Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

Am 12.06.2017 um 23:50 schrieb Duane Whitty:

Thanks for your input much appreciated!


I would also add one word about USB sticks:  It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place.  I never put a USB in my computer that has
been used on a computer I don't own.
Best Regards,
Duane



Thanks for pointing this out!

I come to the conclusion after reading all the replies from this thread
that i will return to pure GnuPG usage, instead of using an email / Usenet
client with add-ons. I already found a script for PGP/MIME so that i can
decrypt/verify a message send to me when using GnuPG in command-line
mode.

Another thing i will do in the future, which i haven't read in popular 
tutorials,

is that once checking the hash/sig of the provided package i will also hash
the binaries after unpacking and print them out on a piece of paper, so 
that i

can frequently check the values.

Regards
Stefan







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Duane Whitty]

On 17-06-12 05:45 PM, Stefan Claas wrote:
> On 12.06.17 22:35, Robert J. Hansen wrote:
>>> Is there something like a Standard Operating Procedure for GnuPG
>>> available, which fulfills security experts demands, and which can
>>> easily be adapted by an average GnuPG user, regardless of platform 
>>> and client he/she uses?
>> No.  More to the point, there can't be.  Each user faces threats
>> specific to that user; each user is responsible for their own threat
>> modeling.
>>
>> But follow the steps I outlined before and you'll significantly improve
>> your online security.  You won't be perfect -- there is no such thing as
>> perfection.  You won't be a hardened target -- that takes a lot of work.
>>  But follow those steps and you'll have taken care of the easy ways that
>> your machine can be compromised.
>>
> 
> Thank you very much for your advise, much appreciated!
> 
> Regards
> Stefan
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
I'm not one of the many experts on the list you refer to so you'll have
to judge for yourself the usefulness of my procedures.  Comments from
more experienced users welcome as well, of course, and some very
experienced users have given you very good advice already.

Some of things I do include setting a password on the BIOS and HD and
turning my computer off when I'm not using it.  My reason for those
steps is that I am hoping it would introduce enough of a roadblock that
should someone gain physical access to my computer (a laptop) they would
need to take it with them in order to compromise it.

I also don't click on any links in emails. As well, I don't open any PDF
files I don't trust.

I believe also that it's important to consider what operating system you
use.  Some people believe that with certain OSs you are compromised the
minute you install said OS and are actually fulfilling the role of
Mallory against yourself.  This is to say that I believe Open Source is
beneficial not that it is the complete solution.

I would also add one word about USB sticks:  It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place.  I never put a USB in my computer that has
been used on a computer I don't own.
Best Regards,
Duane

-- 
Duane Whitty
du...@nofroth.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 22:35, Robert J. Hansen wrote:
>> Is there something like a Standard Operating Procedure for GnuPG
>> available, which fulfills security experts demands, and which can
>> easily be adapted by an average GnuPG user, regardless of platform 
>> and client he/she uses?
> No.  More to the point, there can't be.  Each user faces threats
> specific to that user; each user is responsible for their own threat
> modeling.
>
> But follow the steps I outlined before and you'll significantly improve
> your online security.  You won't be perfect -- there is no such thing as
> perfection.  You won't be a hardened target -- that takes a lot of work.
>  But follow those steps and you'll have taken care of the easy ways that
> your machine can be compromised.
>

Thank you very much for your advise, much appreciated!

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Robert J. Hansen]

> Is there something like a Standard Operating Procedure for GnuPG
> available, which fulfills security experts demands, and which can
> easily be adapted by an average GnuPG user, regardless of platform 
> and client he/she uses?

No.  More to the point, there can't be.  Each user faces threats
specific to that user; each user is responsible for their own threat
modeling.

But follow the steps I outlined before and you'll significantly improve
your online security.  You won't be perfect -- there is no such thing as
perfection.  You won't be a hardened target -- that takes a lot of work.
 But follow those steps and you'll have taken care of the easy ways that
your machine can be compromised.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 22:10, Robert J. Hansen wrote:
>> and transfer signed/encrypted messages from my online usage
>> computer with a USB stick to my offline computer and verify
>> decrypt the messages there. :-)
> If you think your online computer may be compromised, then you have no
> business sharing USB devices between it and your believed-safe computer.
>
O.k., i have for example no Tempest Attack, etc. shielded offline computer,
because i am only a little Mac user. Is there something like a Standard
Operating
Procedure for GnuPG available, which fulfills security experts demands,
and which
can easily be adapted by an average GnuPG user, regardless of platform
and client
he/she uses?

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Robert J. Hansen]

> and transfer signed/encrypted messages from my online usage
> computer with a USB stick to my offline computer and verify
> decrypt the messages there. :-)

If you think your online computer may be compromised, then you have no
business sharing USB devices between it and your believed-safe computer.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 21:15, Peter Lebbing wrote:

>> (Remember there are two types of companies. Those who know they got
>> hacked and those who don't know yet that they got hacked.)
>>
>>
I should put that as a signature in my email and Usenet client! :-)

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 21:21, Ludwig Hügelschäfer wrote:
> What you can do: Learn, learn by playing, learn by trying to
> understand what others write and by asking questions and become a
> reasonable critical user. That's the hard way, but you learn best.
> Second possibility would be to have a good experienced friend which
> guides you along the way. Third way would be to engage an expert which
> maintains your computer.
>
Thanks also for your valuable reply!

Please see also my reply to Peter.

Regards
Stefan




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 21:15, Peter Lebbing wrote:
> On 12/06/17 20:51, Stefan Claas wrote:
>> Maybe as an additional security feature Enigmail should give
>> a key with a set trust level of "Ultimate" a different color than
>> green.
> No, that's beside the point. Once somebody gets your user privileges,
> there is no "additional security". It's game over. They could replace
> your Enigmail with their Evilmail, which seems like a good name for an
> Enigmail edited to show any fingerprint the attacker desires and give it
> any colour of the rainbow.
>
> You need to make sure your computer doesn't get hacked by someone who
> wants to subvert your use of GnuPG. Luckily, for most of us, we get
> hacked to send spam... ;)
>
> (Remember there are two types of companies. Those who know they got
> hacked and those who don't know yet that they got hacked.)
>
>

Thanks for your thought! So what i have learned from this whole
thread, also about my proposal for identicons, i should buy me
an offline computer, send Thunderbird/Enigmail to /dev/null
and transfer signed/encrypted messages from my online usage
computer with a USB stick to my offline computer and verify
decrypt the messages there. :-)

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Ludwig Hügelschäfer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12.06.17 20:51, Stefan Claas wrote:
> On 12.06.17 20:18, Ludwig Hügelschäfer wrote:
>> Hi,
>> 
>> On 12.06.17 14:52, Stefan Claas wrote:
>> 
>>> Hi Ludwig,
>>> 
>>> I just checked again. On my Mac and on my Windows Notebook i
>>> get a green bar , from a blue "Untrusted" key when i go into
>>> Enigmails Key Management and set the trust of that key to
>>> Ultimate...
>> Well, ultimate ownertrust is the wrong way. This setting is
>> reserved for your own keys. No wonder you get a green header
>> bar.
>> 
>> What are you trying to achieve?
>> 
> 
> Well, i assume that the majority of people who are using GnuPG are
> using it with Thunderbird/Enigmail.

I'd not sign this statement. A lot of users caring for privacy and
safety won't go for Windows. Thunderbird is not the most popular mail
client on non-windows computers, there quite some other mail clients.

> Let's also assume they are not security experts like all you guys
> here on the list and let's also assume they are following popular
> tutorials like the ones from EFF:
> https://ssd.eff.org/en/module/how-use-pgp-windows because they know
> EFF are good people (like you security experts).
> 
> Now here is my thought. Mallory knows this very well what i have 
> described above and after he gained access to my computer he simply
> replaces on of my locally signed pub keys with a fake one where he
> sets owner trust to ultimate. A user, described as above would imho
> have a hard time to detect a fake pub key, because Enigmail shows
> for both keys a green bar.

As Robert said: If an attacker gains control over your computer,
you're busted, game over.

> Maybe as an additional security feature Enigmail should give a key
> with a set trust level of "Ultimate" a different color than green.

This would also be the case if the attacker gained access to your
computer.

What you can do: Learn, learn by playing, learn by trying to
understand what others write and by asking questions and become a
reasonable critical user. That's the hard way, but you learn best.
Second possibility would be to have a good experienced friend which
guides you along the way. Third way would be to engage an expert which
maintains your computer.

Ludwig
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE4WAgb7FA4aaVxJnYOtv6bQCh5v4FAlk+6b4ACgkQOtv6bQCh
5v7yeg/+NG1ZJOm/is1MyiDI8eGHB2343qmCYjzlrpj5+SYBECMa5FSKqh86z+LS
xMbynzfMIVTR2imt259mHFhCCcBgx067GCCxCFOMgJgafYg0M/kf1bOQF1Hov1lD
969zfYBcHNl2lnOSA5W16nJPY0gaJoa6t+25bf3YDD/+1aMQdZpBmOpxEPPuMUqt
5Qb7LPHh0hhSNoX7TrTqcMEBQtJopDlB94xUShUujMR56udC1Mfo3LDN1BpV00sd
R+La+a94Uu+i9FkEhjFHeTcVlaN9TSofLqGBVID51h2sGG7UK/moOAv55T2GBkuh
zdTp9OirN1OIZbBIMnUfa3oe3ZbCyY24qm/XWA7gn4gTIUX9/QdT6Wz/aBDA9Rq+
fr5RDxXU5S/4kX3HODnUiGqvt8HElQAKmCkiTD6gSLM8Tsw6Bp1DK9AAMHEbgvqS
zT67rKY4ISzW4RTxqHuK4W1bury0TdSlyCCgL33CdUp+xhQazjLRfUQXzSeOaNu2
7/6LRVtOHWWUkpELaNGYGS2CPDMiPvuZuMH/Ut9CYcwGHaf1Rq2F7FH0C2Hha5Uf
6hHWVww+PrNg1Tera/yLn+P8+RCU5tkf8c+injiEN0FjYScXd0YBds704ZjdD8l8
tld1uAcxxI3FYybY05TSjKqdRNpGrJRJ14nb4Djd896jzOZDWJQ=
=CZYK
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

On 12/06/17 20:51, Stefan Claas wrote:
> Maybe as an additional security feature Enigmail should give
> a key with a set trust level of "Ultimate" a different color than
> green.

No, that's beside the point. Once somebody gets your user privileges,
there is no "additional security". It's game over. They could replace
your Enigmail with their Evilmail, which seems like a good name for an
Enigmail edited to show any fingerprint the attacker desires and give it
any colour of the rainbow.

You need to make sure your computer doesn't get hacked by someone who
wants to subvert your use of GnuPG. Luckily, for most of us, we get
hacked to send spam... ;)

(Remember there are two types of companies. Those who know they got
hacked and those who don't know yet that they got hacked.)

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 20:18, Ludwig Hügelschäfer wrote:
> Hi,
>
> On 12.06.17 14:52, Stefan Claas wrote:
>
>> Hi Ludwig,
>>
>> I just checked again. On my Mac and on my Windows Notebook i get a
>> green bar , from a blue "Untrusted" key when i go into Enigmails
>> Key Management and set the trust of that key to Ultimate...
> Well, ultimate ownertrust is the wrong way. This setting is reserved
> for your own keys. No wonder you get a green header bar.
>
> What are you trying to achieve? 
>

Well, i assume that the majority of people who are using GnuPG
are using it with Thunderbird/Enigmail. Let's also assume they are
not security experts like all you guys here on the list and let's
also assume they are following popular tutorials like the ones
from EFF: https://ssd.eff.org/en/module/how-use-pgp-windows
because they know EFF are good people (like you security experts).

Now here is my thought. Mallory knows this very well what i have
described above and after he gained access to my computer he
simply replaces on of my locally signed pub keys with a fake
one where he sets owner trust to ultimate. A user, described as
above would imho have a hard time to detect a fake pub key,
because Enigmail shows for both keys a green bar.

Maybe as an additional security feature Enigmail should give
a key with a set trust level of "Ultimate" a different color than
green.

Regards
Stefan




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Ludwig Hügelschäfer]

Hi,

On 12.06.17 14:52, Stefan Claas wrote:

> Hi Ludwig,
> 
> I just checked again. On my Mac and on my Windows Notebook i get a
> green bar , from a blue "Untrusted" key when i go into Enigmails
> Key Management and set the trust of that key to Ultimate...

Well, ultimate ownertrust is the wrong way. This setting is reserved
for your own keys. No wonder you get a green header bar.

What are you trying to achieve? I'm getting tons of "UNTRUSTED Good
signature" when reading my mailing lists, e.g. from Peter Lebbing and
a lot of others. That's the way it is, I have to accept this, my
web-of-trust is not so good. I've got a couple of good signatures, though.

One way to improve this situation is to get out, meet people, view
their Ids and receive their fingerprints, verify them and if all is
good, sign their keys.

The other would be to enable TOFU. Can't tell anything about this, I
still have to test.

Best regards

Ludwig



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Robert J. Hansen]

> If Mallory would get somehow access to my Computer and replace one
> pub key from my communication partners with a fake one and sets the
> trust level to Ultimate. How can i detect this, if i'm not always
> looking at the complete Fingerprint and compare it with a separate
> list?

If Mallory can tamper with your keyrings, that's a total game-over
condition.  At that point there are dozens of attacks open to her.  Once
you lose control of your computer, it's all over.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

I hadn't gotten round to answer your earlier questions yet, since I
noticed a point I should first spend some effort and thinking on.

On 12/06/17 16:14, Stefan Claas wrote:
> And a question for this... If Mallory would get
> somehow access to my Computer and replace one pub key from my
> communication partners with a fake one and sets the trust level to
> Ultimate. How can i detect this, if i'm not always looking at the
> complete Fingerprint and compare it with a separate list?

It is impossible to use any form of cryptography in a secure fashion
when somebody is in a position to mess with the computer you're using it
on. Worst is someone with administrator privileges, but somebody with
the same privileges as you is already more than enough to completely
subvert your security.

They could alter your search path and put their own binaries in them.
Any program you launch, be it GnuPG, your e-mail client, your shell, or
any other program you use, could be replaced by something else. Same for
your data files, as you point out.

Your user account needs to be secure from evildoers. It depends on your
threat model how you go about this.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 12.06.17 16:06, Peter Lebbing wrote:
> On 12/06/17 14:52, Stefan Claas wrote:
>> I just checked again. On my Mac and on my Windows Notebook
>> i get a green bar , from a blue "Untrusted" key when i go into
>> Enigmails Key Management and set the trust of that key to
>> Ultimate...
> Don't do this! Or did you do it just for testing? "Ultimate" is for your
> own keys. It makes the key itself valid and all keys signed by that key.
> It's the odd one out, as the other trust levels only determine the
> validity of other keys signed by that key but don't affect the key itself.
>
> To make a key valid, sign it with a local signature. Or an exportable
> signature, your choice.
>

I did that for testing! And a question for this... If Mallory would get
somehow access to my Computer and replace one pub key from my
communication partners with a fake one and sets the trust level to
Ultimate. How can i detect this, if i'm not always looking at the
complete Fingerprint and compare it with a separate list?

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

On 12/06/17 14:52, Stefan Claas wrote:
> I just checked again. On my Mac and on my Windows Notebook
> i get a green bar , from a blue "Untrusted" key when i go into
> Enigmails Key Management and set the trust of that key to
> Ultimate...

Don't do this! Or did you do it just for testing? "Ultimate" is for your
own keys. It makes the key itself valid and all keys signed by that key.
It's the odd one out, as the other trust levels only determine the
validity of other keys signed by that key but don't affect the key itself.

To make a key valid, sign it with a local signature. Or an exportable
signature, your choice.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 07.06.17 22:23, Ludwig Hügelschäfer wrote:
> Hi Stefan,
>
> On 06.06.17 22:19, Stefan Claas wrote:
>> On 06.06.17 20:46, Charlie Jonas wrote:
>>> On 2017-06-06 19:12, Stefan Claas wrote:
 I tried also with Enigmail under OS X but when checking the
 signatures here from the list members i always get the blue
 "Untrusted Good Signature".
>>> Yes I get this as well. Interestingly whatever trust level I give
>>> keys, Enigmail on OSX seems to want to make the bar blue
>>> regardless.
>>>
>> Thanks for confirming. Hopefully Ludwig still follows this thread
>> and can tell us why it's not working, as expected.
> It's working as expected. To get a green bar in Enigmails header
> display, the key signing the message has to be at least fully valid. A
> key gets valid if you either:
>
> - sign it (whether local or exportable is not relevant)
>
> or
>
> - it is signed by
>   - at least one key you have signed and you have put "full" ownertrust
> on these
>   - at least three other keys you have signed and you have put
> "marginal" ownertrust on these
>
> This is the behaviour of the "classic" or "PGP" trust model which is
> the default in GnuPG. Enigmail only displays the result.
>
>
Hi Ludwig,

I just checked again. On my Mac and on my Windows Notebook
i get a green bar , from a blue "Untrusted" key when i go into
Enigmails Key Management and set the trust of that key to
Ultimate...

Regards
Stefan





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 07.06.17 22:23, Ludwig Hügelschäfer wrote:
> Hi Stefan,
>
> On 06.06.17 22:19, Stefan Claas wrote:
>> On 06.06.17 20:46, Charlie Jonas wrote:
>>> On 2017-06-06 19:12, Stefan Claas wrote:
 I tried also with Enigmail under OS X but when checking the
 signatures here from the list members i always get the blue
 "Untrusted Good Signature".
>>> Yes I get this as well. Interestingly whatever trust level I give
>>> keys, Enigmail on OSX seems to want to make the bar blue
>>> regardless.
>>>
>> Thanks for confirming. Hopefully Ludwig still follows this thread
>> and can tell us why it's not working, as expected.
> It's working as expected. To get a green bar in Enigmails header
> display, the key signing the message has to be at least fully valid. A
> key gets valid if you either:
>
> - sign it (whether local or exportable is not relevant)
>
> or
>
> - it is signed by
>   - at least one key you have signed and you have put "full" ownertrust
> on these
>   - at least three other keys you have signed and you have put
> "marginal" ownertrust on these
>
> This is the behaviour of the "classic" or "PGP" trust model which is
> the default in GnuPG. Enigmail only displays the result.

Thanks, i'm aware of the classic trust model.
>
> You may read more about this here:
> https://enigmail.wiki/Key_Management#The_Web_of_Trust
>
> There's a lot more information about the web of trust out in the web.
>
> Disclaimer: Configuring GnuPG to use the TOFU trust model may change
> this behaviour.

I configured GnuPG to use the TOFU model and expected that Enigmail
would switch from blue Untrusted to green when TOFU gives "full" trust
to a pub key. For example when i downloaded a signed Usenet message
as a test (where Enigmail showed me a blue bar) and let GnuPG verify
the saved file manually it gave me the statistics. After downloading a
second file, where Enigmail correctly showed the blue bar again, i ran
the file via GnuPG and it gave "full" trust to the message. After that
i klicked again in Enigmail in the Usenet thread and voila i had a green
bar. So that is the reason why i thought Enigmail would give me with
the new trust model also a green bar when checking here list members
messages.

Regards
Stefan

And appologies for the multiple thread chaos!



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Ludwig Hügelschäfer]

Hi Stefan,

On 06.06.17 22:19, Stefan Claas wrote:
> On 06.06.17 20:46, Charlie Jonas wrote:
>> On 2017-06-06 19:12, Stefan Claas wrote:
>>> I tried also with Enigmail under OS X but when checking the
>>> signatures here from the list members i always get the blue
>>> "Untrusted Good Signature".
>> Yes I get this as well. Interestingly whatever trust level I give
>> keys, Enigmail on OSX seems to want to make the bar blue
>> regardless.
>> 
> Thanks for confirming. Hopefully Ludwig still follows this thread
> and can tell us why it's not working, as expected.

It's working as expected. To get a green bar in Enigmails header
display, the key signing the message has to be at least fully valid. A
key gets valid if you either:

- sign it (whether local or exportable is not relevant)

or

- it is signed by
  - at least one key you have signed and you have put "full" ownertrust
on these
  - at least three other keys you have signed and you have put
"marginal" ownertrust on these

This is the behaviour of the "classic" or "PGP" trust model which is
the default in GnuPG. Enigmail only displays the result.

You may read more about this here:
https://enigmail.wiki/Key_Management#The_Web_of_Trust

There's a lot more information about the web of trust out in the web.

Disclaimer: Configuring GnuPG to use the TOFU trust model may change
this behaviour.

Ludwig

BTW: Could you please stop forwarding your replies to the list? Now
there are 6 threads titled "Question for app developers, like Enigmail
etc. - Identicons" on the list. Just click on "Reply to list" when
replying. Thanks.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

Am 07.06.2017 um 10:57 schrieb Peter Lebbing:


On 07/06/17 07:55, Stefan Claas wrote:

The procedure went like this: I inserted my id-card in a certified
card reader, which i purchased, startet the german certified id-card
software "AusweisApp2" to connect to the CA Server and the server
checked my id-card online and after verification send the signed
pub-key to my email address.

What prevents someone else from doing this with your ID-card? For
instance, someone with whom you live?



The ID-card is protected with a pin which i have memorized.
But good that you bring this point up! Should my ID-card get's
stolen the thief can only try thee times to guess the pin.

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

On 07/06/17 07:55, Stefan Claas wrote:
> The procedure went like this: I inserted my id-card in a certified
> card reader, which i purchased, startet the german certified id-card
> software "AusweisApp2" to connect to the CA Server and the server
> checked my id-card online and after verification send the signed
> pub-key to my email address.

What prevents someone else from doing this with your ID-card? For
instance, someone with whom you live?

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 07.06.17 00:04, MFPA wrote:

>
>
> On Tuesday 6 June 2017 at 5:07:18 PM, in
> , Stefan Claas
> wrote:-
>
>
> > Therefore qualified CA's
> > in my opinion are mandatory where each user in each
> > country [may] register
> > with his/her id-card so that it's guaranteed that
> > Alice is not Eve.
>
> Assuming the users trust both the CA and the entity that issued the
> id-card.
>
Well, that's debatable. As an example:

My old pub-key had a sig3 from a well known german computer
magazine, which i believe a lot of people here in Germany would trust.
Their procedure was that you attend their booth at electronic fairs
show up with your id-card and a fillet out form, containing your data and
the pub key data. They carefully checked then the filled out form with
your id-card. So it's imo compareable with key signing parties you
attend. But who guarantees that an id-card is not fake with this
classical procedure?

My new pub-key bears a sig3 from a german CA which is run on
behalf of  our interior ministry. People may not trust our government
but the procedure how the pub-key was verified* tells me that the
sig3 issued to that person is correct.

*our new german id-card contains a chip and when you look at it
i would say this sort of modern id-card can not be faked.

The procedure went like this: I inserted my id-card in a certified
card reader, which i purchased, startet the german certified id-card
software "AusweisApp2" to connect to the CA Server and the server
checked my id-card online and after verification send the signed
pub-key to my email address. Can this procedure be faked by
criminals etc.? I doubt it.

Regards
Stefan
 




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 6 June 2017 at 5:07:18 PM, in
, Stefan Claas
wrote:-


> Therefore qualified CA's
> in my opinion are mandatory where each user in each
> country [may] register
> with his/her id-card so that it's guaranteed that
> Alice is not Eve.

Assuming the users trust both the CA and the entity that issued the
id-card.

- --
Best regards

MFPA  

Two rights do not make a wrong. They make an airplane.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWTcm2l8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5M0bAQCxPC1qcxn5/hKvd2Acm5bCxO9czxoa6JJos3mKgooLfQD9Hn/AoaC/CJwS
61kzBoo4xFtC0caacvg0qevQelC0ywGJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWTcm8F8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8B9LB/9SVOXj12DpY6urk83Skh1MgXPq
WKE44LwOUQKRuSldrWlwnf4Ox4X6chKU3qH4PjVhMFGZNC5wrAkavIesPzqLzKAy
md4tzOaFTWHRXoymG4aVGEOE/l3T9JOQLh8pYRlNDUknNbSATE6FpMF6bDXAPe/N
Jy/Hfq1Gt2QMBQWgff/tXOCUSB5rSvyCcecBqbtLB5Civ4TIQkXHJ7rHkLGzN5eL
/TsqxvcKKo54ngDJbQEu6yPH6BPiMJztaMZIBmF7c6wkHxRngtFQhVu2rJt3rlez
9BTnEIJi0jn64ZMX2XnhdRImU7BfzEKjB86hbrhirInXKwlHQ7oQqZz0dTmJ
=CPjn
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 06.06.17 20:46, Charlie Jonas wrote:
> On 2017-06-06 19:12, Stefan Claas wrote:
>> I tried also with Enigmail under OS X but when checking the signatures here
>> from the list members i always get the blue "Untrusted Good Signature".
> Yes I get this as well. Interestingly whatever trust level I give keys,
> Enigmail on OSX seems to want to make the bar blue regardless.
>
Thanks for confirming. Hopefully Ludwig still follows this thread and
can tell us why it's not working, as expected.

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Charlie Jonas]

On 2017-06-06 19:12, Stefan Claas wrote:
> I tried also with Enigmail under OS X but when checking the signatures here
> from the list members i always get the blue "Untrusted Good Signature".

Yes I get this as well. Interestingly whatever trust level I give keys,
Enigmail on OSX seems to want to make the bar blue regardless.

-- 
Charlie Jonas ch...@srcf.net

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 06.06.17 12:46, Peter Lebbing wrote:

> On 06/06/17 05:30, Duane Whitty wrote:
>> As I understand the concept of TOFU (Trust On First Use), when you
>> receive a signed email gpg tests that signature against the key
>> retrieved from the public key servers associated with the email.

> TOFU is about *consistency*. It says: this e-mail is signed by the same
> key you've seen on all the earlier messages you received from this
> e-mail address. It keeps count, and alerts you when all of a sudden you
> start receiving signatures made by a different key.

Is TOFU verifying the email address from the from: header of the message
and then compares it with the email address in the UID? I ask, because
if i would use a free form UID with no email address, or i use an Anon
Remailer with a nym account where both email addresses are not identical.
>
> Note that it can also be combined with the Web of Trust. You could use
> TOFU just to track consistency and not award validity to keys, or you
> could use TOFU to award marginal validity and obtain the remaining
> validity from, e.g., marginally trusted Web of Trust signatures.
>
> But TOFU isn't for everyone, and neither is the Web of Trust. It's your
> call.
>
> By the way, it is my feeling Stefan Claas is looking for TOFU. The
> Identicon scheme feels like TOFU with the database on external storage,
> to wit, the user's brain :). Better to store that database on disk,
> IMHO. The (only) net loss is that there is no synchronization between
> different devices.

I just installed modern GnuPG and used it with two inline PGP messages from
Usenet and i like it. :-)
>
> My Enigmail works with TOFU, although I can't see any statistics. But it
> correctly awards a green bar with "Good signature" to my TOFU-verified keys.
>
I tried also with Enigmail under OS X but when checking the signatures here
from the list members i always get the blue "Untrusted Good Signature".

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 06.06.17 18:07, Stefan Claas wrote:
> On 06.06.17 04:11, Daniel Kahn Gillmor wrote:
>> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
 what does "bullet-proof" mean, specifically? 
>>> For me it means that the idendicons should be visually easy to read
>>> and cryptographically secure. Sorry that i have no better explanation.
>> here's one way to try to frame the question: Imagine the situation as a
>> game, where you have two players on one team, "defense" named Alice and
>> Bob; Alice wants to send a message to Bob.  Another player on the
>> opposing team, "offense", is named Mallory, is trying to send a message
>> to Bob as well, but trying to trick Bob into thinking that the incoming
>> message comes from Alice.
>>
>> The way the game is played, either Alice or Mallory gets to send a
>> message.  Bob has to decide whether the message actually came from
>> Alice.  If Bob gets it right, the "defense" wins.  If Bob gets it wrong,
>> the "offense" wins.  The game is played multiple times.
>>
>> Is that the scenario you're thinking of?  If so, does the defense need
>> to win 100% of the time over thousands of games?  or is it acceptable
>> for offense to win occasionally?
>>
>> In any case question is: how much work does Mallory need to do to get
>> Bob to make a mistake?  How frequently can Mallory trick Bob into
>> accepting mail from her as though it were from Alice?  Conversely, how
>> many messages that were actually from Alice can Bob accidentally reject
>> without making Alice upset enough to give up on the entire
>> communications scheme?
>>
>>
> In old times I would say if Bob and Alice don't know each other and they
> have no clue how that particular security software works it should be that
> the second message send to one person the security software already detects
> forgeries and reports that to a person. However, with that thinking it does
> not guarantee that Bob knows that Alice is not Eve. Therefore qualified CA's
> in my opinion are mandatory where each user in each country has to register
> with his/her id-card so that it's guaranteed that Alice is not Eve.
>
> Regards
> Stefan
>
Correction... instead "has" to register "may register"...

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 06.06.17 04:11, Daniel Kahn Gillmor wrote:
> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>> what does "bullet-proof" mean, specifically? 
>> For me it means that the idendicons should be visually easy to read
>> and cryptographically secure. Sorry that i have no better explanation.
> here's one way to try to frame the question: Imagine the situation as a
> game, where you have two players on one team, "defense" named Alice and
> Bob; Alice wants to send a message to Bob.  Another player on the
> opposing team, "offense", is named Mallory, is trying to send a message
> to Bob as well, but trying to trick Bob into thinking that the incoming
> message comes from Alice.
>
> The way the game is played, either Alice or Mallory gets to send a
> message.  Bob has to decide whether the message actually came from
> Alice.  If Bob gets it right, the "defense" wins.  If Bob gets it wrong,
> the "offense" wins.  The game is played multiple times.
>
> Is that the scenario you're thinking of?  If so, does the defense need
> to win 100% of the time over thousands of games?  or is it acceptable
> for offense to win occasionally?
>
> In any case question is: how much work does Mallory need to do to get
> Bob to make a mistake?  How frequently can Mallory trick Bob into
> accepting mail from her as though it were from Alice?  Conversely, how
> many messages that were actually from Alice can Bob accidentally reject
> without making Alice upset enough to give up on the entire
> communications scheme?
>
>
In old times I would say if Bob and Alice don't know each other and they
have no clue how that particular security software works it should be that
the second message send to one person the security software already detects
forgeries and reports that to a person. However, with that thinking it does
not guarantee that Bob knows that Alice is not Eve. Therefore qualified CA's
in my opinion are mandatory where each user in each country has to register
with his/her id-card so that it's guaranteed that Alice is not Eve.

Regards
Stefan







___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Peter Lebbing]

On 06/06/17 05:30, Duane Whitty wrote:
> As I understand the concept of TOFU (Trust On First Use), when you
> receive a signed email gpg tests that signature against the key
> retrieved from the public key servers associated with the email.

TOFU is about *consistency*. It says: this e-mail is signed by the same
key you've seen on all the earlier messages you received from this
e-mail address. It keeps count, and alerts you when all of a sudden you
start receiving signatures made by a different key.

Note that it can also be combined with the Web of Trust. You could use
TOFU just to track consistency and not award validity to keys, or you
could use TOFU to award marginal validity and obtain the remaining
validity from, e.g., marginally trusted Web of Trust signatures.

But TOFU isn't for everyone, and neither is the Web of Trust. It's your
call.

By the way, it is my feeling Stefan Claas is looking for TOFU. The
Identicon scheme feels like TOFU with the database on external storage,
to wit, the user's brain :). Better to store that database on disk,
IMHO. The (only) net loss is that there is no synchronization between
different devices.

My Enigmail works with TOFU, although I can't see any statistics. But it
correctly awards a green bar with "Good signature" to my TOFU-verified keys.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Duane Whitty]

On 17-06-05 11:11 PM, Daniel Kahn Gillmor wrote:
> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>> what does "bullet-proof" mean, specifically? 
>>
>> For me it means that the idendicons should be visually easy to read
>> and cryptographically secure. Sorry that i have no better explanation.
> 
> here's one way to try to frame the question: Imagine the situation as a
> game, where you have two players on one team, "defense" named Alice and
> Bob; Alice wants to send a message to Bob.  Another player on the
> opposing team, "offense", is named Mallory, is trying to send a message
> to Bob as well, but trying to trick Bob into thinking that the incoming
> message comes from Alice.
> 
> The way the game is played, either Alice or Mallory gets to send a
> message.  Bob has to decide whether the message actually came from
> Alice.  If Bob gets it right, the "defense" wins.  If Bob gets it wrong,
> the "offense" wins.  The game is played multiple times.
> 
> Is that the scenario you're thinking of?  If so, does the defense need
> to win 100% of the time over thousands of games?  or is it acceptable
> for offense to win occasionally?
> 
> In any case question is: how much work does Mallory need to do to get
> Bob to make a mistake?  How frequently can Mallory trick Bob into
> accepting mail from her as though it were from Alice?  Conversely, how
> many messages that were actually from Alice can Bob accidentally reject
> without making Alice upset enough to give up on the entire
> communications scheme?
> 
> When you frame the problem this way, you can start thinking more
> concretely about what "bulletproof" means, and you can actually design
> user trials to test proposals.
> 
> There are probably other ways to concretize the problem, this is just
> one that i've come up with.  But without a concrete way to understand
> what we're looking for, words like "bullet proof" or "easy to read" or
> "cryptographically secure" are tough to get people to agree on.
> 
> I suspect (as discussed upthread) that TOFU will have better metrics for
> "defense" at the game described above than any attempt that involves
> asking people to visually distinguish deterministically-generated
> identicons.  But i don't know, because i haven't tested it.
> 
>--dkg
> 

Excellent scenario and explanation Daniel, thank you!  I firmly believe
your suspicions regarding identicons will be fully shown accurate.

However, I am having difficulty following how TOFU would/could provide
better metrics for the "defense" side of the game.  As I understand the
concept of TOFU (Trust On First Use), when you receive a signed email
gpg tests that signature against the key retrieved from the public key
servers associated with the email.

To me this says nothing about whether you are actually communicating
with who you think you are communicating with.  It justs says "Yes, the
signature on the email you received was generated by the same key
associated with that email address on the public key servers."

This is not enough to convince me I am communicating with someone I
know.  For instance, I have not imported even one of the many keys I
receive from emails to this mailing list into my keyring because there
is no trust there.  And when I move to gpg 2.1 I will make certain that
TOFU is not enabled.

I think TOFU could potentially be a win for Mallory.  TOFU may make
people more likely to take for granted that they are communicating with
a trusted party because the email they received says it's someone they
trust and GPG says it's a good signature from al...@example.com.

The problem with this is that they never communicated with Alice to
learn her email address is actually al...@trustme.com.

My personal opinion, for whatever that is worth, is that TOFU is going
to have people sending signed/encrypted email back and forth to each
other without them having done the work to ensure they are actually
communicating with their intended parties.  Trust takes work.

Once the work on establishing identities has been done and trust has
been established there is no need to remember keys because the key will
be locally associated with the email address belonging to the trusted
party you wish to communicate with.

Best Regards,
Duane

-- 
Duane Whitty
du...@nofroth.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Daniel Kahn Gillmor]

On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>> what does "bullet-proof" mean, specifically? 
>
> For me it means that the idendicons should be visually easy to read
> and cryptographically secure. Sorry that i have no better explanation.

here's one way to try to frame the question: Imagine the situation as a
game, where you have two players on one team, "defense" named Alice and
Bob; Alice wants to send a message to Bob.  Another player on the
opposing team, "offense", is named Mallory, is trying to send a message
to Bob as well, but trying to trick Bob into thinking that the incoming
message comes from Alice.

The way the game is played, either Alice or Mallory gets to send a
message.  Bob has to decide whether the message actually came from
Alice.  If Bob gets it right, the "defense" wins.  If Bob gets it wrong,
the "offense" wins.  The game is played multiple times.

Is that the scenario you're thinking of?  If so, does the defense need
to win 100% of the time over thousands of games?  or is it acceptable
for offense to win occasionally?

In any case question is: how much work does Mallory need to do to get
Bob to make a mistake?  How frequently can Mallory trick Bob into
accepting mail from her as though it were from Alice?  Conversely, how
many messages that were actually from Alice can Bob accidentally reject
without making Alice upset enough to give up on the entire
communications scheme?

When you frame the problem this way, you can start thinking more
concretely about what "bulletproof" means, and you can actually design
user trials to test proposals.

There are probably other ways to concretize the problem, this is just
one that i've come up with.  But without a concrete way to understand
what we're looking for, words like "bullet proof" or "easy to read" or
"cryptographically secure" are tough to get people to agree on.

I suspect (as discussed upthread) that TOFU will have better metrics for
"defense" at the game described above than any attempt that involves
asking people to visually distinguish deterministically-generated
identicons.  But i don't know, because i haven't tested it.

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
> On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>>>  * in the "distinguishing" model, it's not clear that any of the schemes
>>>i've seen are actually better for most humans against a dedicated
>>>attacker who crafts fingerprints to make visual identities that look
>>>similar.  do you have any studies showing this capability against a
>>>motivated and technically capable attacker?
>> No, of course i have not. My thoughts as a not so-skilled GnuPG user
>> would be that it helps users detecting (assuming it's bullet-proof)
> what does "bullet-proof" mean, specifically?  I ask this not for
> pedantry's sake, but because clearly stating the problem makes it
> possible to know whether a specific solution is applicable.
For me it means that the idendicons should be visually easy to read
and cryptographically secure. Sorry that i have no better explanation.
>
>> a proper key from a fake key more easily if they have not yet signed
>> (locally) a public key while they already exchanged a couple of
>> emails.  I can speak only of Thunderbird/Enigmail wich i use now. It
>> gives a user the usual "Untrusted Good Signatur" and i have to click
>> also on the Details button to carefully verify the fingerprint from an
>> addional list to see if the key belongs to the person the signature
>> claims. An additional visual fingerprint would make that proccess for
>> me easier, if it's bullet-proof.
> It sounds to me like you're saying that you find the key verification
> and certification steps as implemented by enigmail to be
> difficult-to-use.  You wouldn't be the only person who has that
> impression.
>
> But i don't see how a graphical icon solves that problem.  Isn't it a
> workflow problem, and not a visual-comparison problem?  If there's a
> standard thing (comparison, lookup, verification) you expect to be able
> to do with the tool, the tool should make that thing easy and simple to
> do.
>
> What specifically is the thing that you're trying to do when you click
> "Details" and verify the fingerprint (from what list?)?  Enigmail itself
> can compare fingerprints far better than you or i can, even if there is
> a graphical representation involved :) Maybe there's a different
> question or different interface Enigmail ought to offer in the "Details"
> view entirely?
Well, in the past, before i started using this email combination i
used web based email accounts copy and pasted the message into
a text editor and had no auto key retrival and looked up WWW
key servers to download the required key to verify the sig. I had
not often communications back then. So this was an acceptable
workflow for me.

With the current set-up it's all automatic and my understanding is
that in case i would receive a fake message my set-up would download
the fake key, display it as "Untrusted Good Signature" too, because i
have not yet locally signed the key. Therefore i click details to see the
fingerprint (which i can't memorizy) and look it up again. Maybe, as
casual user who never used this set-up before, i make a fundamentally
mistake in understanding of how the auto retrieve and verify function
works. I mean why is a Details button there to see a fingerprint which
i believe nobody can memorize in the first place? It must serve a purpose,
or not?

>>> I'd generally think that if you're looking for a tool to help people
>>> remember and recognize keys that they've seen before, then a mail user
>>> agent is in a great position to do exactly that: just tell the user
>>> explicitly what they've seen before, how often, etc.  why depend on the
>>> human visual cortex or on human ability for numeric recall?
>> I could imagine that Joe user average may not always look at mail headers
>> very carefully for a little typo in the from: or reply-to: header in his
>> mail client or web-mailer.
> i agree with you that users won't look at mail headers closely, which is
> why the e-mail client (the "mail user agent", or MUA) should be the
> thing to do the comparison, and to make it very clear to the user when
> something is amiss.  But that still doesn't answer the question of what
> the MUA should actually be trying to compare and what results it should
> be highlighting.
>
For me a MUA is passive and happily accepts what he receives, whether it's
correct content or not, so i can't answer that question, sorry.

Regards
Stefan
 




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Daniel Kahn Gillmor]

On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>>  * in the "distinguishing" model, it's not clear that any of the schemes
>>i've seen are actually better for most humans against a dedicated
>>attacker who crafts fingerprints to make visual identities that look
>>similar.  do you have any studies showing this capability against a
>>motivated and technically capable attacker?
>
> No, of course i have not. My thoughts as a not so-skilled GnuPG user
> would be that it helps users detecting (assuming it's bullet-proof)

what does "bullet-proof" mean, specifically?  I ask this not for
pedantry's sake, but because clearly stating the problem makes it
possible to know whether a specific solution is applicable.

> a proper key from a fake key more easily if they have not yet signed
> (locally) a public key while they already exchanged a couple of
> emails.  I can speak only of Thunderbird/Enigmail wich i use now. It
> gives a user the usual "Untrusted Good Signatur" and i have to click
> also on the Details button to carefully verify the fingerprint from an
> addional list to see if the key belongs to the person the signature
> claims. An additional visual fingerprint would make that proccess for
> me easier, if it's bullet-proof.

It sounds to me like you're saying that you find the key verification
and certification steps as implemented by enigmail to be
difficult-to-use.  You wouldn't be the only person who has that
impression.

But i don't see how a graphical icon solves that problem.  Isn't it a
workflow problem, and not a visual-comparison problem?  If there's a
standard thing (comparison, lookup, verification) you expect to be able
to do with the tool, the tool should make that thing easy and simple to
do.

What specifically is the thing that you're trying to do when you click
"Details" and verify the fingerprint (from what list?)?  Enigmail itself
can compare fingerprints far better than you or i can, even if there is
a graphical representation involved :) Maybe there's a different
question or different interface Enigmail ought to offer in the "Details"
view entirely?

>> I'd generally think that if you're looking for a tool to help people
>> remember and recognize keys that they've seen before, then a mail user
>> agent is in a great position to do exactly that: just tell the user
>> explicitly what they've seen before, how often, etc.  why depend on the
>> human visual cortex or on human ability for numeric recall?
>
> I could imagine that Joe user average may not always look at mail headers
> very carefully for a little typo in the from: or reply-to: header in his
> mail client or web-mailer.

i agree with you that users won't look at mail headers closely, which is
why the e-mail client (the "mail user agent", or MUA) should be the
thing to do the comparison, and to make it very clear to the user when
something is amiss.  But that still doesn't answer the question of what
the MUA should actually be trying to compare and what results it should
be highlighting.

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 05.06.17 17:40, Stefan Claas wrote:
> And another thought, since this thread says "app developers". How would
> services like StartMail, ProtonMail or gmx.de for example handle this...?
>
> If i remember correctly users have not the possibillity to sign someone
> elses pub-key when they both use the same service. If someone gains
> unauthorized access to one account and use his own fake pub key...?!
>
Appologies to all, i had a brain fart with this unauthorized access
sentence and
a fake pub key.

Regards
Stefan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

[Stefan Claas]

On 05.06.17 16:22, Stefan Claas wrote:
> On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
>
>> I'd generally think that if you're looking for a tool to help people
>> remember and recognize keys that they've seen before, then a mail user
>> agent is in a great position to do exactly that: just tell the user
>> explicitly what they've seen before, how often, etc.  why depend on the
>> human visual cortex or on human ability for numeric recall?
> I could imagine that Joe user average may not always look at mail headers
> very carefully for a little typo in the from: or reply-to: header in his
> mail client or web-mailer.
And another thought, since this thread says "app developers". How would
services like StartMail, ProtonMail or gmx.de for example handle this...?

If i remember correctly users have not the possibillity to sign someone
elses pub-key when they both use the same service. If someone gains
unauthorized access to one account and use his own fake pub key...?!

Regards
Stefan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users