Re: on running C-Z/SUV without a group manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 24-08-2012 8:42, peter.segm...@wronghead.com escribió: ... Yes and no. If the group manager configures the software,... This group's view is now that a single point of failure (such as a group manager - who probably either does (or easily can, if she so desires) know (or guess) the identity of ~all~ of the group members is to be avoided if at all possible. I'm suggesting (to them and to you) that it is indeed possible to construct both a piece of software - which is what we are discussing here - and the security protocols that would enable 100% peer-to-peer MO. Uh... well, that brings in another problem: how does Allice get Bob's key or symmetrical password to encrypt the messages? Currently I don't even imagine what are the expected use cases software must allow. Since she is already going to use security software on unsecured computers, I don't know how much confidence she should have on it, ... Please allow me to make this important point (again!): *these are not unsecured computers*. These are, without a trace of doubt, more secure computers than a typical Internet-connected MS Windows computer, and (oddly!) I don't ever remember on gpg user list any warning about using gpg on those. These are simply computers on which, for various reasons, no permanently installed software exists. Maybe I misunderstood the description of those on the road computers. It may have been my fault, but I got the idea they would be computers like you can find on coffees, or maybe libraries. If the don't have permanently installed software (not even operating system), then it is very likely they won't have malware on them. Unless Mallory suspect Allice might use one of these computers, it is unlikely she would install malware on the bios, or to use hardware devices to tamper the computer. ...Nobody can prove there is a hidden partition, but you can't prove you don't have one, so beware of bamboo needles. Just for the record: nobody in this group is in any danger of being tortured (or worse). Nobody is likely to be even mistreated for the mere possession of some USB stick with unreadable content - as long as Then, Truecrypt, if Allice can get admin rights on the computers she use. But only IF she is sure to don't be mistreated for the possession of an unreadable USB stick. ... other hand, when her connection to the C-Z/SUV is established (or possibly just suspected) by her employer, Alice will very likely end up unloading grocery trucks at her local supermarket for the next Then Allice must evaluate if the possession of an encrypted USB stick can make her employer to suspect she is involved with something he doesn't approve. Remember: - - Encryption: Eve knows you have something there, but can't read it. - - Steganography: Eve doesn't know you have something there, but she might be able to find it if she looks very carefully. And if she finds it, she can read it (unless you combine steganography with encryption. But then you lose the benefits of steganography and you not only have encrypted messages, you are also trying to hide the fact you have encrypted messages...). Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBCAAGBQJQPGGXAAoJEMV4f6PvczxAI6kH/jgADjDoC/5ko3cj1G0+II29 DO5jzaO8OL2hVGAja4kfFivW3zVoZxh4TEmifOm159vw5fYTRPo5uqEBnTlwXiKi v4KrwVRysW4isFQ4Q6LjqLhwIkngHyVRDEzgl53jKqO1PG3W5ujE26MY9L7+Q7C6 m/lo07Zw+gSEmFI1MCtYy+nhdxr0Jf5qerBve84+kQgtFmB7a6phz9IZTDLtsQsP MDa95nyMZ18BcSF+DFsoxpDCaUWfzVm9VH7echO7fpaG6bFW3mGN/PsFPyNk/1Ow gh1Clo2yVpGqUYabcLt+wPdJGiFGHyLdFRhVoa1Ysxeb782xct3R3IWyakWAHQI= =y35l -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
Juicy one faramir.. What would happen if you start reading your daughter's diary everyday, but never let anybody catch you reading it? #Daddy may say that he is being a good father by keeping an eye on his kids, for her... happiness and safety of course. He knows best. (replace the father with government, and its funny how the metaphor still stands) And you are careful to don't talk about what you've read, or take actions that could hint you have read the diary. # A good Daddy is discreet. :-) Your daughter will never know you read it. # why would she need to know that? Daddy knows best! What happens with her right to privacy? # right? She is a child! She has no rights. You are her father! She is still exercising it, she writes on her diary everyday. # she can exercise her right to read, and Daddy can exercise his right to read :-) The same thing applies to email messages, we expect only the intended recipient will read it, we send them everyday. # And yet, I expected to win a million dollars for being the millionth visitor to a site, damn it! I hear facebook email is really good ^^ don't know if we have privacy or not, until something we sent is published somewhere AND goes viral. #or some nice men want to have a little chat with you, and they will give you a free ride, free jewelry, AND you get your own bed, and the chance to make many new friends who all are really friendly too! But since we are not celebrities, it is unlikely what we write will go viral, even if we send nude pictures, it is unlikely we will ever know someone already saw them. And by sending more and more email messages, we won't make that change. # well... if the sender is a reasonably attractive woman, I could definately make the case for prolonging the investigation (and detaining daddy) to see where things will lead with mommy. I hear she is thinking of divorce after Daddy was blessed with free bracelets against his will.. So, in order to enforce our right to privacy, we use a tool to make it really hard to break our right to privacy (a subpoena is very likely to make us disclosure our messages, if we don't have anything to hide). # Daddy is dissapointed in you. Wait till he gets home. That tool is encryption, and it doesn't only enforce our privacy right, it also make us aware about people trying to take away that right from us, because the one trying to take away that right, first would have to take away our right to use encryption, or force us to install some backdoor on it. # But surely you can trust your *Father* no? Who can you trust if you dont trust him? Daddy is only trying to love you, and protect you! You can tell him anything, it is safe with him! signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Gnupg-users Digest, Vol 107, Issue 24
On 2012-08-28 08:52, gnupg-users-requ...@gnupg.org wrote: Message: 3 Date: Mon, 27 Aug 2012 21:48:54 -0700 From: mercuryris...@hush.ai To: gnupg-users@gnupg.org Subject: Can IPAD or Android Tablets create Keys and use gnupg Message-ID: 20120828044854.d505010e...@smtp.hushmail.com Content-Type: text/plain; charset=utf-8 Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? For Android the OpenPGP app APG is available. http://thialfihar.org/projects/apg/ Of course, I am certain people on this list may have opinions regarding the wisdom of using it. ;-) The source code is available at https://github.com/thialfihar/apg/tree/master/src/org/thialfihar/android/apg Then again, I must confess I only keep public keys and no private ones on the app. I find it pretty convenient to be able to encrypt notes or files while on the move/road/run, especially if I need to store them temporarily at a cloud service. Also, my default mail client on Android is K-9 which integrates pretty nicely with the APG, so I can send messages to those friends that are actually using GPG/OpenPGP. (All two of them). BR Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 28/08/12 08:57, No such Client wrote: # A good Daddy is discreet. :-) (Etcetera...) Please take your smut elsewhere. I'm sure you know people who will laugh; tell it to them. Not here. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
Sorry, forgot to change the subject line. Running digestive mode for a bit here. BR Sin T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[admin] Re: what is killing PKI?
Hi, please take some time to quote messages in a way which allows to read them quickly. Your current style is very hard to parse. In particular: - Strip quotes to a few lines. Quoteshall only provide context but not repeat everything. - Put an empty lines before your reply. - Put an empty lines after your reply. - Do not use a '#' or indentation to mark your reply. Thanks, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
On Mon, 27 Aug 2012 23:57, pa...@cs.hmc.edu said: You can add or delete the names and emails associated with a key using gpg --edit-key and the adduid and deluid commands, respectively. You may use deluid only if you never published your public key. The better choice is revuid. Thus if you have a new mail address, you use gpg --edit-key YOURKEYID addkey # Now follow the prompts # If you don't need the old mail address anymore, you may use uid N revuid # Where N is the number of the UID. The command will mark it in the # list. REVUID then creates a revocation for the user id. # Finally save your changes # save and then send your key back to the keyservers (gpg --send-key YOURKEYID) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
On 28/08/12 10:37, Werner Koch wrote: gpg --edit-key YOURKEYID addkey # Now follow the prompts Surely, Werner meant adduid which adds a new e-mail address, and not addkey which adds a new subkey. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing eMails doesn't work anymore
On Mon, 27 Aug 2012 22:57, ricu...@gmail.com said: #gpg --sign setup_my_system.sh gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18 The error is: $ gpg-error 6.18 100663314 = (6, 18) = [...] = (SCD, Wrong secret key used) The scdaemon would have printed this to its log file: fingerprint on card does not match requested one please run the sign command again using the option -v to see what key is being used. Also try: gpg --sign -u 'E8401492!' -v setup_my_system.sh to force using the first key on your card. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
That tool is encryption, and it doesn't only enforce our privacy right, it also make us aware about people trying to take away that right from us, because the one trying to take away that right, first would have to take away our right to use encryption, or force us to install some backdoor on it. Actually they dont need to force you to install a backdoor, they trick you into installing a back door unknowingly. So you are unaware that all your encrypted email is being decrypted by them. e.g. by having two MS code signing keys, one owned by MS the other by the NSA. There are many such exploits available to governments (Flame, Duqu and more fun from the Olympic Games come to mind) regards David Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBCAAGBQJQPFhCAAoJEMV4f6PvczxABXwH/A1wzMGPZmhXqjSgQMXidCcZ 6ajIMlxq3GDwf2l1eivMAMOsdsDTqK1PkVOur14G5iIzGNZuM6yko8ClQLu3bz5+ 7fgC4krm/X7FyAMxiHKNYVzuTpqgAaWfLgsozZEDK0duDkIGSVFDmfRd2oV+wSmU 8J2C+95wI4cmi2Z0ilKKIu3ukVzaJAn5sQfZWcFfDiojVc3A0ZZLTbHQR1YjlQ7N WBYw7jANqS5nk2pCbv/26RAv4Dbgsrs1OqxUjxu9cXo4jSqBdUFTC/j1VyKLiyhd 79EdSY7qQC8EECew1cNsW2TgMBuPTgGNmqp9dbQYL6GPPP7c4b5aFs30r3Tte6U= =w38t -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Tue, 28 Aug 2012 12:29, d.w.chadw...@kent.ac.uk said: e.g. by having two MS code signing keys, one owned by MS the other by the NSA. Or more realistic, one issued by the government of Freedonia or Sylvania (insert your favorite country here - enough of them are accepted as root CAs). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
symmetric vs. asymmetric in group use
On 28/08/12 01:54, No such Client - nosuchcli...@gmail.com wrote: If you are restricting heavily the people you share your public key with, why not simply use a symmetric algorithm, forgetting public key cryptography completely? Uhh. because the benefit of pubkey encryption is still there, minus the risk of having pubkeys there forever permanently. As a note of some possible interest, members of (obviously hypothetical) C-Z/SUV (cf. the GPG simplified thread that this one appears to be an offshoot of) have considered using symmetric crypto. The most important argument was that by the same out-of-channel method used to verify correspondent's public key, a two-correspondents specific symmetric key could be exchanged, and that the public key system implementations are much more complex and therefore fragile, and cryptographically, public has three critical crypto algorithms (or components) that must not break: RNG, asymmetric and symmetric cipher, while the symmetric has only one: symmetric cipher. However (since for obvious reasons a single, group-wide key is out of the question) there would be only ~2*n~ keys to manage for public, and (n**2 - n) for symmetric. Peter M. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: symmetric vs. asymmetric in group use
On 28/08/12 08:37, peter.segm...@wronghead.com wrote: break: RNG, asymmetric and symmetric cipher, while the symmetric has only one: symmetric cipher. When using OpenPGP, add RNG back to the list: the passphrase is only used to encrypt the randomly generated session key that encrypts the data. And in all cases, add some form of resisting tampering, i.e., a hash. Furthermore, if you're going to reject hybrid crypto as used in OpenPGP as too fragile, you might be better off migrating to a different planet :). Apparently you have such capable adversaries in your threat model that living on our planet might be a tad too dangerous for you :). Peter. PS: Let's not argue based on that last statement, it was well tongue-in-cheek with just a kernel of truth. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Tuesday 28 of August 2012 01:44:54 No such Client wrote: Sir Hansen: Well, pseudonyms do not make my words less valid. I am not one of the gpg-using advocates, who has to be open, and forthcoming with all to make a point. A pseudonym is well within my rights. You simply don´t need to know. That assymetric advantage is your own fault. It was yor choice to use a name. Don´t discredit me for being more.. distrusting.. I didn´t know that gmail is disposable.. hmm.. Once again, we all are subjected to what Mr.Hansen feels. If you read NDA´s carefully, not all agencies (not units) are the same when it comes to disclosure. Speaking in generalities is quite legal depending on context, country, purpose, and ofc what agency one is affiliated with. (It is not neccesarily the same in your country as it is elsewhere. ) Nice strawman , and a perfect example of implicit assumptions however. The fact that you've just showed up on The list makes this e-mail and pseudonym disposable, not the fact you're using a pseudonym or gmail. Besides, gmail is very much disposable. It's not like you have to provide your name, surname and ID document scan to get a gmail account... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 28/08/12 05:48, mercuryris...@hush.ai wrote: Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? I use APG (Android Privacy Guard) on my Android phone for this: https://play.google.com/store/apps/details?id=org.thialfihar.android.apg I use the IMAP client K-9 Mail which uses APG for PGP functionality. https://play.google.com/store/apps/details?id=com.fsck.k9 K-9 Mail only supports inline PGP though. I'm not aware of any email application on Android which provides PGP/MIME support at this time. The authors of K-9 Mail have been saying for over two years now that they will provide PGP/MIME support. I'm no longer optimistic about this. It's also worth noting that The Guardian Project is working on porting GnuPG to Android: https://guardianproject.info/2012/03/15/adventures-in-porting-gnupg-2-1-x-to-android/ - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -BEGIN PGP SIGNATURE- iQGGBAEBCgBwBQJQPLoWMBSAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBC2IB/9U1/Vg3LKm 0ZBhq2Pyr/f+2apTXt4UheR0zzO/UUHvTwmHTsUIeXJROK81cCwgm3AxAQFD+v5i XlXMLe1GoYRUwdg5yLPAo8nqY8Yl1Ofep+CFRFUKj+w9cEtdeYLyPy9tgbexDV7R D2GFINXcAVpBDTx5QVpLivz8DkQoYc9EHxWTZGTmZEvpCCCJC3n1KVQyiEfkXvX+ baJq8sR8xrCn7F+MvHamzRuwrk9956/Aw6rnXSBtDoSFXWweNcrL2Ts/Vu7XBf/c Xu3+86XcyDsI8ivjTCOPPlEbtbqgGaV5GO+UbM7xIiAKaQEfoBynIBkOAP+d/la8 gyD/amqhuRSm =XPcD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 08/28/2012 10:28 AM, Peter Lebbing wrote: On 28/08/12 08:57, No such Client wrote: # A good Daddy is discreet. :-) (Etcetera...) Please take your smut elsewhere. I'm sure you know people who will laugh; tell it to them. Not here. Peter. smut? You imply that I speak in a perverse or sexual manner? Hardly. I speak metaphorically (and sarcastically) of government. My apologies if your sensibilities have been offended. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 08/28/2012 02:31 PM, Hubert Kario wrote: The fact that you've just showed up on The list makes this e-mail and pseudonym disposable, not the fact you're using a pseudonym or gmail. Besides, gmail is very much disposable. It's not like you have to provide your name, surname and ID document scan to get a gmail account... Regards, - We all ¨just show up¨ once upon a time or another no? I am new here, that´s all. Nice to meet you too Mr. Kario. Even if those requirements are not in place for you via gmail (it depends on which country you are in, I know that my registration process was a bit.. more invasive), just because I use a pseudonym as my real name, does not mean that google does not have personal information on me. They are said to be pretty good at that sort of thing. I simply chose to keep my name private. Surely, on a public, crypto mailing-list, with all sorts of interesting people, the idea of privacy would be understood no? real names or pseudonyms should be quite irrelevant.. Is it not the content that counts? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 28/08/12 15:37, No such Client wrote: smut? You imply that I speak in a perverse or sexual manner? Hardly. I didn't want to actually quote the insulting stuff, but let me quote nonetheless: your own bed, and the chance to make many new friends (note that this is easily read, and probably meant, to refer to an underage child! Your whole reply is centered around the daughter that was brought up in the conversation. How dare you talk like that about the actual daughter of another member of this mailing list?) if the sender is a reasonably attractive woman, I could definately make the case for prolonging the investigation [...] to see where things will lead with mommy Please do not insult my intelligence by acting like I misread it. This will be the last I have to say about it. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Pseudonym (was Re: what is killing PKI?)
On 28/08/12 15:44, No such Client wrote: Surely, on a public, crypto mailing-list, with all sorts of interesting people, the idea of privacy would be understood no? real names or pseudonyms should be quite irrelevant.. Is it not the content that counts? Yes, it indeed is the content that counts. Note that there are quite some regular posters on this list also using pseudonyms. Nobody dismisses their opinion based on that. You keep focussing on the mention of using a pseudonym, whereas it was the actual /content/, all the name-calling and insults, of your initial mail that triggered the dismissal of what you wrote. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, 27.08.2012 23:59, Richard Ulrich kirjoitti: When I generated my new private key, I used one of my email addresses. This email address is stored both on the crypto stick (smart card) and in the secring.gpg or pubring.gpg, probably both. Now I would like to use that key with another email address. Is it possible to change the email address of a key, and how would I proceed to have it on the stick and in the gpg stub files? I don't know about crypto sticks nor smart cards, but you cannot change email address in key, nor remove it (or if you do, keyservers will still contain the old uid). You can use gpg --edit-key KEYID and then select the uid with correct number and give command revuid, so the uid appears as revoked to people who get your key. - -- Mika Suomalainen -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Public key: http://mkaysi.github.com/PGP/0x82A46728.txt Comment: gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 Comment: I have personal problem with PGP/MIME... Comment: ...so signature *IS* long. See http://git.io/6FLzWg Comment: Please remove PGP lines in replies. http://git.io/nvHrDg Comment: Charset of this message should be UTF-8. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJQPM5GAAoJEE21PP6CpGcoVhMQAKZcA4DNywh+z/EPmSUdPUiz ujvGnGX08M3n/5DgK60qzBFOaULKXCzAyESWFPo2Coh/8n3ZDSFjwRVLVYrB1JvS VDdbqJc1L5sfsa8WIhop6kBr9nbhpuoPVOPDaw/kOzfcwoI2dakgwy18r4KVt/SL lgDnCatNKzYeKAy06er1TKDP9v4th2J61+Bx4pnogWLQlxqw9EfDhueyfkSTTK6x 6e9YHJfaaqtPic5i9us9Blo+8fKuhxTgN86loNc56yv4FX7lqb1Ca0K7TgwMaIU3 SYdpm5NgrQPgSXozFGOc9fDdbro7CrPW+3XB42Yx9Cv0qfrgRENJUupPxw8NhQIH 0x9Yrtq2iqDSdxPXYxEubir6CSm+GjT+xZ/gh38YvZ+JQfzBV6SIg4g20lfCGKzL /TVfEfEOjb1VwvPdl0BSzeMav3oZ+I+tk6WP1YwVw8AUj6bhjkYewI0jTHZPIyW5 S3K3CATl/MMVE0c4r0miwOn1uqTSQ8YnGSdhMh8zYggRBiG+MP1YQ7HSBxtscK4j MOpThRDfRT1brntREVni6fSSJV7QFWh8EICn3FOtQYTsVwc/OGuIDO95U1b77L2Z 9dzwOH1SxWpL47vOEIeLKb+ikZlZbxkJYEpNf2FoJ3yx7MmkU+p2XLY577U4o529 4GaNqY7oSnBtWOxk7sXW =O2Ih -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 28.08.2012 07:48, mercuryris...@hush.ai kirjoitti: Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? There is APG (Android Privacy Guard) in Google Play Store, which can be used by e.g. K9 Mail, which can sign, decrypt and encrypt messages. I am not sure can it generate keys, by itself, but it accepts keys created in gnupg. More information at [APG home page] and [K9 Mail Google Code page]. [APG home page]:http://thialfihar.org/projects/apg/ [K9 Mail Google Code page]:http://code.google.com/p/k9mail/ - -- Mika Suomalainen -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Public key: http://mkaysi.github.com/PGP/0x82A46728.txt Comment: gpg --fetch-keys http://mkaysi.github.com/PGP/0x82A46728.txt Comment: Fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 Comment: I have personal problem with PGP/MIME... Comment: ...so signature *IS* long. See http://git.io/6FLzWg Comment: Please remove PGP lines in replies. http://git.io/nvHrDg Comment: Charset of this message should be UTF-8. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJQPM+YAAoJEE21PP6CpGcoXuIQAKTxWHIQHFzbAAN9jIMLUCqk 4PvNZkf5V4dAXo3Y6rFL60gali8JwaiIWCDDdnWoG5ik75K1Q9uWXbBJzSiY1EVi 6oL2KpSK1Eu98Tf8W5NMKWMrTgxjbT4fyve1OSqz4u4zXVpNix0pkVbo00tUJezf 45Ct3779jGFOLTrmorgv1IFbYH6zZ+ts/hBFWKOVgShnb9pxXVtmbasDMov0kYfw JrM4bC0xqNKXXJ+3th2UxN1hbaIl07EMmDIE754RkUAH8Z17PNwiX7sfFZdBjlHZ hqPgnOqqMzfxX60ozf1ugvyeJvAROvsKkCOZkJTGnkj/UDWNoRCjgu+MDnoEy0aR 6CRcKv2p4h1RaBSXwYZIE7TR1A810VlVVYzn57uP1gVMWHCRVOv2eoaz1A9JoO8T 5BivQPeYEn/718BJERszlWtJ7sVIi7Qkc/yiXXR406ZLgicjeHLNnEcIAtK6scVG kh5NEV45yXt4T04lro6ctmNOWUkI3LM2peZ8PfGOPPr2i2zZnlsPmnhWztucuBfl +4Dv0qu7qhHKm1J3fbIFGB0SI1VdK7bmA1tTtBO6WPWVxDdFM5uIf97ayAW+Zm+K HqWv2zrNcR0HX8DbyvbRcrIAxe+CiF00Y7rd8q6vnikOlJMUiPtkJV6w/dq/6CER vOHzjWixnazEz+USHFpB =BAy0 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 08/28/2012 03:48 PM, Peter Lebbing wrote: On 28/08/12 15:37, No such Client wrote: smut? You imply that I speak in a perverse or sexual manner? Hardly. I didn't want to actually quote the insulting stuff, but let me quote nonetheless: your own bed, and the chance to make many new friends # a man being detained for encrypting things, and going to jail? free silver bracelets and a free ride ? ... handcuffs and an interrogation (chat) ... jail buddies? I thought that was a no-brainer.. (note that this is easily read, and probably meant, to refer to an underage child! Your whole reply is centered around the daughter that was brought up in the conversation. How dare you talk like that about the actual daughter of another member of this mailing list?) # i speak of no ones daughter. I use a (fictional) metaphor for government (daddy), and child (citizen) regarding privacy rights, and later on, I use the same frame, and change the metaphor, implying that various security-minded organizations can easily detain an individual for personal gain (they want to date the wife who sent naked photos to her husband , his detention is there to socially discredit him and get him out of the way, of the would-be suitor..) if the sender is a reasonably attractive woman, I could definately make the case for prolonging the investigation [...] to see where things will lead with mommy # speaking now from the perspective of your average security-focused individual, who has a self-interest in getting with the woman who sent naked photos of herself, and simply wants to remove her husband from the picture so he can make a move.. Please do not insult my intelligence by acting like I misread it. This will be the last I have to say about it. # no insults from my end Mr.Lebbing. I was being sarcastic, not rude. If you feel slighted, please be aware that interpretations may vary. I have simply sent my intended interpretation, but you are equally entitled to possess your own interpretation. What a sender wishes to convey is not always the same as what a recipient receives or understands. So in the crypto-world, we sign things. Here, I am simply explaining my intended meaning of the word. Such is the risk with sarcasm and allegory. Misinterpretation. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 28.08.2012, No such Client wrote: I simply chose to keep my name private. Surely, on a public, crypto mailing-list, with all sorts of interesting people, the idea of privacy would be understood no? real names or pseudonyms should be quite irrelevant.. Is it not the content that counts? My personal opinion on this topic is: I don't care about realnames. I'm posting with my realname in the From: header, but does anybody know that this name really belongs to me? (It actually does, but nobody can know this for shure). So where's the difference between No such Client and my realname? Or your realname? Or the realname of anybody else? :-) Just my 5ø. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Tuesday 28 of August 2012 15:44:53 No such Client wrote: Is it not the content that counts? Yes, but if the content is controversive and with debatable argumentation then only your credentials remain -- the recognition of your name. Which you have none at the moment. Don't take it personally though. We've got plenty of tinfoil hatted individuals, shills or plain misinformers on this list in the past. *Because* it's a cryptography list. Whatever your ID looks like a real name or not has nothing to do for it. Over and out. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 08/28/2012 04:01 PM, Hubert Kario wrote: On Tuesday 28 of August 2012 15:44:53 No such Client wrote: Is it not the content that counts? Yes, but if the content is controversive and with debatable argumentation then only your credentials remain -- the recognition of your name. Which you have none at the moment. A name is just a name. Even if my real name was used, I do hope my credentials would not be public nor that I am recognized. Not everyone enjoys publicity, or being overtly affiliated with a group such as this one. Even knowing about crypto, tends to make some suspicious, politics and dogma aside. Don't take it personally though. Im not, cant speak for others :-) We've got plenty of tinfoil hatted individuals, shills or plain misinformers on this list in the past. unfortunately so. I like to think that my occupation, and education affords me a greater ranking than so, but that would require you all to know my credentials.. Which, no one here needs to know. So I can understand how I might appear to be abnormal from the majority here. *Because* it's a cryptography list. Whatever your ID looks like a real name or not has nothing to do for it. Granted. However if I used a real name instead of a pseudonym, would that make people ¨feel¨ better? My words would not have changed. Perhaps I would just be seen as ¨socially accountable¨ (reputationally - speaking) for any insightful or inappropiate comments. The same is true of a pseudonym. My reputation is on the line. Just not my real name. I do not wish to be publicly affiliated with this group (No offense) . I have my reasons for that. Over and out. Regards, signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On 08/28/2012 04:56 PM, Heinz Diehl wrote: On 28.08.2012, No such Client wrote: I simply chose to keep my name private. Surely, on a public, crypto mailing-list, with all sorts of interesting people, the idea of privacy would be understood no? real names or pseudonyms should be quite irrelevant.. Is it not the content that counts? My personal opinion on this topic is: I don't care about realnames. I'm posting with my realname in the From: header, but does anybody know that this name really belongs to me? (It actually does, but nobody can know this for shure). So where's the difference between No such Client and my realname? Or your realname? Or the realname of anybody else? :-) Just my 5ø. Well said. :-) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
On Sun, Aug 26, 2012 at 11:37:01PM +0200, Stan Tobias wrote: [snip] What I mean to say above, is that weapons are anti-social, they don't build trust; and there are better means, other than guns, to maintain peace. Encryption is a weapon. I believe there are many valid reasons to use it, especially to protect other people. It might buy you some safety for a period of time, but it won't bring you Freedom. You don't get more Privacy by encrypting your messages. If you _have to_ encrypt, you're on the losing side. I was following along, nodding in general agreement, right up to there. I feel that a weapon, or encryption, is a tool. Tools per se have no social context; it is our actions, with or without tools, which attach social context. Using a weapon (whether it is a firearm, a pillow, or a hunk of software) in a way not generally accepted is antisocial. (Aside: if you believe that lots of the people outside your home are armed, and you go out anyway, that shows a lot of trust. Almost anyone could kill you, but they don't. There's an agreement that weapons be used only in certain contexts: see how riled up people get when someone violates such an agreement. The trust doesn't come from the weapons; it is generated by the behavior of those who bear them, and the penalties for violation of such trust are severe.) I use encryption to enforce the privacy I already (should) have. So, yes, it's a weapon. There are people who don't respect my privacy, and if I don't defend it they may take it away. Even if someone penetrates my encryption, if I can show that he did so I may be able to win a case against him in court, so it's (potentially) both a passive and an active defense, a shield for my privacy and an assertion that I will defend that privacy. That said, most of the time I don't encrypt because what I say is not something I consider private. When I do consider something private, I'd like to be able to communicate it electronically without fear that someone I don't trust may be eavesdropping. I could argue that it would be antisocial for someone to insist that people not enforce their privacy. We do not and should not trust all equally in all situations. Anyone may have lawful, moral business, the disclosure of which would be so harmful (in his eyes) that he might want assurance that only the intended recipient be party to the discussion. I doubt there ever was anyone who had *nothing* to hide. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpvDfYNdLX5F.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Pseudonym (was Re: what is killing PKI?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I haven't responded to any of No Such Client's emails yet, on account of them not being constructive. This email is constructive, though, so here goes. With due respect Mr Lebbing, my initial post - was in response to Mr. Hansen´s post which (from my perspective) was exceedingly rude, and arrogant. I can understand why you'd think that. To the extent that etiquette is a subjective decision, I can't even argue against it. But I'm not overly concerned by it, either. The worst trait of academia, in my mind, is the tendency of people within it to get obsessed on their one particular thing. I know one person whom I and my colleagues refer to as Random[*]. Whatever problem we propose, this person says, You know what would fix this? A randomized approach. This person is technically brilliant but unable to recognize that this idea does not always work in the real world. The feedback cycle, wherein this person should discover you know, randomized algorithm theory really didn't help very much here, is broken. The best way to keep a feedback cycle humming is to go out of your way to look for evidence that contradicts, rather than supports, your views. Further, start looking for that evidence immediately. If you have an opinion about art, I'd love to hear it. I will entertain any and all opinions on these, because ultimately it's subjective and the point of the discussion is not to better understand the world around us but to better understand each other. But if you have an opinion about the physical world, well -- the standards there are different. I wondered why the same company that castigates me for being rude, or insulting allows one with a ¨real name¨ to disparage another member. We are not our ideas. Other human beings should be taken seriously: our ideas, though, must *never* be taken seriously. They must instead be thrown into violent collision with other ideas, and we must not be shy about saying, this idea doesn't seem to work and/or there's no evidence to support it, so I'm going to get rid of it. People are important, precious, special. Ideas are just ideas. Venerating ideas and believing that all ideas, regardless of how poorly-supported they are by evidence, leads you into situations like we have in the United States where Creationists are trying to hijack school science curricula. They demand their ideas that contradict reality be given equal time and respect to the reality-agreeing ideas of conventional biology. I believe these people deserve to be told, clearly, firmly and politely, Until your theory makes testable predictions, I don't care about it. Peter Segment has his opinions about why PKI adoption is so slow. These opinions are at odds with what we know about why PKI adoption is so slow. If he were to conduct an HCI study that gave results supporting his theory, I would take his study and theory with grave seriousness. But until then -- I don't care about his theory. Not a double standard at all eh? So yes, I was intentionally rude with Mr. Hansen , (and only him afaik) as he was quite offensive to Mr. Segment.. (Full Disclosure: I enjoyed it. Sometimes people learn with a taste of their own medicine.. ) And this, here, is the difference. I did not smear Peter Segment. I simply told him, bluntly and directly, that I didn't care about his theory until such time as he had evidence to back it up and show the existing literature was wrong. Believe it or not, most people on this list understand that this is not rudeness: this is just the way progress in science and mathematics occurs. You, on the other hand, deliberately employed ad hominem against me, not against my ideas. You openly admit that you enjoyed it. And you seem to not be able to recognize the difference between us. I think that says it all, really. [*] The name and its derivation is slightly changed to protect my co-worker. The person and this person's behavior is completely real, but the object of blindered focus is something different. -BEGIN PGP SIGNATURE- iFYEAREIAAYFAlA9AGkACgkQI4Br5da5jhBP7QDgpZ7GPAAZLyNE/rmwmwbxtMQZ SDUXx3hrXESJHADdFn2HkzXv2Ud++3rlrWRxpWve6D1sRrHFV1wutg== =6lGr -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing eMails doesn't work anymore
Hi Werner, the ! exclamation mark did the trick! I tried specifying the subkey I wanted before, but only the exclamation mark makes it work. With the exclamation mark, also signing in evolution works again. Is this documented somewhere? Thanks a lot. Richard On Di, 2012-08-28 at 10:47 +0200, Werner Koch wrote: On Mon, 27 Aug 2012 22:57, ricu...@gmail.com said: #gpg --sign setup_my_system.sh gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18 The error is: $ gpg-error 6.18 100663314 = (6, 18) = [...] = (SCD, Wrong secret key used) The scdaemon would have printed this to its log file: fingerprint on card does not match requested one please run the sign command again using the option -v to see what key is being used. Also try: gpg --sign -u 'E8401492!' -v setup_my_system.sh to force using the first key on your card. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Changing the email address of a key
Will this also write also to the smart-card or are the changes only in the local keyring? I'm a bit hesitant because the full disk encryption on my netbook works also with the same key, and I don't want to reinstall the whole thing. Rgds Richard On Di, 2012-08-28 at 10:49 +0200, Peter Lebbing wrote: On 28/08/12 10:37, Werner Koch wrote: gpg --edit-key YOURKEYID addkey # Now follow the prompts Surely, Werner meant adduid which adds a new e-mail address, and not addkey which adds a new subkey. HTH, Peter. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
For the lack of time, I'll be very brief. I plan to answer Robert Hansen's post, but I yet need to find a couple of free hours for that. Faramir faramir...@gmail.com wrote: What would happen if you start reading your daughter's diary everyday, but never let anybody catch you reading it? And you are careful to don't talk about what you've read, or take actions that could hint you have read the diary. Your daughter will never know you read it. I would be violating her privacy. What happens with her right to privacy? Nothing, she still has that right. She is still exercising it, she writes on her diary everyday. If she learned I broke her trust, she would have a reason to change her attitude towards me. But before that, she's vulnerable. Note I don't require her not to lock her diary, I just said I would be sad if she did. We're talking human relations here, it's not all black-and-white and obvious. Note it's usually alright to read diaries of long-deceased persons. For another example, suppose she was kidnaped - it would be alright to view her diary in order to help her. As a thought-experiment: suppose I xerox-copied her diary a hundred times (without reading it), and then burned all the copies. That's fine, it's not a copyright-like issue. But copying it into my brain, is not like copying a file between two disks. Two of multiple reasons why I won't read her diary is that by doing so I would break my side of relation (IOW, I would hurt myself), and second (suppose I had a tiny-little reason to read it and not tell her), I fear that I could leak the fact sooner or later and hurt her anyway (sometimes it's just better not to know). Let's finish it here, we're veering much off-topic. So, in order to enforce our right to privacy, we use a tool to make it really hard to break our right to privacy (a subpoena is very I think we talk different languages here. You have a right to privacy whether it's breached or not (I think it's kind of a human right, to respect). You can enforce it when you tell your little sister I'll beat you if you read my mail, or your polititian You're finished if police raids our houses, and we do damn mean it!. The tool protects your communication, but doesn't change anything in the state of your rights. You do have your right to encrypt your email; the question we're discussing is whether and when it is a good or bad idea. Regards, Irek T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On PKI
An addendum, is the component that is neccesary for 4gw. Netwar http://en.wikipedia.org/wiki/Netwar signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
On PKI
On PKI, I fear that the property of it being so decentralized, and relatively free, is the same reason why it does not have wider adoption. It is not a centralized product, nor is trust maintained by any government / private institutions (banks, clerks, notaries, etc ) to prove identity. So, thus.. PKI is both adopted, however split given its decentralized nature. Using openID as an example, to try and free themselves from centralized SSO (google, yahoo, microsoft, well, and facebook as a newcomer) openid sought to allow anyone from any domain login to other sites, with a universal token. Well.. the benefit that brings the user, is a significant downside for those who would like to have a more consolidated approach to things. Gpg is not owned by any entity, it can be used in many countries legally, and virtually any other country illegally. It can be used to designate trust (albeit in a simple manner) , or delegate it (truth be told, I don´t fully understand tsign per documentation). The same properties which make it suitable for anyone with the motivations , interest, and time to learn how to master it and use it in their own lives, means that it is not adopted by governments and corporations because of the fact that it is not beholden (afaik) to any country, government, company, or organization (well, ignoring the gnu folks who develop it). Furthermore, said interests have a strong interest in ensuring that products are strong enough to keep out the opposition / ¨bad guys¨ , but weak enough so that the implementing party can still exercise it´s power if it deems it necessary. I see a power in a digital signature, and using a public key for a designated task. In fact, i personally believe it is a key aspect of http://en.wikipedia.org/wiki/Fourth_generation_warfare , if one knows how to harness it properly. PKI may take time to come, however Change does tend to scare people. Especially if they have a vested interest in a status quo. Think of a criminal organization (or worse) that understood and used gpg, monkeysphere, and only relayed the important traffic via couriers with flashdrives. That would make it very hard for law enforcement, or security types to try and track down. In conjunction with twitter, or statusnet, or other things, they also used pastebin for Command and Control , Communications and Intelligence (C3I). Try finding a court in most countries that would have enough evidence to try such a ¨plot¨. That kind of power of technology, as a double-edged sword surely is not lost upon decision-makers in Government and Industry. Requesting your Comments. Thank you, - no such signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you both for replying to my question about IPODs and Androids. It sounds like neither will work to be fully functional with gnupg or pgp then. Perhaps I should get a small laptop computer. I wonder if one of those small driveless computers and a USB storage device would work. I need an inexpensive solution for a friend.in Europe. Since Poland and the Ukraine are in the European Union there shouldn't be any problem using pgp for private communication among friends right? I have been using pgp since the 90's as a hobby and believe if privacy is not use it will be lost. I used to chat with Julf at Anon penit fi back then to but not with pgp. Procopius On Tue, Aug 28 at 02:04 PM (UTC), Mika Suomalainen mka...@users.sourceforge.net wrote: 28.08.2012 07:48, mercuryris...@hush.ai kirjoitti: Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? There is APG (Android Privacy Guard) in Google Play Store, which can be used by e.g. K9 Mail, which can sign, decrypt and encrypt messages. I am not sure can it generate keys, by itself, but it accepts keys created in gnupg. More information at [APG home page] and [K9 Mail Google Code page]. [APG home page]:http://thialfihar.org/projects/apg/ [K9 Mail Google Code page]:http://code.google.com/p/k9mail/ -- Mika Suomalainen -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wsBcBAEBAgAGBQJQPVklAAoJEF5jS/7+1VEdsJQH/1pi17ksJ920M5g/ddZfjCzR9xnr k7nxQLnYWqOJsy7mo3BnhlCtWN7pl8C6kvP7QPJHhtkMgIF62jvGmiK+iB5ZT/rPyhCz AB5/gjv3czGmEqIcXFHrSKPFSy9vwSHRWdurm2A2a7Zd49GEuCLgkRfGbWnWr+bVw4p0 yZimsUQFbK5e+CXW/+bpNNPLRny3Ec/UFRRNlpB+6PrKeVpB76vnoafxlbZXZwvtlJlw jnFEDD1CfcbJGkJTH2h/vdP1+oB3efnOODKiAhc/vGKApgbdIYSBkuF18f7rDCOIB5NS dpPpvY/rF3K2cuhwdeLmcViQAMqilN093wGj1QRszCE= =Esbk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
For lack of time, I have to be brief; I just answer the most important points. Mark H. Wood mw...@iupui.edu wrote: I use encryption to enforce the privacy I already (should) have. I answered this in my post to Faramir, several minutes ago. So, yes, it's a weapon. I call it a weapon, because it doesn't add anything to the message, it only isolates it from third parties (including adversaries). Just like a thick castle wall, or the body armor, separates your treasure from your enemies in space, encryption does the same in time (and maybe energy). There are people who don't respect my privacy, and if I don't defend it they may take it away. ACK. It's like Peace, we all have to defend it. But for goodness' sake, let's not do it with nuclear missiles! Even if someone penetrates my encryption, The fact of penetrating your encryption is not automatically the same as violating your privacy, and the encryption doesn't matter here. They might succeed and send you a message Alert! We've broken your communication. For better security we advise to upgrade your rot13 cipher. Early Unix hackers (was it RMS? - I don't have time to check) retrieved users' passwords and wrote them Your password is too weak, you'd better make a stronger one; were they breaking privacy? - I say they weren't (with a tiny grain of doubt). It all depends on what they do afterwards with your message, and what their intentions are. Privacy pertains to ethical behaviour. Look at these three cases, technically not differing: - Here's your letter, which came to the wrong address, I read it before I realised it wasn't for me, I'm sorry. - Oh well... thank you. - Here's your letter, which came to the wrong address, I read it before I realised it wasn't for me, I'm sorry. - Oh well... thank you. - If you'd like to know my opinion... - Oh, no, please, I don't want to talk about it. - I'm sorry. Good-bye. - Here's your letter, which came to the wrong address, I read it before I realised it wasn't for me, I'm sorry. But I had a laugh of my life! You must be really crazy to write such rubbish. - What?! It's obvious where privacy is not respected, so I'll just stop here. if I can show that he did so I may be able to win a case against him in court, so it's (potentially) both a passive and an active defense, a shield for my privacy and an assertion that I will defend that privacy. Let's stop this here, IANAL, and I don't want to diverge into legal field. I was only trying to get an understanding what privacy means for ordinary people, in social and moral sense. Laws differ and often don't correspond to people's perception, so let's not further confuse matters. I could argue that it would be antisocial for someone to insist that people not enforce their privacy. We do not and should not trust all equally in all situations. Anyone may have lawful, moral business, the disclosure of which would be so harmful (in his eyes) that he might want assurance that only the intended recipient be party to the discussion. I doubt there ever was anyone who had *nothing* to hide. I was talking about normal people, not interaction with businesses; and about ordinary conversations - think greetings, not money. I'm not arguing against cryptography, especially when there are important reasons to use it. Cryptography is not antisocial per se. As a child I was taught not to whisper into the ear - it's still taught to children, I think. Being a guest at a table it would be very impolite to whisper with your neighbour - just excluding others from your private conversation is perceived as rude. Your hosts perhaps could, for a short while (for there's a reason), guests shouldn't; there is a way around it - you could go to a side and talk private, but kind of visibly to others, and everything will be fine. It depends on situation, but generally people don't like to be excluded, people want everyone to be open. Some people (file-sharer in my previous post) in certain situations might consider using encryption as an acknowledgment of defeat: if you encrypt you don't stand up for common cause. It's not that I personally support this, it's how some people might feel, I believe. Would you encrypt (let's say rot13) your hand-written love letters to your fiance? Regards, Irek T. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APG functions on android remarkably well, with key servers and key generation features. The only thing missing that comes to mind is the WOT side. As long as this is between friends, that becomes relatively unnecessary. Also possible is to just import pre existing keys. Also of interest would be whether sufficient entropy exists on the device to actually generate a secure key, so caveat emptor, so to speak. Both elgamal and rsa keys of up to unspecified sizes can be generated, but the instructions within the app suggest 8192 at least; more than sufficient. As noted in another reply, PGP/mime is not supported. That functionality may be an issue, but given all three of the replies that I've seen to your query (including mine) are inline, that shouldn't be a problem with day to day operations. Attachments do not have sigs produced for them when emailed, but you can manually encrypt them using the APG app before attaching them to an email. K-9 works well with that app. File compression and message compression are both supported, most if not all of the encryption and hashing algorithms commonly found in gnupg are incorporated, and the app even supports ASCII armoured docs. All in all, an excellent tool. Someone recently forked the APG app, around the same time I was looking at doing the same, since the project has been inactive for nearly two years. His name escapes me, but he also manages the ad-away app. Also, The Guardian Project is porting gnupg. All in all an excellent project, highly recommended. //landon - Original Message From: mercuryris...@hush.ai Sent: Tue Aug 28 19:49:57 EDT 2012 To: Mika Suomalainen mka...@users.sourceforge.net, gnupg-users@gnupg.org Subject: Re: Can IPAD or Android Tablets create Keys and use gnupg Thank you both for replying to my question about IPODs and Androids. It sounds like neither will work to be fully functional with gnupg or PGP then. Perhaps I should get a small laptop computer. I wonder if one of those small driveless computers and a USB storage device would work. I need an inexpensive solution for a friend.in Europe. Since Poland and the Ukraine are in the European Union there shouldn't be any problem using PGP for private communication among friends right? I have been using PGP since the 90's as a hobby and believe if privacy is not use it will be lost. I used to chat with Julf at Anon penit fi back then to but not with PGP. Procopius On Tue, Aug 28 at 02:04 PM (UTC), Mika Suomalainen mka...@users.sourceforge.net wrote: 28.08.2012 07:48, mercuryris...@hush.ai kirjoitti: Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? There is APG (Android Privacy Guard) in Google Play Store, which can be used by e.g. K9 Mail, which can sign, decrypt and encrypt messages. I am not sure can it generate keys, by itself, but it accepts keys created in gnupg. More information at [APG home page] and [K9 Mail Google Code page]. [APG home page]:http://thialfihar.org/projects/apg/ [K9 Mail Google Code page]:http://code.google.com/p/k9mail/ -- Mika Suomalainen -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQPWV6AAoJEDeph/0fVJWsjS0P+wQww4HZZ66C4vBlEp3DHL4F w/kCzQ010vmLt03y6w2Vu3Hgkm3Prf/dr0yE63XeJAj5ddj/yDXtFTekkYkRhYlT UDpspQFwDVkXAM/FKk+MovYiwI/U7Wi8g2InI7C3J7aHRVBYNeAzvgOcGJsI4CcS 34eA+l5Mq9mR5tHrweJlLCDjaqfIi7rUkNTgWfgp4lLO+sP9AYsMr/iOkZE4H0xK Ktnhlpt49c+EmnTiqYfkWbeTdswhar+96cKzkSRQr2Ywl9QxwhYcN3PfaN3q0JhL k8DqK5fvBvxrdAqo5+WKhk7LILOmWkgsFxnn7LuBZxId9tCfjJNu4uj3uIwy4e7X u2iPisYk//3zpApyJEyAFRyz4hNNYKCyz9AtQ7cPbqmkgUyG1ZiayEigQb+QEZbY IZKUmOJCqd78+uuqaWc8N26Id9Y+DSSu1uVzHtpAk0ciFSI7joQDHYLrWoKwX9o3 QegcVpNBN9kL+LwMnIVAo1pWSEFOJ3rnQxOcf2Phpc+onW/UifhAAW6pFTfrfblf P9eXCPiOd5ozKKDhYJjupfZ0tbCZO2lKzUpthKmnoOTgzJQbVxmWEUeDl3qMG3g6 +6pb87EpuDSi8GQhvtdCabtfzLpEfb7DDe7op332gMULLelDpuSMV9BhIgQyLFzM LSDCNItQR6U4dl0MHd6F =D9hZ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 28 August 2012 at 4:06:41 PM, in mid:503cde81.1090...@gmail.com, No such Client wrote: Granted. However if I used a real name instead of a pseudonym, would that make people ¨feel¨ better? If you had picked a pseudonym that looked like a real name, nobody would have spotted it. - -- Best regards MFPAmailto:expires2...@rocketmail.com Experience is the name everyone gives to their mistakes -BEGIN PGP SIGNATURE- iQCVAwUBUD1lnKipC46tDG5pAQqDxAQAtKL6mbbyF2wHt50r34r9gZiMTfxPZR6O F6vxA/oLvt6g0ehxwMGfdlQjGQtikcv9jd0blrDB4v0mHe+rCWTIEqXAKon2BEbT xkW5g+MSigkWF8/dQSIQRw4sMeTYJPXHS5QGKWLfw0dbR8z3fie9RRdYz58u6yAk OoOStni+suk= =skVu -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 25 August 2012 at 2:59:57 AM, in mid:5038319d.7000...@gmail.com, Faramir wrote: IMHO, the main trouble probably is people don't feel the need to protect their privacy. So why do they use envelopes rather than postcards, and keep secret the PIN for their cashpoint cards? - -- Best regards MFPAmailto:expires2...@rocketmail.com Wait. You think I'm right? -BEGIN PGP SIGNATURE- iQCVAwUBUD1bz6ipC46tDG5pAQpIUQP/aw0CSeboFBI6mOJDyFdbzRgZDtA5x8R0 2s0EUVZhARKwt1+mdqieb/9KHj5LaK4FmMskJtTa8FyubYgntPMD9pa/NjFP4s9/ 24zujZLAX+k8vaJWjmAes3yuAfQ0LbbQs9xFWx1Bxne1oHaFbTwiClVY8w5I/Qyr 4ykDE7kiwY0= =FJ5f -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On PKI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 29 August 2012 at 12:00:34 AM, in mid:503d4d92.2080...@gmail.com, No such Client wrote: On PKI, I fear that the property of it being so decentralized, and relatively free, is the same reason why it does not have wider adoption. It is not a centralized product, nor is trust maintained by any government / private institutions (banks, clerks, notaries, etc ) to prove identity. I don't know anybody who trusts a government or a bank. - -- Best regards MFPAmailto:expires2...@rocketmail.com Don't learn safety rules by accident... -BEGIN PGP SIGNATURE- iQCVAwUBUD1h7qipC46tDG5pAQrwNQP+N/5CogZsYowjknf7lEYtxJPQH2Q8B6dV ak/3A0/qZ4H+oWDCmD4Oq4JftsEtuXQI+jJxjpPAVBGNEr+Xcww+vEGqhZE6PWsQ PJ/SRFg+rxzlzzY8tK1IVLl1bcT6jKFjX3P29hZAcEGvK6OV5vL6AaBdc0g9DaVK joVjFitwkQY= =m9Qc -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: if you have something to hide, please step aside...?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 26 August 2012 at 8:30:57 AM, in mid:5039d0b1.7070...@dfgh.net, peter.segm...@wronghead.com wrote: pushing the boundary of what is and what isn't constitutional and democratic (and it is a very soft boundary, depending perhaps only on the depth of one's pockets in the best of places, but also on things like skin color, ethnicity and gender in many other?) Dependence on depth of pocket is probably more abhorrent than dependence on the other factors you mention. - -- Best regards MFPAmailto:expires2...@rocketmail.com Pain is inevitable, but misery is optional. -BEGIN PGP SIGNATURE- iQCVAwUBUD1oiaipC46tDG5pAQqV5QP/SPoFtBwlQlbR2Qw0adV2N/asJBaDuAPb MvL85BqFQPiCRZqx9/ciJmPRTG7882JyflMOcTvj3EAiP9h3MF9pKLA8+oNnXMYg TAeMgqfVkTJErwVD4ejkxIrJEThnhU7Zqd0jeO80sLfy7ScEh1/WB9vjy1hao82D GGjBrYBsIhI= =GYE6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: what is killing PKI?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/28/2012 08:01 PM, MFPA wrote: Hi On Saturday 25 August 2012 at 2:59:57 AM, in mid:5038319d.7000...@gmail.com, Faramir wrote: IMHO, the main trouble probably is people don't feel the need to protect their privacy. So why do they use envelopes rather than postcards, and keep secret the PIN for their cashpoint cards? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users In that case, perception of threat and more importantly loss of tangible goods keeps PIN secure. Obviously that works for envelopes as well, but honestly I think economics probably holds even more strongly. It's cheaper to buy a ton of envelopes than an equal number of postcards. A minor point of erratum as well, but I don't think killing PKI is the correct terminology for what we're really talking about. Something generally has to be alive before you can kill it, and PKI really hasn't been widely enough adopted that I would call it alive per say. It could be my perception of it, but going mainstream, ( and I mean normal people using it by choice, or better, by default) and then something causing it to recede would be more in line with killing. While we're kicking around pet theories though, I still think web mail has to be a significant barrier. The ratio of people who use a browser rather than a local mua at my uni are something like 4:1. If you get people culturally used to using PKI though, they will, which in this context would mean get them used to it in college. Just like the Microsoft student pricing, the idea should be indoctrinate at a relatively young age, so that they come to expect it later. Alice logs in to webmail, which makes her feel secure, and as far as she can tell Bob logs into his, and nobody can open it up otherwise. There's no perception of threat, probably because very few lay people understand 1. How easy it is to intercept email and 2. How insecurely email is stored. soapboxIn the day and age when not having a Facebook account gets you strange looks and mutters behind your back, unless you force this upon people, it's not going to stickjumps off. Short of a massive government surveillance controversy with jackbooted thugs roving the country, nothing (for loose definitions of nothing) is going to convince people to voluntarily seek PKI, because they don't see a threat. Even in that situation, a good ~30% of the population can be counted on to come back to the 'should have nothing to hide' argument. The barrier is solely cultural, not technical. Enigmail, Thunderbird and gpg4win are trivial to set up. The first time I did it, it was on the phone, talking someone through it. So we either need to invent some sort of massive threat perception to unite everyone to adopt PKI, or just continue to push it as a grass roots movement. Or if some kind person would like to introduce a viable third option, I think a decent portion of humanity would owe him/her a debt. On the other hand, I'm advocating a rather heavy handed, Platonian, do it for people's own good even if they don't like it/decide they need it, so I'm sure at least some, or even most, will disagree as well. I will add my confession to the pile of selfish reasons to want to have PKI become widespread. landon - -- Violence is the last refuge of the incompetent. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQPZPWAAoJEDeph/0fVJWsQJsP/j6OEBThF2mhV4jUmmumtZ61 l9wZXuPmX8auE6U8hTwzTpUz6Hc0XXoyq9X0aeDdN0AWMRkykWDBGGqIFRANnLuJ vzbVB2uheD+rqSLJosDIVykN5LxWq5EazezER25KcHYkLzMVrbPZSDzKYUTtfBi8 3ovDJ/DtMEUQEtMcm4e5V3cFEAyMVQlote7Xb3e1CqZGJ59JJV2BxAm/bPYQnD8e YdlqH7MDAq1xTKG+e8x/tcM/Bc+f5OqTRC7USvrPrnjrvMZ9nYtZytaSvhdzstFN 48E4hMhO4OIem8kuHxpDGXkcrRRcwDv5JCb+BmRbaUJUdwzVkoIR/O1VCv1hh9uI oEnBJv5LwukvC+EB/hfBmixxYBWGCU0r3d0OOjqekqj819HXiOEAlVAQMhs2L7lc EDAvnaK6ZrRrSmjCq4/Ty+KXsPDb7C2EITSB4/j/cw2nL/GRr90ldHF8C5G24Ro9 E+Uua60pJhrspcmVgLoHAx96VkzedmP5icJz1le0gDfa002YTTtmyFhnNMruHUIQ 9xtc+flnWFi840eQLY3WAb1sSZ4jXYqq5D9xXNNqhOKBkhjmpVJGIYatvEYX1aZy h+Hy3+MStuvemvQ0kolQGk3+btzGY9MKga925kMtDNx6VchnK9qmvbxJJIwjL3uA XSqN8Fk9mmd2DY4YH8kG =fHUX -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can IPAD or Android Tablets create Keys and use gnupg
I meant to say IPADs not IPODSProcopius Sent using Hushmail On August 28, 2012 at 4:52 PM, mercuryris...@hush.ai wrote:Thank you both for replying to my question about IPODs and Androids. It sounds like neither will work to be fully functional with gnupg or pgp then. Perhaps I should get a small laptop computer. I wonder if one of those small driveless computers and a USB storage device would work. I need an inexpensive solution for a friend.in Europe. Since Poland and the Ukraine are in the European Union there shouldn't be any problem using pgp for private communication among friends right? I have been using pgp since the 90's as a hobby and believe if privacy is not use it will be lost. I used to chat with Julf at Anon penit fi back then to but not with pgp. Procopius On Tue, Aug 28 at 02:04 PM (UTC), Mika Suomalainen wrote: 28.08.2012 07:48, mercuryris...@hush.ai kirjoitti: Can IPAD or ANDROID TABLETS create gnupgp private/public keys and use gnupg or is that still relegated to Windows/Vista, Mac OSX and Linux on desktop and laptop/notebook computer platforms? There is APG (Android Privacy Guard) in Google Play Store, which can be used by e.g. K9 Mail, which can sign, decrypt and encrypt messages. I am not sure can it generate keys, by itself, but it accepts keys created in gnupg. More information at [APG home page] and [K9 Mail Google Code page]. [APG home page]:http://thialfihar.org/projects/apg/ [K9 Mail Google Code page]:http://code.google.com/p/k9mail/ -- Mika Suomalainen___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
