ps pool due to
expiry of the CRL
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-
nse acceptance information in the
package.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F
On 14.10.2019 22:45, Werner Koch wrote:
> On Mon, 14 Oct 2019 20:43, Kristian Fiskerstrand said:
>
>> was suggested by Kristian and Andre: talking to SCDaemon (scd) with IPC.
>> Details need to be discussed, but it would be an optional solution, that
>
> Given that
Unix socket or TCP/IP (windows) with usual user
system protection? Or... extend the RNP library to talk to scd? Needs
discussion and contributors, but that should wait until we're certain
what library TB will use.
"""
References:
[notes]
https://wiki.gnupg.org/OpenPGPEmailSummit
On 30.08.2019 01:02, Brian Minton wrote:
> On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote:
>> On 4/25/19 9:20 AM, Bernhard Reiter wrote:
>>> Wikipedia points out a strong sensitivity of the algorithm to the quality
>>> of
>>&g
[cross-certification section]
https://gnupg.org/faq/subkey-cross-certify.html
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keys
On 7/3/19 3:20 PM, Andrew Gallagher wrote:
> On 03/07/2019 13:45, Kristian Fiskerstrand wrote:
>> There are various ways this can be used for other
>> attack vectors as well, so they are mostly just ignored.
>
> Any of those attack vectors applicable to keyservers attempting
relying
on specification of TPK URI for refresh is privacy issues related to
callbacks and/or DoS. There are various ways this can be used for other
attack vectors as well, so they are mostly just ignored.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Tw
keys.
This isn't really a major point given rfc6979 (
https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the
Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature
Algorithm (ECDSA)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuousca
-capable anyways by updating the flags on its self-signature)
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E
> On 17 Oct 2018, at 14:26, Sandro Knau� wrote:
>
> Hey,
>
>> - Friday evening: we will meet at the Winery (Trois Tilleuls Street 1, 1170
>> – Brussels, www.winery.be ). People from Mailfence will be there from
>> 19:30, I will arrive a little later.
I’ve arrived in brussels and checked into h
On 9/7/18 9:19 PM, Daniel Kahn Gillmor wrote:
> On Fri 2018-09-07 14:31:16 +0200, Kristian Fiskerstrand wrote:
>> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote:
>>> I'm unable to replicate this. here's a transcript of my session,
>>> testing pinentry-qt 1.
On 9/7/18 2:31 PM, Kristian Fiskerstrand wrote:
> On 9/5/18 4:20 PM, Daniel Kahn Gillmor wrote:
>> I'm unable to replicate this. here's a transcript of my session,
>> testing pinentry-qt 1.1.0-1+b1 and gnupg 2.2.10-1 on debian
>> testing/unstable:
>
> whic
debian testing with Cinnamon selected during install.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA
On 9/5/18 9:39 AM, Kristian Fiskerstrand wrote:
> without DISPLAY env var, qt version automatically falls back to curses
> variant despite the argument
Wrote too quickly there; This is actually wrong, it never actually falls
back to curses, it just
lso on pinentry 1.1.0 on gnupg 2.2.10
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
---
On 08/29/2018 12:41 AM, Kristian Fiskerstrand wrote:
> On 08/28/2018 08:22 PM, Daniel Kahn Gillmor wrote:
>> On Sat 2018-08-25 08:18:48 +0200, sunri...@gmx.com wrote:
>>> Hi all, since some days I'm having an issue with pinentry, I've set the
>>> default
ough... but something
is possibly off with the handling of DISPLAY (as far as I've gotten in
my debugging that is the only diff in the env vars between the direct
invocation and the bash propmpted one, it might not be ultimately relevant)
--
Kristian Fiskerstrand
B
rver, but why would it respond to such a host on
port 80? it responds to keys.gnupg.net on 11371 (default HKP port) as it
should. Fut for HKPS/HTTPS there aren't any expectations for
certificates for the SNI etc, hkps.pool.sks-keyservers.net is used for
that by default.
--
---
only the
secring that needs converting to the new format to begin with. I don't
see any benefit in changing the method here
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyb
tely, in case there is sync issue
and that has been updated without secring being updated.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB A
.
> two marginally-trusted keys or one fully-trusted key is needed to
> validate another key. The maximum path length is three."
>
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/ma
On 04/17/2018 10:48 PM, Paul H. Hentze wrote:
>
>
> On 17.04.2018 17:48, Daniel Kahn Gillmor wrote:
>> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote:
>>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote:
>>>> Actually those commands
>>>
er version if needed.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
&qu
wn: The owner of data XXX is going to be
> changed. This is not allowed." and it did that with every file in that
> folder.
Seems like a mixup of chmod and chown there, although make sure the user
is correct as well.
--
Kristian Fiskerstrand
Blog: https
On 02/22/2018 11:13 PM, Kristian Fiskerstrand wrote:
> On 02/22/2018 11:03 PM, Henry wrote:
>> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
>> :
>>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>>> Touché :) Indeed, didn't notice it was an old file
On 02/22/2018 11:03 PM, Henry wrote:
> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
> :
>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>> Touché :) Indeed, didn't notice it was an old file/signature , then
>> gnupg 1.4 is the recommended official suggestion pres
On 02/21/2018 11:53 AM, Peter Lebbing wrote:
> On 21/02/18 10:48, Kristian Fiskerstrand wrote:
>>>gpg: Signature made Tue May 4 23:03:11 2004 JST
>> [...]
>>
>> The author should sign the package using a more modern and secure keyblock.
> Note that not the ke
doing
> wrong. Any help or suggestions much appreciated. TIA
The author should sign the package using a more modern and secure keyblock.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public Op
ularly.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Manus manum lavat
On
On 02/03/2018 04:15 PM, Pijus Kar wrote:
> Is it something for the version incompatibility or in the key?
As far as I can see the keyblock referenced is DSA2, which is specified
in FIPS-186-3 from 2009, and you're using a gnupg version from 2002.
--
----
On 01/22/2018 06:31 PM, Daniele Nicolodi wrote:
> On 1/22/18 5:31 AM, Kristian Fiskerstrand wrote:
>> On 01/22/2018 08:33 AM, Werner Koch wrote:
>>> That is an acceptable user-id. I would have used a dot as delimiter but
>>> that is a personal taste.
>>
>>
On 01/22/2018 08:33 AM, Werner Koch wrote:
> That is an acceptable user-id. I would have used a dot as delimiter but
> that is a personal taste.
Dot is a permitted part of username in POSIX though, while : is not :)
--
----
Kristian Fiskerstrand
Blog:
is used by gpgscm by default.
* Parallel tests fail if building without tofu support
* sparc architecture has a failure in
tests/openpgp/quick-key-manipulation.scm:219 on assert
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
--
On 01/17/2018 01:20 AM, Daniel Kahn Gillmor wrote:
> On Tue 2018-01-16 22:56:58 +0100, Kristian Fiskerstrand wrote:
>> thanks for this post Daniel, my primary question would be what advantage
>> is gained by this verification being done by an arbitrary third party
>> rathe
action doing this would just shift
responsibilities to a third party for something better served (and
already happens) locally.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at h
On 01/16/2018 10:33 PM, Matthias Mansfeld wrote:
> On 16 Jan 2018 at 20:08, Kristian Fiskerstrand wrote:
>
>> On 01/16/2018 07:50 PM, Andrew Gallagher wrote:
>>> Agreed. I was thinking more along the lines of having some method of
>>> causing signature vandalism t
On 01/16/2018 11:40 AM, Stefan Claas wrote:
> Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
>
>> On 01/15/2018 09:23 PM, Stefan Claas wrote:
>>> No? I for one would like to be sure that i am the only person who
>>> can upload my public key to a key server
at a governmental issued ID at some point.
But yes, this comes back to security != privacy
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers
nces:
["funny sks"]
https://sks-keyservers.net/pks/lookup?op=vindex&search=0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock a
not aware of any production rollout, although I believe a
proof of concept was written based on it for a thesis.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyserv
ld help privacy is also a questionable matter,
as the full data store is downloadable, so anyone can download it
containing the data wanting to be hidden.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
-
mit201512/EmailValidation?action=AttachFile&do=get&target=EmailValidation20151207.pdf
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-key
On 01/16/2018 06:05 PM, Peter Lebbing wrote:
> On 16/01/18 17:47, Kristian Fiskerstrand wrote:
>> I'm somewhat interested in hearing how this scheme would work in the
>> case of a compromised private key. Mainly;
> I was merely using the description of the basics of it as a
een added (b) before a
revocation has been added (as measured on the specific keyserver).
(iii) iff (ii)(a) and (ii)(b) differ; how would you handle a sync
conflict of said data?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
--
specific CA is left to the user performing the trust calculation,
incidentally also allowing for signatures from multiple CAs.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp
On 01/06/2018 12:23 AM, Lou Wynn wrote:
> On 01/05/2018 12:54 PM, Kristian Fiskerstrand wrote:
>> On 01/05/2018 05:29 PM, Lou Wynn wrote:
>>> The auditing key is certified by the root key and stays with the latter
>>> in my design. Only the administrator can make policy
On 01/05/2018 05:29 PM, Lou Wynn wrote:
> On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote:
>> There are easily scenarios where a customer forgets to add the "auditing
>> key", making the data unavailable to the organization, in particular in
>> context of loss
art with libgcrypt's gcry_pk_get_keygrip()
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
---
primary the individual can create new subkeys, and the primary will
always have signing capability (if not always specified as usage flag).
In most setups the employee won't need/shouldn't have the private key
info for the primary for this (and a few other) reasons.
--
---
On 01/05/2018 09:41 AM, Lou Wynn wrote:
> On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote:
>> Businesses have reasonable need to access their data, so they need to
>> have access to his private keys, which contradicts "which
>> is meant to prevent others from using h
On 01/05/2018 01:46 AM, Lou Wynn wrote:
> On 01/04/2018 04:15 PM, Kristian Fiskerstrand wrote:
>> On 01/05/2018 01:12 AM, Lou Wynn wrote:
>>> I guess that you've missed somewhere I said in my previous posts that
>>> the end user chooses his own password to protec
out your priorities, if the corporation
doesn't have access to the data (without the specific encryption key
being included) what is the value?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public
On 01/05/2018 01:04 AM, Lou Wynn wrote:
> On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote:
>> On 01/04/2018 11:24 PM, Lou Wynn wrote:
>> but you add the requirement that all end users sending email to you
>> require to validate the auditing key as well (auditing is
proposal would
require client handling of e.g notation data?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109
o validate the auditing key as well (auditing is likely wrong
word, archiving is more likely relevant). for auditing you certainly
want gpg-agent monitoring of assuan channel in separate domain.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twi
l or re-initialize user's email
> client, which includes the client plugin.
I don't see this as disagreeing, this means you don't have any benefit
from storing the email in encrypted form once it hits the corporate
network, so you're better off decryption
On 01/04/2018 10:38 PM, Lou Wynn wrote:
> On 01/04/2018 03:02 AM, Kristian Fiskerstrand wrote:
>> On 01/04/2018 02:34 AM, Lou Wynn wrote:
>>> No, there is no business unit level certifying key. An enterprise only
>>> has one root key, which is the ultimate certificat
y is still
alive) ? That never exposes key material to client, i.e always operates
within corporate infrastructure and removes a lot of complexity and
allows for easier indexing/searching.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
T
ey material (but it would require some setup to ensure they don't have
it, so smartcard is generally easier)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks
:)
>
> - Why do the algorithm ids (22 for „Ed25519“ and 18 for „Curve25519“)
> not work?
Algorithm IDs are not directly tied to curves, so that would be more
related to Key-Type than Key-Curve (and corresponding subkey), not the OIDs.
--
----
Kristia
ame
Name-Email: m...@example.com
Creation-Date: 20170801T18
Expire-Date: 0
%commit
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3
a new device.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Expect the bes
3 neo on NFC works quite well with K9Mail from
OpenKeychain.. Not that it should be used too much, a smartphone is one
of the least secure devices around.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Pu
he picture, maybe you can elaborate a bit on that?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B
mple reason that SOME users can't do things
right, it has to destroy any chance of a proper security for others.
Which incidentally is similar to a lot of other over-simplification and
interconnections throughout the world, but that is a separate
discussion. Finding the least common denomin
nce
userbase the protocol has to be a binary obfuscated mess instead of
trying to re-use well-established protocols in text form, just in case
the user walks into the maze for some reason.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
ally, they are stubs, as indicated by the "#"-sign, so not
available on the computer you're executing the signature operation on.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenP
On 09/22/2017 10:48 PM, Stefan Claas wrote:
> On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote:
>>> And in place of the fake sigs it says erroneous MPI value. :-)
>>
>> And what happens if you do gpg --import-options import-clean
>> --recv-key ? is
On 09/22/2017 10:29 PM, Stefan Claas wrote:
> On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote:
>> On 09/22/2017 10:08 PM, Stefan Claas wrote:
>>> Thanks for the information! Can you tell me please how to import
>>> a pub key with a local client, so that
gpg --check-sigs report?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
--
On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote:
> So all is as it is supposed to be
Just to add, the alternative if not considering WoT is a direct
validation structure, a user in this case should only (locally) sign
keyblock information of communication peers after a direct fingerpr
ch point invalid data, including invalid signatures,
results in discarding of the data, which would filter out the signature
in this case.
So all is as it is supposed to be
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
COURT OF APPEALS
No. 15-CF-322
09/21/2017
P RINCE J ONES , A PPELLANT ,
V .
U NITED S TATES , A PPELLEE .
Appeal from the Superior Court
of the District of Columbia
(CF1-18140-13)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
T
a scenario I'd likely use a custom pinentry, that'd be the same
recommendation for a password manager etc, as for security info is
passed in the socket that is protected using regular unix user
permissions / ACLs and anyways same as regular pinentry uses.
--
----
K
On 07/27/2017 05:29 PM, Stefan Claas wrote:
> On Wed, 26 Jul 2017 23:41:23 +0200, Kristian Fiskerstrand wrote:
>> On 07/24/2017 04:27 PM, Stefan Claas wrote:
>>> The file is signed and can be verified. Just wondering (after
>>> googling) what this means, because i h
5c80f2
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Amantes sunt a
cular keys (as well as protecting against several other threat
vectors)?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA
system directory?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"
upg-users/2017-March/057877.html
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Better to keep
On 06/14/2017 07:38 AM, Yanzhe Lee wrote:
> Maybe there was a priority when sign files with RSA and ECC keys? How
> can I override it?
Try adding a "!" suffix to the fingerprint specification of the subkey
--
----
Kristian Fiskerst
nspection, you'd want the
tofu model in gpg 2.1?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E
be lsigned by a local
CAkey anyways? Doing a manual graphical verification doesn't seem to
provide anythin in terms of security here.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public O
res from other users, those got
lost at the revocation point, but your new contacts can sign the new UID
without issue.
Deleting the old UID will have no practical effect if it has been
distributed to a keyserver historically.
--
Kristian Fiskerstrand
Blo
and the likes , in earlier versions of
2.1 this requires allow-pinentry-loopback for the gpg-agent but in
recent versions that is defaulted to on.
Can you provide the information when this argument is used and the
scenario that fails including explicit error messages?
--
assphrase. I'm using a default installation of GnuPG 2.1.19 on Windows 7 (it
> may go on a Win Server 2012 box for production).
look into --pinentry-mode loopback
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
-
On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote:
> On 04/20/2017 09:17 PM, Paul Taukatch wrote:
>> I've attached my public key and debug log but please let me know if there
>> is any other information that might be helpful.
>
> The first reference that springs to
4880]
https://tools.ietf.org/rfc/rfc4880.txt
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6
cus on algorithms
in general likely so, the likelihood of operational security being the
issue is far greater
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.n
more details
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Qui audet vincit
W
On 02/21/2017 03:15 PM, Peter Lebbing wrote:
> If Kristian Fiskerstrand says it's okay for SSH servers to refresh their
> keyring every 20 or 30 minutes from the public keyserver netowrk, then I
> guess it really is :-). I had estimated it as inappropriate.
Keep in mind, the keyrin
on't do. This looks to be the
> painful step in the process.
... it depends...
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3
from non-compromised devices.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Qui
ly to avoid having to revoke all if
one is compromised.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6
On 02/17/2017 09:46 PM, si...@web.de wrote:
> Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand:
>> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
>>
>> That change would also be consistent with
>> https://git.gnupg.org/cgi-bin/gitweb
On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
> On 02/17/2017 07:00 PM, si...@web.de wrote:
>> keyserver hkps://jirk5u4osbsr34t5.onion
>> keyserver hkps://keys.gnupg.net
>>
>> would solve this I guess.
>
> No, that'd result in certificate errors an
On 02/17/2017 07:00 PM, si...@web.de wrote:
> keyserver hkps://jirk5u4osbsr34t5.onion
> keyserver hkps://keys.gnupg.net
>
> would solve this I guess.
No, that'd result in certificate errors and non-responsive servers
--
----
Kristian Fiskers
ges this
behavior.
Whether that is intended or not is a question for your distribution's
package maintainer.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
On 02/15/2017 03:27 PM, Adam Sherman wrote:
> On 2017-02-15 06:51 AM, Kristian Fiskerstrand wrote:
>>> Do I need access to my master key in order to expand my web of
>>> trust? This seems like quite a restriction.
>> Yes, although you can generate a local CA key to
(non-exportable) signature
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
1 - 100 of 306 matches
Mail list logo