> On Apr 22, 2015, at 3:07 PM, Peter Lebbing wrote:
>
> What does a smartcard protect against?
>
> Leaking the private key. It protects against more copies of
> the private key material existing.
>
> Explicitly not /usage/ of the key by unauthorized people; it
> cannot protect against that.
I haven’t seen this posted to the list yet, and thought it would be important
for people who use the Yubikey NEO's OpenPGP functionality with GnuPG. It
regards a vulnerability in the Yubikey NEO implementation of the OpenPGP smart
card application:
https://developers.yubico.com/ykneo-openpgp/S
On Apr 7, 2015, at 11:07 AM, Ben McGinnes wrote:
> Ah, but if it is truly just the email address then is it sitting in
> the email field of the UID or the name field?
This has been a very illuminating conversation, and I just want to share
something that led me to this confusion initially. Wh
On Mar 20, 2015, at 2:47 PM, Daniel Kahn Gillmor wrote:
> If the followup is just "click this link" then i agree it's probably
> encouraging bad habits. What if the suggested followup was an e-mail
> reply? What if we require the verifier to sign its outbound messages,
> and tell users "don't do
On Mar 16, 2015, at 8:55 PM, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>
wrote:
> I would urge you to
> reconsider your decision to drop the angle brackets. At
> least one MUA (the MUA I am using to write this message)
> sends the email address enclosed in angle brackets as the
> search string
Sorry about the improper threading; I’ve switched off digest mode, hopefully
this will help.
> On Mar 15, 2015, at 9:06 AM, MFPA wrote:
> Pretty much any system *could* be compromised. Should
> we say all bets are off because there is a possibility the
> system might be compromised?
I may have