-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin B McCarty ([EMAIL PROTECTED]) wrote:
> Did the announcement for DSA 1193-1 cause Thunderbird to crash
> for anyone else? (I was reading it in Thunderbird 1.5.0.7 on
> Mac OS X with the Enigmail extension installed, so it may not happen
> on a De
On Tue, Oct 10, 2006 at 09:22:43PM -0400, David Kennedy CISSP wrote:
> signed by a key not included in
> http://www.debian.org/security/keys.txt and not on the PGP.COM,
> MIT.EDU or any other of several public key servers.
It's on pgp.mit.edu
(http://pgp.mit.edu:11371/pks/lookup?search=noahm%40deb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
signed by a key not included in
http://www.debian.org/security/keys.txt and not on the PGP.COM,
MIT.EDU or any other of several public key servers.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32) - GPGshell v3.45
Comment: Hacker=Cybercr
On Tue, Oct 10, 2006 at 09:57:33PM +0200, Florent Rougon wrote:
> > For those that don't know those files:
> > http://www.spi-inc.org/secretary/spi-ca.crt
> > http://www.spi-inc.org/secretary/spi-ca-fingerprint.txt
So Joerg just replaced them with the new ones:
http://www.spi-inc.org/secretary/spi
On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote:
> On 10803 March 1977, Kurt Roeckx wrote:
>
> > I assume you've used https and that you verified the certificate?
> > And saw that it was issued by SPI? And then you looked up SPI's
> > certificate? And you found that there is a text file
On Tue, 2006-10-10 at 21:57 +0200, Florent Rougon wrote:
> [ I think debian-admin have read enough about my request by now, so if
> you reply about verifying certificates and such, please consider
> dropping the CC. Thanks. ]
>
> Kurt Roeckx <[EMAIL PROTECTED]> wrote:
>
> > See:
> > http://l
On 10803 March 1977, Florent Rougon wrote:
> but unfortunately:
> % md5sum /etc/ssl/certs/spi-ca.pem
> 33922a1660820e44812e7ddc392878cb /etc/ssl/certs/spi-ca.pem
> And reading /etc/ssl/certs/spi-ca.pem is not very enlightening:
> It would be nice to have the whole procedure for verifying the
On 10803 March 1977, Kurt Roeckx wrote:
> I assume you've used https and that you verified the certificate?
> And saw that it was issued by SPI? And then you looked up SPI's
> certificate? And you found that there is a text file with the SHA1 and
> MD5 sum signed by Wichert Akkerman?
> For those
[ I think debian-admin have read enough about my request by now, so if
you reply about verifying certificates and such, please consider
dropping the CC. Thanks. ]
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> See:
> http://lists.debian.org/debian-project/2006/07/msg00056.html
> Which has the key i
On Tue, Oct 10, 2006 at 06:37:16PM +0200, Florent Rougon wrote:
> Hi,
>
> David Clymer <[EMAIL PROTECTED]> wrote:
>
> > With a signature, he just has to trust that signer f00's key has not
> > been compromised, thus the published host key info is trustworthy and a
> > MITM is not happening.
>
>
On Mon, Oct 09, 2006 at 08:19:33PM +0200, Florent Rougon wrote:
>
> 2. I have to trust the integrity of db.debian.org.
>
> I think it would be much better if someone from debian-admin would be so
> kind to GPG-sign the public RSA keys of Debian hosts. This way, I'd only
> have to trust that Jam
Hi,
David Clymer <[EMAIL PROTECTED]> wrote:
> With a signature, he just has to trust that signer f00's key has not
> been compromised, thus the published host key info is trustworthy and a
> MITM is not happening.
To be honest, I believe the MITM attack problem could be mitigated by
the certific
Hi,
Joerg Jaspert <[EMAIL PROTECTED]> wrote:
>> 1. There is also:
>> * Entry created: /00/00 00:00:00 UTC
>> * Entry modified: /00/00 00:00:00 UTC
>
> Those fields could be removed and not shown, that would "fix" this. Its
> just that in the past we had those filled i
On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote:
> On 10802 March 1977, Florent Rougon wrote:
...
>
> > 2. I have to trust the integrity of db.debian.org.
>
> Signing the keys you would have to trust whoever signed it. Same thing.
>
I don't see that as being the same thing at all. W
14 matches
Mail list logo