-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/03/2015 12:51 PM, Robert J. Hansen wrote:
Are any GnuPG dev people at the Circumvention Tech Summit in
Valencia, that is now until Saturaday? I'm arriving today. It
could be useful to have a little GnuPG chat in person.
Daniel Kahn
Hi Peter,
as your message hasn't reached the list inspite of being addressed to it, I
resend it.
Thanks
Stephan
Weitergeleitete Nachricht
Betreff: Re: German ct magazine postulates death of pgp encryption
Datum: Mon, 02 Mar 2015 18:53:57 +0100
Von: Peter Lebbing
On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:
On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said:
that anyone can upload _every_ key to a keyserver is an issue. If
keyservers would do some sort of verification (e.g. confirmation of
the email addresses) then this would lead to much more
On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/27/2015 12:43 PM, Hauke Laging wrote:
Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
Maybe implementation with an opt-in could preserve publishing of
faked keys on public
It is in the constitution; if you are a FOSS developer the least I
can do is provide $beverage.
I'm glad I contribute code to a couple of small FOSS digital forensics
projects, then. Because I've never contributed a single line of code to
GnuPG or Enigmail. :)
signature.asc
Description:
On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote:
The PGP keyservers need email validation
no it's pretty useless from a security POV and they don't need it.
not as a way to provide any kind of trusted status of that key, but
rather so enable people to delete keys that should no
On Feb 27, 2015, at 3:09 PM, Peter Lebbing wrote:
On 27/02/15 12:02, Hans-Christoph Steiner wrote:
For example, I think that
`gpg --json` is great idea. I ended up using a Java wrapper of GPGME, which
is in turn a wrapper of GnuPG. I think it makes a lot more sense to have
`gpg
--json`
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/03/2015 02:00 PM, Hans of Guardian wrote:
On Feb 27, 2015, at 8:56 PM, Werner Koch wrote:
...
Services like keybase.io with poor security practices are going to
rapidly take over from the PGP keyserver pool because they address
On Tue, 3 Mar 2015 12:51, r...@sixdemonbag.org said:
Admittedly, the GnuPG dev people is really a one-element list
containing Werner. But there are certainly people active in the GnuPG
The web page lists more and several more have write access to
git.gnupg.org. I considered to affend but
On 03/03/15 14:29, Hans of Guardian wrote:
It is actually more difficult to wrap GPGME in Java than to have just
rewritten GPGME in Java.
In my opinion, if this is the case, then that is indeed the proper
solution: write a general-purpose library à la GPGME, but don't call gpg
directly from
Gnupg-users gnupg-users-boun...@gnupg.org wrote on 03/03/2015 09:41:25
AM:
- Message from Stephan Beck st...@mailbox.org on Tue, 03 Mar
2015 15:40:45 +0100 -
To: gnupg-users@gnupg.org
Subject: Re: Fwd: Re: German ct magazine postulates death of pgp
encryption
Am 03.03.2015 um
On Feb 27, 2015, at 1:19 PM, Bjarni Runar Einarsson wrote:
Hi Hans-Christoph!
Hans-Christoph Steiner h...@guardianproject.info wrote:
With all the recent attention to GnuPG and Werner's work, I have begun to
think about things differently. GnuPG has an amazing security track record.
It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/03/2015 01:50 PM, Hans of Guardian wrote:
On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
On 02/27/2015 12:43 PM, Hauke Laging wrote:
Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
Maybe implementation with an opt-in could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/03/2015 04:20 PM, Kristian Fiskerstrand wrote:
On 03/03/2015 01:50 PM, Hans of Guardian wrote:
On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote:
...
The standard PGP keyserver pool is a mess with racist spam,
lost keys
Yeah, mailpile has a very unusual architecture, so its no surprise it'll need
some unusual tricks. Unusual tricks in software that aims to be secure
generally make me nervous since it is important to keep code readable and
understandable for both the core devs, but also contributors,
Services like keybase.io with poor security practices...
I fail to see how this is a failure on the side of the keyservers...
I fully agree with Kristian.
I further don't see how keybase.io amounts to poor security practice.
The Web of Trust is, itself, a poor practice because it's
On Mar 3, 2015, at 4:43 PM, Peter Lebbing wrote:
On 03/03/15 14:29, Hans of Guardian wrote:
It is actually more difficult to wrap GPGME in Java than to have just
rewritten GPGME in Java.
In my opinion, if this is the case, then that is indeed the proper
solution: write a general-purpose
Different programming languages and operating systems can have very
different ways of launching and handling external processes.
Eh. Different operating systems, sure: that's the nature of kernels.
They provide different syscalls, and that's at root how you launch an
external process -- by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/03/2015 01:54 PM, Stephan Beck wrote:
Hi Peter,
as your message hasn't reached the list inspite of being addressed
to it, I resend it.
Fwiw, it reached the list just fine:
On 03.03.15 14:54, Stephan Beck wrote:
as your message hasn't reached the list inspite of being addressed to it
It did :).
--
Ville
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 03/03/15 18:29, Hans of Guardian wrote:
Android has an installed base of hundreds of millions. Desktop UNIX
is the exotic system here as compared to Windows, Android, etc.
I have no idea about how difficult it is to launch the gpg binary with a
few pipes attached to a few file descriptors
Android has an installed base of hundreds of millions.
So?
GnuPG and GPGME are products of their birth, just like anything else.
It was built for desktop operating systems. If you want to make it live
in the mobile space, go with God and I wish you all the luck in the
world -- but if GPGME
This is definitely public information from the Snowden leaks. There
is also quite a bit of information about other governments doing
similar things. Here's one example article:
If all encrypted traffic is deemed suspicious, then 99.999% of the
suspicious set -- Amazon transactions,
On Tue, 3 Mar 2015 14:29, h...@guardianproject.info said:
It is actually more difficult to wrap GPGME in Java than to have just
rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad
Sorry, but that is not your problem. The problem on Android seems to be
that it is not easy to
On 3 Mar 2015 at 21:24, Ingo Klöcker wrote:
[..]
After the recent terrorist attacks in Paris and Brussels some German
politicians are again arguing that we need Vorratsdatenspeicherung
(data retention, i.e. storage of all communication meta data for 6
months) in Germany to prevent such
On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote:
On 03/03/15 18:29, Hans of Guardian wrote:
Android has an installed base of hundreds of millions. Desktop UNIX
is the exotic system here as compared to Windows, Android, etc.
I have no idea about how difficult it is to launch the gpg binary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tuesday 3 March 2015 at 3:02:43 PM, in
mid:ofe8a483bf.fdf79f0e-on85257dfd.00525e79-85257dfd.0052a...@theway.org,
michaelquig...@theway.org wrote:
I believe if you are personally addressed, the list
management software doesn't send you a
On Tuesday 03 March 2015 19:31:14 Robert J. Hansen wrote:
This is definitely public information from the Snowden leaks. There
is also quite a bit of information about other governments doing
similar things. Here's one example article:
If all encrypted traffic is deemed suspicious, then
On 4 Mar 2015, at 07:24, Ingo Klöcker kloec...@kde.org wrote:
After the recent terrorist attacks in Paris and Brussels some German
politicians are again arguing that we need Vorratsdatenspeicherung (data
retention, i.e. storage of all communication meta data for 6 months) in
Germany to
On Tue, 3 Mar 2015 21:24:15 +0100
Ingo Klöcker kloec...@kde.org wrote:
Hello Ingo,
of terror. Still this completely pants-on-head absurd policy will
become reality if those German politicians get what they want.
It's not just in Germany: Politicians across the world utilise similar
On 4 Mar 2015 at 7:47, Sandeep Murthy wrote:
[...]
Once such a data retention law is in place it is dangerous because
inevitably there is a mission creep that sets in - it is not
hard to imagine one day that encryption software users, maybe GPG
users, will be required to disclose information
If you are interested, you should read the details.
Did. Have.
Because you are missing some key details here.
In other words, you're wrong, but I'm not going to present any evidence
or reasoning, I'm just going to make vague statements about how you're
missing details which I am privy to.
On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote:
On 03/03/15 18:29, Hans of Guardian wrote:
Android has an installed base of hundreds of millions. Desktop UNIX
is the exotic system here as compared to Windows, Android, etc.
I have no idea about how difficult it is to launch the gpg binary
And that is why this thread is going on, so hopefully we can come to
an agreement that there are many areas where GnuPG can be used but
GPGME is a bad solution to do it.
Maybe I'm a little irritable here, but -- pretty much everyone who's
ever hacked on GnuPG has found situations where GPGME
On Mar 3, 2015, at 8:52 PM, Werner Koch wrote:
On Tue, 3 Mar 2015 14:29, h...@guardianproject.info said:
It is actually more difficult to wrap GPGME in Java than to have just
rewritten GPGME in Java. GPGME is a fine API for C/C++, it is a bad
Sorry, but that is not your problem. The
On Mar 3, 2015, at 7:31 PM, Robert J. Hansen wrote:
This is definitely public information from the Snowden leaks. There
is also quite a bit of information about other governments doing
similar things. Here's one example article:
If all encrypted traffic is deemed suspicious, then
Native to what? Processor, OS?
I think Peter and the group already adequately answered this: If GPGME is not
providing an interface that meets Android requirements, then look into how
GPGME interfaces to GPG and emulate that interface.
For you to request that the interface be changed can be
On Mar 3, 2015, at 5:01 PM, Robert J. Hansen wrote:
Hans, please trim your quoted material.
They would need to use a specialized system, and that specialized
system might then be a marker of suspicion (for example, lots of
governments, including the NSA, already mark all PGP messages as
On Mar 3, 2015, at 5:49 PM, Robert J. Hansen wrote:
Different programming languages and operating systems can have very
different ways of launching and handling external processes.
Eh. Different operating systems, sure: that's the nature of kernels.
They provide different syscalls, and
Are any GnuPG dev people at the Circumvention Tech Summit in
Valencia, that is now until Saturaday? I'm arriving today. It could
be useful to have a little GnuPG chat in person.
Daniel Kahn Gillmor and I are both here. (And in fact, we met briefly,
and much to the surprise of many people
Are any GnuPG dev people at the Circumvention Tech Summit in Valencia, that is
now until Saturaday? I'm arriving today. It could be useful to have a little
GnuPG chat in person.
.hc
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
Mailpile may be useful. https://mailpile.is
It lets you scan in a bunch of messages, and decrypt them, and indexes
them, keeping the index and message store encrypted. It has command
line as well as a gui.
On Sun, Mar 1, 2015 at 9:32 AM, René Puls rp...@kcore.de wrote:
Hi,
is there a
Am 03.03.2015 um 14:00 schrieb Ville Määttä:
On 03.03.15 14:54, Stephan Beck wrote:
as your message hasn't reached the list inspite of being addressed to it
It did :).
Strange, I did only receive the PM, not the listmail, so I thought it might be
useful to resend it. In that case, sorry for
On Tuesday, March 03, 2015 01:34:01 PM Kristian Fiskerstrand wrote:
On 03/03/2015 12:51 PM, Robert J. Hansen wrote:
Daniel Kahn Gillmor and I are both here. (And in fact, we met
briefly, and much to the surprise of many people here but not to
either dkg or myself, there was mutual respect,
Non developers are also here and happy to verify OpenPGP certificates
as well.
And happy to buy people beer. Thanks again, Samir. :)
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
45 matches
Mail list logo