Duplicate copies of list messages when you are also addressed personally [Was: Re: Fwd: Re: German ct magazine postulates death of pgp encryption]

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 3 March 2015 at 3:02:43 PM, in
,
michaelquig...@theway.org wrote:



> I believe if you are personally addressed, the list
> management software doesn't send you a duplicate copy
> of the message.

The option is set at
.

"Avoid duplicate copies of messages?

When you are listed explicitly in the To: or Cc: headers of a
list message, you can opt to not receive another copy from the
mailing list. Select Yes to avoid receiving copies from the
mailing list; select No to receive copies. "






- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

War is a matter of vital importance to the State.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU9hqQXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwKz0IAKi63hONqYt0dkU2/hJaCAa+
KQmg9oYgtZsuBa/z1on4TCJc+hvJuoXwW383zMkC8uaTkhMXMnpoLwYcI7466nal
plSSRdtn28hJ/DZSKzpFwZ2fKOwTP7EW7Yjp4d/mWNa/3yzxSdK7Tpq+p3G7VYg9
67FYsV56yp75aTOSGa4AjPkrcoBvUME2H5VC/quUxcjF6XgrlOvLZGnszoTYuek7
HhhUF5SKUTJ9HGWJ2i0bUr44nL2+ximj3BkuBGxsrT9e40EZ0/6+O6Vc71DBiWIw
RNj3ni9emQwD8WQi+VvBwUaf7knHX99hW2Q7xmNcy0Ff+n8NEPFaptJT1jwUCwqI
vgQBFgoAZgUCVPYall8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CYPAQAXEgORb3g660Ii+KH/6Ziv+z/f
p3KnJN2+i0d8pUiX8gEA5uE52W7xqw4/2TxJPV/7v+fYFSDoIS69vWnHlL9gUQs=
=QKwF
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Robert J. Hansen]

>> Services like keybase.io with poor security practices...
> 
> I fail to see how this is a failure on the side of the keyservers...

I fully agree with Kristian.

I further don't see how keybase.io amounts to "poor security practice".
 The Web of Trust is, itself, a poor practice because it's
rarely-if-ever used in practice; even something like TOFU is far
superior to the Web of Trust in most real-world environments.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote:
> The PGP keyservers need email validation
no it's pretty useless from a security POV and they don't need it.

> not as a way to provide any kind of "trusted" status of that key, but
> rather so enable people to delete keys that should no longer be there,
> and to prevent keyserver spam and vandalism.
Unfortunately it seems that you miss(understand) some of the basic
paradigms of security here:
Actually the opposite is the case - removing keys from the keyservers
(even if they're allegedly spam) would be a big security compromise of
the whole system, as potentially important information (revocation
certs, valid keys, etc.) would be removed as well.

And who should in the end decide which key respectively which identity
is valid?
For there may be many Richard Stallmans, and if even such famous person
uses an address like stall...@gmail.com, he could later give it up and
someone else takes it (or vice-versa).
If such keys would then considered spam,... then good night.


> Another common scenario is that people make mistakes when learning how
> to use PGP.  There is a common mistake of generating a key to play
> with, publishing to the keyserver, then deleting.
While that's unfortunate... it's part of the game and as long as you
aren't a keyserver operator/developer this shouldn't make you any
concerns - unless of course you use the keyservers to authenticate (i.e.
only one Richard Stallman -> that must be him) ... but then you're
doomed anyway and no one will, should or could help you.

> That is terrible both security-wise because
Actually the contrary as laid out above.

For that reasons the keyserver used to generally refuse removal of keys
for years, and exceptions where only made on selective servers and then
only to obey some stupid laws which actually degrade security here.


Cheers,
Chris.



smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

[MichaelQuigley]

"Gnupg-users"  wrote on 03/03/2015 09:41:25 
AM:
> - Message from Stephan Beck  on Tue, 03 Mar 
> 2015 15:40:45 +0100 -
> 
> To: gnupg-users@gnupg.org
> 
> Subject: Re: Fwd: Re: German ct magazine postulates death of pgp 
encryption
> 
> Am 03.03.2015 um 14:00 schrieb Ville Määttä:
> > On 03.03.15 14:54, Stephan Beck wrote:
> >> as your message hasn't reached the list inspite of being addressed to 
it
> > 
> > It did :).
> > 
> Strange, I did only receive the PM, not the listmail, so I thought it 
might be
> useful to resend it. In that case, sorry for the duplication.
> 
> Regards
> 
> Stephan

I believe if you are personally addressed, the list management software 
doesn't send you a duplicate copy of the message.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/03/2015 02:00 PM, Hans of Guardian wrote:
> 
> On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:
> 


...

> 
> Services like keybase.io with poor security practices are going to 
> rapidly take over from the PGP keyserver pool because they address 
> side of the human interaction, unlike the PGP keyservers.  They
> are easy to use and the follow the very common interaction patterns
> that basically all web services these days use. That must also be 
> considered when thinking about security.  The PGP keyservers need 
> email validation not as a way to provide any kind of "trusted"
> status of that key, but rather so enable people to delete keys that
> should no longer be there, and to prevent keyserver spam and
> vandalism.  For a good example, search for Richard Stallman and you
> will see how badly the PGP keyservers are failing.

I fail to see how this is a failure on the side of the keyservers, it
is part of the expected practise and a fully understood scenario,
which is why it is mandated to conduct key verification through secure
channels.

> 
> Another common scenario is that people make mistakes when learning 
> how to use PGP.  There is a common mistake of generating a key to 
> play with, publishing to the keyserver, then deleting.  That key
> will then be on the keyserver forever with no way to delete it.
> That is terrible both security-wise because it is confusing for
> people who are searching for keys, and it is terrible
> human-interaction-wise because it adds pointless noise when
> searching for keys.

It doesn't affect neither security nor the user at all, the first
because the key anyways needs to be verified, the second because the
key anyways needs to be verified.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9dQVAAoJEP7VAChXwav6BuoH/0IT/ihPi4ImnOGrKDId8xNg
9s17GVVjIZJQrWSCWLH35YhgtXNVxCeyhzSuIps6C1V5V7joRdHMAmDFq7XKtptf
FKvysceQ97Vd1eLILyLJi/IEQbR52x0Kp+HcqCtk1TuiqVEtQKXfPtaobVDNxbxQ
eUhigPi0ep7IiO6udE8cZ+3tWqzqzVWPEyyeP5kOucHdfE6UuCVqFd8XgP4sDYHT
nuvXn/LGXrKcG40LhFSjDaHHX2xx5Mow/dGNKWDH+GIAuIy2yJN/TaZw+vohXGy8
3bjlyeoFJQeBPu7O8BjVT20OK6jnJPFZywMdd09U/SX1lDqKVt4zPcyPwSNPHZc=
=VSei
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/03/2015 04:20 PM, Kristian Fiskerstrand wrote:
> On 03/03/2015 01:50 PM, Hans of Guardian wrote:
> 
>> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
> 


...

> 
>>> The standard PGP keyserver pool is a mess with racist spam,
>>> lost keys that will be there forever, etc.  The concept of
>>> email validation is very very common and proven in internet
>>> service providers.
> 
> And anyone is free to set up a CA that performs this validation
> and signs the returned key.
> 
>>> It is time for OpenPGP keyservers to join the rest of the 
>>> internet.
> 
> 
> They are already quite up to date, SKS 1.1.5+ (development master) 
> even supports the experimental Ed25519 draft used by GnuPG. What
> you are proposing here isn't about joining the rest of the
> internet, it is about subverting the security by introducing a
> false sense of security and even worse, that opens up well known
> attack vectors.
> 
> By the way, an OpenPGP key is fully valid without any email address
> as part of any UID.

For completeness, going to include some of the template for my
response to delete key requests;

But your situation is a good example of why one should never trust
a key based on email address in UID alone, but need to verify
fingerprint, creation type, key algorithm etc with the perceived
owner and certify/sign the key.

If you google you'll find some more detailed explanations as to
why you can't delete a key from a keyserver.

Long story short, even if it was technically possible the social
protocol is missing. Speaking more generally, there might've been
two (or more) people sharing the same name, and email addresses
change over time, if the previous user deleted his email, it
wouldn't make the key any less valid that someone else take over
the email address.

This is why one should never trust email address alone, but always
verify keys through other means (mainly fpr, creation date, algo,
size). That several keys exists for a single address is, from a
cryptographical and security point of view irrelevant, as it is
only applicable as a potential issue if people don't follow proper
procedure for due dilligence.


- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9dHLAAoJEP7VAChXwav6CmwH/AhHo8DYGxagxwESb6o1LlHm
oDHv/W4tWF5tcp7gOW4bQfjHglgIIVJqAZoroyRIYfmK4amrX1kGqWDHG2aJ80Rr
IoQwJjAyhQkUhea+lIZ+w3JaY80gtZ2ZaFZ1Dj88OAg5qX02Dy5ip2e0SunzA/91
jPjqFyUuuXDt5ThUblaTS4DgrlDEXWtYacaalE/nCZhdtlwVE4eBbma5Fp7LTLfU
nBIzPtZNe64gXz9h9BWZmDgLLXWvrlj1CuUCe6KKkxZoDUUgsWZBszwW+tv9HlPq
x3Gc8e2A5aIc4UooJlMnlvS/78AQ6nDieTBcgMiYKyxuyC7fP3bWEf9Xrhv6SKE=
=Z4Ie
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/03/2015 01:50 PM, Hans of Guardian wrote:
> 
> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
> 
> On 02/27/2015 12:43 PM, Hauke Laging wrote:
 Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
 
> Maybe implementation with an opt-in could preserve
> publishing of faked keys on public keyservers?
 
 We need keyservers which are a lot better that today's. IMHO 
 that also means that a keyserver should tell a client for
 each offered certificate whether it (or a trusted keyserver)
 has made such an email verification.
> 
> The keyservers have no role in this, they are pure data store and 
> can never act as a CA. That would bring up a can of worm of
> issues, both politically and legally, I wouldn't want to see the
> first case where a keyserver operator was sued for permitting a
> "fake key" (the term itself is very misleading, the key itself
> isn't fake at all, but a fully valid key where the UID has not been
> mated to its holder through proper validation).
> 
> 
>> The standard PGP keyserver pool is a mess with racist spam, lost 
>> keys that will be there forever, etc.  The concept of email 
>> validation is very very common and proven in internet service 
>> providers.

And anyone is free to set up a CA that performs this validation and
signs the returned key.

>> It is time for OpenPGP keyservers to join the rest of the
>> internet.
> 

They are already quite up to date, SKS 1.1.5+ (development master)
even supports the experimental Ed25519 draft used by GnuPG. What you
are proposing here isn't about joining the rest of the internet, it is
about subverting the security by introducing a false sense of security
and even worse, that opens up well known attack vectors.

By the way, an OpenPGP key is fully valid without any email address as
part of any UID.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Acta est fabula
So ends the story
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9dE9AAoJEP7VAChXwav6ThcH/iTlxKZA9VQoExj8BEueXx61
hC1vCYwozu03+D1NnEjaR4M60i3M+rGz47NNQ3CXGgSkMNP1jp5WYt2V1TZ9maWO
Ho5O1XEqXAW0KGmoKUCmRFPstAWjySpa1fOc/4Zx6N9Ay4WqzPxu7OyJwK174AKz
LKahw+LRntlbj7NrgJqFwQfXzbqKO23oFD9bd4Z9dX4UuM7lWnSk55AKw7K3R2gW
UnTt4DAdBEDjz3IwClFCArY87MiW+i2F7sSmg6MkH4A6LkSQRjvSgUa0+tUO+4SR
yHC9KVV1Ru+JxJsxcqM9gOjU1i5Pq9qc7/z5+oNvgju7ltPAKLB6MJjOz4RK1BM=
=7Z2B
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hans of Guardian]

On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 02/27/2015 12:43 PM, Hauke Laging wrote:
>> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
>> 
>>> Maybe implementation with an opt-in could preserve publishing of
>>> faked keys on public keyservers?
>> 
>> We need keyservers which are a lot better that today's. IMHO that
>> also means that a keyserver should tell a client for each offered
>> certificate whether it (or a trusted keyserver) has made such an
>> email verification.
> 
> The keyservers have no role in this, they are pure data store and can
> never act as a CA. That would bring up a can of worm of issues, both
> politically and legally, I wouldn't want to see the first case where a
> keyserver operator was sued for permitting a "fake key" (the term
> itself is very misleading, the key itself isn't fake at all, but a
> fully valid key where the UID has not been mated to its holder through
> proper validation).


The standard PGP keyserver pool is a mess with racist spam, lost keys that will 
be there forever, etc.  The concept of email validation is very very common and 
proven in internet service providers.  It is time for OpenPGP keyservers to 
join the rest of the internet.

Keyservers should not be located in jurisdictions where they could be sued for 
merely acting as a conduit for data.  There are many countries that meet this 
criteria.  The US is one good example there: internet service providers are not 
liable for what their users do.

.hc


> Another way this is being handled in some systems is dedicated
> keyservers for an organization (standard is keys.[domain] in the cases
> I've seen) that looks up key using LDAP. This is a read-only store
> that is connected to the Domain Controller / Active Directory in the
> system I'm thinking of. So at least Symantec Encryption Server checks
> for the existence of such a keyserver when sending and asking it for
> it. The keys are automatically maintained with a short time to expiry
> requiring frequent refreshes. I understand the rationale, but would
> rather see a CA involved in this (i.e a Company Employee CA).
> 
> People need to understand that operational security is critical for
> any security of a system and validate the key through secondary
> channel (fingerprint, algorithm type, key length etc verifiable
> directly or through probabilistic measures e.g. based on historical
> postings on mailing lists over a long time for a project etc).
> 
> - -- 
> - 
> Kristian Fiskerstrand
> Blog: http://blog.sumptuouscapital.com
> Twitter: @krifisk
> - 
> Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> - 
> Ubi mel ibi apes
> Where there's honey, there are bees
> -BEGIN PGP SIGNATURE-
> 
> iQEcBAEBCgAGBQJU8F7vAAoJEP7VAChXwav6yrwIAI95x/GZrq+5gCYhHjDuCWhv
> a2FB1ki5c5unMzN6gtBjwY0Tf8SfAicnR2NpRn2VUkb68/hVG5H3JEhQcVsLt6Je
> 5LUFR9gjyN8VGoDnMl0g1khxfNcakYh6f1vPmLihfiP4Yh6Pf6PebIkurqhvhwkf
> NnwtIipSipDeXuQgJBMmN9fMXUqkO1uA2tt0tewtIaJy2y+BMmzVbRkpqZocl2z6
> VcwBT/7FUUv4ePdV16xTuim9DvmbsCoPmwl+1XRauEeJsN3AOyE0X/Y/gKYX4QX0
> RWUaCu2b7YRqMYyaYs053EsH+XEAPVOVDnBHUFst/c6j4hIJV7T4zB2mpi5+VKw=
> =IZT3
> -END PGP SIGNATURE-
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hans of Guardian]

On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:

> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> 
>> that anyone can upload _every_ key to a keyserver is an issue. If
>> keyservers would do some sort of verification (e.g. confirmation of
>> the email addresses) then this would lead to much more reliable data.
> 
> We have such a system. It is called S/MIME.
> 
> Ever tried to find an S/MIME (X.509) key (aka certificate) for an
> arbitrary mail address?  The only working solution to get such a key is
> by sending a mail and asking for the key.  You can do the very same with
> PGP of course.  Keyservers along with visting cards are much nicer.
> 
> So, why is there no public service to distribute X.509 keys?  Because
> nobody want to be legally responsible for such a key unless you push a
> stack of money over the table for a qualified signature certificate.
> 
> BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut
> down for similar legal reasons.  However, it is not a problem, we can
> use other keyservers.
> 
>> believe that this would make keyservers more trustworthy than today.
> 
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

Services like keybase.io with poor security practices are going to rapidly take 
over from the PGP keyserver pool because they address side of the human 
interaction, unlike the PGP keyservers.  They are easy to use and the follow 
the very common interaction patterns that basically all web services these days 
use. That must also be considered when thinking about security.  The PGP 
keyservers need email validation not as a way to provide any kind of "trusted" 
status of that key, but rather so enable people to delete keys that should no 
longer be there, and to prevent keyserver spam and vandalism.  For a good 
example, search for Richard Stallman and you will see how badly the PGP 
keyservers are failing.

Another common scenario is that people make mistakes when learning how to use 
PGP.  There is a common mistake of generating a key to play with, publishing to 
the keyserver, then deleting.  That key will then be on the keyserver forever 
with no way to delete it.  That is terrible both security-wise because it is 
confusing for people who are searching for keys, and it is terrible 
human-interaction-wise because it adds pointless noise when searching for keys.

.hc


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

[Stephan Beck]

Am 03.03.2015 um 14:00 schrieb Ville Määttä:
> On 03.03.15 14:54, Stephan Beck wrote:
>> as your message hasn't reached the list inspite of being addressed to it
> 
> It did :).
> 
Strange, I did only receive the PM, not the listmail, so I thought it might be
useful to resend it. In that case, sorry for the duplication.

Regards

Stephan





signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/03/2015 01:54 PM, Stephan Beck wrote:
> Hi Peter,
> 
> as your message hasn't reached the list inspite of being addressed
> to it, I resend it.


Fwiw, it reached the list just fine:
http://lists.gnupg.org/pipermail/gnupg-users/2015-March/052931.html
- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Audaces fortuna iuvat
Fortune favors the brave
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9bBFAAoJEP7VAChXwav67NgIAI5R8vDx6cH/X7mtOVz3MdFi
9gT59pDxc+PD3ru3er0gF7k6Y0SGqRBHC9wparTyw/IuVIleziuQPVtMKqAU/sz5
htq9lsjVwRcLtzqSzjAOpF811yx2hpwxz7V5OrXkYinpXx6orfZVFCFSz143lVLX
Kv6a96rsGVbOrEMrepHbCkqzayX1qpj+IHAmO+jKHUXeICporhky2VTTQKQ488Sb
Id1xmEznig/9kUDBmqzGtEQPiNYGXh7Z3X9SWrdT7168ZiT4StnJeGzPjP7W+9gt
pPubbh4R2GKX5tAeYxJfSN+6eHNrOwLtwimHI/SP/PWPzmtxpcMXGtbtkqCReuE=
=wuAX
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

[Ville Määttä]

On 03.03.15 14:54, Stephan Beck wrote:
> as your message hasn't reached the list inspite of being addressed to it

It did :).

-- 
Ville



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: Re: German ct magazine postulates death of pgp encryption

[Stephan Beck]

Hi Peter,

as your message hasn't reached the list inspite of being addressed to it, I
resend it.

Thanks

Stephan


 Weitergeleitete Nachricht 
Betreff: Re: German ct magazine postulates death of pgp encryption
Datum: Mon, 02 Mar 2015 18:53:57 +0100
Von: Peter Lebbing 
An: Stephan Beck , gnupg-users@gnupg.org

On 02/03/15 11:35, Stephan Beck wrote:
> Sticking to that "perfect position argument", in what kind of position are 
> (would be) the people that control (packaging of) your distro? (Just
> curious.)

I think they basically completely control my system. For individual Debian
Developers, it might need some ingenuity to get something sneaky on my
computer, since they generally only provide source, and the binaries are built
on the Debian infrastructure. Mind you, I say they need some ingenuity, that
is a far shot from "it's difficult". But the keys that the package manager
checks? If you have those, and can get my package manager to download your
stuff, it's trivial to change any file, any binary, any program on my computer.

It has occured to me that I probably could simply local-sign and fully trust
all OpenPGP keys of Debian Developers, since if the holder of said key wanted,
they could simply hardwire my GnuPG installation to effectively do the same
without my consent. But still, I haven't done it :).

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>







signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Johan Wevers]

On 02-03-2015 22:23, ved...@nym.hush.com wrote:

> http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/
> 
> I wouldn't trust it with my real key, but would make a new
> 'smartphone' key signed with my real key, and comment it as
> for phone use only.

You can't, it uses an own key scheme not compatible with openpgp. The
protocol is described on
https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2, they use
ECC with Curve25519 and AES256. Signatures on a key are not possible.
Only manual verification of the key fingerprint, or, when ypou meet in
person, scanning this number represented in a QR code on screen with the
camera, is possibble.

> If this catches on, as Wired thinks

I use Textsecure quite some time as sms replacement but failed to
convinvce anyone else to use it too (wether as sms replacement or stand
alone chatapp).

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/02/2015 12:12 PM, Kristian Fiskerstrand wrote:
> On 03/02/2015 10:16 AM, gnupgpacker wrote:
>> Hello,

Seems I inadvertently sent this message only directly without CCing
the list

> 
> 
> ..
> 
> 
>> This procedure should be implemented in keyservers.
> 
>> No CA needed, no centralisation necessary => just verifying of 
>> existing AND proper working email addresses.
> 
> This _is_ a CA, granted with weak verification (could arguably say 
> similar to domain validated X.509 certs), but conceptually a CA
> none the less. Such weak verification does not rely on being
> implemented in keyservers, and would be better off outside it.
> 
> 
>> Additional: There are lot of old keys on keyservers not being 
>> verified in described manner.
> 
> Because they are not designed for it, nor need it.
> 
>> Those keys (or the newer, verified ones) could be marked with a 
>> short hint on keyservers to differ between verified and not 
>> verified email addresses.
> 
>> Facility of deleting own (!) keys on keyserver wanted for old 
>> (revoked, expired, test, failed...) keys.
> 
> This could open up to several attacks, in particular where keys
> have been revoked. The keyservers are add only for a reason, and
> should remain so.
> 
> 
> 

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9NfPAAoJEP7VAChXwav6eSoH/1Gmz850g/CtJjo5La10GeO5
mIojoblh3P6k8yJ2FyHJqBQM12BqYXzjIa+cJizBBQG8ZSw4feX7kP2Ucznx37H/
8UUzUmWEFDDF0A4asNX1oVo4xaDmJbbqyBIRzOIkDXsyoyC1vrKdfnA7wODO9U+F
x4DBgOq/IaPVsZggeeEuKc5SoYKXhZ9+eHcPsSCWh0JrHR11YHR9nIV5LuxXoY0d
z0X+afV2cExRRD8iGWb7QIA/sR33V2IaGCUfIwhi4+O+xmzETZTohiO03Jx5hE7H
N/JYSPeNOSaVPPZ+2TNsbYkVs3RMOMdb3TvTZAQCOoNXo28T8nkAg8n0UZA3X9g=
=EpMZ
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[Jonathan Schleifer]

On Mon, 02 Mar 2015 22:24:45 +0100, Johan Wevers  
wrote:

> For once, I've never heard of the police
> trying something like this to obtain confessions or information: the
> chance of failure in an indivicual case are too big.

I'm guessing the reason is more that this would be a legal mine field and most 
likely completely useless in court.

-- 
Jonathan


pgpaN4ya35EI6.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[Johan Wevers]

On 01-03-2015 22:01, flapflap wrote:

> Just think about the "grandchild trick" ([0], unfortunately not in
> English) which is a method where the criminals phone (often elder)
> people and tell them that they are a grandchild, nephew, or other remote
> relative and need some money for some reason

Ah yes, but then, with such methods a number of failures are to be
expected and the scammers don't care as long as a certain percentage is
fooled. When using this trick to fool someone into telling confidentuial
things it is very uncertain. For once, I've never heard of the police
trying something like this to obtain confessions or information: the
chance of failure in an indivicual case are too big.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[vedaal]

This month's Wired has an article about encryption for voice and text using 
pgp, and intercompatibility between i-phone and android while using it.

http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/

I wouldn't trust it with my real key, but would make a new 'smartphone' key 
signed with my real key, and comment it as for phone use only.

If this catches on, as Wired thinks, then it might be a new way of introducing 
pgp encryption to the general public, and from there it's not such a difficult 
step to getting phone users to try encrypting e-mails and files,

... and breathe new life into pgp encryption ...



vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Monday 2 March 2015 at 9:40:12 AM, in
, Jonathan
Schleifer wrote:


> It's not only your computer.

Likewise, it is not just my computer that would be wasting orders of
magnitude more energy on "proof of work" for all outgoing messages
than it currently wastes on downloading a little spam.



> Just think about the
> processing power required by spam filters.

I do not use spam filters because I have always regarded a single
missed important message due to a "false positive" from a spam filter
to be a more serious problem than any number of spam messages
received. And if an email provider I use has spam filters that I
cannot effectively opt out of, I still don't pay the electric bill for
their processing power.



> Think about
> the load servers have. Think about wasted harddrive
> space (mail providers do need to store that spam).

I would wager that needless use of HTML in emails probably contributes
far more to un-necessary server load and storage requirements than is
contributed by than spam.



> What does obvious have to do with wasting resources?

If the spam messages were not obvious, far more man-hours would be
wasted in spotting and deleting them. And people's time is the most
precious resource of all.


> Ok, you clearly haven't looked at it *at all*. There is
> no corporate server involved. It's peer-to-peer. And
> the proof of work is done on your local machine.

I don't see corporate iT and data security policies giving up
corporate email servers to allow peer-to-peer communication between
staff's workstations and the outside world anytime soon. I would
expect them to still want to know what staff were sending out, and
maybe encrypt it at the network boundary.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Alcohol and Calculus don't mix. Never drink and derive.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU9M9zXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwGsYIAJo0AO2vHomsEhwAC8m4zGHc
563MGDo4Q6USWNJGUZx+aDPZ5VYHsARB0gRS/wx4Az+nUnHS6VrEo9CH3PNFKIrp
1Wl8dkaNGUyc8FPJKhwNMMi/SJDQhAPshUeWZmkDp8BaWsTrPhlE91NVMUWeNdOO
bu2qRwXxOsEjK+Ac/Spds2oyHwRjZTg9DT3mm892IBxBwZysLzkGXXtb8VhXmYJv
Y11oenxYBlbzd95a2LYgdEQFhaHPFRjien179g3XroKqdZ3bOs7j6TF/OxP//cxU
OwBC0c6yFkJoj9tEh649LjsVTJyaY6uSN9gWX/Hb3og45RzB9F1FFo/m4yLRMk6I
vgQBFgoAZgUCVPTPeF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MN0AQDyacdIGkv0JiOzeUWrOlx3wLyb
fuM8bA6vAnrVHFO8QgEAyncDMAY6b341xc8weBPKMJwYiIM9+kX6KJIPGvzf5gE=
=ehQz
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 02/03/15 11:35, Stephan Beck wrote:
> Sticking to that "perfect position argument", in what kind of position are 
> (would be) the people that control (packaging of) your distro? (Just
> curious.)

I think they basically completely control my system. For individual Debian
Developers, it might need some ingenuity to get something sneaky on my
computer, since they generally only provide source, and the binaries are built
on the Debian infrastructure. Mind you, I say they need some ingenuity, that
is a far shot from "it's difficult". But the keys that the package manager
checks? If you have those, and can get my package manager to download your
stuff, it's trivial to change any file, any binary, any program on my computer.

It has occured to me that I probably could simply local-sign and fully trust
all OpenPGP keys of Debian Developers, since if the holder of said key wanted,
they could simply hardwire my GnuPG installation to effectively do the same
without my consent. But still, I haven't done it :).

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Sun,  1 Mar 2015 23:43, js-gnupg-us...@webkeks.org said:

> I don't really agree with that. The goal is that the proof of work for a
> single message takes 4 minutes. At that rate, sending spam really is not

So you can send 360 mail a day.  Assuming your 24/7 business make 700
Euro a day each mail costs you 2 Euro - snail mail would be much cheaper
(or de-mail ;-).

We had the discussion on proof-of-work as anti-spam measure more than a
decade ago and the outcome was that it won't work.  I can't see that any
parameters changed since then.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Stephan Beck]

Am 28.02.2015 um 13:31 schrieb Peter Lebbing:

> PS: By the way, my ISP and some of it's employees are in a perfect position to
> do a man in the middle. 

No doubt about it. And we actually don't know how they "use" their position.
Well, looking at some sort of collaboration published a few weeks ago, we might
have some hints...


>I sure hope they can't "just hack my system" because of
> that position. 

Sticking to that "perfect position argument", in what kind of position are
(would be) the people that control (packaging of) your distro? (Just curious.)

>The one capability certainly does not imply the other.



Cheers,

Stephan





signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: German ct magazine postulates death of pgp encryption

[gnupgpacker]

Hello,

> On Behalf Of Patrick Brunschwig
> Sent: Sunday, March 01, 2015 3:42 PM
> The idea I have in mind is roughly as follows: if you upload a key to
> a keyserver, the keyserver would send an encrypted email to every UID
> in the key. Each encrypted mail contains a unique link to confirm the
> email address. Once all email addresses are confirmed, the key is
> validated and the keyserver will allow access to it just like with any
> regular keyserver.
> This way, we have a simple verification of the access to the private
> the key, as well as access to the email addresses contained in the UID
> by quite a simple means. I would say this is about as reliable as
> sending an email to someone requesting their key.

+1 

This procedure should be implemented in keyservers. 

No CA needed, no centralisation necessary => just verifying of existing AND
proper working email addresses.

Additional:
There are lot of old keys on keyservers not being verified in described
manner.
Those keys (or the newer, verified ones) could be marked with a short hint
on keyservers to differ between verified and not verified email addresses.

Facility of deleting own (!) keys on keyserver wanted for old (revoked,
expired, test, failed...) keys. 

Regards, Chris




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/02/2015 04:50 AM, Chuck Peters wrote:
> Kristian Fiskerstrand said:
 
 You wouldn't need the keyservers to be involved in this at
 all. Anyone could set up such a mail verification CA outside
 of the keyserver network.
> 
> How about storing keys in a more distributed manner, DNS, in
> addition to some other method of authentication, DNSSEC and DANE?

See http://lists.gnupg.org/pipermail/gnupg-devel/2015-February/029544.html

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Ab esse ad posse
- From being to knowing
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU9CSbAAoJEP7VAChXwav6liwH+gILZFinaFUAPIL5vzX9eXM3
+kaRQOBl/XrTqW8Izk+qmjJncRTgUnJrmpKQC1ubDNJzi19ku4AA09mpD1PPc4HQ
ytu9bqUGLnBj71Uffrn5lFQ/hSQGyGvtnmsBRw2f8P1d4qcxJdauHPBdI77eZvsJ
d4rmzr6UKN9FQcCZQpkEiK/mzioh8/j7Dknzy9wC1Hb4ZmTpj/8LwMxMMh08djSF
3n6ZXmauKiBA6OnQgQ51guZF/abk1nDz6Y5J9fNIjbkJDgrYVFKUWKPxUOkgeOJM
qPB1tOT6xcTrx/Wa+2NXZ4ZPzX7z5uMS/0IJPRvquEDT3FmbNfC+wdcL0FNlWVc=
=/iS8
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Sunday 1 March 2015 at 10:43:25 PM, in
, Jonathan
Schleifer wrote:


> The goal is that the
> proof of work for a single message takes 4 minutes.

Currently at work, when I ask somebody a question by email it is not
unusual to see the CC of the question to somebody else and then
receive the answer, all within a few minutes. Holding on to each
message for four minutes before sending would be massively
inefficient.

And four minutes per message would cripple corporate
email servers that serve thousands of staff.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Put knot yore trust inn spel chequers
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU9B7fXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwc2cH/1DlvZbcpocAXcv8/SHO9OyN
fN7EUtqj9L4T+TIpBbZbyCRRHqTl476o4UujDsBzdCx1iekRUROx5UpAlJ2b6nRM
FEQHiCxlQDkbqHs7A4wTGAsWoAuuyNJqp3JhQl972SwBQdLjpTrrxeaatUGyYQAp
UpuxrRdozc+3P06GG+4b2QsCX+EKZX3qGaCOp0lICf0XrOyrGMI5MROC67kTjSFW
FQIRYBTyb0Ni7zDS04VvCqkryRPhfHCW7aszvlRUI6w4Uc5/gG63UGHN+nH6ZHTZ
fLWWBnxx6uJkknSDX3lxcpaPXmn2uI71foefZhBevmZM7C68N+EuaGz5SlmwvQ2I
vgQBFgoAZgUCVPQe318UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45Hk/AQBX7xpvtBSHGQpZkFpY6KkJqCxU
N12zpuvsjIfMHAd8bAEAW3xc6UkM7e3pd+GakLLxZk5F4PGVq0Vbvet4YBXHmQ4=
=P15E
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Sunday 1 March 2015 at 6:58:19 PM, in
, Jonathan
Schleifer wrote:


> That "wasted energy" is a lot less than the energy we
> currently waste on spam,

I suspect my computer wastes very little energy in downloading and
storing a few dozen spam messages per month.



> especially if you take into
> consideration the amount of human time wasted.

Most are so obvious that we are talking fractions of a second per
email. Or maybe people who automatically filter their spam spend a
bit less time looking through it for false-positives.



>  The
> majority of the e-mail traffic is used up by spam.

I'm never convinced it is as big an iassue as some make out.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

The truth is rarely pure and never simple
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU9B1IXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwUwUH/0HFsSprR+wbpx78c5LPCLxu
GUlwOJXvoThi8k4N6GR1G0OqHct3c+cOqHpAYbjgYlvUluPJOS5riu1zZ3cXAcaG
xKAgg7a2zCMNU5SIEnKAH3sgnUOucULeBZ55obXbJL3ZfSElP2yWflMaBJJ4PVA6
0WLKcx+3k/NUQsJ758q/tLPYrZeIkJMXOsU9TJK+MQ0jLkVLDhIKAvlsdzFALi7A
8m5pYD5zNzk/g32Y4gUKYrEC/MwR5105JzVChgLF2g/ILOBMJPCql6cjER6j6vcb
3JuyfEfsCMRsKldfEAJsuipNLK6ccC//t/wfsbHEOsppOL25Tw835WxRk2WOBECI
vgQBFgoAZgUCVPQdY18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MhnAQDT6unA/Th7fYK0vb8e7zTUci7a
WxTdv8jdDgbdP3EhUgEAwjd6EDzZH8sESeHZmQj5KUGGGNBRRmDkFXkAAzZ/6wA=
=3dC9
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Chuck Peters]

Kristian Fiskerstrand said:
> >> 
> >> You wouldn't need the keyservers to be involved in this at all. 
> >> Anyone could set up such a mail verification CA outside of the 
> >> keyserver network.

How about storing keys in a more distributed manner, DNS, in addition to some 
other method of authentication, DNSSEC and DANE?

Paul Wouters and others are working on it:

Using DANE to Associate OpenPGP public keys with email addresses
https://tools.ietf.org/html/draft-wouters-dane-openpgp-02

Paul recently gave a presentation about it at an ICANN meeting:
Slides
http://singapore52.icann.org/en/schedule/mon-tech/presentation-new-dnssec-technologies-09feb15-en.pdf
Video, via Adobe Connect starts about 4:49:00 and goes to about 5:08:00:
https://icann.adobeconnect.com/p2j5gtoni79/?launcher=false&fcsContent=true&pbMode=normal
Audio:
http://audio.icann.org/meetings/singapore2015/tech-09feb15-en.mp3

Slide 1 of the presentation shows, not including the title slide, how you can 
obtain Paul's key with dig and slide 2 shows the easier method using 
hash-slinger:
openpgpkey --fetch email_address

Slide 5 shows how to create the DNS record:
openpgpkey --create email_address --output rfc

Slide 9 Paul talks about openpgpkey-milter which is a postfix and sendmail 
plugin to auto-encrypt email. Note it is not recommended for production use yet.


And to make mail servers less NSA friendly we should be setting up DANE and 
requiring starttls with forward secrecy anyway!  It's on my TODO list!


Chuck


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Jonathan Schleifer]

On Mon, 2 Mar 2015 00:13:07 +0100, Ingo Klöcker  wrote:

> On what kind of hardware? A high-end gamer PC? Or a low end mobile phone?

According to the paper, the goal is to take 4 minutes on an average PC and that 
it shall be adjusted according to hardware improvements.
 
> There are much larger bot nets, e.g the ramnit bot net apparently controlled 
> 3.2 million (!) machines (see http://heise.de/-2559388, in German). And with 
> regard to providers not accepting those mails you seem to be missing that the 
> bots simply (ab)use the mail accounts of the bot owners.

Abusing mail accounts only works if they are mail accounts with crappy hosts. 
Sane providers will block your account if you start sending 100 mails in 1 
minute ;).

> Of course, 800,000 spam messages per minute is still many magnitudes less 
> than 
> now.

The question is if that would still be profitable for spammers. Currently, they 
just send their spam to millions of addresses hoping that one of them is stupid 
enough to fall for it. They can do that because it's cheap. But if sending 
isn't cheap, sending to millions to just get one idiot who falls for it isn't 
an option anymore.

> I don't see BitMessage killing spam. But it will surely kill mailing lists.

It would just need to be extended to groups. The protocol is not set in stone.

In any case, I'm not suggesting we all switch to BitMessage. I'm just saying 
this is going in the right direction.

-- 
Jonathan


pgpBKEMKJpQhY.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Ingo Klöcker]

On Sunday 01 March 2015 23:43:25 Jonathan Schleifer wrote:
> Am 01.03.2015 um 23:25 schrieb Ingo Klöcker :
> > And most spam is sent by bots. The spammers don't really care how much
> > energy the bots burn. Yes, the amount of spam might decrease because
> > the bots cannot hammer out that many bitmessages as SMTP messages per
> > second, but your hypothesis that BitMessage would get rid of spam is
> > unrealistic.
> 
> I don't really agree with that. The goal is that the proof of work for a
> single message takes 4 minutes.

On what kind of hardware? A high-end gamer PC? Or a low end mobile phone?


> At that rate, sending spam really is not
> profitable. In 4 minutes, spammers can currently send hundreds of
> thousands of mails. At that rate, they can afford to send it to every
> address they can find. With only one mail per machine every 4 minutes,
> they really need to be careful where to send it. Let's assume they have
> 1 machines (which is unrealistic - most machines are behind a dialup
> connection from which no provider will accept mail).

There are much larger bot nets, e.g the ramnit bot net apparently controlled 
3.2 million (!) machines (see http://heise.de/-2559388, in German). And with 
regard to providers not accepting those mails you seem to be missing that the 
bots simply (ab)use the mail accounts of the bot owners.


> That's only 2500
> mails a minute. If global spam were just 2500 spam messages a minute,
> spam would hardly be a problem.

Of course, 800,000 spam messages per minute is still many magnitudes less than 
now.

I don't see BitMessage killing spam. But it will surely kill mailing lists.


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Jonathan Schleifer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am 01.03.2015 um 23:25 schrieb Ingo Klöcker :

> And most spam is sent by bots. The spammers don't really care how much
> energy the bots burn. Yes, the amount of spam might decrease because
> the bots cannot hammer out that many bitmessages as SMTP messages per
> second, but your hypothesis that BitMessage would get rid of spam is
> unrealistic.

I don't really agree with that. The goal is that the proof of work for a
single message takes 4 minutes. At that rate, sending spam really is not
profitable. In 4 minutes, spammers can currently send hundreds of
thousands of mails. At that rate, they can afford to send it to every
address they can find. With only one mail per machine every 4 minutes,
they really need to be careful where to send it. Let's assume they have
1 machines (which is unrealistic - most machines are behind a dialup
connection from which no provider will accept mail). That's only 2500
mails a minute. If global spam were just 2500 spam messages a minute,
spam would hardly be a problem.

- --
Jonathan
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EARYKAAYFAlTzle0ACgkQM+YcY+tK57UH+wEA2vgeaGeMeZ8daVMhQnJHsibz
CP2bH4N9Jur5NMcu0G4BAACkAVlj0D5KKr6MfMcVb5dYoCRvn5mqOv/eoZPmLKEI
=xAfS
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Ingo Klöcker]

On Sunday 01 March 2015 19:58:19 Jonathan Schleifer wrote:
> Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists-
gro...@riseup.net>:
> >> and also gets rid of spam
> >> by requiring a proof of work to send something.
> > 
> > Surely, "proof of work" is evidence of performing some otherwise
> > unnecessary CPU cycles. This wastes energy. In a system used by
> > billions of people, lots of energy.
> 
> That "wasted energy" is a lot less than the energy we currently waste on
> spam, especially if you take into consideration the amount of human time
> wasted. The majority of the e-mail traffic is used up by spam.

And most spam is sent by bots. The spammers don't really care how much energy 
the bots burn. Yes, the amount of spam might decrease because the bots cannot 
hammer out that many bitmessages as SMTP messages per second, but your 
hypothesis that BitMessage would get rid of spam is unrealistic.


Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[flapflap]

Johan Wevers:
> On 28-02-2015 15:09, Daniel Kahn Gillmor wrote:
> 
>> We had this discussion recently over on messag...@moderncrypto.org.
> 
> What is described there is a much more confined problem.
> 
>> It's far from "trivial", but breaking voice-based authentication
>> (particularly in the already-noisy realm of mobile phone calls) with
>> high probability doesn't seem to be beyond serious researchers.
> 
> Fooling a computer that a certain voice belongs to someone else, sure,
> I'm sure that is or will be possible. Fooling me that a short, fixed
> string is spoken by someone I know when in fact it is not, sure, that too.
> 
> But fooling me that the person on the other end of the line is someone I
> know well by only technically impersonating his voice while having an
> actual conversation... I don't believe it very likely to happen in the
> near future. Perhaps it could work on someone I barely know, but pick
> only once the wrong person and I might become very suspicious. It
> requires not only changing the voice but also solving a problem much
> harder than the classic Turing test. For once, it requires much
> contextual knowledge about what both persons know of each other.
> 

Apparently, it is very easy to fool people by voice on the telephone.

Just think about the "grandchild trick" ([0], unfortunately not in
English) which is a method where the criminals phone (often elder)
people and tell them that they are a grandchild, nephew, or other remote
relative and need some money for some reason (need a new car and the like).
According to the article, they often start the conversation with a
question like "Guess who's calling?" and then the victims think some
time and seem to remember someone of their family and answer "Hi $Name"
so the callers know a name of a relative they now can impersonate.
You'd think that people are very careful with regard to money, but the
trick is a huge "success" and the criminals got more than CHF 50k _per
case_ in 2013 in Switzerland.

This is because the telephone channel does not prove authenticity of the
caller and thus cannot be secure.

~flapflap

[0] https://de.wikipedia.org/wiki/Enkeltrick



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

New "validating keyserver" architecture (was: Re: German ct magazine postulates death of pgp encryption)

[Matthias Mansfeld]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1 Mar 2015 at 17:21, Patrick Brunschwig wrote:

> On 01.03.15 16:38, Kristian Fiskerstrand wrote:
> >>> In general I believe this to be an insufficient form of
> >>> identification that really doesn't provide much of anything
> >>> useful, but at least the PGP keyserver does it reasonably sane in
> >>> its methodology by creating a signature from their CA on the key.
> >>> Whether you put any merit to having such a CA signature or not is
> >>> left up to the user (excluding for now the "fun" related to the
> >>> spammy number of signatures from it)
> >
> >> Yes, I know. The re-confirmation every few months together with
> >> re-signing the keys is among the things I dislike about
> >> keyserver.pgp.com. But in general, I think that keyservers need to
> >> go in that direction if we want to enable easy use of OpenPGP in
> >> email (which requires in some way or another to download missing
> >> keys automatically).
> >
> > You wouldn't need the keyservers to be involved in this at all.
> > Anyone could set up such a mail verification CA outside of the
> > keyserver network.
>
> Perfectly correct, yes. This is exactly what I'm proposing. I believe
> that the current keyserver network cannot do this. I just don't have
> the time to (also) work on this...
>
> - -Patrick

I like this idea very much. (I must admit, I did not take notice of
this feature at keyserver.pgp.com, However, I just tried it, but it
refused my whole pubkey because it contains an expired subkey, but
that's not a problem of the concept...).
Uploadingonly with validation by e-mail to all (or at least a
selected one) user-ids like keyserver.pgp.com does would be a really
huge improvement and would address the initial problem about fake
keys which lead the guy at c't to his PGP bashing.
Key distribution between the keyservers same as now, and deleting a
key on all servers (manually or after "Timeout" without confirmation)
should be possible from any of these servers, not just this one the
key was initially uploaded.

And the objective should be to replace or retrofit the current system
of keyservers. Two concurrent systems would not make OpenPGP more
user friendly.

What about crowdfunding such a development?

Matthias
- --
Matthias Mansfeld Elektronik * Printed Circuit Board Design and
Assembly
Neithardtstr. 3, D-85540 Haar, GERMANY
Phone: +49-89-4620 0937, Fax: +49-89-4620 0938
Internet: http://www.mansfeld-elektronik.de
OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc
Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF


-BEGIN PGP SIGNATURE-
Version: GnuPG v1 - GPGrelay v0.962

iQEcBAEBCAAGBQJU83WjAAoJEEBWH1SLWUDvqu0IAK8N/mUf5/T2hPCX4qMrpZyG
c0SbxyECIk44/VCp9hOnp+fYd01Ocgv29P/w1KUSJsp5JrtxG3hkK+2SbYV6x+po
dbSSPlyY8MOMQinYKyIP0VVSfVz5mScnxyjXZIMpmwbe6TYNacj/8DscVVXlBH8m
afSTHIJDcMdvVn4fWOsvLufEUpCvmzbRuxEpSISJBRDgNlNE8DVAckfOoC+vIrbp
4Dr5BU4jJH3oFtG6p3yRt6bNW9wkPfYSp0mohVIO0KjSDMnrNq7t456xikehHxBn
Q/e11FNv2bNvuPCZ3iET0ZfxUjvYlbS28Du7CgDRooA6jt7RLsULU3SmJuW4k/o=
=2TV/
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Jonathan Schleifer]

Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>:

>> and also gets rid of spam
>> by requiring a proof of work to send something.
> 
> Surely, "proof of work" is evidence of performing some otherwise
> unnecessary CPU cycles. This wastes energy. In a system used by
> billions of people, lots of energy.

That "wasted energy" is a lot less than the energy we currently waste on spam, 
especially if you take into consideration the amount of human time wasted. The 
majority of the e-mail traffic is used up by spam.

--
Jonathan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 06:08 PM, Kristian Fiskerstrand wrote:
> On 03/01/2015 06:01 PM, Marco Zehe wrote:
>> Hi Kristian,
> 
>>> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand 
>>> :
>>> 

...

> that have enabled it. Another issue with the current
> implementation, btw, is that there is no way to define group based
> keys (see gpg's --group) , so aliases can't be used e.g. for an
> alias such as security@participant.invalid, this should be
> integrated into the already existing group restriction possibility
> in bugzilla), which ironically will send unencrypted email messages
> fondly even though something is restricted...
> 

To elaborate on this, in the absence of this I would also accept that
bugs that have been restricted simply send a generic update message.
"An update has occured on bug #XX, please log in to see the update"

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
There are two tragedies in life. One is to lose your heart's desire. The
other is to gain it.
 - George Bernard Shaw
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU802IAAoJEP7VAChXwav68egH/2saK0x2MLOnzRZJbrIP41dF
yKp9K+u/cq3Fk6hAvuZoJ0nGYBKuhh59mifvkMZrV4JEvBQ5NXjXWPD8wpJScaeL
/K9dDKLifwxDpNWiFVK3ISO8jcJRbUYkOwMYd1SmcsKXz1fmB5qPyYGflJxJkME+
2JI76K0FmeDnpNI/lyB2jFyi2uhfHxSDWIX80rqO+Hc0zMduKJsnAWfsVZmDbiGt
JRjOe0aW2Qgkwvjx0tjEYw0Vbxp5ENfK6tpSCVbcoIQnuCwZz0E3MGrKAbJp3cUW
w8XG9+rv9HqjGLp/txS4kjgqjmTkoiHFPvXW75OfK8xPGieA5epjjyVyowEW30Y=
=RWnn
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Patrick Brunschwig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01.03.15 18:11, MFPA wrote:
> 
> 
> On Sunday 1 March 2015 at 2:41:33 PM, in 
> , Patrick Brunschwig wrote:
> 
> 
> 
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow 
>> access to it just like with any regular keyserver.
> 
> What about keys with UIDs containing no email address?

The purpose of such a keyserver would be primarily targeted to email.
Thus I think such keys should be refused.

- -Patrick


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJU80j+AAoJENsRh7ndX2k7fN4P/jxwiXiQuQ/fcor8yKkC1SqA
TYnpQ2Z6ko1vY93repX5E1h9UrMvUOuMYHq7NECDftY2LSU/UFn0V7WpiAtdn+IO
eweI6cCMZmkdv8VVt9+dy7eZbjQ2jBGWpKzJmYAw4pxO0QJBHrEL9TLhxWBz4wDi
yAEOVQDrM3hl0O5NY8fX7Q249HwUWf/db0TC5lAA+he0mC9rjjNaAaq7yLGwTy/O
+vb/BxNRkvppYLKU8/naSSVGEwVfj2tw6y0fQbyfRiNSfh351Q9sVcwC3vTkHnUz
ldb6up4w5tRP6VY6yQ7m+mpAh1V1NX9J+h8Fi/kMGFfd3sfjYLduwPudJ17HmQr1
CAtOx/DnOXvIHMup1ZwENI1shaewNpxQoMHr/xCIEUaM2It8dwcVxdZ3f2KGGZ5F
LdEBEvjRyHPhCT8G8XB3WHoEWWXWrHEC1loy5Fpv6QeCobrkzQetPW6rNCvX8Cyp
nlST6TZoG0wBPonoKPQo+zPYBReBN+eUVuTb4Pe2WyhR4EY/7bsIdEa921lMekh5
fcnaI68McYpK2um6Mq686zArTu/KsJPRp868dVPNIEzW7gIZOjoKIdg0PGPpMQh/
NcpTi1vHeLZg4bYasXxpKG29dsAMfKGw/ImNkTyHhNZAw+1ykIeC4G4F/LFqlMaQ
v+FzDXhpGilTKyqMxmzH
=pm11
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Sunday 1 March 2015 at 2:41:33 PM, in
, Patrick Brunschwig wrote:



> The idea I have in mind is roughly as follows: if you
> upload a key to a keyserver, the keyserver would send
> an encrypted email to every UID in the key. Each
> encrypted mail contains a unique link to confirm the
> email address. Once all email addresses are confirmed,
> the key is validated and the keyserver will allow
> access to it just like with any regular keyserver.

What about keys with UIDs containing no email address?



- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

The best way to destroy your enemy is to make him your friend.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU80hOXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwx5AH/27hmssNnCxcyea1CKlY2nUP
TjVql/+1LPEDiEjeWmr8vJnynlmU0HxqhgIITBKzLeVcBPp2fhTGo6s6rE7ruycC
ITUPEWdcgmL6ng/hRGf+d6ynds6zwPxiurqMVwVVHMi6rCpfnclDH8BfUuQXoE44
piePDNPk0j4cAkCllB11uoQEqs+mpboHFGRVW2ZfERzFoTHoW2UtCE+me+o5LM+g
tm1nhSIZay53Eos08CKHYXFRjIXpZ64Qx1h7uVaQ7RCwQJ8U+fqEkTZPnrQ9Et9+
xb8qjQZ6dPYlUc7EY7BLTf+zZZciML044G6O5lJxuOzYnfbokfan6wwBbOx5YoWI
vgQBFgoAZgUCVPNITl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45BgUAQCUlFnxkSaygnmwoxwhd4KDsMT2
TMBxM3MeGCAw40SdVwEAAd/zbuKIyix8XljvsDp+3onA2XoGfYLDtM/0CUJ/CgY=
=gDmu
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 06:01 PM, Marco Zehe wrote:
> Hi Kristian,
> 
>> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand 
>> :
>> 
>> Since the author's first reaction was closing it WONTFIX I didn't
>>  bother, with that kind of behavior they can't possibly take 
>> security seriously.
> 
> Error in judgement that has since been corrected. These things 
> sometimes happen, but this should definitely not be generalized.
> 

fair enough, but it does tell something about culture that it happens,
even if corrected.

>> (ii) Ditto for the issue of replacing the subkeys, as key
>> rotation would not be automatically taken into consideration and
>> would have to be uploaded manually to each bugzilla
>> implementation using that flawed piece of software (the
>> securemail extension, not bugzilla itself).
> 
> Yes, these instances are all acting independently, there is no 
> exchange between totally unrelated Bugzilla instances.

And there shouldn't be interaction between the various bugzilla
instances, but there should be lookups to keyserver networks
(preferably to a locally controlled keyserver to avoid certain
information leakages, but that is another matter). In my own case I'm
on some 10-15 bugzillas, with at least an annual rotation of the
encryption subkey of my main key, meaning I have to manually update
the key in these instances (that currently involve manual key
splitting and pasting non-conforming OpenPGP data) on the bugzillas
that have enabled it. Another issue with the current implementation,
btw, is that there is no way to define group based keys (see gpg's
- --group) , so aliases can't be used e.g. for an alias such as
security@participant.invalid, this should be integrated into the
already existing group restriction possibility in bugzilla), which
ironically will send unencrypted email messages fondly even though
something is restricted...


- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Veni vidi velcro
I came, I saw, I got stuck
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU80ekAAoJEP7VAChXwav6hVkH/j4kbWapWqGC7ij1nYB6zG6d
dDFHwN7A7IsrIuXH4o/CZmdeidNB3lUk2KZ2woksa0XO+QRLwz34pZjTAdHUrJVe
C/vxELcBqoF6kBDBrOzKU7suT5at8rrTMVtUXviT1nZuu+SCW2TOxpWNAfuLyS9j
IDryaAot9CUPrarzclQfIn7VLMnH6aCPKDk5mli8mmdf0mD52YK7hHUWhYrQtXHF
egxOPnaaiYEy7P2mm3vaYboJWlezv+EIZ8Ly0czSSpVJ1ryrL/ps5tm8Z/9U2njC
QTnumYKa6cHeZtRLPYLQ56TeazifgYN+3ls9IAlcCn0ydOnlu7T2hK2Vsh8AEG4=
=B5DB
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 05:31 PM, Marco Zehe wrote:
> Hi Patrick,
> 
>> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig 
>> :
>> 
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow
>> access to it just like with any regular keyserver.
> 
> I like this idea very, very much! This is a confirmation that
> doesn’t hurt anybody, and it is something that insures on a basic
> level, that the key isn’t completely bogus.
> 
> I have seen part of this in a different context in Mozilla’s 
> Bugzilla, when one uploads one’s public key into the Bugzilla
> account to be able to receive security-sensitive messages. After
> submitting the form, Bugzilla sends an encrypted message to the
> account’s e-mail address, assuming the public key just uploaded
> belongs to that address. It doesn’t go as far as requiring
> verification via a link, but it definitely confirms if the key is
> working for the user.

Seriously? Please look at
https://bugzilla.mozilla.org/show_bug.cgi?id=790487 regarding that
implementation, which opens up another can of worms (encrypts to {S,C}
key, not encryption key, dual usage of same key material for different
purposes... BAD)

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU80AlAAoJEP7VAChXwav6EtYH/2s7omGB617SiAYBuBD11izv
+7XErPLC0LMLAYTkxleHwZ2f+CDfL4Tf2g429i3XFYEeX2ysqJxq6vq4DVmbASe6
tEj8JpBRksUQB3FiIlnDrSBD2L8l4NgATeCVimUy8CJ19NoCixR6bVoZarFTKVus
93XS9GmD0wOBc2fWFqu3vnAqmHTaxi8UULtjqHGogEgaq9q2lLd13mbXP9MwX9zw
oqpmiwi86tEZ1KpUc6AHBeEqmbTk1iZJHS4oNOks0OqYmro56fMXkVX1S9zx1lan
fJdhS25d97MLl6yHSdQQGALGGdj+DNihcl77XvY5k8eUmURy13fXuqQf67mY/Us=
=gvNe
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 27 February 2015 at 11:15:36 AM, in
, Peter Lebbing wrote:


> So what did this key attract, being on the keyserver
> for four years now?

> 22 Nigerian 419 scams. That's it. Twenty-two! They came
> in batches; I haven't seen anything since March last
> year.

I have such a key up for nearly five years. The only email the
address has received is a test message from myself to check
the address still works.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

A bird in the hand makes it awfully hard to blow your nose
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU80aJXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwfZgH/Amp+td7dYlkig4Fdkjw0flA
rNs3tVFgNcjMk8UFEt5EZgCX0KgREq+JUPPIZIZx6SxqiwddgwlG+FgCaAy5Mgys
FZAq+DUUdAwr60dRiPfGYIwMoOOR53TsnlIUnDKyYTImGXbgfIjyDWy40Uh9dTqn
97tUuxfpcol82jFoFPsc9pHrbQT2xgRX8cQX13imcKP++DKNNK46yegqE3EJ7Ni2
VvkSGz/fjN00dddBRS+aLjYYdTbd0qkwD0ain2fSJDFUiN/KPCKFErw+sFLGMEa3
z+rKo7m2kENqz6gRrLJHseaN8R1fuCSYS//iOIJPOheB4PcnE3IHY1SNh0/fAFaI
vgQBFgoAZgUCVPNGkF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PU4AQAUMrB63G2IGu2QdXATx/WVE4fl
6O95l2NU7GTh7s34RwEAFMza6mM5Uh3gmw8rARsm71AD39PleCJE3DTAqCE0Ugw=
=jib3
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Kristian,

> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand 
> :
> 
> Since the author's first reaction was closing it WONTFIX I didn't
> bother, with that kind of behavior they can't possibly take security
> seriously.

Error in judgement that has since been corrected. These things sometimes 
happen, but this should definitely not be generalized.

> 
> 
> The proper solution seems to be a re-implementation of the system to
> use gpgme for encryption. I'm also worried about the system's key
> management in the case of
>   (i) revocations; as I'm not aware of any key refreshes being made,
> meaning a revocation certificate uploaded to public keyserver network
> would not be honored and still constitute information leak.
Yes, the public key doesn’t come from a key server in the first place, but 
needs to be copy and pasted into a standard HTML textarea while filling in the 
form for that Securemail extension. So it is the key owner’s responsibility to 
keep it up to date. As far as I know, there is no interaction with any outside 
source in this matter.


> 
>   (ii) Ditto for the issue of replacing the subkeys, as key rotation
> would not be automatically taken into consideration and would have to
> be uploaded manually to each bugzilla implementation using that flawed
> piece of software (the securemail extension, not bugzilla itself).

Yes, these instances are all acting independently, there is no exchange between 
totally unrelated Bugzilla instances.

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 05:45 PM, Marco Zehe wrote:
> Hi Kristian,
> 
>> Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand 
>> :
>> 
>> Seriously? Please look at 
>> https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that
>>  implementation, which opens up another can of worms (encrypts
>> to {S,C} key, not encryption key, dual usage of same key material
>> for different purposes... BAD)
> 
> Do you have any insight to share in that bug that might help my 
> colleagues move fixing it forward? I’m sure it would be highly 
> appreciated! :)
> 

Since the author's first reaction was closing it WONTFIX I didn't
bother, with that kind of behavior they can't possibly take security
seriously.

The proper solution seems to be a re-implementation of the system to
use gpgme for encryption. I'm also worried about the system's key
management in the case of
(i) revocations; as I'm not aware of any key refreshes being made,
meaning a revocation certificate uploaded to public keyserver network
would not be honored and still constitute information leak.
(ii) Ditto for the issue of replacing the subkeys, as key rotation
would not be automatically taken into consideration and would have to
be uploaded manually to each bugzilla implementation using that flawed
piece of software (the securemail extension, not bugzilla itself).

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Timendi causa est nescire
The cause of fear is ignorance
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU80QyAAoJEP7VAChXwav6NLcH/2mkfs2MRRHhSc1ZcEVWstJ5
0ZDSGVHUDsAFqUGxXyxbOj+nc1yrZBlQCxFhd3dogtIMYUDkCckEDEIahT029jsL
dJ3GvXjf3ZdKKCsIl+MTypr1ToyMJ0r0DpTv90XxdX97svdc7VUi5wIMdNiL3mbV
dLbUXt8e1qTt1Y9ie08vhGVmSP3IesSztLlWkxyIPL7NFDNqMwTUCk/RAZx4qwpT
Ore/QxzBYlBrauYJpyUrNhKX6atF1GmCT8w0AKI1E55TUJSDmadOzt8T4rGYRkD0
Hz3OWjdGsUETjDy0JFbwnky1a+RBKXqrEtmHmFw+5dE6IiqEXKe+hBrTRlMqQUQ=
=g23o
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Sunday 1 March 2015 at 12:21:20 PM, in
, Jonathan
Schleifer wrote:


> and also gets rid of spam
> by requiring a proof of work to send something.

Surely, "proof of work" is evidence of performing some otherwise
unnecessary CPU cycles. This wastes energy. In a system used by
billions of people, lots of energy.

- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

The best way to destroy your enemy is to make him your friend.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU80I6XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwka8H/0B0bA1C5HZWGT++Gjko0tZr
hRxSuLZrzCunPTjTfI5nZ03+hsFcj8HEj5o3IzqHgGUdiYxCsQUKNb8jIfD56kTt
l5GBY5kOKubfgFlEDjc/VENma7oD14/Otm7S/+dSlGUlYsqTm0EQVTuPIcGmtmo0
CyLvZ/wb2nPUCbEjuov8qKAZR2u64kzkKDCHsW7EKQBDT703FtQ6S0BqA6RlKlrv
X265xldChqx593KNJbzH18kOWMHtxpWIkVsUY6xd1IUiaWxppNWsKNOqEa3rPREa
0Aqv2zXCj5vwF5qji/oN7FgRi1iAB/YBUek23YmmdhTE4I/RGe+8R9zZF5LEWFqI
vgQBFgoAZgUCVPNCQF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45DXmAQB9I5RGUnJFajLwKxJAriH5OeaX
OVz5Rv32d18W6DUfMQEAnu04Vb2EwEQucTG7mUkaX/kBqqXUjr2XXPRSY/scBgo=
=tNNO
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Kristian,

> Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand 
> :
> 
> Seriously? Please look at
> https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that
> implementation, which opens up another can of worms (encrypts to {S,C}
> key, not encryption key, dual usage of same key material for different
> purposes... BAD)

Do you have any insight to share in that bug that might help my colleagues move 
fixing it forward? I’m sure it would be highly appreciated! :)

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Ludwig Hügelschäfer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01.03.15 17:31, Marco Zehe wrote:
> Hi Patrick,
> 
>> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig 
>> :
>> 
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow
>> access to it just like with any regular keyserver.
> 
> I like this idea very, very much! This is a confirmation that
> doesn’t hurt anybody, and it is something that insures on a basic
> level, that the key isn’t completely bogus.

Yes. And it would automate a process which would have to be done
manually during a sensible key verification.

Ludwig
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJU80GMAAoJEDrb+m0Aoeb+WXcP/RC3p4fYhyftVJPgvVHABrGj
fgLd3PcJKLfIfUWqcqVu5xLUMbI2wwjR36rnfUpUmJQdmJXkOD4HWFuzGnGMTpiV
CsrgYKbFXRzrKQeaUJtu0UVEXshORN+xHWHpjQi4HaqAahXWSzP7LSlbr/VhseO9
TClaGlI1jceZUyQGzLRv3IsTaU0uU3/juCtO/AGLjPiYCFJnohVRYFqh8vSG+zqX
UHa9HrmTHv70BJmea/R9glwmKEq24VHWKe1rZpp/jkWWdIH7kQ9KLcp7qmTevPPZ
tc3PAqe9B/TXLWM1KQiASxotHGIYnA+7putNwvN+WEfpPHg2oiWAa2zahNj9+yH1
W1ED+8XNlQGlIW2qBbiFfZcx+zuD9NMrK2ML0av8uJdt0/+lfUdVtzpYCEdq/LIz
MepRxCyKJ8ZMoP6yw2zFFkmIHBCnrFpEAlUtlozMBEk5Wzc5J/F8RwxZVBO2UNM8
+8FHW14QDSU5gahFJulKg//mU/RmJiOtsvzomRlxy88/05FtW4I5amZ2mhDK/uVj
EwZXb32gVqEB7+RM8SDWjRf2Aq8DiV5h+c6eI5bTora/8seo1Z/7KsaEUj9CcL/G
75P5VFrIvFvOg1FV9EPdT76wviexPSI4S47L5r87MLyr6pno0IkxPlznNmJ+gRzC
uZkvUIEyQBhCFggtSlqb
=1JPX
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 05:36 PM, Marco Zehe wrote:
> Hi Kristian,
> 
>> Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand 
>> :
>> 
>> You wouldn't need the keyservers to be involved in this at all. 
>> Anyone could set up such a mail verification CA outside of the 
>> keyserver network.
> 
> In theory, yes. And keybase.io goes in that direction, although
> they don’t do the verification of e-mail addresses themselves, only
> the e-mail address one signs up with for the account.
> 
> But why should key servers not do that? Why add this extra level
> of complexity?
> 

It isn't more complex, it is LESS complex to do it as a standalone CA.

We currently have about 150 different key servers in the main
gossipping network, you would have to establish severe trust
mechanisms between them as to convey the verification data, change the
gossiping protocol to accomodate this, implement crypto in the
keyservers, possibly have keyservers shut down for legal reasons as
possible verctors of legal attack for some additional data; data that,
in its concept is the job of a CA in the first place.
- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU80EMAAoJEP7VAChXwav6MEcIAKh5s2A01wUQZgF1Wh9chtRo
tQ6pk05FnEYhyYi/9GBcehf2mqlnkbvBjvw74L1JJWsJdR3i5Z2VGhmVVMFOo4iW
99fX1rD1imM4PiRtAQ3gwvmJNm6u/65mfRFN8M3hyVLjWndkot3i3jCTGzT9oF6t
QWcyUFPKAVck+B7VTmn6kt6td8rmYzeIp/0g7a6Q+BCeGNLMKzwdfofMRH0ueMys
0sTkA+73BKKYQITgFh2t+CvCNtoYd5IT8JFrk4lqdeCcb1HVuys0u1J8oLy1ppSr
869cwZ2nhwV4AOczDLAbMlwitDpWTLWpZ+epkkP4hOYii48neSXsc5XQwJr9RBU=
=63S3
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Kristian,

> Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand 
> :
> 
> You wouldn't need the keyservers to be involved in this at all. Anyone
> could set up such a mail verification CA outside of the keyserver network.

In theory, yes. And keybase.io goes in that direction, although they don’t do 
the verification of e-mail addresses themselves, only the e-mail address one 
signs up with for the account.

But why should key servers not do that? Why add this extra level of complexity?

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Friday 27 February 2015 at 12:23:18 PM, in
, Ralph Seichter wrote:


> The thought of letting PGP die as an e-mail encryption
> mechanism for the "masses" (the non-tech-savvy average
> users) and to have it replaced with something my mother
> could use is valid.

Has OpenPGP ever been an e-mail encryption mechanism for the "masses"?
It is certainly not used by most.



> Alice can't just send an e-mail to Bob, she needs to acquire and
> verify Bob's public key first.

Depends on the threat model. If Alice knows Bobs email address and
there is a matching key on the keyservers, isn't it likely to be
better to opportunistically encrypt to that key rather than to send
the message unencrypted?



- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Was time invented by an Irishman named O'Clock?
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU8z/JXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw48wIAI4UHlmaw8rYWbnoS+gzhyaP
oVyu8msA0kZjOZo6o1TIP6Ffc21v3wU46ClZq07gtHVXaiRvisdIKMf/v/b5GnN/
Cer+HbiTMz2ivThcb69JndM3aQB/5+DI8l2UJQ2NOpVnIS5OgIvLw8rJd5SujMdx
yyf7l32b6xlnbS2Z1z+COsz4Uo+h35v8MhRxeG0bFZuWTlOP99jbVaELJ+halAPS
HiDffoMDd3khRUYCFkkA2vAxMthmSMwNWEllr7uQtCcd4kD5AA9gC2MFkyywESIN
WM2UOmVA79c6OccdpxP+Ggs/Caz+DcjLYRUL5vgAOtZb/jyOyWPfNro0y1WdlJiI
vgQBFgoAZgUCVPM/zl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45GnrAQBRV/lNKdoutB6x2/URS8DlClT/
EoEsN4gz/qkzeKPNZwEAEhpOFVDf3bC9n1FZUXxYgMwU95UBVI58AKjIkTV0egE=
=pfFQ
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Patrick,

> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig :
> 
> The idea I have in mind is roughly as follows: if you upload a key to
> a keyserver, the keyserver would send an encrypted email to every UID
> in the key. Each encrypted mail contains a unique link to confirm the
> email address. Once all email addresses are confirmed, the key is
> validated and the keyserver will allow access to it just like with any
> regular keyserver.

I like this idea very, very much! This is a confirmation that doesn’t hurt 
anybody, and it is something that insures on a basic level, that the key isn’t 
completely bogus.

I have seen part of this in a different context in Mozilla’s Bugzilla, when one 
uploads one’s public key into the Bugzilla account to be able to receive 
security-sensitive messages. After submitting the form, Bugzilla sends an 
encrypted message to the account’s e-mail address, assuming the public key just 
uploaded belongs to that address. It doesn’t go as far as requiring 
verification via a link, but it definitely confirms if the key is working for 
the user.

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Patrick Brunschwig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01.03.15 16:38, Kristian Fiskerstrand wrote:
>>> In general I believe this to be an insufficient form of 
>>> identification that really doesn't provide much of anything 
>>> useful, but at least the PGP keyserver does it reasonably sane
>>> in its methodology by creating a signature from their CA on
>>> the key. Whether you put any merit to having such a CA
>>> signature or not is left up to the user (excluding for now the
>>> "fun" related to the spammy number of signatures from it)
> 
>> Yes, I know. The re-confirmation every few months together with 
>> re-signing the keys is among the things I dislike about 
>> keyserver.pgp.com. But in general, I think that keyservers need
>> to go in that direction if we want to enable easy use of OpenPGP
>> in email (which requires in some way or another to download
>> missing keys automatically).
> 
> You wouldn't need the keyservers to be involved in this at all.
> Anyone could set up such a mail verification CA outside of the
> keyserver network.

Perfectly correct, yes. This is exactly what I'm proposing. I believe
that the current keyserver network cannot do this. I just don't have
the time to (also) work on this...

- -Patrick
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJU8zyAAAoJENsRh7ndX2k7cNAQAJXErgNTCbTqEwhtUcW0l7KR
hfchokWcOfgdMmNIKz9A2AD8mQ7Ckdxmn/ANGzNLSzZHjCT4+npjdEe/Q0XxcUf6
ajtntcQsdUBvpC/K4gPDg+V1g3EEZkUPHDeKvgCWvZIQ+57zjsg6T/0c4EEfdNWP
jwZDceP17wsLcTy3OdHhVrMJkgF/HFR4GaGzWNUzBFxtfeoK7kNhkvxKDbhajmcY
wiCgzz++cZmi7T4tf/hrdi65zB9zxzIOgvfeJvDpuuCUAGGYNtofJrIL4H3RNlSc
LfEmbpIwEfJltgeaEpfHBRzTtbxzAr7STvYSQNBwcCb+ksa2EWLzpPjbTfBUWaMt
91oW/qrW2TcEPxPHxnR1dlrAVmm3gE253plO8rljllr5csrUgLiT7tGalAwxv5Es
ITycw3lWUoxDRA1enqHnRgeig3MQNLGqZ5hbFYTs5sHYbKcpHG5Gl4TVnRKIWyCj
KMuXqy1ibV5kIlbP70D/g5Ss2M3iUyYl/tHf1pA5WKMU2EguLL42A9LCIPkqMFO7
5a1+xRAo1ZzkHpNUgACI73F/IuNTPXA7bPSa298sLB55teNFjWK5N8oPPs03e4OQ
W3oEoENnhgdUmDNd5soiM3yVgabGw8vBQC+/PD9Uz9Ee8AnxspxhQMdYacE467fJ
0ALTnk9tVO6Qt3vCjR3J
=Mejp
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Saturday 28 February 2015 at 5:54:21 PM, in
, Johan Wevers wrote:


> For once, it
> requires much contextual knowledge about what both
> persons know of each other.

Why? Most of my phone calls to regular business contacts consist
entirely of discussing the matter at hand, not chit-chat.


- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

Raining cats and dogs is better than hailing taxis.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJU8zsfXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwVYMIAJFtjZx4aHFfR5F7d1/kO2/t
ulmARvmoBeH9NknjJuq8KL3nYCG+TsH3LEx1DrxdUMIGWzRddP5M+8RJABiNpyhM
mfcYqhp+j9XgGrgRfYkE33h59ChkhuZ02WE03NKfbcez2xROQKMuwzjEGZ4e7Il9
5ZXBAncXRTzC/PyFIyUNYTl1I+tMip4fCH0hoaXq6pgJLn1uRNf2J9KKdJV/+7m7
zCDVKokSgP6kYoACh9Uc1NUEKmVO3YTFg9S4Ojg27rNMdpS5eJFB0JrnihOMpPo+
sZpieho+zNt/LhjNPFaC6zgC8G43CmaEnultpBUZvob/aVptJGunSV6GQXwTrvWI
vgQBFgoAZgUCVPM7KF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45CQwAQCVZOH3qNj/eLa83XDgOLXUsftL
/msZGlMpOABWE3+dzgEAU3ju2z+ErhM38+chFMhS1M5td3yOSKqDA8q6yR4OhwA=
=9nmV
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 04:35 PM, Patrick Brunschwig wrote:
> On 01.03.15 15:58, Kristian Fiskerstrand wrote:
>> On 03/01/2015 03:41 PM, Patrick Brunschwig wrote:
>>> On 27.02.15 20:56, Werner Koch wrote:
 On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> 


..

> 
>> In general I believe this to be an insufficient form of 
>> identification that really doesn't provide much of anything
>> useful, but at least the PGP keyserver does it reasonably sane in
>> its methodology by creating a signature from their CA on the
>> key. Whether you put any merit to having such a CA signature or
>> not is left up to the user (excluding for now the "fun" related
>> to the spammy number of signatures from it)
> 
> Yes, I know. The re-confirmation every few months together with 
> re-signing the keys is among the things I dislike about 
> keyserver.pgp.com. But in general, I think that keyservers need to
> go in that direction if we want to enable easy use of OpenPGP in
> email (which requires in some way or another to download missing
> keys automatically).

You wouldn't need the keyservers to be involved in this at all. Anyone
could set up such a mail verification CA outside of the keyserver network.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"The best way to predict the future is to invent it"
(Alan Kay)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU8zJoAAoJEP7VAChXwav6vlgH/3ZBDMyOF4TfkDaBb+N5f45n
crBiableZ/2I5Flq/dR5UierB1FtEPKKifdPNG/oa36gqLfFHeVpP8DGOTTGyl5S
pkhR/1SNSKIpQyfCe0nOTeaxsCR0M6lmCudrtFsUf0kokTZ8SnWgwgonP5AQPde6
w+UCXUJmjwQechR6donoHOye19eo6SQI1byo0LpKO1NMl+5ErpCFOJrcnwDE93n1
nEWJA5hytTfM6cvXJkgUJ64WogRxS7xRUbQ4dTVG3wEPl9H+IaIOMCxKWGcq7SNC
hSDa/evtdtWpjo7zSLo2lpVf03fM020ax1PHLBiItJnTAszhvWkA9bfZGrdB1mg=
=EW11
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Patrick Brunschwig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01.03.15 15:58, Kristian Fiskerstrand wrote:
> On 03/01/2015 03:41 PM, Patrick Brunschwig wrote:
>> On 27.02.15 20:56, Werner Koch wrote:
>>> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> 
 that anyone can upload _every_ key to a keyserver is an
 issue. If keyservers would do some sort of verification
 (e.g. confirmation of the email addresses) then this would
 lead to much more reliable data.
> 
>>> We have such a system. It is called S/MIME.
> 
>>> Ever tried to find an S/MIME (X.509) key (aka certificate) for
>>> an arbitrary mail address?  The only working solution to get
>>> such a key is by sending a mail and asking for the key.  You
>>> can do the very same with PGP of course.  Keyservers along with
>>> visting cards are much nicer.
> 
>>> So, why is there no public service to distribute X.509 keys? 
>>> Because nobody want to be legally responsible for such a key 
>>> unless you push a stack of money over the table for a qualified
>>>  signature certificate.
> 
>> I would not go that far as trying to guarantee the identity of 
>> key. But I think if a keyserver could do some basic verification
>> of keys, it would make OpenPGP a lot easier to use for email.
> 
>> The idea I have in mind is roughly as follows: if you upload a
>> key to a keyserver, the keyserver would send an encrypted email
>> to every UID in the key. Each encrypted mail contains a unique
>> link to confirm the email address. Once all email addresses are
>> confirmed, the key is validated and the keyserver will allow
>> access to it just like with any regular keyserver.
> 
> 
> You already have a variant of this at https://keyserver.pgp.com 
> (although I don't recall if they send the requests encrypted, I 
> haven't looked into the service in years)
> 
> In general I believe this to be an insufficient form of
> identification that really doesn't provide much of anything useful,
> but at least the PGP keyserver does it reasonably sane in its
> methodology by creating a signature from their CA on the key.
> Whether you put any merit to having such a CA signature or not is
> left up to the user (excluding for now the "fun" related to the
> spammy number of signatures from it)

Yes, I know. The re-confirmation every few months together with
re-signing the keys is among the things I dislike about
keyserver.pgp.com. But in general, I think that keyservers need to go
in that direction if we want to enable easy use of OpenPGP in email
(which requires in some way or another to download missing keys
automatically).

- -Patrick

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJU8zHGAAoJENsRh7ndX2k7dNMQAKpRyStQFPRszQ4V52VS9Cuk
NTwUeRJ/ZIpM4OU0g1/3pXCMRI3xlSz0ts0Dh2ddMo2xcso5kS1X64DzrR6Sj6XT
AF2hBr9rkU+vZN7KAjdlvOPbZruXZEqCQlLm0aAxVPDRY+AKC4YSTKHR4OvAnlyY
mSFXDG7T/m6n8stwWrkY1M3PzD7UJCXH9Qsfb98oYOcP62MJlZW7H2byIgwVHvCK
ijnCJ7YZNRYTpOwfn2WtN+hP5AksrF1uQwQn/ApbgOVuvPwIl2+MhdbY9wjzv3WB
QFD4472Xho1vLsvT+qTHAskI4l5InnIhuxDVVRsr7OAGjbNPmSiph18+3A1vQOuy
mkkBUYJblifM2hmhKTBTNhJyD/TYvhVrC35Tb3J+eq2RhaStivjlKFH9tH9FgBBR
tz1R8OIdq4A3ZyHPYXBvvuYe+geZmUEOOAtTA7JDPvXrwrtLeGKvNJ31UaFd7kGd
odk5PNRscWJIeQfSEwNCUyzzKexWjj14OFLCd4D9ylNVEHWhHOCEgMmgZaAVIduH
oE5ChgCWLx44WQPA5O+bMEY4+WYJaJEk/tkwLHuY9CB98kGd3DmdK5BCh4WI6NLX
O0Z3b7gDQfTxdi5fHJtHA16rtigA4zpkKz3Z4kgJUzVfnf2ikcU4+ppJX/Pd+4jZ
Wt5Mq+MmViexsE/J/BFA
=c5nb
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/01/2015 03:41 PM, Patrick Brunschwig wrote:
> On 27.02.15 20:56, Werner Koch wrote:
>> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> 
>>> that anyone can upload _every_ key to a keyserver is an issue.
>>> If keyservers would do some sort of verification (e.g.
>>> confirmation of the email addresses) then this would lead to
>>> much more reliable data.
> 
>> We have such a system. It is called S/MIME.
> 
>> Ever tried to find an S/MIME (X.509) key (aka certificate) for an
>>  arbitrary mail address?  The only working solution to get such a
>>  key is by sending a mail and asking for the key.  You can do the
>>  very same with PGP of course.  Keyservers along with visting
>> cards are much nicer.
> 
>> So, why is there no public service to distribute X.509 keys? 
>> Because nobody want to be legally responsible for such a key 
>> unless you push a stack of money over the table for a qualified 
>> signature certificate.
> 
> I would not go that far as trying to guarantee the identity of
> key. But I think if a keyserver could do some basic verification of
> keys, it would make OpenPGP a lot easier to use for email.
> 
> The idea I have in mind is roughly as follows: if you upload a key
> to a keyserver, the keyserver would send an encrypted email to
> every UID in the key. Each encrypted mail contains a unique link to
> confirm the email address. Once all email addresses are confirmed,
> the key is validated and the keyserver will allow access to it just
> like with any regular keyserver.
> 

You already have a variant of this at https://keyserver.pgp.com
(although I don't recall if they send the requests encrypted, I
haven't looked into the service in years)

In general I believe this to be an insufficient form of identification
that really doesn't provide much of anything useful, but at least the
PGP keyserver does it reasonably sane in its methodology by creating a
signature from their CA on the key. Whether you put any merit to
having such a CA signature or not is left up to the user (excluding
for now the "fun" related to the spammy number of signatures from it)

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"Excellence is not a singular act but a habit. You are what you do
repeatedly."
(Shaquille O'Neal)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU8ykPAAoJEP7VAChXwav67LoIAJdaEldVcwdGAXE0u+Bk4pse
N93PY/LUYiDeEZvnfaa75EBSKBllnYZdDW0Dk9TAPos/PE1XWa4BFN4VIpjpa665
Hy94vpiE2Fvx+MYGO52qz/AHmSMkAD8z3wxIVLX+5MSFLRP/gmJz1E6/2YL9afEt
I2DSaE5XS2NNL9w6cX3SRgK52bEP1XZlRa3n+sSYAzGwZiGbthr67RV3jqadYbCw
hU7MDKhgrARc6ZSpycDbs1kLacgrXBsx2PpvqDPHghU1SuoglkJ8ZFYz/Y725k9z
LPmIvhx7jXHdqVo9JiTeDVubMylU2oqdnjBer9IrVywUCLEwKRGifhFMZOUV52U=
=uiJ3
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Patrick Brunschwig]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 27.02.15 20:56, Werner Koch wrote:
> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> 
>> that anyone can upload _every_ key to a keyserver is an issue. If
>> keyservers would do some sort of verification (e.g. confirmation
>> of the email addresses) then this would lead to much more
>> reliable data.
> 
> We have such a system. It is called S/MIME.
> 
> Ever tried to find an S/MIME (X.509) key (aka certificate) for an 
> arbitrary mail address?  The only working solution to get such a 
> key is by sending a mail and asking for the key.  You can do the 
> very same with PGP of course.  Keyservers along with visting cards 
> are much nicer.
> 
> So, why is there no public service to distribute X.509 keys? 
> Because nobody want to be legally responsible for such a key
> unless you push a stack of money over the table for a qualified
> signature certificate.

I would not go that far as trying to guarantee the identity of key.
But I think if a keyserver could do some basic verification of keys,
it would make OpenPGP a lot easier to use for email.

The idea I have in mind is roughly as follows: if you upload a key to
a keyserver, the keyserver would send an encrypted email to every UID
in the key. Each encrypted mail contains a unique link to confirm the
email address. Once all email addresses are confirmed, the key is
validated and the keyserver will allow access to it just like with any
regular keyserver.

This way, we have a simple verification of the access to the private
the key, as well as access to the email addresses contained in the UID
by quite a simple means. I would say this is about as reliable as
sending an email to someone requesting their key.

- -Patrick
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJU8yUaAAoJENsRh7ndX2k7Iz4P/j+rS8ZzqI62rQfc8RbNfPuT
1tinBE7Bf73PaZ+hpHCdEAcRUGhM64yRtNUAwovQt00sfdalF4WNKzdlItavMMLG
YtsgaEgZNf8JQlhC2u++Pxo7x7YlHXIuU5Wdu7rbSJXTSfacII7QPSIK39iMUDB5
Je4xUiQSBUeFgm0HLIlnuZMn4KLEPIdthss8golOYBZisSJM8lsucneKSH/4z7sf
d2zvfqRUVtyC9wtnzXDX0VmTP0m+LfVaug5fWyNB87yDKrWG6jqmttIm6vMFH534
RgHjjOCE5dzw0QIXfgv9d0xOFAGoMqt18UPAn/H7bxTJ2OAXHLvugBvfQxLrCO5N
Lb4PjICyC/PB6L+thQS8uG6a7CKDV+nU7MIxRzkFtFVmG4L0Ew8JWViQP6tFwUd6
UUxc3DS+kAPprGmG9sOpzf29c3nDkS1Fe697dOtKAexJ3MTT2Ygc1ZbkDGRhtiM8
5ahjYSxtw/cCRKwXOi40DzDlNG3h1L71q87hJk5m+Ithcz4qkCgLdjzisJZBQd2U
2ObU1Nzjg18bJlXeyoNYve/CdjRp8EHlckdFJr/rBWy10u2vn9kL8Eq3HXDtOZGR
V6va5bxt1jxOYiieAPpZ28Wr+TbxWR8Ih9dNkxCn19a5Hy0QtYYAVnJSrXEtv84y
4vjnCrxlE6QAkouU6XjB
=m2JV
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 01/03/15 13:21, Jonathan Schleifer wrote:
> You mean like BitMessage ?

It was Werner who floated the idea of replacing SMTP here on gnupg-users. After
thinking about it, it made a lot of sense to me. You could search gnupg-users
for his messages about this. I had a real quick look and couldn't find it just 
now.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Re: German ct magazine postulates death of pgp encryption

[Bjarni Runar Einarsson]

Jonathan Schleifer  wrote:
> > Let me stress again that the proper course might be to replace SMTP 
> > (e-mail) and
> > then work from that. If you have a sieve and wish for something to hold 
> > liquids,
> > you could plug up all the holes or say "Blow this for a lark" and get a pan.
> 
> You mean like BitMessage ?
> 
> I think it's the only replacement for mail with cryptography from the
> start. It gets rid of the whole public / private key problem and also
> gets rid of spam by requiring a proof of work to send something.

Bitmessage is a toy. An interesting toy, but it's still just a toy.

You can't propose to replace e-mail, a system used by *billions of
people*, with this:

"Just like Bitcoin transactions and blocks, all users would receive all
messages. They would be responsible for attempting to decode each
message with each of their private keys to see whether the message is
bound for them."
  - 

The paper mentions a very hand-wavey, stream sharding concept to improve
scalability, which has not been implemented and there is no math
presented to support the idea that it actually will work.

At scale, any promise of anonymity made by this protocol will be
hampered by the fact that, on average, you have to connect to as many
streams as you have contacts when sending mail, and your contact is
connected to the stream and downloading the mail. Once there are enough
shards to handle global traffic levels, then assuming the network hasn't
already collapsed under its own weight (they talk about hierarchical
shard discovery and signaling between shards), things will be so spread
out that traffic analysis will give very strong clues about who is
talking to whom. How severe this effect is, is for researchers to
quantify - but the Bitmessage paper gives no indication that they're
even aware of the problem.

I'm all for experiments and Bitmessage may flesh these things out over
time, but the paper was written in 2012 and (based on a quick grep of
their github) their codebase still doesn't support more than one stream.
To them, scalability is a "feature" they will implement "later". Until
they do, this is not even remotely a candidate for replacing e-mail.

It's cool tech! It's just not an e-mail replacement.

Having studied the specs for both (various people want us to implement
interesting protocols like this in Mailpile), I'd say DIME is a much
more credible attempt at baking strong crypto into e-mail from the
start, but it is still too new to say much about it.

Cheers,
 - Bjarni

-- 
Sent using Mailpile, Free Software from www.mailpile.is___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Jonathan Schleifer]

Am 28.02.2015 um 14:12 schrieb Peter Lebbing :

> On 28/02/15 14:06, Ralph Seichter wrote:
>> but PGP does not work for mass e-mail protection
> 
> Let me stress again that the proper course might be to replace SMTP (e-mail) 
> and
> then work from that. If you have a sieve and wish for something to hold 
> liquids,
> you could plug up all the holes or say "Blow this for a lark" and get a pan.

You mean like BitMessage ?

I think it's the only replacement for mail with cryptography from the start. It 
gets rid of the whole public / private key problem and also gets rid of spam by 
requiring a proof of work to send something.

--
Jonathan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Doug,

> Am 28.02.2015 um 21:36 schrieb Doug Barton :
> 
> It's overwhelmingly likely that you are overthinking this. :)

Yes, I have been known to have that tendency sometimes. :)

Thanks! Will do as you suggest, then.

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

[Doug Barton]

On 2/27/15 10:10 PM, Marco Zehe wrote:

Hi Werner et al,


Am 27.02.2015 um 20:56 schrieb Werner Koch :

There is no trust in keyservers by design.  As soon as you start
changing this you are turning PGP into a centralized system.


OK, then I have a very practical question: Even though this is my
fourth or fifth attempt at establishing OpenPGP in my daily routine
since the mid 1990s, I am still confused by what the best way is to
make my public key known. So if, as you say, key servers are not
trusted by design, if I want to spread word around my available
public key, which source should I put in a signature? While reading
this list, I have seen quite a number of different approaches. Some
put their key ID along with the finger print and the URL of a key
server. Others put a link to the key file on a web server, others
just quote their key ID and finger print, or only either of those.

I have my key uploaded (and kept current) on key servers as well as
on my web site(s), and my Impressum links to the copy on my web
site rather than the key server URL.

So: What’s the best practice advice? (and yes, I looked in the FAQ,
but that didn’t prove conclusive to me.)


It's overwhelmingly likely that you are overthinking this. :)

If someone wants to correspond with you using PGP, they will ask. If
you sign a message, they will know that you are using PGP, and what
your key Id is. And you've posted it enough places that even a
moderately motivated person will be able to find it.

Relax, and enjoy the ride.

Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Doug Barton]

On 2/27/15 3:15 AM, Peter Lebbing wrote:

So what did this key attract, being on the keyserver for four years now?

22 Nigerian 419 scams. That's it. Twenty-two! They came in batches; I haven't
seen anything since March last year.


I've had a similar key out there for longer than four years, and my 
experience is the same. This is simply not an issue.


Doug

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote: 
> No it's not, it is much simpler. When I call my wife and are in fact
> connected with a computer or agent impersonating her, they are unlikely
> being able to copy her voice so good that I don't hear it.
I guess you've missed some developments in research here (see Daniel's
post) - and this is just the publicly known research.


> And even if
> they are, I think it's very unprobable they would be able to fool me due
> to them missing context.
They don't need to know any content. And they don't need to fake her all
the time.

When "they" MitM you, they just need to wait for the time when you'd
actually to mutual authentication via saying some "code" or whatever the
ZRTP implementation gives you.
Only then they need to mute the real "her" and let the faked "her" say
the code for their (evil) DH connection with you - and vice versa.

I'm not sure what the most recent ZRTP implementations do... but is it
more than numbers, letters or simple words?
Nothing one couldn't fake or perhaps pre-record somewhere in the real
world.

Of course they might still not be able to imposture her completely - in
the sense that "she" tells you to send all your savings via PayPal to
cales...@scientia.net (which would be surely a good idea ;-) ) - But
it's enough for them to eavesdrop.


> And even if it would be possible, it would require so much manpower to
> make it unusable for mass surveilance. It would probably only be used
> against very high-priority targets of the caliber Bin Laden.
btw: I don't think that GnuPG's only intent is to fight against mass
surveillance.
I mean mass surveillance *is* of course a problem - but at least none
that will usually have any directly measurable negative effect on the
victim (again I'm not talking about the negative effect on his liberties
here).
The NSA has definitely read most of my mails (as they go to public lists
^^) but since I'm no criminal, neither someone like Snowden, Greenwald
or Assange - they simply don't care about me.

But such people or Iranian dissidents and that like ... probably want
some system which not only protects them against mass surveillance but
also gives them at least the best possible safety against dedicated
surveillance of single targets.


Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Sat, 2015-02-28 at 18:45 +0100, Johan Wevers wrote: 
> OK, not cryptographically. They could always try to bribe/threat/torture
> someone to cooperate. But that model fails if you want to perform
> unnoticed mass surveillance.

Admittedly, when it comes to "unnoticed mass surveillance" anonymous
cryptography (like TextSecure does for most users, since they aren't
pushed to validate - and even if, one cannot mark who was validated and
who not)... *might* help somewhat against unnoticed mass surveillance,
that is when something like DH is used.

But this assumption is largely based on two things:
- That's resource-wise too costly for them to MitM everyone
  => and given what we've learned from Snowden (and what "paranoid"
 people already assumed/knew before)... I really doubt that this
 would be any bigger problem for them.
 Apparently they sit at all the bigger internet exchanges,
 transatlantic cables, etc. and all the big US players (FB, Google,
 and Tier-1 content providers are anyway forced to cooperate with
 them)
- That people actually eventually check their keys, so that they'd find
  out whether their anonymous DH was attacked by some MitM.
  This might be done by some "more advanced" people who even know about
  what a fingerprint is, and when their client actually exports it to
  them (which may not be the case when you do something like whotsapp™
  or any other system used by the masses, which just promises you to be
  "secure".


Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Johan Wevers]

On 28-02-2015 18:21, Christoph Anton Mitterer wrote:

> Not sure what you refer to,... but if it's authentication schemes like
> ZRTP (which TextSecure wouldn't use)...

No it's not, it is much simpler. When I call my wife and are in fact
connected with a computer or agent impersonating her, they are unlikely
being able to copy her voice so good that I don't hear it. And even if
they are, I think it's very unprobable they would be able to fool me due
to them missing context.

Try it out: have 2 people who know each other well speak via a computer
synthesised voice so voice reconnition would not work. Then have a third
person who doesn't have intimate knpowledge about both others try to
fool one of the other two he is the other person. Unluikely to work.

And even if it would be possible, it would require so much manpower to
make it unusable for mass surveilance. It would probably only be used
against very high-priority targets of the caliber Bin Laden.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[Johan Wevers]

On 28-02-2015 15:09, Daniel Kahn Gillmor wrote:

> We had this discussion recently over on messag...@moderncrypto.org.

What is described there is a much more confined problem.

> It's far from "trivial", but breaking voice-based authentication
> (particularly in the already-noisy realm of mobile phone calls) with
> high probability doesn't seem to be beyond serious researchers.

Fooling a computer that a certain voice belongs to someone else, sure,
I'm sure that is or will be possible. Fooling me that a short, fixed
string is spoken by someone I know when in fact it is not, sure, that too.

But fooling me that the person on the other end of the line is someone I
know well by only technically impersonating his voice while having an
actual conversation... I don't believe it very likely to happen in the
near future. Perhaps it could work on someone I barely know, but pick
only once the wrong person and I might become very suspicious. It
requires not only changing the voice but also solving a problem much
harder than the classic Turing test. For once, it requires much
contextual knowledge about what both persons know of each other.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Johan Wevers]

On 28-02-2015 13:40, Peter Lebbing wrote:

> On 28/02/15 13:28, Johan Wevers wrote:
>> I don't see even the NSA breaking that.
> 
> Heh, famous last words ;).

OK, not cryptographically. They could always try to bribe/threat/torture
someone to cooperate. But that model fails if you want to perform
unnoticed mass surveillance.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote: 
> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number.
"In practise"... I guess that's also what most "normal" people believed
about their security before Snowden.

And a phone number is really no secure credential at all to prove one's
identity. o.O


> Most people I communicatw with often I even recognise by voice
> alone
Not sure what you refer to,... but if it's authentication schemes like
ZRTP (which TextSecure wouldn't use)... I'm quite sceptical about these.
The idea behind them (authentication via voice and some random string
which the peers say to each other and compare) may sound nice at a first
glance,... but little is known how good (or not) powerful organisations
can real-time fake voices. And even if not, how difficult can it be for
an organisation like the NSA to spy on you for a while and record enough
of your voice and then do a MitM?

> taking over the phone number is not going to work. I don't see
> even the NSA breaking that.
You seem to have missed all the years long discussion about how easy it
is to hack mobile systems? Even for novice criminals, etc.?
And this even assumes that everything in between (network operator,
phone manufacturer, OS manufacturer) is actually not evil, which is
unlikely as well.


Cheers,
Chris.



smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 28/02/15 16:25, Bjarni Runar Einarsson wrote:
> E-mail is the *only* surviving decentralized free and open messaging
> system with any clout today. Literally everything else in common use is
> proprietary and centralized. We should all be deeply worried about this.

Well, I think it's a bit grim to think that therefore a successor to replace
SMTP must surely be proprietary and centralized, and we should desperately
clutch to our last straw, SMTP. Plus, half the e-mail is @google.com anyway.
Proprietary, and centralized. It can still communicate with the rest of the
world, but for most contacts, it doesn't need to.

> Either way, even if this were a reasonable attitude, it doesn't in any
> way diminish or excuse the fact that OpenPGP in all its glory is too
> complicated for all but a handful of humans on the planet, most of whom
> are probably on this mailing list.

But a large part of that is due to the fact that SMTP was never built to
accomodate any form of privacy or security.[1]

Hence my comparison of SMTP being a sieve and privacy being a liquid to
transport in that sieve.

I for my part think it's unrealistic to keep using SMTP. As I said, you can keep
the endpoint communication the same, but the core network needs to be designed
with a different goal than SMTP was designed for, to wit, privacy and security.

Peter.

[1] At least where it concerns using OpenPGP for e-mail communication, which is
what we are discussing. I think most users of Debian properly use GnuPG for the
authentication of the package management, as an example.



PS: By the way, I think you don't mean "literally" in the first quoted
paragraph. Because then I need to read your words in a literal fashion, and
verbal communication qualifies, in a literal sense, as a messaging system and is
not proprietary or centralized.

PPS: I like the word "literal". It's the one word in the dictionary that can by
definition not be used in any other than its true sense :). It's comfortingly
solid in that respect.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Re: German ct magazine postulates death of pgp encryption

[Bjarni Runar Einarsson]

Peter Lebbing  wrote:
> On 28/02/15 14:06, Ralph Seichter wrote:
> > but PGP does not work for mass e-mail protection
> 
> Let me stress again that the proper course might be to replace SMTP (e-mail) 
> and
> then work from that. If you have a sieve and wish for something to hold 
> liquids,
> you could plug up all the holes or say "Blow this for a lark" and get a pan.

People keep saying this. I see this as both less realistic and more
harmful than the voices that are now claiming that OpenPGP should die.

E-mail is the *only* surviving decentralized free and open messaging
system with any clout today. Literally everything else in common use is
proprietary and centralized. We should all be deeply worried about this.

Either way, even if this were a reasonable attitude, it doesn't in any
way diminish or excuse the fact that OpenPGP in all its glory is too
complicated for all but a handful of humans on the planet, most of whom
are probably on this mailing list. :-) OpenPGP may be hard to use over
SMTP, but it isn't any easier over XMPP or Facebook messages or carrier
pigeons either.

That said, the DIME proposal is one attempt at "next gen SMTP". From
what I've read it's pretty well thought out. It's really, really
complicated though, so I'm not particularly optimistic about its chances
of success.

Cheers!
 - Bjarni

-- 
Sent using Mailpile, Free Software from www.mailpile.is___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

[Daniel Kahn Gillmor]

On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote:

> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number. One usually knows that number already from a
> contact. Most people I communicatw with often I even recognise by
> voice alone - taking over the phone number is not going to work. I
> don't see even the NSA breaking that.

We had this discussion recently over on messag...@moderncrypto.org.
It's far from "trivial", but breaking voice-based authentication
(particularly in the already-noisy realm of mobile phone calls) with
high probability doesn't seem to be beyond serious researchers.

I recommend reading the thread and the referenced papers:

  http://moderncrypto.org/mail-archive/messaging/2015/001307.html

  --dkg

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 28/02/15 14:06, Ralph Seichter wrote:
> but PGP does not work for mass e-mail protection

Let me stress again that the proper course might be to replace SMTP (e-mail) and
then work from that. If you have a sieve and wish for something to hold liquids,
you could plug up all the holes or say "Blow this for a lark" and get a pan.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Ralph Seichter]

It looks like we agree on most aspects, but to get back to the original
question of this thread: From what I have seen since the nineties (I do
remember donating money for Philip Zimmermann), PGP is great for users
with a solid foundation in cryptography, but it is too complicated for
avarage users -- no disrespect intended. For more than 20 years, PGP has
not made critical mass, and in these years computers and related
services have become ever more accessible to average users who don't
know about cryptography. In its current form, PGP can be used to improve
security in many areas and I am very grateful for the work Werner and
others put into it, but PGP does not work for mass e-mail protection, as
much as I would prefer matters to be different.

-Ralph


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 28/02/15 13:28, Johan Wevers wrote:
> I don't see even the NSA breaking that.

Heh, famous last words ;).

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hugo Osvaldo Barrera]

On 2015-02-28 12:37, Ralph Seichter wrote:
> On 28.02.2015 00:48, Hugo Osvaldo Barrera wrote:
> 
> > Please, stop spreading the iMessage falacy, it's system offers privacy
> > only from *some* parties, but not from everyone.
> 
> I invite you to read my message again. I used iMessage as an example for
> usability (as did c't editor Jürgen Schmidt), not for impregnable
> security. There is a reason why I use PGP, but there are also reasons
> why my family does not. Lately I have set up S/MIME when I helped
> friends with their smartphones, but while that takes care of transporting
> the public keys automatically, establishing trust is still an issue most
> people spend too little thought and effort on. Lower that bar, and more
> users will likely opt for end-to-end encryption.
> 
> -Ralph
>

Of course iMessage is a lot more usable: it's not a challenge to create very
usable and friendly IM UIs. The challenge is about creating easily usable
*secure* communication software.

Sure, lower the bar *on how secure what you're using is*, and most it's easier
to user.

S/MIME isn't *really* safe. It requires trusting a bunch of CAs, and is
can basically receive the same criticism as TLS applied to the web.

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

I think a bit of opportunistic encryption without proper identity verification
can be a very good thing. I was just pointing out that you need to know the
limits of that way of working, and make a conscious decision whether you need
proper verification or not.

But I didn't indicate that clearly enough.

HTH,

Peter.

PS: By the way, my ISP and some of it's employees are in a perfect position to
do a man in the middle. I sure hope they can't "just hack my system" because of
that position. The one capability certainly does not imply the other.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Johan Wevers]

On 27-02-2015 19:16, Christoph Anton Mitterer wrote:

> This is basically what they want: Anonymous cryptography, whose complete
> security is based on some good luck whether you've communicated with the
> right peer the first time.

In practice the Textsecure protocol works well of couyrse because it
uses the phone number. One usually knows that number already from a
contact. Most people I communicatw with often I even recognise by voice
alone - taking over the phone number is not going to work. I don't see
even the NSA breaking that.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Johan Wevers]

On 27-02-2015 16:57, Mark H. Wood wrote:

> It's always good to look for patterns that lead to useful
> simplification.  But there comes a point at which no further
> simplfication can be done without making the system less useful.

Well, in making it more beginner friendly, I imagine a system that does
not bother the user with complexities about whan to sign someone's key
to which degree, but after install:

1. The beginner friendly installer notices there is no secret key yet ->
create one automatically and upload it to the keyservers. To make the
experience as easy as possible perhaps even offer to use no password on
the key so it does not need to ask for a password when opening mail
(with a warning that this could give problems if losing or confiscating
the computer is part of the threat model).

2. It notices 2 email programs -> offer to integrate a plugin in both
and set the defaults to sign and encrypt when the receiver has a public
key on the servers. I agree that for webmail solutions this might be
difficult but plugins for browser automation do exist (usually aimed at
unit testing of websites).

This approach might lead to issues, like targeted attacks with false
keys and stolen computers, but it would get the number of encrypted
emails up. At least the mails would be safer in transit and at the mail
provider.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Ralph Seichter]

On 28.02.2015 00:48, Hugo Osvaldo Barrera wrote:

> Please, stop spreading the iMessage falacy, it's system offers privacy
> only from *some* parties, but not from everyone.

I invite you to read my message again. I used iMessage as an example for
usability (as did c't editor Jürgen Schmidt), not for impregnable
security. There is a reason why I use PGP, but there are also reasons
why my family does not. Lately I have set up S/MIME when I helped
friends with their smartphones, but while that takes care of transporting
the public keys automatically, establishing trust is still an issue most
people spend too little thought and effort on. Lower that bar, and more
users will likely opt for end-to-end encryption.

-Ralph


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Andreas,

> Am 27.02.2015 um 21:12 schrieb Andreas Schwier 
> :
> The keyserver would make sense, if my mail client would automatically
> fetch the public key from a server, based on the e-mail address of the
> sender and some identity data (e.g. fingerprint) in the mail signature.

FWIW, that’s how GPGMail, the Apple Mail plug-in on OS X, does it, or *can* do 
it (the feature can be disabled). It will fetch keys based on the e-mail 
address and signature. So only if it finds a key on the key server that can 
verify the signature, will it add it to the local key ring. I believe you can 
also do that with Enigmail by editing something on the Key Servers page of the 
*advanced* Enigmail settings dialog. So the Mail plugin doesn’t just add keys 
based on the e-mail address, but needs additional clues that the sender is 
OpenPGP-capable. And so far, I think I’ve only seen it do that with signatures.

> 
> I have been using GNUPG for ages now, but I verified fingerprints only a
> hand-full of time. Most of the time, I ask my peer for his public key
> and wait for the mail to arrive. For me web-of-trust and key signing
> parties don't make any sense, because I'd rather start a communication
> with a bogus key and establish trust in my genuine peer from the
> conversation we are having.

That’s how things have developed for me over the past year since I started 
using GnuPG again.

> I like the way Threema does it: I can immediately start a secure
> communication and if I need I can elevate the trust I have in the key.
> But most of the time I'm communicating with people I know anyway.

Yes, and Threema itself even offers a few levels of potential trust through 
verification of the phone number and/or e-mail address, indicating that the 
other party has established it has access to one or both of these means, 
without actually giving away the phone number or e-mail address. And if one has 
that Threema contact in one’s own address book and chose to look them up on the 
Threema servers, that is also indicated. This is a level of proof of ownership 
I was also referring to earlier, where one can do a bit more to tell others 
„hey, this is really me!“.

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Sat, 2015-02-28 at 07:01 +0100, Marco Zehe wrote:
> So like everywhere, different opinions, and that one journalist’s
> opinion definitely doesn’t speak for all of the folks at c’t or Heise
> in General.
Well, that might be... but with respect to this question, there is only
one correct opinion - at least as long as we have no crypto system that
can do without mutual authentication and still provide mutually
authenticated identities ;-)

And whether or not there are journalists at heise who don't agree, their
current voice seem to be that of an ignorant... and people will read
these articles and the seed of the though that crypto "must be easier"
will be laid :-(





smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Werner et al,

> Am 27.02.2015 um 20:56 schrieb Werner Koch :
> 
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

OK, then I have a very practical question: Even though this is my fourth or 
fifth attempt at establishing OpenPGP in my daily routine since the mid 1990s, 
I am still confused by what the best way is to make my public key known. So if, 
as you say, key servers are not trusted by design, if I want to spread word 
around my available public key, which source should I put in a signature? While 
reading this list, I have seen quite a number of different approaches. Some put 
their key ID along with the finger print and the URL of a key server. Others 
put a link to the key file on a web server, others just quote their key ID and 
finger print, or only either of those.

I have my key uploaded (and kept current) on key servers as well as on my web 
site(s), and my Impressum links to the copy on my web site rather than the key 
server URL.

So: What’s the best practice advice? (and yes, I looked in the FAQ, but that 
didn’t prove conclusive to me.)

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Marco Zehe]

Hi Chris,

> Am 27.02.2015 um 19:16 schrieb Christoph Anton Mitterer 
> :
> 
> This is basically what they want: Anonymous cryptography, whose complete
> security is based on some good luck whether you've communicated with the
> right peer the first time.
> 
> But instead of just advertising that crap, they seem to also have went
> on some stupid anti-OpenPGP campaign… o.O

I agree! I actually took them up on their offer to contact them for signing my 
public key with their C’t PGPCA key they advertise at the end of the actual 
article (not the editorial) in c’t 6/2015, page 160. But because I had a 
question, I wrote to them first. Took a couple of days before I got a reply, 
and I couldn’t help but ask if they’ve already ditched OpenPGP completely. I 
was sarcastic, and got a very honest reply from another c’t journalist saying 
that that very topic has been heatedly debated at Heise, and that by far not 
everyone agrees with Mr. Schmidt. Their crypto campaign is still in full force 
despite the editorial. So like everywhere, different opinions, and that one 
journalist’s opinion definitely doesn’t speak for all of the folks at c’t or 
Heise in General.

Marco



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Mirimir]

On 02/27/2015 01:12 PM, Andreas Schwier wrote:



> So what exactly is the purpose of the keyserver then ? If you expect me
> to still verify fingerprints out of band, why would I grab a - probably
> bogus key - from a keyserver first place ? I could immediately ask my
> peer to send it by mail.

I find keyservers most useful when I receive a signed (and typically
encrypted) email from someone whose public key I don't have. Enigmail
reports an untrusted signature. So I hit Details, and accept its offer
to get the requisite key from (by default) .

If I need the public key of someone new, I first look on .
If it's not there, or on their website or blog, I typically just request
it by email.




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hugo Osvaldo Barrera]

On 2015-02-27 13:23, Ralph Seichter wrote:
> > Your positions to this ct approach?
> 
> The c't magazine is mostly well respected in Germany and the editors
> have some valid points; the latest articles are by no means mindless
> rants or PGP-bashing. The thought of letting PGP die as an e-mail
> encryption mechanism for the "masses" (the non-tech-savvy average users)
> and to have it replaced with something my mother could use is valid. The
> c't editorial also clearly states that PGP works perfectly well and is
> secure as long as keys are verified, but fake keys and people not
> verifying fingerprints are a reality. Alice can't just send an e-mail to
> Bob, she needs to acquire and verify Bob's public key first. Compare
> this to transparent encryption like Apple's iMessage service uses and it
> is not hard to answer which mechanism has better usability. I like and
> use PGP like probably every subscriber on this mailing list, but the
> number of people I can exchange PGP-encrypted data with is very low when
> compared to the total number of my e-mail contacts.
> 
> -Ralph

iMessages model offers way less security than GPG, and a centrail authority
that all of humanity needs to trust in charge of everything is incredibly
naive.

What if I work for Apple's competition and need to send an extremely
confidential message to my coworkers? I can't possibly trust Apple with
handling my keys transparently for me.

Encryption is clumbersome because that's the price of security and privacy. I
hate having to put the key on the lock every day to open it, but if I don't,
anyone can get in.

Sure, I've heard the arguments like:

* Let's use a globally trusted authority instead: There's no such thing and
  never will be. Someone will always have a valid reason to distrust it.
* Set up your own keyexchange server: Ok, so we're back to GPG and keyrings
  where users need to manually retrieve keys from different places and
  determine if they're the right one or not.

Please, stop spreading the iMessage falacy, it's system offers privacy only
from *some* parties, but not from everyone.

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Fri, 2015-02-27 at 22:40 +0100, Martin Behrendt wrote: 
> At what point is a system a [semi-]proprietary system?
> How many computers are out there where not even a single part of the
> hardware (and firmware) is proprietary?
I rather meant Android here, which may have an open source core, but in
fact most people use a binary only installation from a not trustworthy
vendor.


Cheers,
Chris


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hauke Laging]

Am Fr 27.02.2015, 13:11:33 schrieb Kristian Fiskerstrand:

> > We need keyservers which are a lot better that today's. IMHO that
> > also means that a keyserver should tell a client for each offered
> > certificate whether it (or a trusted keyserver) has made such an
> > email verification.
> 
> The keyservers have no role in this, they are pure data store and can
> never act as a CA.

That is not a higher truth which must not be breached. The other way 
round it is correct, though: It must be possible to run a keyserver 
without making any statements about the certificates.


> That would bring up a can of worm of issues, both
> politically and legally, I wouldn't want to see the first case where a
> keyserver operator was sued for permitting a "fake key" (the term
> itself is very misleading

I would consider taking that to court ridiculous (for several reasons, 
one being the (also ridiculous) class 1 X.509 certifications) but it 
makes obviously little sense for us to make a mandatory assessment for 
the whole world. That is a decision which everyone who runs a keyserver 
(or intends to) should make himself.

This need not be implemented by the keyserver making signatures. It 
would be enough if there were certificate attributes in the keyserver 
answer. That way these certificates could not easily become valid by some 
not so clever user giving full certification trust to the keyserver's own 
certificate.


> People need to understand that operational security is critical for
> any security of a system and validate the key through secondary
> channel (fingerprint, algorithm type, key length etc verifiable
> directly or through probabilistic measures e.g. based on historical
> postings on mailing lists over a long time for a project etc).

I could hardly agree more but it is easy to join the "People need to 
understand" game if you are on a mailing list. This becomes much harder 
if you have been working on spreading OpenPGP usage in the nasty real 
world for a while. Like I have. For more than two years I have been 
teaching people myself, seen what is done (and what isn't) at 
Cryptoparties, have tried to use universities and schools for gaining 
new users. So what do we talk about here if in good approximation nobody 
outside this mailing list gives a^W^W cares about that?

We are going to lose this if we don't make usable offers. And in case it 
is not already well known here: I am at the security extremist end of 
the spectrum. I think both OpenPGP and GnuPG are not good enough yet in 
supporting high level security. I am just not willing to ignore the 
other 99.3%.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Martin Behrendt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 27.02.2015 um 22:28 schrieb Christoph Anton Mitterer:
> On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote:
>> Most people run Windows or Android (or use Lenovo stuff) and thus
>> have anyway no control over their boxes.
> To be honest, I don't think that anyone using Windows, Android,
> MacOS or any other [semi-]proprietary system actually wants to be
> secure - neither do I think that we should waste our resource on
> securing them which is per se not possible.

At what point is a system a [semi-]proprietary system?
How many computers are out there where not even a single part of the
hardware (and firmware) is proprietary?
Where do you draw the line? If I would have to guess, I would say, the
device you wrote that sentence with, falls in the category
semi-proprietary...

greetings
Martin

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEARECAAYFAlTw5C4ACgkQ/6vdZgk46sggswCgyXjGYnul/yxgMoDb7Astu1e+
u4wAnR9JqtMXTAy6MGo3HvzQSBV08m/U
=g1qf
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 02/27/2015 11:21 PM, Hauke Laging wrote:
> Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing:
> 
>> But what about that Man in the Middle who does nothing more than 
>> receive your message encrypted to their key and forward it to
>> the real recipient you are building a trust relationship with?
> 
> He does have to do more: He has to intercept the messages or
> deceive you about the email address to use. Both is possible, both
> are non-triviasl tasks so that you also have to ask: If he can to
> that why assume that he doesn't just hack your system?
> 
> 

_cracking_ the system (I hack my system every day..) would leave
traces, the same would not necessarily be true for DNS poisioning or
BGP hijacking on the network layer.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true -- I no longer know how to use my telephone"
(Bjarne Stroustrup, April 1999)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU8O7TAAoJEP7VAChXwav6hxkIAI6qRHP4D2aFp9y+BB25CXGD
RU3q4+F4qe0UPjOQP5NRdywxQIzzOwGEjAKwQ8V3ruQo087+Ion+rI81QQ3RUHsn
NFRSOmkxdvEWzyj5zF8exegfJFnGxm0p5kAywIfWKxaZMngMC7TgLSZo7b0HTvcC
1Tl7BcbkNXICFS7yJ0hlQvbnxIe4gzmrALG2EyG+TvGIHk9O6Ks6VqafayXSQw7H
XzMXNQJpjULIpcT/EhfQIr4GrjDDrE6AqImovqKIi9TkdnNHfiI1WTszDjUEwH6c
qhEYPCM29LFcX9mTIpQnONUqacjHieF0TLeJfgISD7j8QTmSOMwXsVOOoB/ijtc=
=d2VX
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hauke Laging]

Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing:

> But what about that Man in the Middle who does nothing more than
> receive your message encrypted to their key and forward it to the
> real recipient you are building a trust relationship with?

He does have to do more: He has to intercept the messages or deceive you 
about the email address to use. Both is possible, both are non-triviasl 
tasks so that you also have to ask: If he can to that why assume that he 
doesn't just hack your system?


> That MITM
> is following and logging your interesting conversation without either
> of you noticing...

So would he with unencrypted messages. Certificate validation does not 
appear from nowhere. Either you have it or you don't. And in reality you 
usually have to send the message anyway.

IMHO we especially need education for the masses that they become aware 
that different messages require different security levels (in all areas: 
key security, authentication security and system security). OpenPGP is 
not a model technology in that regard, too.

As you can read German, at least slowly... ;-)
http://www.crypto-fuer-alle.de/wishlist/securitylevel/


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Hauke Laging]

Am Fr 27.02.2015, 20:56:00 schrieb Werner Koch:
> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
> > that anyone can upload _every_ key to a keyserver is an issue. If
> > keyservers would do some sort of verification (e.g. confirmation of
> > the email addresses) then this would lead to much more reliable
> > data.
> 
> We have such a system. It is called S/MIME.

> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.

That is not true. The main difference between the two is not that OpenPGP 
keyservers must be irrelevant for certificate assessment. The IMHO most 
important difference is that OpenPGP is well prepared for keys being 
certified by several keys. As a result you can configure how a certificate 
becomes valid.

Taking information into account which is generated by keyservers would 
not change this paradigm. Of course, such a feature could be used in a 
wrong way. But what change would that be? From my observation the 
majority of OpenPGP users uses it wrongly. And even the current official 
version of the Windows world's "model implementation" Enigmail makes it 
a pain to use it correctly. (The development version finally got that 
right, incredible...) The GPGTools plugin doesn't even offer you (at 
least not via the normal configuration interface) to do it right.

The right way to select a certificate is:

1) Have a look at one or (if necessary) more (non-synced) keyservers and 
try to find a signature which makes one of the found certificates valid.

2) What now? If there is only one certificate on the keyservers then 
people will use it. Even if it is a fake because the address owner 
either doesn't use OpenPGP at all or wants to avoid the keyservers (as 
spam or privacy protection) and offers his certificate on his web site.

If there are two non-valid certificates left the only question (in 
reality!) is "Use one of them or send unencrypted?" There is no reason 
to ignore additional information like "this entity (which happens to be 
a keyserver) claims to have verified the email address". Of course, this 
information becomes useful only if there is reason to trust this 
particular keyserver (which does not look promising with a DNS round-
robin pool).

You could even do that today by manually checking the pool for a 
validated certificate first and in case of failure one ore more keyservers 
which you happen to know that they verify the email address (like the 
PGP company's one). I don't understand anyway why gpg cannot be 
configured to use several keyservers at once (especially if the first one 
has no match).


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 02/27/2015 09:56 PM, Werner Koch wrote:
> On Fri, 27 Feb 2015 21:07,
> kristian.fiskerstr...@sumptuouscapital.com said:
> 
>> Increasing the information on keyservers like this, in particular
>> in the descriptive parts can be considered, would it suffice to
>> be part of the standard web interface for keyserver intro, or
>> would it have to be added on each individual index page?
> 
> I would put it on each index page - at least a link.
> 
> "this key listing may harm you - we reject all resonsibility for 
> improper use of this device" ;-)

I might use a slightly different wording :) But adding something of
the sort to my TODO list for SKS.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU8OosAAoJEP7VAChXwav6MxgH/2NMrQwew4ISRGJcrWLiLWyH
Xt/m9euxfkj7DeMRRgGvMVW9ilUZM4q6jZ3dbncBjaMy3mAZv5ct1hbEgqSqWNxg
GlyTyrLXBAC8p+/wSpeNzJGl2j9a5shmV8nxv3SEl7sxoYkbLhWdVUn7Kgph14xE
mJe7VCn7NlqPt9b9YgbfRnI0VsD7aQ8eTwwqSCef5xMi5wdEUHirjkf5BMCV/uLQ
wE7RUGkrV6YkX7H69MjOfrhpdglv0oU4QxQx0qnOCFvY20AIVo3N9jJzt5h+CNvz
YO56foiCQ5+uQcA/4uIpSUXJXUEQlKZunmE3CF6LjL6jStK5F/NF3sraYuL663I=
=krnn
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Peter Lebbing]

On 27/02/15 21:12, Andreas Schwier wrote:
> I'd rather start a communication
> with a bogus key and establish trust in my genuine peer from the
> conversation we are having.

But what about that Man in the Middle who does nothing more than receive
your message encrypted to their key and forward it to the real recipient
you are building a trust relationship with? That MITM is following and
logging your interesting conversation without either of you noticing...

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote: 
> Most people run Windows or Android (or use Lenovo stuff) and thus have
> anyway no control over their boxes.
To be honest, I don't think that anyone using Windows, Android, MacOS or
any other [semi-]proprietary system actually wants to be secure -
neither do I think that we should waste our resource on securing them
which is per se not possible.


Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 21:24, cales...@scientia.net said:

> - Nothing is encrypted (so everyone eavesdropping will know that I just
>   downloaded the key for nsa-whistleblow...@wikileaks.org... and five

Which he will anyway see as soon as you send the mail.  Iff we have an
anonymous network both problems will vanish. 

> Why? Well most people don't audit the code of GnuPG, so when they trust
> them already with respect to that, they can also trust them with respect

Most people run Windows or Android (or use Lenovo stuff) and thus have
anyway no control over their boxes.

> So I think the way to go here would be Tor.

Or a real anonymous overlay network.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote: 
> So what exactly is the purpose of the keyserver then ?
Find trust paths, signature updates, self signature updates, key
revocation certs (but beware of the issues I've described in my mail a
few seconds before)...

Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 21:07, kristian.fiskerstr...@sumptuouscapital.com
said:

> Increasing the information on keyservers like this, in particular in
> the descriptive parts can be considered, would it suffice to be part
> of the standard web interface for keyserver intro, or would it have to
> be added on each individual index page?

I would put it on each index page - at least a link.

"this key listing may harm you - we reject all resonsibility for
 improper use of this device" ;-)


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Christoph Anton Mitterer]

On Fri, 2015-02-27 at 20:56 +0100, Werner Koch wrote: 
> There is no trust in keyservers by design.  As soon as you start
> changing this you are turning PGP into a centralized system.
Well not necessarily - at least not in the sense of exactly one power
having control over the whole key network (as it would be the case in
X.509).

IMHO the current situation with keyservers isn't perfect:
- Usually (AFAIK), only one of them is used for queries/submissions...
  if that one is evil, that you have a problem (at least until the next
  submission/query).
- Nothing is authenticated (well there is hkps, but the problem here is,
  that one single person holds the control over the effectively only
  used CA... and while I don't think that Kristian is evil ;-) ... it's
  a conceptual problem).
  => thus an attacker can easily do downgrade/blocking attacks... like
  filtering out any revocation certs.
- Nothing is encrypted (so everyone eavesdropping will know that I just
  downloaded the key for nsa-whistleblow...@wikileaks.org... and five
  minutes later I'd be beaten to death).


Ideally, every keyserver would sign his responses (with OpenPGP of
course ;) )... and GnuPG/etc. would ship the keys of (at least some of)
these servers.
This is of course some effort to collect/verify and even then Werner&Co
wouldn't know whether can for example trust me as a keyserver operator
or whether I'm secretly paid by the BND.
But(!) when each request (queries / submissions) would be made to a
handful of randomly chosen keyservers (say 20?), there are good chances
that at least some of them are not evil and any forgery would be at
least noted.

Ideally, gnupg.org would then also run a keyserver, which is always
included in the list.
Why? Well most people don't audit the code of GnuPG, so when they trust
them already with respect to that, they can also trust them with respect
to a keyserver.
And people should be able to specify additional always-in-the-list
keyservers,.. like I would specify my own or ubuntu employees would
specify the one from canonical - if it's running ;) ).


As for the privacy component: The above schema obviously makes
encryption for privacy useless... (an other issues, like keyservers
doing caching, could also make it defeatable).
So I think the way to go here would be Tor.



Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Andreas Schwier]

>> But that's the main primary reason of the article at all. The fact 
>> that anyone can upload _every_ key to a keyserver is an issue. If
> 
> No, it is not, it has always been very clear no to rely on the
> existence of a key on either a keyserver or on a local keyring without
> proper verification and certification
So what exactly is the purpose of the keyserver then ? If you expect me
to still verify fingerprints out of band, why would I grab a - probably
bogus key - from a keyserver first place ? I could immediately ask my
peer to send it by mail.

The keyserver would make sense, if my mail client would automatically
fetch the public key from a server, based on the e-mail address of the
sender and some identity data (e.g. fingerprint) in the mail signature.

It would them prompt me, if I want to add that key to my keyring and
optionally perform some additional out-of-band checks.

Because normally I exchange keys in the context of establishing a
relationship with the sender of the e-mail. The context (mail arrived
expectedly, had a phone call just before, answers my request) allows to
me to make a cautious decision about the level of trust I have in the key.

I have been using GNUPG for ages now, but I verified fingerprints only a
hand-full of time. Most of the time, I ask my peer for his public key
and wait for the mail to arrive. For me web-of-trust and key signing
parties don't make any sense, because I'd rather start a communication
with a bogus key and establish trust in my genuine peer from the
conversation we are having.

I like the way Threema does it: I can immediately start a secure
communication and if I need I can elevate the trust I have in the key.
But most of the time I'm communicating with people I know anyway.


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org
 http://www.smartcard-hsm.com


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 02/27/2015 08:42 PM, Werner Koch wrote:
> On Fri, 27 Feb 2015 19:37, marcozehe...@mailbox.org said:
> 
>> And here’s the other problem the main article in c’t mentions:
>> Those keys, although faked, were certified. They were certified
>> by equally faked keys which resemble keys that are quite
>> well-known. So unless
> 
> Nope.  According to the questions the author sent me prior to
> publishing this article, he only looked at listing presented by the
> keyserver and concluded that if the web pages tells self-signature
> the user id must be valid (e.g. that second user id on the c't PGP
> CA).  Now we all know that keyservers don't do crypto.  As soon as
> you import that key the user ids with the faked self-signature are
> simply ignored and a listing by gpg won't show them.

the author was fully aware of this, he contacted me back in May 2014
already regarding these keys and asked me to provide a list of keys
that had been signed by some specific keys (the fake CA keys). That
list was provided after a quick lookup - there were 7 keys in total
that had been signed with them.

> 
> To avoid that in the future, the signature listing from the
> keyservers may add a note about this.

Increasing the information on keyservers like this, in particular in
the descriptive parts can be considered, would it suffice to be part
of the standard web interface for keyserver intro, or would it have to
be added on each individual index page?


- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Veni vidi velcro
I came, I saw, I got stuck
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJU8M5dAAoJEP7VAChXwav6okgIAKEMDKEh4mcd++SWPpCdhlr/
3Uyrz2E3Ifer3QuSBp4nav8XRx43HcvNkCja+RqdGue3RmRYadMUW2FwjLe/lX04
BKZ48/NOXBOC3/JJUQUr5/HkWXLII+rSf13jDu1GixnPUUI7gtECTPJQDevBrQLF
cA5L/hgrNH1Te1y4iZLrzmlEtr95Az8MlwkBmSf+sLCnmG7gW7suKHXsC7JrcRA7
siApTYVqk7PLBq8iMcs40A33+BbYZ1eXUwe3NuNGaPJV/4UjnGaKO4zjvcsk/uY5
YdtW63jtNYtN51lpL67mEMsIzTGfN3FM0L/RC0ud83TeoBbWaaloAufJQJARem0=
=nGok
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: German ct magazine postulates death of pgp encryption

[Werner Koch]

On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:

> that anyone can upload _every_ key to a keyserver is an issue. If
> keyservers would do some sort of verification (e.g. confirmation of
> the email addresses) then this would lead to much more reliable data.

We have such a system. It is called S/MIME.

Ever tried to find an S/MIME (X.509) key (aka certificate) for an
arbitrary mail address?  The only working solution to get such a key is
by sending a mail and asking for the key.  You can do the very same with
PGP of course.  Keyservers along with visting cards are much nicer.

So, why is there no public service to distribute X.509 keys?  Because
nobody want to be legally responsible for such a key unless you push a
stack of money over the table for a qualified signature certificate.

BTW, even the DFN PGP keyserver (blackhole.pca.dfn.de) had to be shut
down for similar legal reasons.  However, it is not a problem, we can
use other keyservers.

> believe that this would make keyservers more trustworthy than today.

There is no trust in keyservers by design.  As soon as you start
changing this you are turning PGP into a centralized system.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users