/nyd4tDKrj2dCim2bdm5LLPaznEdyK39L0mq+GMbqgzOn6COVv
0jsRZ2b2c7Uuf2fD8xab
=5ilr
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Peter Lebbing 
On 23/05/12 11:19, Branko Majic wrote:
 As a curiosity, any ideas on what you would do to avoid use of this system
 for spam purposes? (although encrypted spam won't be of much use :)

A simple challenge-response system should suffice, I'd say. When a new user
mails to such an address, he receives a reply with a code that should again be
mailed back to indicate the user is a human and can respond to the challenge.

Bots could be adapted to defeat a lot of variations of this, but when it's a
special-purpose design, I don't think it would be worth their time. Otherwise,
use a captcha. I've never seen captcha's used in e-mail traffic, but it's easily
done.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Steve 
I think we had the PGP/MIME vs inline discussion already. 

@Robert: Would that qualify for a second entry in your FAQ with the pro/cons 
listed? I really would love to see some distilled output. The discussions on 
this list are very valuable and having the pro / con arguments in some sort of 
wiki / faq (maybe editable by the users) would imo bring benefit to users, 
trying to understand backgrounds.

@David let us know once you get the basic setup done. Would GitHub maybe be 
sufficient as a wiki? I am sure there are other nice solutions around, too.

Cheers,
steve



 
 I cannot verify your signature, because you use PGP/MIME and this
 mailing list uses mailing list software which somehow messes up with
 headers and makes PGP/MIME signatures unverifiable.
 
 You can test email encryption by emailing Adele.
 pub   1024D/92AB3FF7 2002-03-06
 uid  Adele (The friendly OpenPGP email robot)
 adele...@gnupp.de
 uid  Adele (Der freundliche E-Mail-Roboter)
 ad...@gnupp.de
 sub   1024g/62BDBFD4 2002-03-06


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class GtkSecureEntry doesn't implement property 'editing-canceled' from interface 'GtkCellEditable'

2012-05-23 Thread Daiki Ueno 
Werner Koch w...@gnupg.org writes:

 gpgsm: (pinentry:24664): GLib-GObject-CRITICAL **: Object class
 GtkSecureEntry doesn't implement property 'editing-canceled' from
 interface 'GtkCellEditable'

 This warning is due to a newer version of Gtk+ (2.20).  Pinentry uses a
 replacement of GTK+'s standard text entry widget which was written many
 years ago.  It should will be simple to add this property and explicitly
 return FALSE - this should silence the warning.

And it seems you already fixed it in the git repo some time ago:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=671a1a70

Is there any chance of new release? :-)

Regards,
-- 
Daiki Ueno

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

There may be more to security than password length, or even its complexity.

2012-05-23 Thread Jean-David Beyer 
http://2.bp.blogspot.com/-v15Nbl_zG7s/T6BFiQoGDEI/AHs/U5eU7O6MG3o/s1600/security-fail.jpg

-- 
  .~.  Jean-David Beyer  Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A Registered Machine   241939.
 /( )\ Shrewsbury, New Jerseyhttp://counter.li.org
 ^^-^^ 07:40:01 up 33 days, 1:17, 3 users, load average: 4.45, 4.52, 4.64

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 2:50 AM, Steve wrote:
 I absolutely agree. At GPGTools we thought about an automatic testing
 system. Checking if the mail was encrypted and / or signed and then
 sending out the according reply.

You may want to move this discussion over to the Enigmail list.  We have
a system set up that does much of this already, called Adele.  We'd be
happy to share.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: There may be more to security than password length, or even its complexity.

2012-05-23 Thread Hubert Kario 
On Wednesday 23 of May 2012 07:41:56 Jean-David Beyer wrote:
 http://2.bp.blogspot.com/-v15Nbl_zG7s/T6BFiQoGDEI/AHs/U5eU7O6MG3o/s1
 600/security-fail.jpg

How putting passwords to public WiFi on a wall undermines security?

If you depend on PSK WiFi for security then you've already failed...

Regards,
-- 
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Werner Koch 
On Wed, 23 May 2012 11:30, mika.henrik.mai...@hotmail.com said:

 I cannot verify your signature, because you use PGP/MIME and this
 mailing list uses mailing list software which somehow messes up with
 headers and makes PGP/MIME signatures unverifiable.

It is this old Mailman/Python illness.  I really wonder what the state
of the fixes is.  For years I ran a patched Mailman version but this
patch never made it into Mailman proper.  Along with the hard to use
standard archiver (pipermail), this is a major drawback of Mailman.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Werner Koch 
On Wed, 23 May 2012 15:24, r...@sixdemonbag.org said:

 You may want to move this discussion over to the Enigmail list.  We have
 a system set up that does much of this already, called Adele.  We'd be

Is that a different one than the Adele from Gnu_PP_, which is a closed
source web service?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Mika Suomalainen 
On 23.05.2012 12:56, Steve wrote:
 I think we had the PGP/MIME vs inline discussion already. 

I am using PGP/MIME in this email. Can you verify my signature on this
email? You can find link to my public key in my signature.

Now I stop answering to these PGP/MIME vs INLINE. I think that I have
said enough in http://mkaysi.github.com/PGP/WhyDoISignEmails.html .

-- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||
[This signature](https://gist.github.com/2643070) ||



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Mika Suomalainen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23.05.2012 16:24, Robert J. Hansen wrote:
 On 5/23/12 2:50 AM, Steve wrote:
 I absolutely agree. At GPGTools we thought about an automatic
 testing system. Checking if the mail was encrypted and / or
 signed and then sending out the according reply.
 
 You may want to move this discussion over to the Enigmail list.  We
 have a system set up that does much of this already, called Adele.
 We'd be happy to share.

Why to move it to Enigmail list? That email which you quoted doesn't
have mention Enigmail. As far as I know, GPGTools doesn't even include
Enigmail.


- -- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvQRgAAoJEE21PP6CpGcoabAQAMeDSGQLo3UbTOEwpi+efOHN
zIVq7iMofD/VdY/tFpAvHDOc/BvYk2+f8WLXIlapc7U9Xto17BcBFsohpN65TKe2
z1yd8yh8HNtS2QQT2SWhkuGrrfP9QjlH46VquOX3z03rovsqLp5rqmOyuH08RRxx
Gn29L9hYSAbDKdKKlO/k6HjRiJIg5xcH7jkkcqKvi7MNDocjfxzrbVVG2gA0vguG
AoRALiVyXtoc/wFuAFBE47PUhtUU1H3eH0pZx4T5J6x6Ec7bGiqz99NYgbiIzLjM
6kdeH4FDegHuRyRkSeupyJJJFVafKZSsJyHg/zX9BJ00dOVtYrez2gutp49Gl8Lg
MXf80BgfnC6bhp5zxfJUQt1sde9+2it2ed0+rSUqkOggsR3eY4xEPAZIgsHQ+99Y
3o/kMkeJXQDuCu8uyPDIH2jDziGFzAXWgEx9kkf4QlHwmMJeuJd87Y9IrFtR83VP
cusXrt2bEVK4VRQzIqb38Xk2NiUdsg6hJZOToXiuOTdZ9M0TXpstnxI9diiR8dyq
wQBWZTR4gaPa37jJiOHS6sg/MemxyLKhkhQaxbPkk6m5hmY1ki0YEbKN7Xj4fjhT
z4lRq5T3lZQStFEaebi+pCjojryCxFtmZF/wzIVYo4Ea1/xps6gZwCPxFihv42+m
8pAForfS47nU7asHT74/
=qf7k
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: The UK's cruelest cut

2012-05-23 Thread da...@gbenet.com 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



-  Original Message 
Subject: The UK's cruelest cut
Date: Wed, 23 May 2012 07:51:49 -0400
From: Emma Ruby-Sachs - Avaaz.org av...@avaaz.org
To: da...@gbenet.com da...@gbenet.com

Dear friends across the UK,

Each year, tens of thousands of girls in the UK are forced to have their 
genitals cut, often
with no anesthesia. But there has been never been a conviction for female 
genital mutilation
here -- even though in London alone, police have received 166 complaints in the 
last four
years! Now we have a chance to help.

Undercover reporters for the Sunday Times recently caught three medics on film 
offering to
mutilate young girls, massively scaling up the pressure on law enforcement to 
act. We can
use this moment to call on Home Secretary Theresa May for real accountability. 
She is in
charge of every police chief in England and Wales -- if she takes the issue up 
personally,
the entire police system could be shaken into action.

Avaaz member Ruth Burnett has created a petition calling on the Home Secretary 
to start
prosecuting people involved with these assaults and already more than 2000 
people have
signed! If we reach 20,000 signatures, Avaaz will deliver it directly to Home 
Secretary May
and the head of Metropolitan Police Force -- click below to sign and forward to 
everyone:

http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523

Female Genital Mutilation is a custom widespread in nearly 30 Middle Eastern 
and African
countries. But FGM has been illegal in the UK since 1985 and in 2003 the law 
was tightened
to stop girls being taken abroad for the operation -- on so-called “FGM 
holidays”.

Still, the practice is widespread here in the UK! When the undercover Sunday 
Times reporter
explained to Mohammed Sahib, an alternative medicine practitioner in East 
London that he
represented a Ghanaian couple who wanted to have their two daughters -- aged 10 
and 13 --
circumcised, he said “I can do it here,” confirming that he would both remove 
the clitoris
and sew up the vagina. “This is my work. I know what I’m doing. I’m going to do 
it. I will
tell you how [much] to pay [for one]: £750.”

Home Secretary Theresa May -- who oversees women’s issues for David Cameron, 
and who has the
power to hold police chiefs all across England and Wales accountable -- 
recently admitted
people would be “shocked” by the number of young girls in Britain subjected to 
FGM. Now we
can push her to take concrete action to end FGM in the UK -- click below to 
sign the
petition now and share with everyone:

http://www.avaaz.org/en/petition/Stop_female_genital_mutilation_in_the_UK/?cl=1821616703amp;v=14523

From Iran to Morocco to South Africa, our community has fought back attacks on 
women’s fundamental rights. In the world we all want, a woman would never be 
forced to suffer the horror, pain and trauma involved with FGM. Today, here in 
Britain, we have a chance to take a giant step closer to making that world a 
reality. Let’s stand with these women and eliminate this practice from our 
country.

With hope and determination,

Emma, Maria Paz, Ricken, Alex, Rewan, Emily and the whole Avaaz team

MORE INFORMATION:

Female genital mutilation 'offered by UK medics' (The Guardian)
http://www.guardian.co.uk/uk/2012/apr/22/female-genital-mutilation-uk-medics

Birmingham arrests over female genital mutilation (BBC)
http://www.bbc.co.uk/news/uk-england-birmingham-17955330

Cruel Cuts (Avaaz.org Daily Briefing)
https://en.avaaz.org/418/female-circumcision-scandal-uk

Genital mutilation in the UK, an investigation (Sunday Times, paywall):
http://www.thesundaytimes.co.uk/sto/comment/leaders/article1021882.ece

The Prevalence of Female Genital Mutilation in England and Wales (DoH study, 
2007):
http://www.forwarduk.org.uk/key-issues/fgm/research This message was sent to
da...@gbenet.com. To change your email address, language, or other information, 
contact us
here: http://www.avaaz.org/en/contact/?footer

Want to leave this list? Send a message to unsubscr...@avaaz.org, or click here:
https://secure.avaaz.org/act/?r=unsubamp;cl=1821616703amp;email=da...@gbenet.comamp;b=1831amp;v=14523amp;lang=enTo
contact Avaaz, please do not reply to this email. Instead, write to us via the 
form at
http://www.avaaz.org/en/contact. You can also call us at +1-888-922-8229 (US).




__


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvQRkAAoJEOJpqm7flRExb6gH/1XHIpojd63SuPpQ9lKQFniZ
XdOwhVpfZhN93jr1rGrAoWWfKaUEEmqOLUD9NC0+msXQyJ6SAud56/rtZy9f1zd5
nv8TtS7wsuCii+XQJ3wtO5e6p9nC4QSmWStlbXbsqL9+3PM75ZfIGl0sftqeGa7q
dv2/ZzMCaxiWL63dcN+m7OfddhL2qtvcNJ3pQ0K4rZ9JRqN8SYg1jMfNLJcsQ457
labiBK1GU6u6DcnVQCoJ+1LM0VPeRBbUtEbOcaB8rvODKRgQ5rTNpBh5YwJReh/N
ZhzjCqF/Xn5zKbYWQK/cwIBcmxb/C0Q5LM5Gcb+jxtXaL+8j8WpFWPan//7Acqg=
=31C1
-END PGP

Re: Testing GPG EMail encryption

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 11:29 AM, Werner Koch wrote:
 Is that a different one than the Adele from Gnu_PP_, which is a closed
 source web service?

I don't know.  We have the source and permission to use it -- my
impression is that it's Free Software, but it's been years since I've
taken a look at our Adele code and read the copyright notice.  John
Clizbe would probably have a better handle on its licensing situation
than I do.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Werner Koch 
On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said:
 On 23.05.2012 12:56, Steve wrote:
 I think we had the PGP/MIME vs inline discussion already. 

 I am using PGP/MIME in this email. Can you verify my signature on this
 email? You can find link to my public key in my signature.

Sure:

  [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika
  Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200
  using RSA]]


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Mika Suomalainen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23.05.2012 18:54, Werner Koch wrote:


Weird. All PGP/MIME signed emails here cannot be verified if they are
from mailing lists.

PS. I am on this list so you don't need to CC me unless your email
client forces it.

- -- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvQlZAAoJEE21PP6CpGcoz3sQALS5P9i3pRNmeWFzCebl7s19
RpXIjyk3/OFTkmn6I+O07T9zFx102ENxJZSt/A6JLRXYyuSKp/b02KPUA/Ce3mxC
wt/kVO8SwtTq1YjWBG0uDV5+zJ6ewzY7BEf8qMz7wwqg0QhI+Yfn8aq1U2twKyJ7
xIl0p+jA41ebGkMeF27dnKRsPhOqco1kgxD4/7j8uzdvAr9fhxCfARwzMyg6DW6r
smPAmheRPjBLa9kcWN4m4sydXLuMUBZBsSETUWh5o84pOZ9viDJE9apvEm8R7TnX
kR52UKWGOj2mbLzTjNx4G5m2K80cRh36UJovCvTY3EHzEeBWDYOqSVGXXcOiQngN
Lu9wZ6VjytuTVvjEWa9uh7E+9CVhSA5Vu48upGhLrm1rwrcBUF7wrWeYPWEwqH+9
Dya3d0uxZv0Vzuwxi0xWEIDo904r9sHOuv2/HcOPo1qZP4b9gSqJb18PCyHHJyEk
+/ina+4mIBD+JBiBU8pzhmgG+ViGBQqdbbtzjC1xp6L5RGSRzrIYAjdOrGwWso0J
56yRBQa0/LhcYRZ9mba+Ir+BJdl5dxx3ZMwMTgD8SrAmpNAiL6jnDvMcZ3TMcgY/
TbRbEXnS2FPXAXLLz2wdLAty6Sw3Ge2bU98IpdpWXsoeTb+hElmgycvXD/4BYviS
Hp4+9HHhKdoWJHyPcCV+
=hD3Y
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread da...@gbenet.com 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/05/12 16:38, Mika Suomalainen wrote:
 On 23.05.2012 16:24, Robert J. Hansen wrote:
 On 5/23/12 2:50 AM, Steve wrote:
 I absolutely agree. At GPGTools we thought about an automatic
 testing system. Checking if the mail was encrypted and / or
 signed and then sending out the according reply.
 
 You may want to move this discussion over to the Enigmail list.  We
 have a system set up that does much of this already, called Adele.
 We'd be happy to share.
 
 Why to move it to Enigmail list? That email which you quoted doesn't
 have mention Enigmail. As far as I know, GPGTools doesn't even include
 Enigmail.
 
 
 
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
Yup and I was on there list too - and effectively told to shove off when I 
pointed out
errors in enigmail - they don't like testing and error reporting - so kfuc em

David

- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of 
the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of 
death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvQlPAAoJEOJpqm7flREx71MH/AhKdugWlY764s7OaHv8EDbq
1NFHolY8ToJVBt7jTqaJCGykvmloaRwEgKjRLG4hZTvbLGQkaL3Jh7usCL9GG4FA
wNEVwF69YxPjWYPjChu59nPMEFISMa0zfhiktK74tOatQQCwVHKBh6VqWoKxvvtO
Dxd17EYf4LylqC8A1WLURShehh9JxC7axkMrwBlTK0h8QktFu4WnttLo43/O1A39
DMqmyaIcFnLorKVT7roEAcUIMfy1ie3Tir5L2Ct4fu/yFZ39yNXgxRh12IUCZky0
1AVlTqYw2DV3zKlMCcZ4lDXGnXMAaso8elwatv/z4zgLm0NkHyyf7q85hVx+sKg=
=bglt
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Mika Suomalainen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23.05.2012 18:54, Werner Koch wrote:
 On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said:
 On 23.05.2012 12:56, Steve wrote:
 I think we had the PGP/MIME vs inline discussion already.
 
 I am using PGP/MIME in this email. Can you verify my signature
 on this email? You can find link to my public key in my
 signature.
 
 Sure:
 
 [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika 
 Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200 
 using RSA]]
 
 
 Salam-Shalom,
 
 Werner
 

Weird. All PGP/MIME signed emails here cannot be verified if they are
from mailing lists.

PS. I am on this list so you don't need to CC me unless your email
client forces it.

- -- 
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvQlZAAoJEE21PP6CpGcoNvwP/jA1dwWm1pv2gghrl6t+IiGz
1t+WXjHzr732/cnvXsWIKeyHzAYQ1NrcArrET4LMzJXDeaaqDQLRVIezTm0hgo0Y
kE1En7Cti+Q1AVxM6Zj606q1ATKMvzPPTOnHk3ZF3b9e4Ipt2h4FKgkIt6jW4yeg
0hl0yDR2CudpPR81JjjzMvSaGqRQnoJKFRmrEdxH2wWXY/GP1HsPFPuSnFwb0mY4
VDAHqWLY+a7LrKJDI53hQTsQAGZtbRIslPKNBvnAICX3Zsao3V9SnRReqngIiSu5
YX3HJhKWTEzU2roZ4PPqeyPJW9j4a350HsFz7m8FT76S7L77e3Rd4nWcnP/qIYgQ
kEQTH/LZjkaVYPkbh2Sa94NXuDDUH/GryDFJLy3x4Gas5p7K9ZB1TJARm9plveeV
qJeHYRNsUexoktPY6idVyAV0mltoCgkwTYRwToz6HIxCMFSfhSSPFcbcVd0ovWDG
RtS7BVrRgDQrNb/yvTz4/7KFjeSD1KdCXSpe6qQqh7umtoxy+U/lUEEQzEFa6Jru
+b5tvL7syxlTOy/+Qk9y/0NXBCo3CiYQe5KJqkmtZn0CmOzcv6BeJeqW5E1ax7ju
8LOso5mQycghBwaQ1WcnGcioPJLuygiHWgCE93bHbPPj55NBAkudnLWSrx3gveJL
s+ZgGCp8YfZvQvtwdXEc
=eBwo
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread da...@gbenet.com 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/05/12 16:54, Werner Koch wrote:
 On Wed, 23 May 2012 17:35, mika.henrik.mai...@hotmail.com said:
 On 23.05.2012 12:56, Steve wrote:
 I think we had the PGP/MIME vs inline discussion already. 

 I am using PGP/MIME in this email. Can you verify my signature on this
 email? You can find link to my public key in my signature.
 
 Sure:
 
   [[PGP Signed Part:Good signature from 4DB53CFE82A46728 Mika
   Suomalainen (trust undefined) created at 2012-05-23T17:35:40+0200
   using RSA]]
 
 
 Salam-Shalom,
 
Werner
 
Hi Verner,

I've had your key for ages - so why not attach it?

David



- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of 
the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of 
death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvQ20AAoJEOJpqm7flRExbMkH/jOiHf9n76WrKXBmyWmp6cx4
ICXNF2ijkNrFmKE08v7E9zW9DpropD94mtIrtnuiLRMKKnwcMBxz7YnJNYNllOwr
Ef278lwE6cfWJ/KXSRvFrrigZbkywyw2pfXDME7mElFqIJg8uvvT5Akl581Y7TXj
4vzbcQ2B8EELQUsK9QyBiaVmL4+VLPSEvp4Pq9N0D9I+C0BDjlMX8k+4//TdBj+j
p8qfSBM1oIGTwXLOhCz9p/E0q8C6SH3//e6LYqu/mY0MxNNzxgKo7v8X3ECDnL0d
f40WO36cP1XSzZInkhnmjHS1sWkXv1iq4zXVxrini7jtwX1DuOWcVYLod4BDK/4=
=JXUz
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Draft of nine new FAQ questions

2012-05-23 Thread Robert J. Hansen 
I have a draft version of nine frequently asked questions ready for
community review:

http://keyservers.org/gnupgfaq.xhtml

Note that this draft is in nicely-typeset XHTML5.  This is to make it
easier to proofread.  The final version that I'm going to submit to
Werner will be in plain text, so please, no suggestions about fonts,
visual design, layout, or anything else like that.

Any and all feedback (save for visual design, layout, etc.) will be
gratefully accepted.  Thank you!


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 11:38 AM, Mika Suomalainen wrote:
 Why to move it to Enigmail list?

According to American legend, a journalist once asked the infamous bank
robber John Dillinger why he robbed banks for a living.  Because that's
where the money is, he said.

Why should a discussion about Adele move over to the Enigmail list?
Because Enigmail runs Adele, has the source code for it, and the people
who are responsible for it are all over there.  I'm not sure that all
the involved people are on this list.  A discussion about Adele that
involves all the Adele people should probably go over to Enigmail,
because that's where Adele and the Adele maintainers are.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread michael crane 

On Wed, May 23, 2012 5:18 pm, Robert J. Hansen wrote:
 I have a draft version of nine frequently asked questions ready for
 community review:

   http://keyservers.org/gnupgfaq.xhtml

for me the first should always be what is gnupg ?

regards

mick

-- 
keyID: 0x4BFEBB31



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Steve 
Hey David et all,

first: GPGTools Installer does indeed contain Enigmail and allows installation. 
Not sure if it has the latest version since Mozilla's crazy versioning means 
lots of maintenance and we couldn't find a way to automate including new 
Enigmail versions. Also not sure if it is smart to include it in the future. 
We'd have to find some smart mechanism to deal with updates.

David, which list are you referring to? GPGTools mailing list? If so, I'm not 
so sure what you write is correct. Can't recall anybody ever was told to shove 
off. We had the Inline vs. GPG/MIME discussion in the GPGTools Project and have 
made a decision for PGP/MIME since we believe that it is the future and is a 
documented standard. If mailing-list software has issues it is at the devs of 
that software to step up and continue development of their software. The fact 
that Werner even wrote a patch which seems to have been ignored is even more 
frustrating.

If Enigmail encounters problems with mails encrypted with GPGTools, we'll be 
happy to work things out with Patrick from the Enigmail team. And I know that 
the GPGTools project was in direct contact with him. So I don't really see the 
drama. Let's try to be constructive and solve problems. Not cause some where 
there aren't any.

And as always: feel free to write a patch. :)

3

steve


 Signierter PGP Teil
  Why to move it to Enigmail list? That email which you quoted doesn't
  have mention Enigmail. As far as I know, GPGTools doesn't even include
  Enigmail.
 
 Yup and I was on there list too - and effectively told to shove off when I 
 pointed out
 errors in enigmail - they don't like testing and error reporting - so kfuc em



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Brad Rogers 
On Wed, 23 May 2012 12:30:54 +0300
Mika Suomalainen mika.henrik.mai...@hotmail.com wrote:

Hello Mika,

 I cannot verify your signature, because you use PGP/MIME and this
 mailing list uses mailing list software which somehow messes up with
 headers and makes PGP/MIME signatures unverifiable.

Robin's sig verifies okay here.  As do most(1) of the sigs I come across
in any mailing list.  Most of the lists I subscribe to are run on
mailman. BTW.

Or have I missed your meaning?

(1) Occasionally one doesn't verify, but that's always been because of an
error introduced elsewhere, not by mailman.

-- 
 Regards  _
 / )   The blindingly obvious is
/ _)radnever immediately apparent
Life's short, don't make a mess of it
No Time To Be 21 - The Adverts


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption AKA PGP/MIME

2012-05-23 Thread Charly Avital 
Mika Suomalainen 4fbd03cb.1070...@hotmail.com May 23, 2012 12:38:40 PM
wrote:
 I am using PGP/MIME in this email. Can you verify my signature on this
 email? You can find link to my public key in my signature.

Good signature from Mika Suomalainen mika.henrik.mai...@hotmail.com
Key ID: 0x82A46728 / Signed on: 5/23/12 11:35 AM
Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728


Charly
Mac OS X 10.7.4 (11E52) MacBook Intel C2Duo 2GHz
MacGPG2-2.0.17-9 - Thunderbird 12.0.1 Enigmail 1.5a1pre (20120521-2224)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread Kevin Kammer 
On Wed, May 23, 2012 at 05:34:16PM +0100 Also sprach michael crane:
 
 for me the first should always be what is gnupg ?
 

I believe these nine new FAQ entries are to be added to the existing
entries to provide additional information regarding keysizes
specifically.  They are not comprehensive, and general discussion of
GnuPG and its purpose is covered in the existing FAQ.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread da...@gbenet.com 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/05/12 17:34, michael crane wrote:
 
 On Wed, May 23, 2012 5:18 pm, Robert J. Hansen wrote:
 I have a draft version of nine frequently asked questions ready for
 community review:

  http://keyservers.org/gnupgfaq.xhtml
 
 for me the first should always be what is gnupg ?
 
 regards
 
 mick
 
I too felt that there was something missing. This whole topic got kicked off by 
some one
questioning the strength - the security of keys. No other contribution from the 
original
poster has been made - may be he disappeared. Anyway I felt that there was 
something
missing - and that's a write of gpg 1.4.11 version 2's an add-on and only needs 
a few words.
Needs to  be more informative - authoritative and a  bit more on the maths :)

David


- -- 
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of 
the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of 
death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPvS+4AAoJEOJpqm7flRExmeEH/jndZrwunmnYQqvfxkdS16YH
GNJvRh7MmcAMSjBuB543aveRFjf+yl1tOcLrXVA3uO1/ktW6grHWrLJZ06W+U9Sv
h9CEHie+wGmNqs0qgBRYMp8cJvoPpJSO6P2EV4ZdmTORRs4ETI5B7CVKq7bnK3qL
MR4+QvlsomwokWJjSSFmPOcWA2+TxsyCj/I41Hz0bI8iNnmyDqkHFmPleiIiRUef
uKgJtezNg/SHHIYEUuu0QeBMlNwtFv1J4kuWteVxbCO70EN3lnSyWNIIQxuUQAJS
SsEzCaDo/M6dsHs44MdZiXWv4Wa8oIPUwD01zyO8o6IvQXI1X/IoQC1ySdzvVOc=
=GAGl
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Testing GPG EMail encryption

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 3:07 PM, da...@gbenet.com wrote:
 Now I have 3 Linux Laptops. I started testing Linux distros with gpg2
 - enigmail with Thunderbird - all 100 per cent Openpgp failed to
 initialise with pgp2 and in fact Openpgp always signed to my private
 key not my public key when  using percipient rules. Here is a list of
 main Linux distros which all fail to initialise pgp2:

As you were told on the Enigmail list, thousands of people have found
that GnuPG 2 works well with Enigmail on Linux.  I demonstrated this to
you by sending to the list a correctly-signed email written on an Ubuntu
12.04LTS system using GnuPG 2.

If you're having troubles getting Enigmail to work there are many people
who are willing to help you.  However, talking about how GnuPG 2 is
completely broken on Linux, and how Enigmail is clearly too buggy to
use, and everything else, is not exactly constructive.

GnuPG 2 works just fine for the overwhelming majority of Linux users.  I
don't know what your particular problem is, but it can likely be resolved.

 Be warned - any encryption done will be to your private key and not
 to your public key. Enigmail may fail to initialise (gpg2).

If it were encrypting to the private key, this would be a digital
signature.  That's what a digital signature is -- an encryption
operation using the private key.  I don't understand your complaint.  If
you're saying Enigmail will sign emails, well, yes, it's designed to
do that -- but I don't think that's what you're trying to say here.

 There is no compatibility in above Linux distros  with
 Enimail/Openpgp and gpg2 - you are best advised to stick with gpg
 (GnuPG) 1..4.11.

I have been using Enigmail with GnuPG 2.x for literally years, and over
that time I have had no trouble interoperating with people using other
Linux distros or even entirely different operating systems.  This is the
first time in all my years of using Enigmail that I have heard anyone
tell me that Enigmail's output is not interoperable with other systems.
 This is not to say that you're not having trouble with Enigmail -- far
from it! -- but claiming there is no compatibility is a fairly extreme
claim, and I'm going to need to see some supporting evidence.

 Now testing with a fellow Linux user revealed that if you have both
 gpg 1.4.11 and gpg2 installed you don't get any problems. So I can
 only conclude that gpg2 is an add-on widget to gpg 1.4.11 - gpg2 only
 recognises gpg 1.4.11 commands.

GnuPG 2 is not an add-on widget to GnuPG 1.4.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread David Shaw 
On May 23, 2012, at 12:18 PM, Robert J. Hansen wrote:

 I have a draft version of nine frequently asked questions ready for
 community review:
 
   http://keyservers.org/gnupgfaq.xhtml
 
 Note that this draft is in nicely-typeset XHTML5.  This is to make it
 easier to proofread.  The final version that I'm going to submit to
 Werner will be in plain text, so please, no suggestions about fonts,
 visual design, layout, or anything else like that.
 
 Any and all feedback (save for visual design, layout, etc.) will be
 gratefully accepted.  Thank you!

Very nice work.

I have just three minor notes:

#1 explains why we default to 2048-bit keys, but not why RSA.  What NIST stated 
about key strength is true for any 2048-bit OpenPGP key (DSA or RSA).  The 
reason why we switched to RSA in 2009 was mainly for reasons of being able to 
use a larger primary key.  DSA was inherently capped at 1024 bits (and a 
160-bit hash), and while DSA2 existed (so we could theoretically have used a 
2048-bit DSA key instead of RSA), it was not nearly as widely implemented 
across the OpenPGP user base as RSA was.

The answer you have for #4 is not exactly wrong, but it is not complete.  GnuPG 
doesn't support 4096-bit keys just because PGP (the product) does.  It also 
supports a range of key sizes because OpenPGP (the standard) does.  And it also 
supports a range of key sizes because people want/need them (local policy for 
key length, for example, as you note in the answer to #3).  GnuPG is a powerful 
and flexible tool, and that includes the power and flexibility to do things 
that are not necessarily recommended by the GnuPG developers.

For #10, it might be worth mentioning something about the use of different hash 
lengths (q) for the different DSA sizes.  The two sort of go hand in hand.  Or 
for that matter, perhaps a question #11 How come my signatures from my 
2048-bit DSA key use a different hash than those from my 1024-bit DSA key? 
would be interesting.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: There may be more to security than password length, or even its complexity.

2012-05-23 Thread Mustrum 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Http://xkcd.com/538

:-)
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8

iQI7BAEBCgAlBQJPvPDuHhxNdXN0cnVtIDxNdXN0cnVtQE11c3RydW0ubmV0PgAK
CRBMuv2GX9WDnv71EADJYr8hgWu/5yGnKgrYHhE/w+uxieCAAtIlZDvXxHKKVFGC
MC1xVgeYeksvM8fNL4RPMCs5ttsi1uA0OUax6jGxUg7WrGYBjcPhie5tiMfcIUjS
nixGxsLu05PWlC/kH4vYF1dlRM2hVucokLck4MoCP/JqXsCMMmV0saw55sXl6bqq
X2prtZegMXNGZ3ZlsOalvV2kPhKorbtvMqKW4p/M+de59eQC7bvV/boyL8HxzHR0
rCYf6e1vDqtoVaE0l0nDipbi7erKHNbcc62/g+WsvXleY0OEY4Uf9QBMgdyt+h/y
d8LuYO7Hai4z5TA+FRrouP+ENiFyw2u8ddUl1IfiF3+OIh/z41tEQoWTM9fU0LC6
tjYIbodcLS/Vj4dTCKk8ppsj41EIW1AFEqnKXTpJppBroUeqs12WTCUQEv3V5PRu
Js4xUyL4T2Qt5m/F06cgPLu2zcOSZ/60D0UvdqF5/dhZHxkK9/c9XnE5m7Xu/X3r
9JXmrrIMBP4p+dfRbrwrpiqLmdtDjPKzzO86Bta8UIBjxFD47nWEjstKwELk0R1w
hnVSCUYQwdjTSdtL4eSXW+m+LlAOTVzsTevICODpomXuthLJ2/fQVwbbQCrEMSbb
LaGFc67sNDk7CgIav8AZksBSJm8RToxchbF9MF8SBq19iBTft5ehPuiYJMkWkg==
=fvwJ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 4:12 PM, David Shaw wrote:
 #1 explains why we default to 2048-bit keys, but not why RSA.

Fixed, thank you.

 The answer you have for #4 is not exactly wrong, but it is not
 complete.  GnuPG doesn't support 4096-bit keys just because PGP (the
 product) does.  It also supports a range of key sizes because OpenPGP
 (the standard) does.

I don't want to seem argumentative (especially because I haven't looked
at the RFC lately), but I was under the impression the RFC was mostly
silent on the subject of algorithms and key sizes -- DSA being a MUST
algorithm, but little guidance beyond that.  Am I in error?

(That said, the text has been fixed: thank you.)

 For #10, it might be worth mentioning something about the use of
 different hash lengths (q) for the different DSA sizes.  The two sort
 of go hand in hand.  Or for that matter, perhaps a question #11 How
 come my signatures from my 2048-bit DSA key use a different hash than
 those from my 1024-bit DSA key? would be interesting.

Added.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread David Shaw 
On May 23, 2012, at 4:45 PM, Robert J. Hansen wrote:

 I don't want to seem argumentative (especially because I haven't looked
 at the RFC lately), but I was under the impression the RFC was mostly
 silent on the subject of algorithms and key sizes -- DSA being a MUST
 algorithm, but little guidance beyond that.  Am I in error?

The fact that RSA can have different key sizes is clearly stated, since you 
need that information to interoperate, and that's what I was referring to.  I 
don't mean to say that one of the several reasons GnuPG supports 4096-bit keys 
is because the OpenPGP spec says they are better.  I mean to say that one of 
the several reasons GnuPG supports 4096-bit keys is because the OpenPGP spec 
says they *exist* (there is some implementation art here - we don't support 
8192-bit keys even though they obviously exist as well).

The way you stated it in the revised FAQ covers this very well.

The standard is indeed mostly silent on the topic on why you would *want* to 
pick a particular key size over a different key size.  That is appropriate for 
a message format document - it's not really taking sides.  Pretty much all it 
says is to be careful and notes that 4096 was the common limit at publication 
time:

 * OpenPGP does not put limits on the size of public keys.  However,
   larger keys are not necessarily better keys.  Larger keys take
   more computation time to use, and this can quickly become
   impractical.  Different OpenPGP implementations may also use
   different upper bounds for public key sizes, and so care should
   be taken when choosing sizes to maintain interoperability.  As of
   2007 most implementations have an upper bound of 4096 bits.

 For #10, it might be worth mentioning something about the use of
 different hash lengths (q) for the different DSA sizes.  The two sort
 of go hand in hand.  Or for that matter, perhaps a question #11 How
 come my signatures from my 2048-bit DSA key use a different hash than
 those from my 1024-bit DSA key? would be interesting.
 
 Added.

Excellent.  One note on the new text - it states that 2048-bit DSA keys use a 
224-bit hash.  In fact, a 2048-bit DSA key can use either 224 or 256-bit 
hashes.  GnuPG uses 256 here (but will of course accept a 224 generated 
elsewhere), so we're either using 160 or 256 unless someone forces 224 by 
picking an odd DSA key size like 1536.

David


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread Hauke Laging 
Am Mi 23.05.2012, 12:18:49 schrieb Robert J. Hansen:
 I have a draft version of nine frequently asked questions ready for
 community review:
 
   http://keyservers.org/gnupgfaq.xhtml

The reason I suggested a FAQ addition is not covered :-)  At least not by the 
headlines. There should be a paragraph Why does GnuPG not support more than 
4096 bits?.

@ Why does GnuPG use 2048-bit RSA by default?:
Does the g10 smartcard not count as a reason for RSA default?

@ Has GnuPG ever been successfully attacked?
That sounds like there has never been a security problem. El-Gamal signatures, 
anyone? Furthermore:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814

signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Draft of nine new FAQ questions

2012-05-23 Thread reynt0 

On Wed, 23 May 2012, Robert J. Hansen wrote:
 . . .

I have a draft version of nine frequently asked questions ready for
community review:
http://keyservers.org/gnupgfaq.xhtml

Any and all feedback (save for visual design, layout, etc.) will be
gratefully accepted.  Thank you!



Here FWIW are some kindof stylistic suggestions, following
some standard types of phrasings I have found useful to
minimize confusion when communicating with people from
varied or unknown linguistic backgrounds.  Changes are
identified by *** foo ***.

Interestingly, good rather than loose grammar often seems
to be more understandable by people who learned English in
non-USA schools, since they often learned by a book which
taught by grammar.  (Cf eg my ***ever to be*** below.)
Also, just to mention, best to avoid smart apostrophes/quotes
in the final version, naturally, right?  And maybe most
contractions.


---re #1:  Why does GnuPG use 2048-bit RSA by default?
***This question can be separated into two questions:  Why ... by 
default?; and Why ... by default?***
This is actually two separate questions in one: why does GnuPG use 
2048-bit keys by default, and why does GnuPG use the RSA algorithm by 
default?


***The answer to the first question is that GnuPG  NIST's current 
position (as of May 2012) is that software providing 112***
With respect to the first question, GnuPG uses 2048-bit keys in order to 
comply with the current (as of Spring 2012) recommendations of the United

 . . .
***The answer to the second question is that GPS uses RSA rather
than DSA mostly***
With respect to the second question, GnuPG uses RSA over DSA mostly
 . . .


---re #3:  Why doesn't GnuPG default to 4096-bit RSA?
 . . .
***If a 2048-bit key were ever to be ... to advocate that RSA be  
Against what we assume would take a breakthrough of great significance, 
[magnitude is a size word, might confuse someone roughing out a 
translation about key size]***
If a 2048-bit key were to ever be successfully attacked, that would be 
enough to advocate RSA be abandoned completely. Against a breakthrough of 
that magnitude another few thousand bits of key would likely make no 
difference.

 . . .
the shift to 3072-bit keys gives little additional resistance, and 
4096-bit keys ***give*** an even smaller addition


***GnuPG is not for only desktop or laptop computers.***
GnuPG is not just for desktops. It has been successfully ported
 . . .

2048-bit RSA is believed safe until 2030, which exceeds the
needs of most GnuPG users. If for some reason a longer duration
is needed***,*** a 4096-bit key may certainly be generated and
used,  ***.  But***but the defaults are meant to be appropriate
for the majority of users ***and*** not for specialized or
niche security needs.


---re #5:  Is RSA-2048 really enough?

***start 2nd sentence : And other organizations to whom encryption
is important (such as RSA...***  [The world changes, and maybe
an explicit endorsement might not be so appropriate tomorrow,
but embarassing or similar to change then.  Just mentioning them
is an implicit endorsement, IMHO of course]
According to NIST, yes. Further, other well-respected organizations (such 
as RSA Security) have publicly supported NIST's recommendations.


 . . .
key recommendations have been superseded by those in Practical 
Cryptography, which, to repeat, says ***replace says with

estimates*** RSA-2048 will be sufficient until the mid-2020s.


---re #6:  Can any of the ciphers in GnuPG be brute-forced?
 . . .
***In terms of current scientific understandings, the symmetric
ciphers used in GnuPG are utterly***
The symmetric ciphers used in GnuPG are utterly immune to
brute forcing.  The Second Law of Thermodynamics places strict
 . . .


--re #7:  Has GnuPG ever been successfully attacked?

We are unaware of any successful cryptanalytic attacks against
GnuPG. However, it is still susceptible to non-cryptanalytic
attacks such as malware, unauthorized physical access,
***social engineering attacks,*** and other such things.


---re #8:  Should I use PGP/MIME or inline OpenPGP for my emails?

Unfortunately, there is no clear answer.

***move for instance from the end to the start of the 2nd
sentence***
PGP/MIME has some distinct advantages over inline email. It
handles attachments automatically, for instance. It also separates
the signature from the document, which many people prefer over
 . . .

***Mail servers further confound things.  As a general tactic
against malware, any mail servers will strip off, alter, ...
{and delete as an anti-malware measure from end of sentence]***
Mail servers further confound things. Many mail servers will
strip off, alter, or quarantine attachments as an anti-malware
measure. This has the effect of breaking PGP/MIME.

For many years GNU Mailman mailing-list software mangled PGP/MIME 
attachments in ways that broke signatures. These ***replace

these with Some*** old Mailman installations ***like that***
still exist today.

Re: Draft of nine new FAQ questions

2012-05-23 Thread Robert J. Hansen 
On 5/23/12 6:50 PM, reynt0 wrote:
 Also, just to mention, best to avoid smart apostrophes/quotes
 in the final version, naturally, right? 

Not a whelk’s chance in a supernova.  Those aren’t smart quotes, they’re
perfectly valid UTF-8 typographic marks.

Straight quotes and 'straight apostrophes' are artifacts of the
typewriter era, where there was simply not enough space on the keyboard
to provide proper typographic marks.  If you read a book, you’ll
discover they pay attention to things like ligatures, kerning, proper
typographic marks, and all manner of other things.  Centuries of use
have shown that these marks make text easier to read.

The final version that gets submitted to Werner will by necessity be
plain text, and that will probably get downshifted into dumb typewriter
markings.  But so long as I’m going blind on it, reading those rows of
text again and again and again, I’m going to pay attention to the
typography.

I encourage anyone who’s writing web pages to abjure dumb typewriter
markings.  In the UTF-8 era, there’s absolutely no reason why any of us
should have to put up with them.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: There may be more to security than password length, or even its complexity.

2012-05-23 Thread Jean-David Beyer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mustrum wrote:
 Http://xkcd.com/538
 
 :-)

I like that. It may be my passphrase is too long. I want it easier for
the black hats to crack my stuff than for them to torture my passphrase
out of me.

I recently tested a (retired) password to my computer out on a couple of
web sites that told my how hard it would be to crack it. One of them
said more than 10 million years. I guess that one is good enough, though
my current ones have two more characters. Maybe I should shorten them.



- --
  .~.  Jean-David Beyer  Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A Registered Machine   241939.
 /( )\ Shrewsbury, New Jerseyhttp://counter.li.org
 ^^-^^ 20:45:01 up 33 days, 14:22, 3 users, load average: 4.61, 4.57, 4.54
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/

iD8DBQFPvYVKPtu2XpovyZoRAhhLAKDBF0JRi2IErOHUIeIWiRh/f1e6/wCfSehd
4VK5VllC9uXNHKz33TSlowc=
=82DQ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users