-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, 31 Jan 2014 01:15:07 +
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:
> On Thursday 30 January 2014 at 10:43:39 PM, in
> , Steve Jones wrote:
>
> > Well therein lies my problem with the PGP system. It
> > relies on the notion of
Il 31/01/2014 10:24, Steve Jones ha scritto:
> Well the conventions of use, for example the key signing party
> protocol, requires photographic id. If I publicly sign a key it has to
> be in line with how I expect others to interpret it. Policies and
> notations on signatures go some way to allevi
Il 31/01/2014 01:29, DUELL, BOB ha scritto:
> A couple folks (Diego and Johannes) mentioned using a smartcard or a
> token. I think a smartcard refers to a piece of hardware, but I
> don't know what a "token" means. Our server is in a datacenter and
> I'm sure I cannot attach any sort of hardwar
On Friday 31 January 2014 01:28:20 MFPA wrote:
> , Johannes Zarl wrote:
> > If the same email-address is used together with the
> > same key for a long time, it effectively ties the
> > email-address to a person for all practical concerns.
> > After all, you are communicating via email with someone
Hi,
I've meanwhile seen that others assumed the automatic-persona certification to
use exportable signatures. To clarify:
As far as I understood the original idea, it would use local signatures only
(preferably done with a special purpose local key only used for these
signatures).
If one woul
On Fri, 31 Jan 2014 15:02:14 +0100
NdK wrote:
> Il 31/01/2014 10:24, Steve Jones ha scritto:
>
> > Well the conventions of use, for example the key signing party
> > protocol, requires photographic id. If I publicly sign a key it has
> > to be in line with how I expect others to interpret it. Po
On Fri, 31 Jan 2014 08:39, micha...@gmx.de said:
> you are a legitimate sender. I don't know how gpg does it, in academic
> signature I use an hmac to protect solely symmetrically enciphered
OpenPGP defines a MDC feature to detect tampering with the encrypted
message. It works by appending the S
Assuming you're talking about encryption algorithms used by GnuPG, the
answer is "no, these algorithms do not have publicly known known-plaintext
attacks." Messages encrypted with GnuPG are always symmetrically encrypted
-- when using keys, it just encrypts the random file key using RSA/DSA to
all
On Thu, Jan 30, 2014 at 11:48:13PM -0800, Paul R. Ramer wrote:
[snip]
> Just know that no one is going to attack to the cipher itself to get to your
> messages. There are much easier methods such as installing a key logger.
> Why beat the door down if you can open the window?
Well...that depen
On Fri, 31 Jan 2014 16:37:28 +0100
Johannes Zarl wrote:
> As far as I understood the original idea, it would use local
> signatures only (preferably done with a special purpose local key
> only used for these signatures).
>
> If one would export these signatures, that would just DDoS the key
> s
On Friday 31 January 2014 16:09:39 Steve Jones wrote:
> Well I was thinking of exporting at first, but it's too fraught with
> problems. I would in general like to see more use of persona
> signatures as certifying keys as good enough. Essentially I see the
> requirements for certifying keys as a
11 matches
Mail list logo
