On 2012-01-30 02:19, gerry lowry +1 705 250-0112 alliston ontario canada
wrote:
Michael, if the few care more about being above the many, than the needs of
the many,
does that not lead to disparity? The many are not all as
knowledgeable
as the Yettos of this world ... the
On 2012-01-28 09:26, Robert J. Hansen wrote:
... Short version: for no-modify to work with the existing keyserver
network, everyone would have to make the cutover or else the network
would drown in sync messages. There's a real possibility that if just a
few hosts didn't make the cutover that
On 2012-01-28 12:49, gerry lowry +1 705 250-0112 alliston ontario canada
wrote:
FWIW, e-mail does not really have a To:, Cc:, or Bcc: field;
all three are embellishments added by the e-mail client software.
Behind the scenes, To:, Cc:, and Bcc: are ALL simply RCPT-TO.
FWIW, (MIME) e-mail does
On 2012-01-28 16:57, gerry lowry +1 705 250-0112 alliston ontario canada
wrote:
[snip a bunch of stuff about how you want us to change our emailing
habits so your inbox looks better]
It's your inbox.
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5
On 2012-01-28 06:14, Robert J. Hansen wrote:
It isn't just that no one's written the code: it's there's no community
consensus to deploy such code, even if it were written. It would be a
pretty major flag day. After all, if one keyserver enforces it and
others don't, then that's going to
On 2012-01-28 07:57, Doug Barton wrote:
On 01/27/2012 21:48, Jerome Baum wrote:
On 2012-01-28 06:14, Robert J. Hansen wrote:
This is the second (third?) time this has come up in the recent past.
Maybe instead of talking more about it those who are interested in
having this functionality
On 2012-01-21 14:58, MFPA wrote:
More importantly, they are signing UIDs that may well contain email
addresses, without actually verifying that you control those email
addresses.
Rather, that you can read an email which they sent that was addressed
to that email address.
But I do agree it
On 2012-01-06 13:41, Werner Koch wrote:
Note that leading and trailing spaces are allowed but the double space
in the middle of the fingerprint is required:
$ gpg2 -k ' 8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367 '
gpg: error reading key: No public key
Is this necessary for a
On 2012-01-03 10:59, Werner Koch wrote:
I will keep them in the file because these certificates are useful in
the chain validation model. Usually we use the shell model where
expiration dates have an obvious meaning. For German qualified
signatures the chain model is required. Basically, it
On 2012-01-03 15:32, Werner Koch wrote:
No. There is sufficient information about this available. For example
check out the BSI documents pertaining to the qualified signature.
I have read the three paragraphs (out of 165 pages) that Grundladen der
elektronischen Signatur spends on this. They
On 2012-01-03 21:49, Ingo Klöcker wrote:
On Tuesday 03 January 2012, Jerome Baum wrote:
Now say I'm a CA and my key is set to expire in 4 weeks. I now make a
certification on another key that is set to expire in a year.
What expires a year from now? Your signature on the other key
On 2012-01-03 02:43, Daniel Farina wrote:
Thoughts?
--with-colons
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that
On 2012-01-03 02:52, syka...@astalavista.com wrote:
Ladies and gentleman, I will be unplugged from my email until the 17th of
January.
In the mean time here's a video of a bunny opening your mail
http://www.youtube.com/watch?v=LMyaRmTwdKs
Your mail will not be forwarded and I will
On 2011-12-29 03:45, John A. Wallace wrote:
I have a couple of questions about this idea. First, why would you not have
assigned ultimate trust to the public key ID 0x215236DA when you created it
and had your secret key available to do so? I mean, why the delay; what
value to you is your key
On 2011-12-27 23:14, ved...@nym.hush.com wrote:
Is there a maximum size for a passphrase for symmetric encryption
in gnupg, or does a passphrase exceeding a certain size not add any
further security to the process?
Example,
The session key for AES 256 is 64 hexadecimal characters.
The
On 2011-12-28 00:27, Aaron Toponce wrote:
On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote:
I can't tell for gpg specifically but it's not so much about
characters. It's about entropy. Natural language is redundant, and
diceware uses words from natural language.
Yes, but each
On 2011-12-28 03:08, John A. Wallace wrote:
--trusted-key long key ID
Assume that the specified key (which must be given as a full 8 byte key ID)
is as trustworthy as one of your own secret keys. This option is useful if
you don't want to keep your secret keys (or one of them) online but
On 2011-12-18 23:40, MFPA wrote:
So are
certification policies that say (or don't say but
enforce anyway) that you must have an email on your
UID. Why refuse to certify _less_ information?
Why indeed. My government won't issue a passport that doesn't include
my date of birth. These days I
On 2011-12-19 10:31, Jerome Baum wrote:
My understanding is that name + DoB + place of birth together are
unique. Sometimes. In theory.
Oh but that doesn't mean we should all add our DoB to our UIDs now.
Remember that your DoB is actually secret and only your credit card
company is meant
On 2011-12-17 14:23, gn...@lists.grepular.com wrote:
I find it strange that the keyservers don't do any sort of email
validation before accepting key submissions and that they just allow
anyone to upload signatures for your key without verifying if you want
to allow them first.
What about
On 2011-12-17 14:29, gn...@lists.grepular.com wrote:
The system can be easily abused, therefore it will be abused. It's just
a matter of time. How much time, depends on if/when PGP becomes more
popular. It doesn't strike me as unreasonable to want to put defences in
place before an attack
On 2011-12-17 14:54, gn...@lists.grepular.com wrote:
What about keys without an email in the UID?
For the first issue regarding uploading keys, you wouldn't be able to do
email validation on a key that doesn't have an email address in the UID.
At the same time, for those keys, you wouldn't
On 2011-12-17 14:58, gn...@lists.grepular.com wrote:
So you agree that there is a point where putting security measures in
place is a good idea. Where you disagree with me, is you think it is
unlikely that the keyservers will be abused in this manner in the near
future.
I guess neither of
On 2011-12-17 16:17, David Shaw wrote:
It's an interesting server, with different semantics than the
traditional keyserver net that we were talking about earlier. Most
significantly, it emails the keyholder (at the address on the key)
before accepting the key into the server. It also signs
On 2011-12-17 16:42, Aaron Toponce wrote:
I guess Anonymous or LULZ Security, or the like, could do it out of sheer
entertainment, but it would die quickly, as the effort in maintaining the
noise outweighs the benefit of annoying users by several orders of
magnitude.
I think the point was
On 2011-12-17 17:15, MFPA wrote:
Since you don't log into a keyserver when you post, and keyservers
store data but do not perform cryptographic functions, this is pretty
much inevitable. The keyserver-no-modify flag could, in theory,
carry with it a requirement that modifications to a key were
On 2011-12-17 17:04, MFPA wrote:
On Saturday 17 December 2011 at 3:25:56 PM, in
mid:4eecb484.6080...@jeromebaum.com, Jerome Baum wrote:
I doubt the validity of those automated checks and
checks on the email anyway. What constitutes owning
f...@example.com?
As far as that server's checking
On 2011-12-16 20:07, ved...@nym.hush.com wrote:
What if keyservers were to limit the amount of keys generated or
uploaded to a 'reasonable' amount which no 'real' user would
exceed?
(i.e. 10/day, or some other number discussed and agreed upon by the
various keyservers?)
What problem are
On 2011-11-11 23:57, Doug Barton wrote:
On 11/11/2011 14:54, Chris Poole wrote:
OK thanks, I hadn't thought of that. I'd still have to decrypt and re-encrypt
them to keep hashes of all plaintext versions of the files though. (Thinking
about running this script every few days and hashing the
If you could do something similar for
mapping e-mail addresses to certificates
It would be awesome if this could be achieved without revealing other
email addresses or UIDs that might happen to map to the same
key/certificate.
Hash the UID many times. (Didn't someone propose that a while
On 2011-10-19 22:49, Peter Lebbing wrote:
On 19/10/11 22:22, Jerome Baum wrote:
It would be awesome if this could be achieved without revealing other
email addresses or UIDs that might happen to map to the same
key/certificate.
Hash the UID many times. (Didn't someone propose that a while
I'm going to lean very far out the window and assume he meant the actual
private key, not the private key-ring/-file/...
I'm not sure I understand the distinction you're making there.
One is protected with a passphrase (i.e. it's encrypted), the other is
in the clear.
If I manage to steal
On 2011-10-18 14:48, Peter Lebbing wrote:
On 18/10/11 14:36, Jerome Baum wrote:
* I'm going to take the word to mean what it says: key, not what I can
flexibly interpret it as: encrypted key.
One of those metal things in my pocket? What good are they for encryption?
Even
if you manage
On 2011-10-18 15:05, Robert J. Hansen wrote:
On 10/18/2011 8:36 AM, Jerome Baum wrote:
I recall making the distinction between a key* and a key-ring/-file,
not between a key-ring and a key-file.
A distinction that has been lost on apparently everyone here. Please
use accepted terminology
If someone sniffs your PIN, and has trojaned or rooted your computer, he could
use your smartcard while it is still plugged in to your computer, just like
you
are using your smartcard.
If you're worried about this you should be able to find a smartcard
reader with PIN entry that GnuPG
Skimmed over this. You say that you need ISP support to get the
system adopted (for the DNS-based distribution). Wouldn't that
hinder adoption?
Please look at how most people use mail: They get a mail address from
their ISP, a preinstalled MUA and so on. Mail works for them
instantly;
It doesn't prevent a trojan from signing something other than what you
intended (if it's your master key on card, even another key or a new
sub-key) but whether this is a problem depends on your threat model.
I should mention that the current OpenPGP card spec doesn't let the card
know whether
Well, not quite. Eventually you would get it. The task of security
systems is to make eventually be longer than:
o the payoff is worth; or
o the time it takes to be discovered; or
o the time it takes for the secured object to lose its value.
Statistically, that is. You could get it
Right, that's a good point I think we all considered trivial when
maybe we shouldn't have. In your threat model you should determine for
how long your data should be safe (per attacker type) before you go
ahead and make decisions about key protection.
To clarify, this is what we should tell
Just wondering if anyone knows of any scripts for collecting keys into
a keyring prior to a key signing party (i.e., for people who intend to
participate to submit their keys)?
Can't give software names but look at what the open-source conferences
use. Debian should have some tools to show as
In fact to my knowledge outside of webmail and inside private email
(so drop companies, universities, schools) it's usual to configure your
own MUA, with the help of instructions from your ISP.
Well, so we need to convince them to change those instructions.
Yes and this is what I said: It's
... We can remove *needless* complexity, but security could be said
to be the art of *introducing* specific complexity that's a lot worse
for the attacker than it is for you. It can't be automagical.
Anyway, key generation is already automated. All you have to do is
(1) choose to employ
I don't see why the ISP has to be the entity providing DNS lookup.
The one I use won't even allocate me a static address, let alone
accept RRs from me to serve out to others. I'm not sure I'd trust
them to get it right and *keep* it right anyway.
I should clarify. An email provider is also
I was pleased to see room for different classes of users in the STEED
paper. When I encounter software that tries to be helpful, my own
first thought is: how do I turn that off? But I recognized long ago
that I was never a typical user and my own inclinations are no guide
to popularity.
Even webmail. It is easy to write a browser extension to do the crypto
stuff. Installing browser extensions is even easier than installing
most other software.
I'd make it a point of discussion whether it's still webmail proper then.
But you could also use Javascript, Java or Flash, so yes
http://g10code.com/docs/steed-usable-e2ee.pdf
Skimmed over this. You say that you need ISP support to get the system
adopted (for the DNS-based distribution). Wouldn't that hinder adoption?
hotmail and the like still don't support POP3 or IMAP in a standard
account, and they are still popular
On 2011-10-17 23:00, Ben McGinnes wrote:
On 18/10/11 7:32 AM, Aaron Toponce wrote:
I like the idea, but how are you setting the header? I see you're
using Thunderbird, and I don't believe that setting that header is
part of Enigmail. Further, it appears your mail isn't signed. Just
curious.
http://windowslivehelp.com/solution.aspx?solutionid=a485233f-206d-491e-941b-118e45a7cf1b
Wow, since 2009 (I haven't checked back in a while -- stay clear of
strange hosts like hotmail).
I think the point still stands though. I don't think email providers are
the right place to look for
On 2011-10-17 23:59, Robert J. Hansen wrote:
On 10/17/11 5:21 PM, Jerome Baum wrote:
So enabling _Enigmail_'s Send 'OpenPGP' header option is difficult now?
[long rant about Enigmail]
The emphasis was clearly on Enigmail, not on whether it's difficult or
not. If you hadn't misquoted me you
Your private key being stolen isn't really that big of a deal. If you
have a very strong passphrase, possessing your private key gives an
attacker almost no leverage. With a strong passphrase, the average
attacker isn't going to be able to break your key on modern hardware
and anyone who
Hold on a second there. You seem to be making some extremely
unwarranted assumptions.
Take a look:
Unless you have my encrypted keys, you have to access my computer
(unless you have already stolen it, in which case there are much
easier ways to invade the machine), you will have to try
On 2011-10-13 14:14, Robert J. Hansen wrote:
On 10/13/11 7:51 AM, Jerome Baum wrote:
Take a look:
I did. You said I have to access your computer, to try logging in
through the Internet. I don't. I just have to find an exploit.
I didn't say anything (modulo Take a look).
Saying my front
On 2011-10-11 13:25, Ivan Shmakov wrote:
That's used to be Moore's [1].
This is why I hated physics: Everything is named after someone. It's
also why I picked computer science. Oh...
--
Q: What is your secret word?
A: That's right.
Q: What's right?
A: Yes.
Q: Sir, you're going to have to
On 2011-10-10 23:29, Jan Janka wrote:
How long would it take to execute a successful brute force attack on
a pasphrase consisting of 12 symbols (symbols available on common
keyboards)?
Calculate how many combinations there are, assume some number of tries
per second (you can experimentally
On 2011-10-11 16:54, Robert J. Hansen wrote:
Okay, fine: you can exclude all six-digit numbers (900,000 of them), all
five-digit numbers (90,000 of them), all four-digit numbers (9,000 of
them), all three-digit numbers (900 of them), all two-digit numbers (90
of them) and all one-digit numbers
On 2011-10-07 20:55, Aaron Toponce wrote:
On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote:
Why at all does this tool use the human readable format? I don't get
it.
Probably because the author of sig2dot(1) doesn't know better.
Why fix what's not broken?
(i.e. who cares if it
On 2011-10-02 00:58, Aaron Toponce wrote:
On 10/01/2011 02:46 PM, Robert J. Hansen wrote:
That's not a healthy dose of paranoia. A healthy dose of paranoia in
that case would be washing your hands before you eat, or not eating
something off the floor. Starving yourself, because you think
On 2011-09-15 13:21, Jerry wrote:
On Thu, 15 Sep 2011 09:25:53 +
Bastien Auneau articulated:
I'm using Thunderbird 6.0.2 on Windows 7 64bit. The account I connect
to is a google account
It would be my opinion that Google was at fault. They have screwed up
GPG before on me.
I'm using
Does that mean we can expect GnuPG versions for mobile systems? I can't
wait to install a Symbian or Android port.
There's APG for Android right now.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
My passphrases are
stored in a Keepass database that resides in a TrueCrypt container. It's
protected well. My actual key is protected by a 62 character passphrase
One could argue that this is equivalent to having a passphrase-less
keyring within the Truecrypt container.
Keepass is also
time?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
Einigkeit und Recht und Modeerscheinung
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
http
change
if different algorithms are supported in a new version etc.
So stick with the batch and with-colons interfaces whenever you can.
They are also easier to script -- computer-readable and all that.
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
believe the standard says something like 0x11 means 'I
didn't really check' -- read your own thing into that but to me it
means the level is useless. 0x12 is a moderate check and 0x13 an
in-depth check, which everyone interprets differently.
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
can I fiddle with, and what
log/debug output is relevant?
If this isn't a configuration change, will I have to compile my own
gpg2 (per https://bugs.g10code.com/gnupg/msg3385)?
Thanks!
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web
probably change it when I next
use my secure key for something else. Not like it's a significant
change. I'll probably switch to a plain-text policy while I'm at it,
clear-signed instead of a separate signature.
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer
no way to check -- even if I use a smart-card, how
do they know I didn't generate off-card and keep a backup somewhere?
Oh, and this also poses the question: Is it better to have two
separate documents, or a single policy with all that information?
--
Jerome Baum
Hessenweg 222
48432 Rheine
a backup somewhere?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
Einigkeit und Recht und Modeerscheinung
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152
of paranoia is good though, so maybe you can decrypt
the key (set an empty password or remove the password) before sending
it to pgpdump?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4
The PRIMES algorithm can be expressed in Mathematica, and provides an
exhaustive check. Mathematica's built-in tools don't provide PRIMES,
but it can be added by a modestly proficient Mathematica user.
So just a sieve? Isn't that going to take ages on any reasonable key?
--
Jerome Baum
Ah, I see why you referred to it as the PRIMES algorithm -- was mislead by
a Google search on that string.
Did you manage to get an unencrypted version of the private key?
(Mobile/Handy)
Am 04.08.2011 15:54 schrieb Robert J. Hansen r...@sixdemonbag.org:
On 8/4/11 9:32 AM, Jerome Baum wrote
For example, in a RSA key, N and e (used like this: message^e modulus N)
Note that gpg uses hybrid (session key) encryption. There are various
advantages, e.g. you can reveal the session key to someone else (think
subpoena) without giving up your entire key.
--
Jerome Baum
Hessenweg 222
48432
Depends where you keep the backup.
(Excuse the top post -- Android)
(Mobile/Handy)
Am 26.07.2011 16:29 schrieb Werner Koch w...@gnupg.org:
On Tue, 26 Jul 2011 14:41, h...@qbs.com.pl said:
The key is also useful for decrypting past commun...
Well, you should have a backup of the decryption
.
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Q: Why is this email five sentences or less?
A: http
interesting is why you (Werner) chose quality level
1. What do these levels do? Is 2 full entropy, and 0 just urandom?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP
OK thanks. I won't bother then, as it's more hassle to have to type my
passphrase each time (I don't want to keep it on the agent).
Have you considered a separate key for the signature?
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web
to
your public key.
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Q: Why is this email five sentences or less
-and-switch.)
--
Jerome Baum
Hessenweg 222
48432 Rheine
GERMANY
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Q: Why is this email five sentences or less?
A: http
and the
subkeys are all the same.
As I said, I didn't read the thread.
How about the use cases I presented? Any problems with those?
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D
a flag indicating such a faked timestamp.
Why limit the choices to 0 and key creation time? How about just an
option --set-timestamp=int that sets the timestamp? Is that easy
to do?
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE
and
related options, see http://man.cx/gpg.
Best,
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
Q: Why is this email five sentences or less
see/read the ages-old thread that was mentioned before,
you allegedly even agreed to implement something roughly equivalent in
the past.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF
On Sun, Jun 26, 2011 at 14:16, Hugo Seifert hugo.seif...@hushmail.com wrote:
Or is the agenda behind GnuPG to provide privacy but forget about
or even prevent anonymity (...)
Since when was it called GNU Anonymity Guard? Last time I checked,
it was called GNU Privacy Guard.
--
Jerome Baum
tel
into two timestamps, handling would be similar to the OpenPGP
timestamp field (except that isn't enriched with the timezone, which
you could use to enhance the output). Often enough, this boils down to
whatever the locale is configured to do and that sounds in line with
*NIX philosophy.
--
Jerome
the output of gpg --export D02B0179 | gpg --list-packets ?
Is this a problem on my end or on the server?
Very rough first guess: Server.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A
? It
should already be signed by default. Is this another person's key? Why
are you signing it? Have you verified that the key is valid? etc. Read
through http://www.gnupg.org/gph/en/manual.html to get a better
understanding -- before you make any certifications.
--
Jerome Baum
tel +49-1578
there should be no need to sign it. If you want, give us
the output of gpg --list-sigs keyid and we should be able to tell
you.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D
, can you try pulling my key (from
http://jeromebaum.com/jerome.asc), importing it, and then refreshing
it? Does it throw any errors?
gpg: requesting key C58C753A from http server jeromebaum.com
gpg: key C58C753A: Jerome Baum jer...@jeromebaum.com not changed
gpg: key 215236DA: Jerome Baum
.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
difference is: gpg has built-in functionality to handle asymmetric
key-pairs.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
more flexible.
2. Using # 1, we can then change application code to make the
implementation more flexible. e.g.: Add an option to round down to the
start of the day and set timestamp-interval to today/P1D.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP
some simple text to the GnuPG output to indicate that times
are shown in local time, as per the user's system.
That isn't what I was referring to. 20110618T00/P1D is ambiguous:
Is it 20110618T00+0200/P1D or 20110618T00+0100/P1D ?
--
Jerome Baum
tel +49-1578-8434336
email jer
to distinguish between data signatures (signing a message)
and certifications (signing a key). Are you trying to wrap a data
signature around the key? Unless you have a special use-case, that
probably doesn't make sense. Instead try to use a certification.
--
Jerome Baum
tel +49-1578-8434336
email jer
..., or runs timestamping
in batches, etc.
(snip)
Excuse the pedantry but how do we get between 10:00 and 11:00
reliably from a clock that regularly drifts up to 10 minutes?
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE
should discuss with your manager when
there is no work to do, and get their permission first. If you go
ahead and make this decision on your own, then yes you are cheating
your employer -- he might have had work for you to do if only you had
told him there's nothing left.
--
Jerome Baum
tel +49-1578
part of the thread, does
anyone have objections to timestamp-interval in the ISO 8601
interval format? In my head, it would be a non-critical field (as it
doesn't change the meaning of the signature, only the accuracy of the
timestamp field).
Thoughts?
--
Jerome Baum
tel +49-1578-8434336
email
or not).
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
: That the timestamp-o...@gnupg.org notation
would be defined only on 0x00 (possibly 0x01). We need to either
explicitly add that to the spec, or change the assumption.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4
it the signer's duty to
compute this interval.
2 c. Again, where may this be defined? At least all of # 1 b.
3. Other stuff?
Just so that Werner has a summary of what we've discussed, to base a
decision on.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP
, so I was acting
promptly and wasn't negligent.
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
in time.
Oh, and yes, I have looked for timestamping services before engaging
in a discussion about them. Maybe you should look at the existing
options as well?
--
Jerome Baum
tel +49-1578-8434336
email jer...@jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C
1 - 100 of 241 matches
Mail list logo
