On 2023-05-31 16:55, Bernhard Reiter wrote:
> Governikus provides the online service for authenticating your OpenPGP key on
> behalf of the German Federal Office for Information Security (BSI). This
> online service compares the name read from your ID card, your electronic
> residence permit
On 2023-04-30 21:01, Ineiev via Gnupg-users wrote:
>> All I want is an option to ignore adk's - and it should not claim
>> anything else than that.
>
> Can't you remove ADK subkeys from your keyring?
On someone else's key?
--
ir. J.C.A. Wevers
PGP/GPG public keys at
On 2023-04-30 16:54, Andrew Gallagher via Gnupg-users wrote:
>> That might be, but it is nowhere certain that this escrow will happen,
>> especially if they roll out adk's.
>
> You’re inverting the burden of proof here. The important consideration is
> that E2E can’t prove that a key *wasn’t*
On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:
> E2E encryption can’t protect you from your correspondent disclosing your
> communication at the other end.
That is obvious.
> Whether this is done voluntarily or under duress from their employer is an
> opsec issue, not a comsec
On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote:
> It does not make any sense so have such an option. If a user wants to
> allow colleagues or an archive system to decrypt her mails that is her
> decision.
What I've had in practice in one company: you got a company key with a
personal
On 2023-04-30 13:22, Andrew Gallagher via Gnupg-users wrote:
> Just curious, what’s the threat scenario here?
The HR department of the receiver.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users
On 2023-04-30 1:15, ckeader via Gnupg-users wrote:
> Can't call it that as long as it's under user control (every long option of
> the software has an equivalent config file option. You don't add such a key
> via config or command line, no adsk will happen as it's not configured).
On my key,
I get a 404 not found, the last version preesent on the server is 2.4.0.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote:
> * gpg: New command --quick-add-adsk and other ADSK features.
> [T6395, https://gnupg.org/blog/20230321-adsk.html]
So you finally caved in to the backdoor demands.
What I'm missing (maybe I just didn't found it?) is an option in my
On 2022-05-28 20:29, Werner Koch via Gnupg-users wrote:
> Note the Brainpool curves. Seems that Redhat still patches them out of
> libgcrypt.
Why do they do that? BTW, when I search for brainpool I only find
definitions and RFC's, I seem unable to find why they are needed (or why
they would be
On 2022-05-25 22:22, Francesco Ariis wrote:
> Paper was first made in the Chinese Empire, around two millennia ago
I see that that was indeed considered what we call paper today, unlike
the ancient Egyptian papyrus.
> Sheets made with high quality pulp survived to this day.
Some sheets
On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote:
> On the other hand, there are paper recordings that have lasted millennia.
Since paper as we know it today doesn't even exist so long that can't be
true. Maybe you are pointing to the few surviving papyrus texts? Most
have not survived.
On 31-01-2022 18:11, Andrew Gallagher via Gnupg-users wrote:
> This is incorrect. All three of the commonly-used HKP servers can remove
> keys; this has been done for years to remove poison (i.e. oversized)
> keys that cause DoS. However doing so comes with costs.
Yes, that was the issue that I
On 29-01-2022 18:58, Robert J. Hansen via Gnupg-users wrote:
> But if you're an American without EU ties, the GDPR is yet another piece
> of foreign legislation we don't need to pay attention to. And when
> Europeans baldly say "the GDPR applies worldwide, you must follow it,"
> what we hear is
On 29-01-2022 4:43, jonkomer via Gnupg-users wrote:
>> When the keyserer operator operates outside
>> of the EU I don't think that is a legal problem.
> If an individual that requests his personal information is
> removed (i.e., the "right to be forgotten") is EU resident,
> GDPR applies
On 28-01-2022 21:02, jonkomer via Gnupg-users wrote:
> How do individual key-server owner/operators react to
> formal GDPR "forget me" requests; either by e-mail users, or
> by mail domain owners? Any known legal precedents?
There are known technical issues: the HKP keyserver does not allow keys
On 23-01-2022 21:23, Robert J. Hansen via Gnupg-users wrote:
> No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard
> interrupts harvested directly from the hardware to get a collection of
> random bits which it then fed into the CSPRNG to be expanded out into a
> large
On 18-01-2022 17:23, Robert J. Hansen via Gnupg-users wrote:
>> 1.4 should be able to decrypt all 2.6 generated data.
>
> Not from the Disastry builds, which extended 2.6 to support newer
> algorithms.
Lucky for me I never use that version, as I never respected the
copyright of the RSA and IDEA
On 18-01-2022 15:54, Robert J. Hansen via Gnupg-users wrote:
>> Well, a bit more respect for backwards compatibility would help a lot
>> by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed
>> just to be able to read all my old data. Some people just refuse to
>> update to
On 17-01-2022 0:09, Robert J. Hansen via Gnupg-users wrote:
> I was asked for help with something in the 1.2 series (!!). Without
> exception, our first response is usually "for the love of God, upgrade!"
>
> They rarely do. It's worked fine for them for a decade or more, and
> they're not
On 16-09-2021 12:27, Werner Koch wrote:
> https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.31_202109.exe.sig
The signature file can't be found.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users
On 14-07-2021 19:32, Стефан Васильев via Gnupg-users wrote:
> from trusted EU sources,
We may have a different idea about "trusted". There are enough fake
official ID's, like undercover police uses.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
On 14-07-2021 15:41, Brandon Anderson via Gnupg-users wrote:
> What exactly stops me, a person wanting to impersonate that user, from
> putting the same QR-Code I got from that public key into my own keypair?
Nothing. This latest EU implementation of a social credit system is
intended to be used
On 13-06-2021 16:06, knighttemplar5--- via Gnupg-users wrote:
> I have been contemplating subscribing to an email forwarding service
> that will encrypt all the forwarded mails to me with my public key.
> Lets imagine the country where the forwarding takes place can see all my
> emails in plain
On 03-05-2021 15:39, Robert J. Hansen via Gnupg-users wrote:
> and gave her drives a low-level format.
I remember from the stone age (end 1980's begin 90's) that you could
low-level format a disk with the DOS command debug by calling some BIOS
routine by assembler routines.
Modern harddisks
On 01-04-2021 17:54, Stefan Vasilev via Gnupg-users wrote:
> Fax is faster than email and arrives, while email delivery to a
> recipient can not
On;y if the recipient has a landline that can always pickup the fax
call. A more and more uncommon situation. I don't have a landline
anymore, no use
On 31-03-2021 22:28, Stefan Vasilev via Gnupg-users wrote:
> Hopefully the Industry will take a look at affordable hardware based
> encrypted Fax comms for
Fax? To get the information on paper? In 2021? Why?
> Hardware based AES/DH crypto phones (no smartphones) would be a welcome
> addition
On 23-03-2021 6:59, Robert J. Hansen via Gnupg-users wrote:
> Last year when the FSF removed him from the Board of Directors, I
> welcomed the news. I hoped the FSF would appoint better leaders. They
> did not: instead, they've reappointed him to the board.
Excelent news, finally a case where
On 05-01-2021 23:07, Robert J. Hansen via Gnupg-users wrote:
As always, it probably depends on who you have the most to fear from:
your government, corporations, or maybe someone else?
> In Europe it's a lot different. There, the prevailing culture cares a
> lot more about limiting the ability
On 23-11-2020 7:08, Matthias Apitz wrote:
> Since ages human read mails in ASCII or UTF-8 text. Why you think this
> is not a "human readable format"?
Sure, hand crafted html in a text reader is human readable. But the html
that is vomited by Outlook is not (unless you are a very experienced web
On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> I don't understand why HTML in e-Mails is so important for some people.
I agree on a personal level, but if you use your email also to
communicate with business users (usually using Outlook) it would be nice
to get their mails in a
On 13-10-2020 16:46, Dieter Frye wrote:
> Now if any of this remains true today, I cannot tell (I did the research a
> number of years ago so it's possible something changed along the way), but
> even if not, it would still make sense to me to allow for greater (or
> better yet, full) key size to
I wrote:
> It would be nice if GnuPG implemented an override option to use this key
> for decryption anyway.
Sorry, I see from Vincent's mail that GnuPG already does this but it
might be the keycard that is causing this.
--
ir. J.C.A. Wevers
PGP/GPG public keys at
On 29-08-2020 16:17, Sheogorath via Gnupg-users wrote:
> A closer
> inspection of the key ID showed that it was encrypted with my master
> key. A key that is not marked to be used for encryption.
It would be nice if GnuPG implemented an override option to use this key
for decryption anyway. The
On 24-08-2020 8:08, Guille De La Torre via Gnupg-users wrote:
> Hello good evening, is it possible to create a key for symmetric
> encryption in such a way that the person who has my public key does not
> need to enter a password? to decrypt.
The receiver uses your public key only to encrypt and
On 19-08-2020 23:28, Ingo Klöcker wrote:
> We need to stop calling such rubbish "theories". Better call it "conspiracy
> myths" or "conspiracy tales" or "conspiracy stories" or anything else that
> makes it clear that (unlike scientific theories) it is not supported by facts.
You mean like the
On 11-08-2020 21:49, vedaal via Gnupg-users wrote:
> There is already a simple existing solution.
Simple is not how I see this.
> [1] Encrypt and decrypt on a computer that has internet hardware disabled.
> [2] Use an Orbic Journey V phone that gets and sends *only text*
> [3] Use a microsd
On 11-08-2020 17:18, Stefan Claas wrote:
>> Why hardware? If a bug is found you can't upgrade it easily.
>
> Because hardware can't be tampered with like software.
If a hardware bug is found you're still lost. Even Apple has found out
the hard way.
>> On mobile, encrypted messengers are the
On 11-08-2020 11:39, Stefan Claas wrote:
> Based on my proposal, I would like to see in the future (OpenSource)
> *hardware* based encryption products, for at least voice comms, which
> is affordable for the majority of us and easy to use, so that people
> do not need to use good old email
On 28-07-2020 14:42, Ralph Seichter via Gnupg-users wrote:
> confused with facts. The amount of BS that can be found on Wikipedia is
> case in point.
Do you have examples of this for security related subjects? I know there
are issues with politically sensitive subjects but that has usually
other
On 28-07-2020 14:12, Robert J. Hansen wrote:
> You can't. There is little to no defense possible against a trusted
> insider that's gone rogue. The best you can do is to vet your people
> carefully and, in the event of treachery, to use whatever legal means
> are available to dissuade future
On 30-06-2020 12:10, Werner Koch via Gnupg-users wrote:
>> Do not break backwards compatibility if you want all people to upgrade.
>
> Do not update so that the bad guys can exploit your legacy software ;-)
>
> There are well documented reasons what we don't support MDC and PGP3
> keys anymore
On 29-06-2020 19:40, Werner Koch via Gnupg-users wrote:
> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
> data encrypted to a legacy v3 key.
Do not break backwards compatibility if you want all people to upgrade.
--
ir. J.C.A. Wevers
PGP/GPG public keys at
On 18-05-2020 18:16, Robert J. Hansen wrote:
> Instead of
> spending 30 minutes talking about why it's okay if public certificates
> are shared, we could instead just say "we're not going to share your
> public key with anyone without your written consent" and spend those 30
> minutes talking
On 16-05-2020 17:56, Robert J. Hansen wrote:
> I tell them, "I will not be able to use OpenPGP with you until such time
> as you UID conforms to the standard.
You confuse "not being able to" with "not willing to".
--
ir. J.C.A. Wevers
PGP/GPG public keys at
On 16-05-2020 15:57, Peter Pentchev wrote:
> But it is
> also fine for other people to say "okay, sure, you have your
> experimental features, but I'll wait until they're standardized until
> I do the work on implementing them myself; also, let's discuss whether
> they are even needed."
Have the
On 12-05-2020 17:04, Sylvain Besençon via Gnupg-users wrote:
>> Probably not. The future is elliptical-curve cryptography, which will
>> bring a level of safety comparable to RSA-16384.
Yes, if attacked by classical computers.
> However, I would be interested to know which ECC cipher would you
On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote:
> For example, a 256 bit elliptic curve key has a similar strength to a
> symmetric key of 128 bits.
Until, of course, a working quantum computer with more than a few qubits
is constructed. Then ECC is much more vulnerable than RSA or
On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote:
> today is Palindrome-Day!
You can always set your computer's clock to a different date if you like
a specific creation date of course.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
On 11-12-2019 22:12, Ajax via Gnupg-users wrote:
> The command: gpg-agent --version gives me the following output:
>
> /---
> gpg-agent: relocation error: gpg-agent: symbol
> assuan_sock_set_system_hooks, version LIBASSUAN_1.0 not defined in
> file libassuan.so.0 with link time referencel
>
On 17-10-2019 21:18, Robert J. Hansen wrote:
> 1. How should we handle the SKS keyserver attacks?
>
> One school of thought says "SKS is tremendously diminished as a
> resource, because using it can wedge older GnuPG installations and we
> can't make people upgrade. We should recommend people
On 16-10-2019 17:37, Binarus wrote:
> - either in understanding the APIs and command line parameters of a
> library / utility, and to keep up with changes, or
>
> - in re-inventing the wheel, which in this case for sure will cost much
> more time and eventually produce catastrophic security
On 16-10-2019 13:02, Daniel Bossert wrote:
> Is anybody using pgp on Android? I did some years ago, would like to,
> but am afraid of security reason.
I use APG for old pgp 2.x keys and OpenKeyChain integrated in k9 mail
for modern keys. The secret keys are protected by a password, that's my
key
On 14-08-2019 11:38, Alessandro Vesely via Gnupg-users wrote:
> Of course, anonymous key poisoning is a kind of gratuitous vandalism.
> Yet, crypto is supposed to work in a hostile environment.
But this is only an extreme form of what an old keyserver already did:
it issued (I believe every 6
On 16-01-2018 15:16, Phil Susi wrote:
> There isn't merit. It became public, not private, the moment you
> published it. I have the right to free speech, the EU be damned. Are
> these numbnuts going to demand that libraries black out newspaper
> articles on microfilm because they mention
On 04-07-2017 18:30, Werner Koch wrote:
>> Is 1.4 vulnerable to this attack as well? I know it ows not use
>> libgcrypt but I'm not sure about the vulnerability.
>
> Maybe. And probably also to a lot of other local side channel attacks.
Is that going to be fixed, or is 1.4 now really
On 29-06-2017 9:28, Werner Koch wrote:
> The GnuPG Project is pleased to announce the availability of Libgcrypt
> version 1.7.8. This release fixes a local side-channel attack.
Is 1.4 vulnerable to this attack as well? I know it ows not use
libgcrypt but I'm not sure about the vulnerability.
On 05-09-2016 0:45, Robert J. Hansen wrote:
>> Do I smell a little bit of a Stockholm syndrome here?
>
> The Stockholm syndrome is half-pop science and half-real.
I know what it is. You have obviously worked too much with those forces
in law enforcement that prefer that citizens can't keep any
On 04-09-2016 3:05, Robert J. Hansen wrote:
> Now, of course I don't want the civil authorities to have
> legislatively-mandated back doors into every system. I don't think
> that's an appropriate solution. But I do believe the civil authorities
> need appropriate mechanisms to pursue their
On 24-08-2016 16:27, Robert J. Hansen wrote:
> Ideally, because they present options that may work better than what we
> currently have. Privacy absolutism -- the position that there is *no*
> justification for infringing on individual privacy, even in the case of
> serious crimes -- doesn't
On 24-08-2016 15:17, Robert J. Hansen wrote:
>>> 2. If yes, why should we listen to you?
>>
>> The child porn excuse is used too often...
>
> But this doesn't answer my question.
>
> Why should we listen to a privacy absolutist?
Why would we listen to anyone for that matter?
>> You can
On 24-08-2016 8:41, Werner Koch wrote:
> Whether the current German rules on when and how constitutional rights
> on privacy can lawfully be suspended are still in compliance with the
> constitution is a different question.
They can try the French method: declare the state of emergency after
On 24-08-2016 4:26, Robert J. Hansen wrote:
> 1. Are you a privacy absolutist?
Yes.
> 2. If yes, why should we listen to you?
The child porn excuse is used too often. The terrorism card is also
played often (not that it would help much against that as all known
exmples show). And
In
http://www.heise.de/newsticker/meldung/Justiz-soll-verschluesselte-Terror-Kommunikation-auswerten-koennen-3302594.html
(German), the German and French government are attacking the right to
encrypt communication of their serfs. Also because of their violent
anti-encryption opinion I was glad to
On 01-08-2016 17:54, whi...@mixnym.net wrote:
> I see that there are three versions of GnuPG available. Assuming
> no hardware constraints, is there any reason to choose Classic 1.4
> or Stable 2.0 instead of Modern 2.1? It appears to do everything
> the others can and more.
It does not. If you
On 31-03-2016 3:41, listo factor wrote:
> On 03/30/2016 12:16 PM, listo factor - listofac...@mail.ru wrote:
> 1) Is it correct that this particular device maker designed a
> sophisticated hardware-based system with the specific purpose of
> thwarting the brute-forcing of ridiculously low-entropy
On 30-03-2016 20:08, Robert J. Hansen wrote:
> My position: "The FBI already had precedent on their side from clubbing
> other smaller companies, and they decided they finally had enough legal
> support to go after the big fish: Apple."
I didn't see this from the legal files, but did the FBI
On 30-03-2016 15:46, Robert J. Hansen wrote:
>> The FBI wanted clearly an easy access to ALL devices and a court ruling
>> to force other companies into compliance...
> I try not to get involved in conspiracy theories, but this one's just...
> outrageous.
Why would this be an outragious
On 30-03-2016 14:16, listo factor wrote:
> If this is all essentially correct, someone who knows that
> the content of his device-at-rest is extremely valuable to an
> attacker would surely use a pass-phrase of adequate length, and
> thus make a potential cooperation from the device builder to
>
On 30-03-2016 13:28, Robert J. Hansen wrote:
>> AFAIK the Cellbrite hack works by replacing the boot manager and so
>> being able to overwriting system memory, just as custom recoveries do on
>> Android phones.
>
> It's also worth noting that we'll likely discover what the exploit was
> in the
On 30-03-2016 11:31, Paolo Bolzoni wrote:
AFAIK the Cellbrite hack works by replacing the boot manager and so
being able to overwriting system memory, just as custom recoveries do on
Android phones.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
On 30-03-2016 11:31, Paolo Bolzoni wrote:
> The TPM contains the AES key protected with the password,
AFAIK on the iPhone 5c at last the password this is not in some special
TMP. Only the iPhones with a fingerprint scanner (5s and above) have
that hardware and should not be vulnerable to that
On 07-02-2016 5:59, Robert J. Hansen wrote:
> LaTeX is unique among document processing systems in that it can
> effortlessly represent the correct orthography for the rock group Spinal
> Tap (which uses a Turkish dotless lowercase i and a Jacaltec umlauted
> n), but that comes with a steep
On 24-12-2015 17:02, Matthias Apitz wrote:
> I do not fully understand why some 4 random words like
>
> Correct, horse! Battery staple!
>
> is a better passphrase like, for example
>
> Und allein dieser Mangel und nichts anderes führte zum Tod.
I do know that using accented
On 17-12-2015 21:29, Robert J. Hansen wrote:
> http://www.technologyreview.com/news/544516/user-error-compromises-many-encrypted-communication-apps/
Signal assumes TOFU, and warns if the key is changed. That can have a
ligitimate reason (new installation), or indicate an attempted mitm
attack.
On 06-10-2015 16:07, Robert J. Hansen wrote:
> Australian researchers have figured out how to make a quantum gate on a
> silicon chip. This is interesting work, because we've spent a *lot* of
> money learning how to etch silicon. Being able to build quantum gates
> on the same material that our
On 28-09-2015 22:26, Robert J. Hansen wrote:
> RSA-3072 is not all that much stronger than RSA-2048, and RSA-4096 adds even
> less.
AFAIK RSA-3072 (and ElGamal-3072) are comparable to AES-128. That's
strong enough for the forseable future; the only known thing they are
vyulnerable to (except
On 04-09-2015 0:46, Robert J. Hansen wrote:
> Here's the question I really want people to answer: "At what point do we
> tell people, 'no, that data format has been obsolete for twenty years,
> we're not going to support it any more, it's not even close to
> conforming to the RFCs we implement'?"
On 28-08-2015 23:27, Werner Koch wrote:
> You want better software? Then make it less complex and separate tasks
> - 2.x does just that - since 2003.
Less complex by introducing communication issues between all separate
parts? We clearly have a different idea of complexity. Separartion of
tasks
On 27-08-2015 23:37, Robert J. Hansen wrote:
The 2.x branch is the future of GnuPG development, has been for some
years now, and is what the GnuPG developers recommend for new users.
I see this attitude a lot among software developers and it irritates me:
drop support for obsolete features and
On 28-08-2015 18:12, Peter Lebbing wrote:
1.4 is fully supported, but occupies a niche. Support is not dropped, nobody
forces you to upgrade.
It's starting to feel a little bit with ECC not coming to 1.4 (missing
function required to exchange messages with 2.1 users) and v3 key
support removed
On 27-08-2015 20:41, Robert J. Hansen wrote:
My rationale for this is simple: we don't want to encourage new users to
use 1.4. We want to encourage new users to use 2.0 and/or 2.1.
Why? I still use 1.4. It is easily usable through the command line if
needed, while 2.x has a very complicated
On 17-07-2015 21:48, Philip Neukom wrote:
I'm having some problems with my key that was created a long time ago
(1994) but updated with new emails over the years.
Then it's a v2 key, and unfortunately GnuPG dropped support for v2 keys.
But fortunately you can install a copy of GnuPG 1.4.x
On 27-03-2015 14:21, Martin Behrendt wrote:
So especially when introducing new algorithms which might be tampered
with, using e.g. an old style RSA Key as one layer and ECC as a second
should help against this. Or am I missing something here?
Why would you want to use a suspect algorithm if
On 26-03-2015 9:59, Mike Ingle wrote:
Is this just a backward
compatibility thing, or is the security of ECC keys not fully trusted yet?
The buzz about Dual_EC_DRBG made it clear that it is possible to design
curves where the designers have access to data that allows them to
compromise the
On 15-03-2015 23:24, Jose Castillo wrote:
but my sense is that more people are vulnerable to passphrase-sniffing
malware than they are to someone sneaking very close to them with
an evil device.
However, perhaps even more people are vulnerable to confisquation by
authorities. If they find a
On 01-03-2015 22:01, flapflap wrote:
Just think about the grandchild trick ([0], unfortunately not in
English) which is a method where the criminals phone (often elder)
people and tell them that they are a grandchild, nephew, or other remote
relative and need some money for some reason
Ah
On 01-03-2015 13:27, Jonathan Schleifer wrote:
You are assuming it will be spoofed for everyone. It could just
be spoofed for you. Anybody who can MITM you and give you a fake
SSL cert that you accept
Well, perhaps they could if the ONLY way I communicated wit someone
would be electronically.
On 02-03-2015 22:23, ved...@nym.hush.com wrote:
http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/
I wouldn't trust it with my real key, but would make a new
'smartphone' key signed with my real key, and comment it as
for phone use only.
You can't, it uses an own key scheme not
On 27-02-2015 19:16, Christoph Anton Mitterer wrote:
This is basically what they want: Anonymous cryptography, whose complete
security is based on some good luck whether you've communicated with the
right peer the first time.
In practice the Textsecure protocol works well of couyrse because
On 27-02-2015 16:57, Mark H. Wood wrote:
It's always good to look for patterns that lead to useful
simplification. But there comes a point at which no further
simplfication can be done without making the system less useful.
Well, in making it more beginner friendly, I imagine a system that
On 27-02-2015 22:30, Christoph Anton Mitterer wrote:
I meant in the sense that I want to trust e.g. Werner's key but haven't
met him in person yet,... but I might have an indirect trustpath to him
via some other persons (which I do trust).
Obviously I'll need any intermediate keys (and enough
On 28-02-2015 18:56, Christoph Anton Mitterer wrote:
I'm not sure but I fear you have some deep misunderstanding of
cryptography...
I'm not talking about mathematically proving something. After all, a
government agency could make a false key with Werner Koch's name on it
and send someone who
On 28-02-2015 13:40, Peter Lebbing wrote:
On 28/02/15 13:28, Johan Wevers wrote:
I don't see even the NSA breaking that.
Heh, famous last words ;).
OK, not cryptographically. They could always try to bribe/threat/torture
someone to cooperate. But that model fails if you want to perform
On 28-02-2015 18:21, Christoph Anton Mitterer wrote:
Not sure what you refer to,... but if it's authentication schemes like
ZRTP (which TextSecure wouldn't use)...
No it's not, it is much simpler. When I call my wife and are in fact
connected with a computer or agent impersonating her, they
On 28-02-2015 15:09, Daniel Kahn Gillmor wrote:
We had this discussion recently over on messag...@moderncrypto.org.
What is described there is a much more confined problem.
It's far from trivial, but breaking voice-based authentication
(particularly in the already-noisy realm of mobile phone
On 27-02-2015 12:15, Peter Lebbing wrote:
So.. back to c't. Since they were writing an article,
Isn't this just an article that started with the article of Moxie
Marlinspike about GnuPG that was also on Slashdot yesterday?
(Its at http://www.thoughtcrime.org/blog/gpg-and-me/).
--
ir.
On 18-02-2015 17:31, Doug Barton wrote:
The most easy solution in such cases is to try IPv4 first, if that
doesn't work or is unavailable, try IPv6 if available.
Yeah, please DO NOT do that. The more traffic we can push to IPv6 the
better for everyone, both now and in the future.
I've seen
On 18-02-2015 12:40, Werner Koch wrote:
Because the resolver tells that there is an record. It seems that
we need to figure out at runtime whether v6 is actually working. Any
hints on how to do that?
The most easy solution in such cases is to try IPv4 first, if that
doesn't work or is
, and windows phone on the smartphone
market. Wether I like that or not and which system is best doesn't
change anything.
--
Met vriendelijke groet,
Johan Wevers
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg
1 - 100 of 337 matches
Mail list logo