Hi Andrew,
On Sat, 19 Sep 2020 21:38:22 +0200,
Andrew Gallagher wrote:
> Hagrid “solves” the vandalism problem by abandoning
> decentralisation.
This is not strictly true.
When we think about updating keys, there are two types of information
that can be updated:
- Identity Information (User I
Andrew Gallagher wrote:
>
> > On 19 Sep 2020, at 21:06, Stefan Claas wrote:
> >
> > *With all due respect*, the problems you mention with the SKS protocol is
> > IMHO absolutely solvable with hockeypuck if the
> > author implements the same Mailvelope or Hagrid confirmation process for
> > i
Stefan Claas wrote in
<20200919201736.2...@300baud.de>:
|Robert J. Hansen wrote:
|>> It is true the attacks were what brought it down, but the amount \
|>> of effort was not a "sustained
|>> attack" by any measure. The invested resources are somewhere around \
|>> "couple hours and $0.00"
> On 19 Sep 2020, at 21:06, Stefan Claas wrote:
>
> *With all due respect*, the problems you mention with the SKS protocol is
> IMHO absolutely solvable with hockeypuck if the author
> implements the same Mailvelope or Hagrid confirmation process for its users
If you have not yet read the mega
Andrew Gallagher wrote:
>
> > On 19 Sep 2020, at 20:05, Stefan Claas wrote:
> >
> > Well, there is IMHO a good replacement for SKS available, called
> > hockeypuck and it is written in modern Golang.
>
> This is beside the point. SKS is both a protocol and an implementation.
> Hockeypuck is
On 2020-09-19 at 11:44 +0100, MFPA via Gnupg-users wrote:
> On Friday 18 September 2020 at 4:32:55 PM, in
> , Phil
> Pennock via Gnupg-users wrote:-
>
>
> > keys.gnupg.net is a CNAME for
> > hkps.pool.sks-keyservers.net -- which is
> > now returning zero results.
>
>
> The GnuPG manual's descri
> On 19 Sep 2020, at 20:05, Stefan Claas wrote:
>
> Well, there is IMHO a good replacement for SKS available, called
> hockeypuck and it is written in modern Golang.
This is beside the point. SKS is both a protocol and an implementation.
Hockeypuck is a reimplementation of the same protocol an
Steffen Nurpmeso wrote:
> Stefan Claas wrote in
> <20200919201736.2...@300baud.de>:
> |Robert J. Hansen wrote:
> |>> It is true the attacks were what brought it down, but the amount \
> |>> of effort was not a "sustained
> |>> attack" by any measure. The invested resources are somewhere
Robert J. Hansen wrote:
> > It is true the attacks were what brought it down, but the amount of effort
> > was not a "sustained
> > attack" by any measure. The invested resources are somewhere around "couple
> > hours and $0.00".
>
> I'm not sure that's true.
[...]
I think it does not matter
> It is true the attacks were what brought it down, but the amount of effort
> was not a "sustained
> attack" by any measure. The invested resources are somewhere around "couple
> hours and $0.00".
I'm not sure that's true.
The keyserver poisoning attack was demonstrated first by EFF's Micah
Le
Hi
On Friday 18 September 2020 at 4:32:55 PM, in
, Phil
Pennock via Gnupg-users wrote:-
> keys.gnupg.net is a CNAME for
> hkps.pool.sks-keyservers.net -- which is
> now returning zero results.
The GnuPG manual's description [0] of the Dirmngr option "--keyserver name"
still ends with "If no
Stefan Claas wrote:
> Stefan Claas wrote:
>
> [...]
>
> > > (btw,
> > > There is, [afaik], no protection available in GnuPG
> > > against a Clairvoyancy attack vector on an encrypted file even in an
> > > air-gapped computer,
> > > and there is a rumour that any Witch or Wizard can instantl
12 matches
Mail list logo
