On Oct 31, 2017, at 8:10 PM, murphy wrote:
>
> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability". This is the full text:
>
> We have detected that the OpenPGP key on your Facebook profile m
any suggestions to complete apparmor rules to enable all functionality
for a /usr/local gpg install with thunderbird/gpg/enigmail ?
currently appended rules below to the default thunderbird profile allow
mostly all functionality except i cannot enable the commented out rules
otherwise enigmail do
Hi Murphy,
This email refers to the ROCA vulnerability (https://crocs.fi.muni.cz/
public/papers/rsa_ccs17), which affects a number of hardware devices
including some versions of the Yubikey 4-nano (https://www.yubico.com/
keycheck/). I believe Yubico are offering to replace affected Yubikeys.
One
later:
im not sure what to do now
most functionality seems ok except for searching/importing keys from
keyservers
i can see my local pub/pri keyrings
Fulano Diego Perez:
>
>
> Werner Koch:
>> On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said:
>>
>>> checking for LIBGNUTLS... no
>>
>>
On Tue, Oct 31, 2017 at 08:10:45PM -0400, murphy wrote:
> I got a signed notification from facebook (good signature, enigmail)
> that claims my GnuPG generated public key has a "recently disclosed
> vulnerability". This is the full text:
>
> We have detected that the OpenPGP key on your Facebook
I got a signed notification from facebook (good signature, enigmail)
that claims my GnuPG generated public key has a "recently disclosed
vulnerability". This is the full text:
We have detected that the OpenPGP key on your Facebook profile may be
susceptible to attacks due to a recently disclosed
Hi Ralf,
On 25/10/17 23:29, Ralf wrote:
> I was hoping for something simple and I think eventually this should be
> simple; nevertheless I would make use of such a workaround / would be
> thankful for such an example :)
I fiddled around with a test card. Prepare for a wall of text.
I created a t
Le 2017-10-31 à 13:01, Peter Lebbing a écrit :
> Revocations are done by the primary key. If the user has lost the secret
> primary, they should fetch their revocation certificate, not fool around with
> the subkeys ;-). (Incidentally, this is why you don't need revocation
> certificates for indivi
On 31/10/17 11:56, Lachlan Gunn wrote:
> The only difficulty is when the owner doesn't have the secret key
> anymore, and so can't re-revoke it. Then you might want to keep it from
> being disseminated further.
Revocations are done by the primary key. If the user has lost the secret
primary, they
Le 2017-10-31 à 12:48, Peter Lebbing a écrit :
> Having read my follow-up, do you now agree? If the subkey is revoked as
> "compromised", all is well and good?
I can't see any reason why this should be problematic. And for
signatures that you know for sure are pre-ROCA, it makes sense to keep
the
On 31/10/17 11:45, Lachlan Gunn wrote:
> No, I don't think so
I was already writing a follow-up but was momentarily blocked on the right way
to phrase some of it :-). Our mails crossed.
Having read my follow-up, do you now agree? If the subkey is revoked as
"compromised", all is well and good?
P
On 31/10/17 11:39, Peter Lebbing wrote:
> And yes, the subkey should also be revoked with reason "compromised", for the
> reason you state.
And only now the penny drops.
I suppose a system checking for ROCA might rightfully take offense at a subkey
revoked as "superseded" or "lost"[1], because wi
Le 2017-10-31 à 12:39, Peter Lebbing a écrit :
> To clarify, do you agree if I reword the paragraph you contest as:
>
> But, I agree that the reverse is not true: a compromised subkey does not
> compromise the primary key in any way I can think of. And systems
> checking for ROCA should not reject
On 31/10/17 01:08, Lachlan Gunn wrote:
> I'm not sure that this is 100% correct. The first part is true, but
> signatures
> of a key that has been revoked because it was superseded or lost are valid up
> to
> the revocation date, whereas ROCA-affected keys are compromised to some degree
> and so
14 matches
Mail list logo
