Re: Multiple Subkey Pairs
On Mon, 17 Mar 2014 19:49, martin-gnupg-us...@dkyb.de said: think. Because your world seems to be the more righteous and calm place and I wish I didn't have to worry about the future of free societies as I can't read that from Robert's mails. IIRC, the main point here was that traffic analysis is a much more powerful tool than wholesale content analysis. I am not able to decide this but from all what I know the former has a incredible better cost-benefit ratio. Rumors are the NSA employs some mathematicians so that they might be able to do their arithmetic. This does not mean I neglect that mail and other content is regularly scanned to find possible targets and what do I know. Actually we now that Google does this as well as Microsoft for Skype chats. Given that keeping content secret is way easier than mitigating traffic analysis, we need to be excellent in this craft before we are able to widely deploy traffic analysis countermeasures. Shalom-Salam, Werner p.s. Remember ENRON? You may use all their internal mails to play which traffic analysis tools https://en.wikipedia.org/wiki/Enron_Corpus. IIRC, there was even a website to view the connection graphs (enronscope?). -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
I can't read that from Robert's mails. IIRC, the main point here was that traffic analysis is a much more powerful tool than wholesale content analysis. I am not in a position to know whether it is for a fact, but that agrees with my understanding. My other position is that we have to be careful what we believe. In these times it's tempting to see shadows and jump at them, believing that we're seeing the bogeyman. We have to resist this temptation. In frightening times, we must pay special attention to logic and reason. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 18.03.2014 15:01, schrieb Robert J. Hansen: My other position is that we have to be careful what we believe. In these times it's tempting to see shadows and jump at them, believing that we're seeing the bogeyman. We have to resist this temptation. In frightening times, we must pay special attention to logic and reason. Sorry if I sound cynical but the bogeyman says hallo [1]: The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, [...] and yes, they used that system. So I 100% agree with you, we must pay special attention to logic and reason. And I don't don't know what it takes, but if you still don't see logic and reason in taking the assumption that there is a mass and wide-scale surveillance also of also E-Mail content as fact, than again, I so would like to life in your world. [1] http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEAREKAAYFAlMoiBQACgkQ/6vdZgk46sjINwCdFKLlS5PM2oFFbuqF7EJxPVOD cBEAoLwwuW8dIhuMiiDlABtm2f76Vo4z =9EEP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Quoting Martin Behrendt martin-gnupg-us...@dkyb.de: Sorry if I sound cynical but the bogeyman says hallo [1]: Strange: when my nephews were young they would also pass on messages from the Thing That Lived In The Closet. (They never called it the bogeyman. Just That Thing That Lives In The Closet.) Despite all the times I opened the closet to look for it, I was never able to find it. Let's look at some of the problems here. (1) Given how many flat wrong things get printed in the newspaper, believing this reporting may not be wise. (2) Let's assume it's true. The story only says it can record 100% of a foreign country's telephone calls for up to a month, not that it can store *all* telephone calls for an indefinite period of time. There's still a lot of targeting that has to go on here. Claims of worldwide surveillance are still overblown. (3) The capability may exist, but the story never claims the system has been used. We've had nuclear weapons sitting idle in their silos for decades: this capability may be the information equivalent of a nuke in a silo. (4) Your yes, they used that system, I simply can't believe, not without seeing supporting evidence. My uncle, a Korean War veteran, tells me that at one point during the war U.S. troops reported they were witnessing tactical nuclear strikes. It turned out this was just the 16-inch guns of the _U.S.S. Iowa_ battleship. Apparently, it's pretty easy to mistake a 16-inch shelling for a tactical nuclear strike. The relevance to our present situation is this: just as it was very easy for troops to see mind-blowingly huge explosions and to conclude the war had just gone nuclear, it is very easy for us to look at fragmentary and often-inaccurate news media reports and leap to conclusions about that system must exist and it must be in use! Be careful. Carefully separate out what you see from what cause you're ascribing to it. If you see X, I'm willing to accept that you see X. But so far you seem to be leaping towards ... therefore Y!, and there I think you're on much weaker ground. And I don't don't know what it takes, but if you still don't see logic and reason in taking the assumption that there is a mass and wide-scale surveillance also of also E-Mail content as fact, than again, I so would like to life in your world. I never said we should not be aware of the possibility, nor have I ever said that such a thing cannot happen. I said that we should not treat it as fact, because facts are things which can be proven, and so far there's no proof here. Anyway. I've said my peace. I'm done here. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 18.03.2014 19:34, schrieb Robert J. Hansen: (1) Given how many flat wrong things get printed in the newspaper, believing this reporting may not be wise. While this in general is true, I really wonder why you say that in the current context. Especially an article where the main facts are backed up by quotes of officials. (2) Let's assume it's true. The story only says it can record 100% of a foreign country's telephone calls for up to a month, not that it can store *all* telephone calls for an indefinite period of time. There's still a lot of targeting that has to go on here. Claims of worldwide surveillance are still overblown. We were talking about mass surveillance on an internet-wide scale. Not of a worldwide 100% surveillance. (3) The capability may exist, but the story never claims the system has been used. We've had nuclear weapons sitting idle in their silos for decades: this capability may be the information equivalent of a nuke in a silo. The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere. All quotes from [1]. (4) Your yes, they used that system, I simply can't believe, not without seeing supporting evidence. See above. Read the article. If you don't believe them ask them for their source material. At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned. My uncle, a Korean War veteran, tells me that at one point during the war U.S. troops reported they were witnessing tactical nuclear strikes. It turned out this was just the 16-inch guns of the _U.S.S. Iowa_ battleship. Apparently, it's pretty easy to mistake a 16-inch shelling for a tactical nuclear strike. The relevance to our present situation is this: just as it was very easy for troops to see mind-blowingly huge explosions and to conclude the war had just gone nuclear, it is very easy for us to look at fragmentary and often-inaccurate news media reports and leap to conclusions about that system must exist and it must be in use! I can't see how it is possible to compare a life threatening situation of an combat situation under stress with reading and understanding a newspaper report. But here are some more quotes from the article: A senior manager for the program compares it to a time machine In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on “specific alleged intelligence activities.” Speaking generally, she said “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.” Be careful. Carefully separate out what you see from what cause you're ascribing to it. If you see X, I'm willing to accept that you see X. But so far you seem to be leaping towards ... therefore Y!, and there I think you're on much weaker ground. Yes we were talking about logic and reason. And I told you why I think, even without evidence my therefore Y is logically and reasonable. I never said we should not be aware of the possibility, nor have I ever said that such a thing cannot happen. I said that we should not treat it as fact, because facts are things which can be proven, and so far there's no proof here. No what you said was this: sorry again, if we are speaking about the YYY, only metadata if recipient and sender are YYY citizens and if we believe what the agency says. I cannot accept this assertion, as it is offered without either direct evidence or logically sound inferences. And I argued why it is a logically sound inference. [1] http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEAREKAAYFAlMomrkACgkQ/6vdZgk46siirQCgpJgaTnZn1dW7UgIPStOus57U cfgAn3mQXtElb8TSnlfVtOf2pKka0Wst =zjJY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
I apologize for having triggered the emotionally agitated exchange in this thread culminating in someone bringing up the German-Jew trauma. I did not intend this and will try to make future points in a more moderate language. I acknowledge the outburst of true emotion by the person I responded to initially. Unfortunately my initial contribution was held for moderation and finally has been withheld for reasons unknown to me. All that was left is a belated, empty response under my name in the last digest. Since followers of this discussion cannot possibly understand the heated responses without the trigger, I'll try it again. Hopefully this will end the emotional part and will get the discussion back onto the appropriate technical track. This time I'll slightly redact my initial contribution so as to avoid it being held by a moderator. Here we go -Quote: So far there's no credible reporting that any government is doing mass surveillance of email content. Instead, mass surveillance focuses on metadata: who's talking to whom, when, with what for a subject line, routed through which mail servers, and so on. The YYY (-a famous three letter agency) e.g. denies to archive content of YYY citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They can easily do it, thus they do it. I am german, so I am free game for them anyways. Besides, you believe their denials - are you kidding? GnuPG does not and cannot protect against that. This is as regrettable as it is true. Worse still, it is much more cumbersome to protect your metadata than to protect content with e.g. GnuPG. You could achieve it easiest with Y(-We all would know how to do this). A public key infrastructure is difficult to reconcile with anonymity. If your concern is mass surveillance -- which is to say, metadata -- sorry again, if we are speaking about the YYY, only metadata if recipient and sender are YYY citizens and if we believe what the agency says. Regarding the the security of the content, I share the view that lighting a firework of a dynamic subkey structure is not going to help. IMHO one properly kept key is enough and its security should last for decades. After all the all or nothing principle is at the core of cryptography in many contexts. There is no such thing as attrition of security by heavy usage of a public RSA or ECC key. When it comes to system compromise leading to broken security. This is not kind of an aging process smoothly proceeding with time and eventually leading to death. They target you or they don't. cheers Michael Anders (a reference to my project page) *** End of quote. The reference to my crypto project homepage which also contains a political statement, might also have been the problem. Those who are interested and dont't feel offended by a positive reference to a controversial person can find it via my homepage www.fh-wedel.de/~an/ following the link to Academic Signature. Best regards, Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
The YYY (-a famous three letter agency) e.g. denies to archive content of YYY citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. This is not a reasonable inference. I deny being able to violate the Second Law of Thermodynamics. Is it perfectly reasonable to assume I can violate the First or the Third? No, clearly not: the inference is not logically sound. Neither is your original inference. Besides, you believe their denials - are you kidding? See my previous post. sorry again, if we are speaking about the YYY, only metadata if recipient and sender are YYY citizens and if we believe what the agency says. I cannot accept this assertion, as it is offered without either direct evidence or logically sound inferences. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
That is an odd comparison. What does a statement about a fundamental law of physics which you can't change have to do with a statement about what you are doing, where you are perfectly free to do something else than you say? Try some variations. I deny that I've ever been to Vienna; is it logical to believe, based on that, that I've traveled extensively in Europe? I deny that I've ever seen _Star Wars Episode III_. Is it logical to believe, based only on that, that I've seen every other installment? I deny that I've ever read the second stanza of Coleridge's 'Kubla Khan'. Is it logical to believe, based only on that, that I've read the first? This is all rather irrelevant, though, since it's clear you _a priori_ believe nothing claimed by that outfit. (Which may be justified, mind you. Saying I do not trust them and I consider all of their statements a nullity: I will only trust what I can independently verify is a perfectly logical position.) You have not spend time understanding how YYY work it seems to me. There are two options here: either I confess my ignorance, in which case you'll claim to be more knowledgeable and thus right, or I claim my knowledge, in which case you'll think I'm clearly too close to them to be trusted. At this point, I don't care what you think. My original statement -- I have seen no credible claims that anyone anywhere in the world is doing bulk surveillance of email content on an internet-wide scale -- stands. I stand by that. No more and no less than that. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Am 17.03.2014 17:54, schrieb Robert J. Hansen: That is an odd comparison. What does a statement about a fundamental law of physics which you can't change have to do with a statement about what you are doing, where you are perfectly free to do something else than you say? Try some variations. I deny that I've ever been to Vienna; is it logical to believe, based on that, that I've traveled extensively in Europe? I deny that I've ever seen _Star Wars Episode III_. Is it logical to believe, based only on that, that I've seen every other installment? I deny that I've ever read the second stanza of Coleridge's 'Kubla Khan'. Is it logical to believe, based only on that, that I've read the first? All this examples lack the dimension of illogical, untruthful and purposely misleading communication, humans are capable of. Of cause in a pure logical environment all of your examples have to be answered with: You can't draw these conclusions. But taking into account that humans are not strictly logical, and taking into account the past we can reasonably make conclusions which we can't by pure propositional logic. Just one example from the not so far past: We are not and we will not spy on chancellor Merkel Without any context and background information it is not logical to draw the conclusion that there has been spying in the past. But knowing e.g. who said that, it is reasonable to assume so. This is all rather irrelevant, though, since it's clear you _a priori_ believe nothing claimed by that outfit. (Which may be justified, mind you. Saying I do not trust them and I consider all of their statements a nullity: I will only trust what I can independently verify is a perfectly logical position.) You have not spend time understanding how YYY work it seems to me. There are two options here: either I confess my ignorance, in which case you'll claim to be more knowledgeable and thus right, or I claim my knowledge, in which case you'll think I'm clearly too close to them to be trusted. There are at least three options: 3. My impression is wrong. At this point, I don't care what you think. My original statement -- I have seen no credible claims that anyone anywhere in the world is doing bulk surveillance of email content on an internet-wide scale -- stands. I was referring to this statement of yours: I cannot accept this assertion, as it is offered without either direct evidence or logically sound inferences. I don't care about the direct evidence but the logically sound inference that bulk surveillance of email content on an internet-wide scale is happening is reasonable. But if you want evidence [1]: At least some of the data traffic coming through the German internet exchange point DE-CIX is diverted to German intelligence and other agencies. They (and this is just the Germans) divert a certain percentage. It would be illogical if they wound analyze that in some way. Therefor by pure logic a mass surveillance is happening. Now we can argue about how mass and internet-wide scale are defined, but my assumptions is, that for you this example doesn't fulfill the criteria and because there is no evidence that other countries doing the same your statement will stand. I hope you never have a reason to start caring about what I think. Because your world seems to be the more righteous and calm place and I wish I didn't have to worry about the future of free societies as much. [1] http://www.h-online.com/news/item/PRISM-scandal-internet-exchange-points-as-targets-for-surveillance-1909989.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They also deny being able to violate the Second Law of Thermodynamics: is it thus perfectly reasonable to assume they can violate the other ones? Just because they deny X means it's reasonable to believe Y is logic that will get you in a whole lot of trouble. If you have evidence to support your assertion I'm sure we'd all love to hear it -- but as I don't believe such evidence exists, the most we can reasonably say is we don't know. Besides, you believe their denials - are you kidding? Let me tell you a story about Allan. Allan was a great guy, one of the true heroes of American government. He never got the recognition he deserved. Allan was a veteran FBI agent with a Ph.D. in criminal justice, with a thesis that focused on police corruption. His life goal was to someday get appointed as a federal judge. He authored part of the FISA Act. Later in his life he was appointed by the Attorney General to become the Department of Justice's gatekeeper to the FISA Court. All warrant applications had to go through him. He thus had two compelling reasons to be strict about the warrants he presented to FISA. The first was that he hated corruption in a deep-in-his-bones way. The second was he knew that if he allowed any inadequate warrants to be presented to the FISA Court, those inadequate warrants would come up in Senate confirmation hearings for the federal judgeship he wanted. As a result, he had a reputation for being harder to convince of a warrant than the FISA Court itself was! -- Now, who told me about him first? My father, a federal judge who at one time was tapped for FISA. (He refused for personal reasons: he was approaching retirement and didn't want the additional responsibilities.) Dad had a good laugh about it and thought that if the American people ever knew it was harder to get Allan to bring a warrant application to FISA than it was to actually get FISA to approve a warrant, they'd be reassured. Dad would tell me all about how in all the time Allan had been responsible for bringing warrant applications to FISA, FISA had only ever denied three or four -- and that years later Allan was still sore about those! Nowadays, of course, the meme is FISA has only rejected a handful of warrants in all its time! Clearly, it must be a rubber stamp court! Nothing is further from the truth. For many years the reason why FISA so rarely bounced an warrant application is because Allan refused to bring inadequate ones to the Court. The former General Counsel of the National Security Agency, Stewart Baker, has written a fine book that I think everyone here should read: _Skating on Stilts_. Baker has some harsh words for Allan, claiming that he was such a hardass about warrant applications that he got in the way of many national security investigations. I first read this shortly after Allan's death and I almost bust a gut laughing. If he knew that his major claim to fame was having GC-NSA call him an obstruction to national security, I think he'd consider his place in posterity to be well-established. Allan died of cancer a few years ago -- but before he did, he achieved his life goal of being appointed to the federal bench. I had the honor of talking with him on several occasions from 2008 to 2010. Even dying of cancer, he was still a partisan for integrity in government. His commitment to it even in the face of imminent death impressed me as few things in the world have. Do I believe the NSA when they say that for U.S. persons only metadata is collected? No. But it was Allan's job to watch the NSA, and I trust that Allan didn't lie to me. I know that the common meme on this mailing list is, ooh, government *bad*, government *always* looking for ways to exploit us. But that's an insulting and childish belief. It's about as grown-up and about as mature as believing there are monsters under the bed or a bogeyman in the closet. Government *can be* bad, sure. Absolutely. But government also has people like Allan, and when we forget that we diminish ourselves. Frankly, I think people on this list ought celebrate his birthday -- March 4 -- as some kind of holiday. You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. I'm going to make a donation to GnuPG today, in the memory of a government intelligence official who stood up for civil liberties. They *do* exist. Werner, if the donation I make later today could be credited as In memory of the Honorable Allan N. Kornblum, that would be appreciated. http://en.wikipedia.org/wiki/Allan_Kornblum ___ Gnupg-users mailing list Gnupg-users@gnupg.org
Re: Multiple Subkey Pairs
You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. Days. *Days* late. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 14/03/14 16:06, Robert J. Hansen wrote: The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They also deny being able to violate the Second Law of Thermodynamics: is it thus perfectly reasonable to assume they can violate the other ones? Just because they deny X means it's reasonable to believe Y is logic that will get you in a whole lot of trouble. If you have evidence to support your assertion I'm sure we'd all love to hear it -- but as I don't believe such evidence exists, the most we can reasonably say is we don't know. Besides, you believe their denials - are you kidding? Let me tell you a story about Allan. Allan was a great guy, one of the true heroes of American government. He never got the recognition he deserved. Allan was a veteran FBI agent with a Ph.D. in criminal justice, with a thesis that focused on police corruption. His life goal was to someday get appointed as a federal judge. He authored part of the FISA Act. Later in his life he was appointed by the Attorney General to become the Department of Justice's gatekeeper to the FISA Court. All warrant applications had to go through him. He thus had two compelling reasons to be strict about the warrants he presented to FISA. The first was that he hated corruption in a deep-in-his-bones way. The second was he knew that if he allowed any inadequate warrants to be presented to the FISA Court, those inadequate warrants would come up in Senate confirmation hearings for the federal judgeship he wanted. As a result, he had a reputation for being harder to convince of a warrant than the FISA Court itself was! -- Now, who told me about him first? My father, a federal judge who at one time was tapped for FISA. (He refused for personal reasons: he was approaching retirement and didn't want the additional responsibilities.) Dad had a good laugh about it and thought that if the American people ever knew it was harder to get Allan to bring a warrant application to FISA than it was to actually get FISA to approve a warrant, they'd be reassured. Dad would tell me all about how in all the time Allan had been responsible for bringing warrant applications to FISA, FISA had only ever denied three or four -- and that years later Allan was still sore about those! Nowadays, of course, the meme is FISA has only rejected a handful of warrants in all its time! Clearly, it must be a rubber stamp court! Nothing is further from the truth. For many years the reason why FISA so rarely bounced an warrant application is because Allan refused to bring inadequate ones to the Court. The former General Counsel of the National Security Agency, Stewart Baker, has written a fine book that I think everyone here should read: _Skating on Stilts_. Baker has some harsh words for Allan, claiming that he was such a hardass about warrant applications that he got in the way of many national security investigations. I first read this shortly after Allan's death and I almost bust a gut laughing. If he knew that his major claim to fame was having GC-NSA call him an obstruction to national security, I think he'd consider his place in posterity to be well-established. Allan died of cancer a few years ago -- but before he did, he achieved his life goal of being appointed to the federal bench. I had the honor of talking with him on several occasions from 2008 to 2010. Even dying of cancer, he was still a partisan for integrity in government. His commitment to it even in the face of imminent death impressed me as few things in the world have. Do I believe the NSA when they say that for U.S. persons only metadata is collected? No. But it was Allan's job to watch the NSA, and I trust that Allan didn't lie to me. I know that the common meme on this mailing list is, ooh, government *bad*, government *always* looking for ways to exploit us. But that's an insulting and childish belief. It's about as grown-up and about as mature as believing there are monsters under the bed or a bogeyman in the closet. Government *can be* bad, sure. Absolutely. But government also has people like Allan, and when we forget that we diminish ourselves. Frankly, I think people on this list ought celebrate his birthday -- March 4 -- as some kind of holiday. You know what? To hell with it. I /will/ celebrate his birthday, just ten years late. I'm going to make a donation to GnuPG today, in the memory of a government intelligence official who stood up for civil liberties. They *do* exist. Werner, if the donation I make later today could be credited as In memory of the Honorable Allan N. Kornblum, that would be appreciated. http://en.wikipedia.org/wiki/Allan_Kornblum ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Totally off-topic. But that your father was a highly positioned judge,
Re: Multiple Subkey Pairs
So far theres no credible reporting that any government is doing mass surveillance of email content. Instead, mass surveillance focuses on metadata: whos talking to whom, when, with what for a subject line, routed through which mail servers, and so on. The NSA e.g. denies to archive content of us-american citizens mails. It is thus perfectly reasonable to assume it does so with all other ones. They can easily do it, thus they do it. I am german, so I am free game for them anyways. Besides, you believe their denials - are you kidding? GnuPG does not and cannot protect against that. This is as regrettable as it is true. Worse still, it is much more cumbersome to protect your metadata than to protect content with e.g. GnuPG. You could achieve it easiest with temporary anonymous e-mail accounts. A public key infrastructure is difficult to reconcile with anonymity. If your concern is mass surveillance -- which is to say, metadata -- sorry again, if we are speaking about the US, only metadata if recipient and sender are us citizens and if we believe what the agency says. Regarding the the security of the content, I share the view that lighting a firework of a dynamic subkey structure is not going to help. IMHO one properly kept key is enough and its security should last for decades. After all the all or nothing principle is at the core of cryptography in many contexts. There is no such thing as attrition of security by heavy usage of a public RSA or ECC key. When it comes to system compromise leading to broken security. This is not kind of an aging process smoothly proceeding with time and eventually leading to death. They target you or they dont. cheers Michael Anders (http://www.fh-wedel.de/~an/crypto/Academic_signature_eng.html) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 14/03/14 17:28, Robert J. Hansen wrote: Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Haha. Unfortunately for you, I am not German, so i am not insulted. But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. Excusing your behaviour after is hardly a sign of maturity. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father, which makes it hear-say. Further, getting facts from a second party about a third party about information, that would fall under a piece of legislation, which permits nobody to even discuss it, makes such statements meaningless. Further adding your comments about intelligence matters, that you clearly can not have any knowledge of, does not qualify you to make any such statements. Hence, my statement about you being biased. Further, all this discussion is quite meaningless anyway. Needless to say all this is totally off-topic, I just wanted to be sure that you got somebody else's opinion, as you were quite so dismissive about another person and their opinions on this list. I tend to side with people being bullied. Now maybe we can get back to the perfectly legitimate issues regarding the use of sub-keys and the use of multiples of these. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. You are missing the point. It is contemptible to believe that just because someone is descended from X, they must therefore possess trait Y. This is not how civilized people behave. We judge people on their own choices -- not their parentage. To do otherwise is the act of a barbarian. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father Quoting you: That your father was a highly positioned judge, would make you rather biased, to be specific. You didn't say that my information would be biased: you said that *I* am biased based on my father's job. And that's simply beyond the pale. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device What I want to do is to have a different pair for my mobile device or work computer than on my machine. I want to give those pairs a shorter lifetime like 1 year (depending on the paranoia level) so I can change them more frequently. (Besides the hopefully security advantages this also would make changing outdated subkeys more easily because there will be still a working keypair while people still update to the new keypairs) To setup a key with subkeys is not to big of a problem. There are enough tutorials out there. I just didn't find a nice key management tool for that. Especially exporting keys with only one of the subkey pairs requires some work ... Now the following problem arises (at least from the reading I have done). As I understand gpg only uses one of the encryption subkeys to encrypt the message. So the question is, is it possible to encrypt to all encryption subkeys in a key? And if yes, is there an easy way to do it, so also not just me can handle that, but also the people who sent me encrypted mails. (And if not, does it make sense to implement something like this in gnupg?) And a more general question: This approach generates some overhead so is there maybe a way to achieve something similar more easily? Thanks for ideas and input. Martin -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREKAAYFAlMhi+oACgkQ/6vdZgk46sgnowCcCRLJKxcWaDlrFQqSuWsYg6EY 2mAAn0PqF30Mq/MDKuinw8nZR6yXUogk =ZGtB -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Am Do 13.03.2014, 11:44:08 schrieb Martin Behrendt: Hi, I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device This is not possible in a useful sense and furthermore it doesn't make much either (in today's technical situation; this could change). The main problem is that (in a kind of normal scenario) you don't control which keys other people use for encrypting data to you. Similarly bad is the point that you make keys which are of quite different quality look equal. That is the opposite of what we need. In theory this transparency could be achieved within a certificate by marking subkeys differently (signature notations) but today you should use separate certificates at any rate. Now the following problem arises (at least from the reading I have done). As I understand gpg only uses one of the encryption subkeys to encrypt the message. So the question is, is it possible to encrypt to all encryption subkeys in a key? gpg --recipient 0xD4BC64B8\! --recipient 0x7CDBED88\! Not explicitly. There is no --encrypt-to-all-subkeys option. And if yes, is there an easy way to do it, so also not just me can handle that, but also the people who sent me encrypted mails. I guess that would be quite complicated. I am not even aware of such a feature in the mail clients on the certificate level. Unfortunately my proposal for conditional blocks in gpg.conf was declined... That would allow for such a feature: If it is an encryption operation to 0x12345678; then encrypt-to 0xD4BC64B8\! encrypt-to 0x7CDBED88\! fi (And if not, does it make sense to implement something like this in gnupg?) Good luck... And a more general question: This approach generates some overhead so is there maybe a way to achieve something similar more easily? We need transparency of the security level of keys (not just in OpenPGP): http://www.crypto-fuer-alle.de/wishlist/securitylevel/ (German only, sorry) Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Hi Martin-- On 03/13/2014 06:44 AM, Martin Behrendt wrote: I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device Now the following problem arises (at least from the reading I have done). As I understand gpg only uses one of the encryption subkeys to encrypt the message. So the question is, is it possible to encrypt to all encryption subkeys in a key? And if yes, is there an easy way to do it, so also not just me can handle that, but also the people who sent me encrypted mails. (And if not, does it make sense to implement something like this in gnupg?) ultimately, the problem here is that the people who correspond with you don't know what device you're going to be reading the encrypted message on, so they cannot choose which encryption-capable subkey to encrypt to. In practice, it doesn't make sense to have more than one encryption-capable subkey active at a time; for signing-capable subkeys, you can have one per device as you describe. So here is what i consider to be best practice for those people who end up using more than one machine: 0) a master certifying key (possibly offline) 1) an encryption-capable subkey (shared across all machines) 2) one signing-capable subkey per device (never shared) in the event of machine compromise, use the master certifying key to revoke the encryption-capable subkey and the signing subkey specific to the compromised machine; add a new encryption-capable subkey and distribute it to your remaining non-compromised devices. Publish all these changes to the public keyservers (as well as any other channels by which you've normally published your keys). You can also choose some schedule to regularly revoke (or expire) any of the subkeys and replace them with new ones as a matter of routine maintenance if you're concerned about key leakage through overuse, or you just prefer to pre-emptively rotate keys. hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On Thursday, March 13, 2014 at 8:03 AM, Martin Behrendt martin-gnupg-us...@dkyb.de wrote:Hi, I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device What I want to do is to have a different pair for my mobile device or work computer than on my machine. I want to give those pairs a shorter lifetime like 1 year (depending on the paranoia level) so I can change them more frequently. = It is difficult to do what you want using subkeys, but you can easily accomplish what you want by making three new keypairs: Keypair 1 will have the Master signing key and the encryption subkey, with the comment Principal Keypair (or whatever descriptive comment you think is clear to your e-mail correspondence. Keypair 2 will have a signing key and encrypting subkey, with the comment normal computer', and signed by your Master key. Keypair 3 will have a signing key and encrypting subkey with the comment mobile device', and signed by your Master key. All 3 keypairs will have the same name and e-mail address. Keypairs 2 and 3 can have whatever shorter expiration you want. You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and e-mail address). This way you can read and correspond on whatever device you are using at the time. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 13.03.2014 16:42, schrieb ved...@nym.hush.com: On Thursday, March 13, 2014 at 8:03 AM, Martin Behrendt martin-gnupg-us...@dkyb.de wrote:Hi, I want to achieve the following: 1. A Master signing key 2. A subkey signing/enc pair for my normal machine 3. A subkey signing/enc pair for e.g. my mobile device What I want to do is to have a different pair for my mobile device or work computer than on my machine. I want to give those pairs a shorter lifetime like 1 year (depending on the paranoia level) so I can change them more frequently. = You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and e-mail address). Thank you, that sounds like a solution worth going for. I'm just not sure, how to e.g. tell thunderbird/enigmail to use multiple keys for one email address when sending (or will it do that by default?). If you have a hint for that would be nice, otherwise I will try to find out myself. My closest thoughts to a solution like this were, go set my reply-to to two email addresses and maybe play around with the subkey identities to achieve the same. Or also two different key pairs. One big key with subkeys would be nicer tho, to hide the complexity a little. @Hauke, Daniel Thx for your replies, too. Like I wrote, I am aware that multiple encryption subkeys are not used. Thats why I was asking, if changing that would make sense. Or what the bigger drawbacks are. Also the fact that it is hard to determine which key has which security level is correct and an important issue. But I think this is a problem which can be solved by a proper key management and presentation. Martin -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEAREKAAYFAlMh3TgACgkQ/6vdZgk46shm3QCeLD6yYByhhOnDCPCpZPPO/863 9+AAnj2J4NA53YWbO9rn30rEBwh5wR79 =m03k -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 03/13/2014 12:30 PM, Martin Behrendt wrote: Am 13.03.2014 16:42, schrieb ved...@nym.hush.com: = You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and e-mail address). Thank you, that sounds like a solution worth going for. I'm just not sure, how to e.g. tell thunderbird/enigmail to use multiple keys for one email address when sending (or will it do that by default?). If you have a hint for that would be nice, otherwise I will try to find out myself. My closest thoughts to a solution like this were, go set my reply-to to two email addresses and maybe play around with the subkey identities to achieve the same. Or also two different key pairs. One big key with subkeys would be nicer tho, to hide the complexity a little. what is the advantage of this approach? what threat are you trying to defend against? I'll work from the assumption that you are worried that an attacker might compromise one of your machines, copy that machine's decryption key, and then use its key do decrypt messages that had been sent prior to the compromise. In this case, having your recipients encrypt every message to all three keys is *exactly* as risky as having a single key shared across all machines -- a compromise of any one of the machines results in a decryption of all messages. so what are the differences between the two approaches (separate per-machine vs a single shared encryption keys)? 0) per-machine keying is more work for your peers -- they have to encrypt to K keys instead of 1. 1) on compromise, per-machine keying means you need to revoke a single key, and do no extra secret key distribution. shared keying means revoking a single key and doing a bit of extra secret key distribution. even if it was easy to convince clients like enigmail or other mechanisms to encrypt to multiple keys for a single user (i don't think it is), i don't think the per-machine approach to encryption-capable keys makes any sense. --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 13.03.2014 17:39, schrieb Daniel Kahn Gillmor: what is the advantage of this approach? what threat are you trying to defend against? I'll work from the assumption that you are worried that an attacker might compromise one of your machines, copy that machine's decryption key, and then use its key do decrypt messages that had been sent prior to the compromise. In this case, having your recipients encrypt every message to all three keys is *exactly* as risky as having a single key shared across all machines -- a compromise of any one of the machines results in a decryption of all messages. One use case would be, if you use portable thunderbird only those encrypted messages get compromised which can be decrypted by the local key and which were composed in a certain time-frame. On my side, I still can read messages friend send me, which are only encrypted to e.g. make mass surveillance harder. But they don't have actual important content. On the other side, those friends of mine, more worried about the topic in general know how to only use my safer key. So the basic idea is, I'm always reachable via encryption but for insecure devices I have a short living key which I can change frequently while I still have a long term key out there which can more more trusted. I don't know if this makes much sense or if are there better ways. Or maybe thats a stupid problem to think about at all. I just thought about using gpg for multiple devices (especially insecure mobile ones) and approaches to increase the security. And now I want to see, what is technical possible and if there is a solution to it. If not maybe someone at least also starts thinking about the problem and comes up with a good solution. Martin -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEAREKAAYFAlMh+CkACgkQ/6vdZgk46sg1xwCgk3b9UyFmpOvAwoPQNIIXe1L+ /d4An1j5QQzTyKWVNNQhkyWd7+ejnrOG =Cas0 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
I still can read messages friend send me, which are only encrypted to e.g. make mass surveillance harder. Your proposed solution won't work. Sorry to be so blunt, but that's the state of things. So far there's no credible reporting that any government is doing mass surveillance of email content. Instead, mass surveillance focuses on metadata: who's talking to whom, when, with what for a subject line, routed through which mail servers, and so on. GnuPG does not and cannot protect against that. If your concern is mass surveillance -- which is to say, metadata -- you need to look at other technologies. GnuPG will not protect your metadata. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 NotDashEscaped: You need GnuPG to verify this message Hi On Thursday 13 March 2014 at 2:31:06 PM, in mid:1730446.9J4b6oayU7@inno, Hauke Laging wrote: gpg --recipient 0xD4BC64B8\! I've never see it with a backslash before the exclamation mark. What does the backslash add? -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Adults are obsolete children. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlMiLmxXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pw+EEAIr18xX3n/CY5HSEDqmMzoNKqia/Wn15zD9p TlyfWTGck+I0u2XHE+Pngu5h4xMnTr7BXFUVgIIhsh40E81qfV2IKyAeWdaajeK4 CNGNwUBG/4CJYk5SmcmTeg5Ih31ZHwJIc+MC1DOXS5FVkt30zxvs0i+LjWxWvnY4 HKxjr6Ii =V8nY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 03/13/2014 06:17 PM, MFPA wrote: On Thursday 13 March 2014 at 2:31:06 PM, in mid:1730446.9J4b6oayU7@inno, Hauke Laging wrote: gpg --recipient 0xD4BC64B8\! I've never see it with a backslash before the exclamation mark. What does the backslash add? it tells your shell to avoid interpreting the ! as a shell metacharacter. If your shell doesn't care about ! then the backslash is unnecessary but shouldn't be a problem (standard shell escaping will swallow it before passing on the literal ! to the shell's subprocess (gpg in this case). --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
Am Do 13.03.2014, 22:17:08 schrieb MFPA: gpg --recipient 0xD4BC64B8\! I've never see it with a backslash before the exclamation mark. What does the backslash add? That has nothing to do with GnuPG it is for the Shell. man bash: History expansions are introduced by the appearance of the history expansion character, which is ! by default. Only backslash (\) and single quotes can quote the history expansion character. Several characters inhibit history expansion if found immediately following the history expansion character, even if it is unquoted: space, tab, newline, carriage return, and =. If the extglob shell option is enabled, ( will also inhibit expansion. Thus the \ is not necessary in this case. But because I often forget which characters inhibit history expansion I got used to always escape !. If history expansion is active in your shell (bash: echo $- contains H) compare gpg --recipient 0xD4BC64B8\! with gpg --recipient 0xD4BC64B8! Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On Mar 13, 2014, at 6:17 PM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 NotDashEscaped: You need GnuPG to verify this message Hi On Thursday 13 March 2014 at 2:31:06 PM, in mid:1730446.9J4b6oayU7@inno, Hauke Laging wrote: gpg --recipient 0xD4BC64B8\! I've never see it with a backslash before the exclamation mark. What does the backslash add? Probably escaping the exclamation mark to prevent it from being interpreted by the shell. In bash, at least, it's not necessary as a trailing ! mark doesn't get interpreted by the shell. Doesn't hurt to escape it though. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
