m wrote:
Difficult at best, who wants to trust a faceless corporation? Not to be
cynical but you might trust the receptionist but what about the IT dept?
Are they competent? Money is no guarantee of anything, in fact the
larger the company the more likely they will let something slip through
Todd Zullinger wrote:
$ gpg --list-options 'show-policy-urls' --list-sigs silfreed
pub 1024D/ED00D312 2000-06-21
uid Douglas E. Warner silfr...@...
sig 3ED00D312 2005-11-02 Douglas E. Warner silfr...@...
sig 2 PBEAF0CE3 2006-08-07 Todd M. Zullinger t...@...
On Wed, 2009-04-01 at 13:42 +0200, Stanisław T. Findeisen wrote:
Sure, you might not be sure how honest a particular person
is, or how accurate she is when it comes to key signing. But it
*might* be helpful to know that a key of someone else that you haven't
met in person has been signed by,
On 4/1/2009 8:56 AM, Tim wrote:
On Wed, 2009-04-01 at 13:42 +0200, Stanisław T. Findeisen wrote:
Sure, you might not be sure how honest a particular person
is, or how accurate she is when it comes to key signing. But it
*might* be helpful to know that a key of someone else that you haven't
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which is an important distinction if you happen to be the paranoid
schizophrenic twin...
Craig White wrote:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which is an important distinction if you happen to be the paranoid
On Wednesday 01 April 2009 14:18:11 David wrote:
On 4/1/2009 8:56 AM, Tim wrote:
On Wed, 2009-04-01 at 13:42 +0200, Stanisław T. Findeisen wrote:
Sure, you might not be sure how honest a particular person
is, or how accurate she is when it comes to key signing. But it
*might* be helpful
On Wed, 2009-04-01 at 10:37 -0400, m wrote:
ps - then again, the fingerprints would likely be identical
According to the info I have found, twins of any sort will not have
identical fingerprints, though their DNA might be virtually
indistinguishable if they are identical twins.
I
Craig White wrote:
On Wed, 2009-04-01 at 10:37 -0400, m wrote:
ps - then again, the fingerprints would likely be identical
According to the info I have found, twins of any sort will not have
identical fingerprints, though their DNA might be virtually
indistinguishable if they are identical
Tim:
You need to know them more than just having met them before, you need
to know what their attitude is to signing keys. Will they only sign
keys with users that have credible ID? And could they spot fake ID?
David:
I use a state issued picture driver license, a birth certificate, and
a
On Wed, 2009-04-01 at 10:37 -0400, m wrote:
According to the info I have found, twins of any sort will not have
identical fingerprints, though their DNA might be virtually
indistinguishable if they are identical twins.
Many many years ago I remember finding out that identical twins are
On 4/1/2009 10:13 AM, Craig White wrote:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which is an important distinction if you happen to
David wrote:
On 4/1/2009 10:13 AM, Craig White wrote:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which is an important distinction if
On Wednesday 01 April 2009 17:08:46 m wrote:
Anyone want to join my support group for the
insanely pedantic.
*Does* anyone want to ... ?
Count me in ;o)
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
David wrote:
On 4/1/2009 10:13 AM, Craig White wrote:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate, and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which is an important distinction if
Bill Crawford:
Ought to be possible for people to visit companies' offices and sign their
keys,
and add them to the web of trust as per PGP / GPG keys. No idea if / how
that
should be done, in practice, though.
m:
Difficult at best, who wants to trust a faceless corporation? Not to be
Tim wrote:
Bill Crawford:
Ought to be possible for people to visit companies' offices and sign their keys,
and add them to the web of trust as per PGP / GPG keys. No idea if / how that
should be done, in practice, though.
m:
Difficult at best, who wants to trust a faceless corporation? Not
On 4/1/2009 12:08 PM, m wrote:
David wrote:
On 4/1/2009 10:13 AM, Craig White wrote:
On Wed, 2009-04-01 at 14:49 +0100, Alan Cox wrote:
I use a state issued picture driver license, a birth certificate,
and a US
Passport.
Which doesn't prove you are not one of identical twins ;)
which
On Wed, 2009-04-01 at 12:08 -0400, m wrote:
I asked at the DMV once,
naturally the response was a somewhat less than spectacular proves
you
were born. So the fact that I live and breathe is not proof enough
that
someone gave birth to me?
At our local DMV you'll grow old grey waiting to
On Mon, 2009-03-30 at 20:14 -0500, Mikkel L. Ellertson wrote:
I guess I have a problem - I only meat people online, so nobody is
going to be able to sign my key. All they have to go by is my signed
messages.
I have a related sort of problem: If I were to meet someone in person,
I have no real
On Mon, 2009-03-30 at 23:04 +0200, Kevin Kofler wrote:
HTTPS should displace HTTP the same way SSH displaced telnet. Most
people think people still using telnet as a remote shell are crazy
(and they're probably right), yet they'll happily use the just as
insecure unencrypted HTTP.
Likewise
On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
On Mon, Mar 30, 2009 at 13:46:02 -0400,
Todd Denniston todd.dennis...@ssa.crane.navy.mil wrote:
i.e., sure all the root CA's that the browser producers want to include
can come in, but they should have trust DBs that allow each user
On Tue, 2009-03-31 at 12:27 +0100, Bill Crawford wrote:
Ought to be possible for people to visit companies' offices and sign
their keys, and add them to the web of trust as per PGP / GPG keys.
No idea if / how that should be done, in practice, though.
Actually, I'd like to be able to do
On Tuesday 31 March 2009 13:16:42 Tim wrote:
On Tue, 2009-03-31 at 12:27 +0100, Bill Crawford wrote:
Ought to be possible for people to visit companies' offices and sign
their keys, and add them to the web of trust as per PGP / GPG keys.
No idea if / how that should be done, in practice,
On Tuesday 31 March 2009 15:01:42 Anne Wilson wrote:
On Tuesday 31 March 2009 13:16:42 Tim wrote:
On Tue, 2009-03-31 at 12:27 +0100, Bill Crawford wrote:
Ought to be possible for people to visit companies' offices and sign
their keys, and add them to the web of trust as per PGP / GPG
On Tuesday 31 March 2009 15:01:42 Anne Wilson wrote:
...
Anne
By the way, your mails are showing up as having BAD signature in kmail here
(the
key is available). Is your mailer munging things, or is it the list servers?
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe:
Bill Crawford wrote:
On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
On Mon, Mar 30, 2009 at 13:46:02 -0400,
Todd Denniston todd.dennis...@ssa.crane.navy.mil wrote:
i.e., sure all the root CA's that the browser producers want to include
can come in, but they should have trust DBs
Bill Crawford wrote:
On Tuesday 31 March 2009 15:01:42 Anne Wilson wrote:
...
Anne
By the way, your mails are showing up as having BAD signature in kmail here
(the
key is available). Is your mailer munging things, or is it the list servers?
It only shows up bad when the
On Tue, Mar 31, 2009 at 12:27:08 +0100,
Bill Crawford billcrawford1...@gmail.com wrote:
On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
CAs that charge extra in order to sign certs that have flag set to
indicate that they can sign other certs in subdomains should be boycotted.
On Tue, Mar 31, 2009 at 11:00:34 -0400,
m maximilianbia...@gmail.com wrote:
Difficult at best, who wants to trust a faceless corporation? Not to be
cynical but you might trust the receptionist but what about the IT dept?
Are they competent? Money is no guarantee of anything, in fact the
m wrote:
I would point you to Firefox for instance, which by some(not I) is
reported to be a very insecure browser. There was an article, a while
back, that pointed out that it had more software vulnerabilities than
other browsers in I think it was 06 or 07. On the surface the article
seemed
On Tuesday 31 March 2009 16:03:14 Ed Greshko wrote:
Bill Crawford wrote:
On Tuesday 31 March 2009 15:01:42 Anne Wilson wrote:
...
Anne
By the way, your mails are showing up as having BAD signature in kmail
here (the key is available). Is your mailer munging things, or is it the
Kevin Kofler wrote:
m wrote:
I would point you to Firefox for instance, which by some(not I) is
reported to be a very insecure browser. There was an article, a while
back, that pointed out that it had more software vulnerabilities than
other browsers in I think it was 06 or 07. On the surface
On Tue, 2009-03-31 at 10:42 -0500, Bruno Wolff III wrote:
On Tue, Mar 31, 2009 at 12:27:08 +0100,
Bill Crawford billcrawford1...@gmail.com wrote:
On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
CAs that charge extra in order to sign certs that have flag set to
indicate that
Mikkel L. Ellertson wrote:
Let me see - The Gnupg package is included with Fedora. RPMs are
signed with a GPG key - each version has its own key. The extra
repositories have their own keys. When their was a possibility that
the keys had been compromised, new keys were issued. It is not like
On Monday 30 March 2009 12:47:49 Tim wrote:
On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote:
If you examine my key you will see that it is signed by a number of
people who have properly verified that I am who I say I am. This is
essential for the web of trust to work, but frankly it
On Monday 30 March 2009 08:28:12 Stanisław T. Findeisen wrote:
Mikkel L. Ellertson wrote:
Let me see - The Gnupg package is included with Fedora. RPMs are
signed with a GPG key - each version has its own key. The extra
repositories have their own keys. When their was a possibility that
On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote:
If you examine my key you will see that it is signed by a number of
people who have properly verified that I am who I say I am. This is
essential for the web of trust to work, but frankly it is not
understood by many people, and I've seen
On Mon, 2009-03-30 at 22:17 +1030, Tim wrote:
On Mon, 2009-03-30 at 11:23 +0100, Anne Wilson wrote:
If you examine my key you will see that it is signed by a number of
people who have properly verified that I am who I say I am. This is
essential for the web of trust to work, but frankly it
On Tue, 31 Mar 2009 00:48:01 +1030
Tim wrote:
On Mon, 2009-03-30 at 08:55 -0500, Aaron Konstam wrote:
What is wrong with Verisign?
Is that a loaded question, or what?
Directly on point, someone persuaded Verisign to issue genuine Microsoft
Corporation keys to them in 2001.
--
MELVILLE
On Tue, 2009-03-31 at 00:48 +1030, Tim wrote:
On Mon, 2009-03-30 at 08:55 -0500, Aaron Konstam wrote:
What is wrong with Verisign?
Is that a loaded question, or what?
Some have no kind words for the company. Here's a short bit about that:
On Mon, Mar 30, 2009 at 08:55:52 -0500,
Aaron Konstam akons...@sbcglobal.net wrote:
What is wrong with Verisign?
Lot's of things. They did spin off some of their evil when they made Network
Solutions a separate entity again, but I am sure there is still plenty of
evil left behind.
--
On Mon, 2009-03-30 at 08:24 -0700, Craig White wrote:
http://www.openca.org/
Though that leaves you with a few problems:
Few clients recognise them as an authority. If they want to use them,
users have to figure out how to add their root certificate (if they
can). And that's not just *you*,
On Mon, Mar 30, 2009 at 09:18:45 -0700,
Craig White craigwh...@azapple.com wrote:
I agree that you are discussing the present day practical limitations
but the concept of an open certificate authority would seem to defeat
most, if not all of the problems of a corporate certificate
Craig White:
http://www.openca.org/
Tim:
Though that leaves you with a few problems:
Few clients recognise them as an authority ... (and) ... not so
trustworthy trusting
Craig White:
I agree that you are discussing the present day practical limitations
but the concept of an open
On Mon, 2009-03-30 at 11:42 -0500, Bruno Wolff III wrote:
On Mon, Mar 30, 2009 at 09:18:45 -0700,
Craig White craigwh...@azapple.com wrote:
I agree that you are discussing the present day practical limitations
but the concept of an open certificate authority would seem to defeat
On Mon, Mar 30, 2009 at 09:50:20 -0700,
Craig White craigwh...@azapple.com wrote:
I'm not sure that I agree with you at all but your being vague. If I
assume that you are talking about the way Firefox handles untrusted
certificates with their alert and requires you to 'get the certificate'
On Tue, Mar 31, 2009 at 03:21:12 +1030,
Tim ignored_mail...@yahoo.com.au wrote:
Just how many root certificates are software builders willing to add?
As many as contribute funding.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe:
Tim wrote, On 03/30/2009 12:51 PM:
That sort of decision would be based on popularity (a problem you'd like
to see overcome, and could be overcome, given enough of a push, but
whether we have the numbers is another matter), and whether the
certificate authority is effective enough to support
On Mon, Mar 30, 2009 at 13:46:02 -0400,
Todd Denniston todd.dennis...@ssa.crane.navy.mil wrote:
i.e., sure all the root CA's that the browser producers want to include
can come in, but they should have trust DBs that allow each user to tick:
* Never trust this key. (and by extension
Anne Wilson wrote:
Exactly. In this case there were all the appropriate checks, but
all you can see is a list of names, and I suppose you can check that
those names are ones you have reason to trust, but that's all, and
it's a bit vague.
Doesn't it go without saying that each person should
Todd Zullinger wrote:
Anne Wilson wrote:
Exactly. In this case there were all the appropriate checks, but
all you can see is a list of names, and I suppose you can check that
those names are ones you have reason to trust, but that's all, and
it's a bit vague.
Doesn't it go without saying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Friends,
Inspired by the recent problems with checksums for various installation
files of Fedora 10, may I be allowed to say, that I think that broader
adoption of OpenPGP standard (gpg) among Fedora (and Free Software)
developers and users could be
Stanisław T. Findeisen wrote:
Friends,
Inspired by the recent problems with checksums for various installation
files of Fedora 10, may I be allowed to say, that I think that broader
adoption of OpenPGP standard (gpg) among Fedora (and Free Software)
developers and users could be a desirable
55 matches
Mail list logo