Debian using ed25519 APT repo meta data (Re: Ditching OpenPGP, a new approach to signing APT repositories)

[Bernhard Reiter]

Am Dienstag 29 Juni 2021 19:00:00 schrieb Konstantin Ryabitsev via 
Gnupg-users:
> Yes, but speaking from personal experience, integrating libsodium into your
> automation is significantly easier than almost any other option. Let Debian
> folks do what makes most sense for their needs -- what they are doing is
> certainly not wrong or heading in the wrong direction.

Sure, there are enough reasons to not use a standardized "packaging" protocol.
It comes with risks of course, but if it is well understood, it is much 
simpler. The problem with the draft wiki page is that others use it to push
their agenda of antagonising OpenPGP and Debian without understanding the 
technical matter. So having giving more context and a better fitting headline 
would clarify this.

Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: BSI - Why PQC for Thunderbird and not gpg4win in the first place?

[Bernhard Reiter]

Am Dienstag 29 Juni 2021 20:01:03 schrieb Стефан Васильев via Gnupg-users:
> Werner Koch wrote:
> > On Tue, 29 Jun 2021 15:31, Стефан Васильев said:
> >> I don't understand why the BSI is looking for Post Quantum
> >> Cryptography support with OpenPGP for Thunderbird and not for the
> >> promoted gpg4win, 

The tender includes implementing the algorithms in libgcrypt as well,
so Gpg4win will also get it.

When trying to understand how public administration and governments work,
it is helpful to think of them as several groups and people. So it is not 
something that _the_ BSI wants or _the_ German Government. It is about 
sections, people, parties, ministries that all act within their view on their 
tasks, duties and also group and personal interests. This is okay, but it 
means one person, group or ministry may look at a technical aspect 
differently  then others and act accordingly.

> >> As understood, Germany recently passed a law to strengthen authorities
> >> to allow the usage of their Government trojan, which tells me that
> >> using
> >
> > It is quite a problem for the BSI that the gov is trying to shift them
> > into the same trouble the NSA has.  Protecting the citizen while at the
> > same time helping to attack them. 

To be more specific, the conservatice party block (CDU/CSU) in Germany has 
been pushing many years for more suveillance, more rights for secret services 
and attack capabilities. And the resistance from other parties like SPD, FDP, 
attornies, journalists has been becoming weaker. (Note that the biggest block 
of German voters prefer this conservative block, so this is a problem of 
convincing more people and changing their vote about those topic). Similiar 
in Europe and the pandemic has shifted public attention away from the 
downsides.

Rumors go that there is a good part that the German BSI may be split up in the 
future in what I'd call a "good" and "bad" part. This makes sense, as 
if "security" public administrations have legal rights and obligations, they 
need technical support and this is typical within the ministry of the 
interior. On the other hand the protecting part should be more independent
maybe in the consumer and economy protection with the ministry of justice or 
the ministry economy.

Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: BSI - Why PQC for Thunderbird and not gpg4win in the first place?

[Стефан Васильев via Gnupg-users]

Bernhard Reiter wrote:

To be more specific, the conservatice party block (CDU/CSU) in Germany 
has
been pushing many years for more suveillance, more rights for secret 
services
and attack capabilities. And the resistance from other parties like 
SPD, FDP,
attornies, journalists has been becoming weaker. (Note that the biggest 
block
of German voters prefer this conservative block, so this is a problem 
of
convincing more people and changing their vote about those topic). 
Similiar

in Europe and the pandemic has shifted public attention away from the
downsides.

Rumors go that there is a good part that the German BSI may be split up 
in the

future in what I'd call a "good" and "bad" part. This makes sense, as
if "security" public administrations have legal rights and obligations, 
they

need technical support and this is typical within the ministry of the
interior. On the other hand the protecting part should be more 
independent
maybe in the consumer and economy protection with the ministry of 
justice or

the ministry economy.


Why not let the BSI play the 'good' guys and ZITiS the 'bad' guys ... ?!

Hopefully BSI will play white hat hackers and publish their findings on
their website.



https://www.zitis.bund.de/DE/Home/home_node.html

P.S. Please dear GnuPG community do not see this thread as off-topic,
because in the future people inside or outside Germany may think of
how to securely and privately communicate globally with their
communication partners.

Regards
Stefan





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users