Re: Your Thoughts

Alyssa Ross writes: >> > For example, why isn't ask-cert-level a default? >> >> For an alternative view on ask-cert-level see also: >> >> https://debian-administration.org/users/dkg/weblog/98 > > Oh, interesting. Thank you for showing this to me. I had it in my head > that a "weak" signature would

Re: SKS Keyserver Network Under Attack

Mirimir via Gnupg-users writes: >>- Embeds a hardcoded list of already-disrupted keys for which packets >> should be filtered-out when serving them > > That's what I meant. Plus some mechanism for testing keys, so poisoned > ones are blocked, as soon as possible. > > It'd also be useful f

Re: SKS Keyserver Network Under Attack

> 1. We would have to ensure that all keyservers block the same > uploads. One permissive keyserver is a backdoor into the entire > system. We can’t block bad keys at reconciliation time for the same > reasons that have been hashed to death already. One way to do that, though it would mean officia

Re: [NIIBE Yutaka] STM32F103 flash ROM read-out service

On 06/06/2018 06:56 PM, NdK wrote: > Il 06/06/2018 17:49, Tom Li via Gnuk-users ha scritto: > >> BTW, BasicCard and JavaCard seemed even more obscure and I cannot find >> any public service of cracking. > Because those are (at least should be) based on secure chips. > >> But it does not solve any

Re: Breaking changes

On 05/23/2018 01:40 AM, Dennis Clarke wrote:>> The longer you leave people with maintenance, the longer they will want >> maintenance past the deadline. >> > > [1] Then a service org should exist that charges fees. This service org already exists, is named in the message you replied to, and is ca

Re: Breaking changes

On 05/22/2018 11:48 PM, Dennis Clarke wrote: > On 05/22/2018 05:38 PM, Dan Kegel wrote: >> Lessee... >> https://en.wikipedia.org/wiki/GNU_Privacy_Guard >> already give an end-of-life date for 2.0, but none for 1.4. >> And since Ubuntu 16.04 includes 1.4, there are likely >> to still be a few vocal

Re: Efail or OpenPGP is safer than S/MIME

On 05/14/2018 09:45 AM, Werner Koch wrote:> The topic of that paper is that HTML is used as a back channel to create > an oracle for modified encrypted mails. It is long known that HTML > mails and in particular external links like > are evil if the MUA actually honors them (which many meanwhile

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 01/16/2018 10:56 PM, Kristian Fiskerstrand wrote: > On 01/16/2018 07:40 PM, Daniel Kahn Gillmor wrote: > >> The keyserver network (or some future variant of it) can of course play >> a role in parallel to any or all of these. for example, keyservers are >> particularly well-situated to offer k

Re: DRM?

On 01/16/2018 06:33 PM, Kristian Fiskerstrand wrote: > On 01/16/2018 06:19 PM, Leo Gaspard wrote: >> Also, there are flaws with this approach (like after a private key >> compromise, it would allow to prevent dissemination of the revocation >> certificate) [1], but fi

Re: DRM?

On 01/16/2018 05:42 PM, Robert J. Hansen wrote: >> The mechanism to prove you are the owner of a public key is pretty much >> in place :-). A mechanism where you can have a signed statement saying >> "on 2018-01-16, I allow my key to show up on keyservers" > > It is theoretically and practically p

Re: a step in the right direction

On 01/16/2018 09:20 AM, Robert J. Hansen wrote:>> should not be viewed as "discussing a [...] nightmare scenario", > > I am darkly amused at someone who has not done the research into what > the nightmare scenario *is* telling me that it's not a nightmare scenario. > > The nightmare scenario is m

Remove public key from keyserver (was: Re: Hide UID From Public Key Server By Poison Your Key?)

On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove >> anything from the public key server, You are >> wondering if you can add something to it -- for >> example, add another 100 of UIDs with other >> people's real name and emails so people can not >> find out which one is

Re: FAQ and GNU

On 10/10/2017 08:23 PM, Daniel Kahn Gillmor wrote: > On Tue 2017-10-10 19:46:28 +0200, Leo Gaspard wrote: >> That said, I wonder whether the sentence with “all GNU/Linux distros >> feature a suitable GnuPG tool” would make sense at all, given GnuPG is, >> as pointed out by

Re: FAQ and GNU

On 10/10/2017 06:45 PM, Daniel Kahn Gillmor wrote:> (where is the FAQ maintained, btw? how is one expected to submit > patches?) I based my quotes on https://dev.gnupg.org/source/gnupg-doc.git , directory web/faq, running `git grep Linux`. > I suspect that many minimal Linux-based operating syst

Re: FAQ and GNU

On 10/10/2017 03:13 PM, Mike Gerwitz wrote: > On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote: >> A request has been made that each instance of "Linux" in the FAQ be >> replaced with "GNU/Linux". > > GnuPG is part of the GNU operating system. Anywhere "Linux" is used to > describe

Re: FAQ and GNU

On 10/10/2017 05:55 PM, Mario Castelán Castro wrote: > On 10/10/17 01:46, Robert J. Hansen wrote: >> With respect to specific distros, we ought use the name the distro >> prefers. The Fedora Project releases Fedora, not Fedora GNU/Linux. The >> Debian guys release Debian GNU/Linux, not Debian Lin

Re: [Feature Request] Multiple level subkey

(you forgot to Cc: the list, I'm Cc-ing back as it doesn't seem voluntary to me) On 09/10/2017 07:50 PM, lesto fante wrote: >> Besides, there is no > need to give the same masterkey to your bank and your smart fridge, as > they will (likely?) not participate in the Web of Trust anyway > > not the

Re: [Feature Request] Multiple level subkey

On 09/10/2017 06:36 PM, lesto fante wrote: > I am a bit confused by your "C key" terminology, i assume you are > referring to what i call "master key", or level 2 key, that now I want > to call SIGN KEY. Oh yes sorry, I forgot to explain my terminology. > Lets all agree on the terminology please.

Re: [Feature Request] Multiple level subkey

On 09/10/2017 04:36 PM, Daniel Kahn Gillmor wrote:>> My user case is simple; maintain my identity even if my master key is >> compromised. Tho achieve that, I think about a multilevel subkey >> system. > > I'm not sure how the proposed multi-level system is an improvement over > an offline primary

Re: Is it possible to certify (sign) a key using a subkey?

On 08/18/2017 06:33 PM, Peter Lebbing wrote:>> In my own and other people's keyrings and in key servers. > > The impact of you doing this on your own seems vanishingly small. And > the ratio of disk space used by a public keyring versus everything else > that is commonly on a computer isn't differ

Re: SHA1 collision found

On 02/23/2017 09:00 PM, Robert J. Hansen wrote: > [...] > > To which I said, "Create two keys with the same fingerprint. Sign a contract > with one, then renege on the deal. When you get called into court, say "I > never signed that, Your Honor!" and present the second key. This collision > p

Re: Should I be using gpg or gpg2?

On 09/29/2015 06:04 PM, Robert J. Hansen wrote: > But you never know when a George Dantzig will appear. And that means I > think your long-term confidence in RSA is misplaced. Does that mean long-term confidence in elliptic curves would be better placed? Does ECC rely on a stronger mathematical

Re: GPG's vulnerability to quantum cryptography

On Sun, Jul 06, 2014 at 12:21:13PM -0400, Robert J. Hansen wrote: > On 7/6/2014 3:36 AM, The Fuzzy Whirlpool Thunderstorm wrote: > > Using GPG encryption is still good, although it's vulnerable to > > quantum cryptodecryption. > > In point of fact, we don't know this. > > Theoretically, science-f

Trust and distrust [was: Re: Google releases beta OpenPGP code]

On Sun, Jun 08, 2014 at 01:13:27PM -0400, t...@piratemail.se wrote: > And personally, I do not trust google. Enough said in that regard. ;-) Sorry to hijack this topic, but... Why would you trust the OpenPGP.js developers? At least, you can hold google as accountable for their actions. You cannot

Re: GPG's vulnerability to brute force

On Sat, May 17, 2014 at 10:51:40AM +0200, Peter Lebbing wrote: > You can't object to scientific theories on the basis that you did not > study them properly. It might have a bit of a Socratic feel to it, but > it quite falls short of the real thing. Just for the record: I do not feel like I ever o

Re: GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

First: I agree with everything skipped in the quotes. On Wed, May 14, 2014 at 07:31:26PM -0400, Robert J. Hansen wrote: > On 5/14/2014 6:11 PM, Leo Gaspard wrote: > > BTW: AFAICT, a nuclear warhead (depending on the warhead, ofc.) does > > not release so much energy, it just r

Re: GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

On Wed, May 14, 2014 at 01:15:40PM -0700, Robert J. Hansen wrote: > >First, the Margolus-Levitin limit: "6.10^33 ops.J^{-1}.s^{-1} maximum" > >So, dividing the 2^128 by 6.10^33 gives me a bit less than 57000 J.s > >(assuming testing an AES key is a single operation). So, that's less than > >1min fo

GPG's vulnerability to brute force [WAS: Re: GPG's vulnerability to quantum cryptography]

On Wed, May 14, 2014 at 12:21:36PM -0400, Robert J. Hansen wrote: > > Since the well known agency from Baltimore uses its influence to have > > crypto standards coast close to the limit of the brute-forceable, 128 > > bit AES will be insecure not too far in the future. > > No. > > https://www.gnu

Re: PGP/GPG does not work easily with web-mail.

On Wed, Apr 09, 2014 at 11:37:52PM +0100, One Jsim wrote: > PGP/GPG does not work easily with web-mail. > > Most email, today, is read and write using the browser > > POP ou IMAP mail is a rarity > > That is the problem > > Some text/link in this problem? > > José Simões Well... I started to

Re: Using an RSA GnuPG key for RSA ?

On Fri, Apr 04, 2014 at 01:32:47PM -0400, ved...@nym.hush.com wrote: > I trust them to encrypt to my public key, and was planning to work out > a system where I could decrypt on my own without it going through > them. > (they could have my public key, and verify my RSA signature). > > [All this is

Re: Using an RSA GnuPG key for RSA ?

On Thu, Apr 03, 2014 at 09:56:18AM -0400, ved...@nym.hush.com wrote: > On Wednesday, April 02, 2014 at 5:41 PM, "Leo Gaspard" > wrote: > > >If you are not to use the key in gnupg, why make gnupg generate it > >in the first > >place? Why not use the pro

Re: Using an RSA GnuPG key for RSA ?

On Wed, Apr 02, 2014 at 01:55:21PM -0400, ved...@nym.hush.com wrote: > Is it possible to generate an RSA key in GnuPG, and then use it (not in > GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA > messages? > > If so, what portion of the GnuPG generated RSA key functions as

Re: Multiple Subkey Pairs

On Thu, Mar 13, 2014 at 07:25:46PM +0100, Martin Behrendt wrote: > One use case would be, if you use portable thunderbird only those > encrypted messages get compromised which can be decrypted by the local > key and which were composed in a certain time-frame. On my side, I > still can read message

Re: MUA "automatically signs keys"?

On Thu, Jan 30, 2014 at 09:09:45PM +, MFPA wrote: > > The advantage you have here though is the web of trust. > > 1 level 1 signature would probably be not enough, but > > 5, 10, 100..? > > If the signatures are made automatically be email software without > verifying identity, where is the we

Re: Non email addresses in UID

On Fri, Jan 24, 2014 at 11:08:16PM +, Steve Jones wrote: > [...] > > Finally there's the possibility of explicit verification, if someone > sends me a challenge and I publish that challenge's signature on my > blog then that verifies that I am in control of that private key and > can publish t

Re: Revocation certificates

On Fri, Jan 24, 2014 at 07:47:15AM +0100, Werner Koch wrote: > [...] > > > the usefulness of revocation certificate, just the advice always popping > > out to > > generate a revocation certificate in any case, without thinking of whether > > it > > would be useful. > > Okay, that is a different

Re: Revocation certificates [was: time delay unlock private key.]

On Thu, Jan 23, 2014 at 04:38:19PM -0800, Robert J. Hansen wrote: > >Well... I don't know how you type > > With a nine-volt battery, a paperclip, and a USB cable that has only one end > -- the other is bare wires. You wouldn't believe how difficult it is to do > the initial handshake, but once yo

Re: Revocation certificates [was: time delay unlock private key.]

On Thu, Jan 23, 2014 at 03:08:40PM -0800, Robert J. Hansen wrote: > >Yet, I agree I would not send my encrypted private key. But having your > >divorced > >spouse bruteforce 90 bit of passphrase just to annoy you... seems quite an > >unreasonable threat to me. > > It is. That's why that's not the

Re: Revocation certificates [was: time delay unlock private key.]

On Thu, Jan 23, 2014 at 01:27:58PM -0800, Robert J. Hansen wrote: > [...] > > And yes, a strong passphrase is still the strongest bar against these > backups being misused -- but unless you've got an eye-poppingly strong > passphrase, your best bet is to rely on denying attackers access to the dat

Re: Revocation certificates

On Thu, Jan 23, 2014 at 10:26:33PM +0100, Werner Koch wrote: > On Thu, 23 Jan 2014 21:25, ekl...@gmail.com said: > > > PS: Please, do not tell me one might have forgotten his passphrase. In this > > case > > there is no harm in shredding the secret key and waiting for the expiration > > Experien

Re: Revocation certificates [was: time delay unlock private key.]

On Thu, Jan 23, 2014 at 09:59:30PM +0100, Pete Stephenson wrote: > [...] > > They would need to be trustworthy > enough to not abuse the revocation certificate by revoking your > certificate, but otherwise would not need to be given absolute trust > that comes with having a copy of the private key

Revocation certificates [was: time delay unlock private key.]

On Thu, Jan 23, 2014 at 05:53:57PM +, nb.linux wrote: > Hi Uwe, > > Johannes Zarl: > > So in short: > > - a delay won't help you > > - protect your private key so this won't happen > > - always use a strong passphrase > and in addition: if you fear (or know) that your secret key was copied

Re: sign encrypted emails

On Sat, Jan 04, 2014 at 10:28:26PM +0100, Johannes Zarl wrote: > On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote: > > On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote: > > > In your example, the fact that a message was encrypted makes the > >

Re: sign encrypted emails

On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote: > On 01/03/2014 06:56 PM, Leo Gaspard wrote: > > On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote: > >> On 01/03/2014 08:12 AM, Leo Gaspard wrote: > >>> So changing the e

Re: sign encrypted emails

On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote: > On 01/03/2014 08:12 AM, Leo Gaspard wrote: > > So changing the encryption could break an opsec. > > If someone's opsec is based on the question of whether a message was > encrypted or not, then they

Re: sign encrypted emails

On Fri, Jan 03, 2014 at 06:21:05AM -0500, Robert J. Hansen wrote: > On 1/3/2014 4:57 AM, Hauke Laging wrote: > > Would you explain how that shall be avoided? > > I already did, in quite clear language. > > You are trying to solve a social problem ("people don't have the > background to think form

Re: Sharing/Storing a private key

On Fri, Dec 13, 2013 at 12:12:12PM +0100, Mindiell wrote: > Hello, > > I'm using GPG regularly and did want to "save" my private key. > > [...] > > I found (http://point-at-infinity.org//) too, but it wasn't > really usable beacause it has too many limitations IMHO. > > So I did it mys

Re: Renewing expiring key - done correctly?

On Tue, Dec 03, 2013 at 07:26:09PM -0500, Robert J. Hansen wrote: > On 12/3/2013 6:59 PM, Hauke Laging wrote: > > It may be possible to prevent someone from seeing the revocation > > certificate. Certificate distribution is a lot less secure than the > > keys themselves. But you cannot trick someon

Re: article about Air Gapped OpenPGP Key

On Tue, Nov 19, 2013 at 02:50:20PM -0800, Robert J. Hansen wrote: > >>That depends on your threat model. If you fear juridical problems (say, > >>for example, some encrypted mails have been intercepted by the police > >>but they can't decrypt them), destroying the key will prevent you from > >>havi

Re: article about Air Gapped OpenPGP Key

On Tue, Nov 19, 2013 at 09:06:18PM +0100, Johan Wevers wrote: > On 19-11-2013 7:07, Robert J. Hansen wrote: > > Even then, scrubbing data is usually a sign you've misunderstood the > > problem you're trying to solve. If you're concerned about sensitive > > data lurking on your hard drive the solut

Re: Signing keys on a low-entropy system

(Failed again to answer to list. I really ought to replace this shortcut...) On Fri, Nov 08, 2013 at 12:11:38AM +0100, Johannes Zarl wrote: > Hi, > > I'm currently thinking about using a raspberry pi as a non-networked stand- > alone system for signing keys. Since I haven't heard anything to the c

Re: trust your corporation for keyowner identification?

On Thu, Nov 07, 2013 at 08:10:11PM +0100, Leo Gaspard wrote: > I'm sorry, I think I gave too much importance to your earlier statement > ("Signing is to be an attestation to the validity of the key.") [...] Sorry again, just noticed it actually wasn't you statement

Re: trust your corporation for keyowner identification?

On Thu, Nov 07, 2013 at 01:40:22PM -0500, Daniel Kahn Gillmor wrote: > On 11/07/2013 11:09 AM, Leo Gaspard wrote: > >Except they do not have to know X, nor that he makes perfectly reasonable > >decisions in signing keys. > > > >And I believe it's not noise. Let

Re: trust your corporation for keyowner identification?

On Thu, Nov 07, 2013 at 07:21:28PM +0100, Peter Lebbing wrote: > On 2013-11-07 17:09, Leo Gaspard wrote: > >If I understood correctly, the depth parameter you are talking about > >is useless, except in case there are trust signature. And you agreed with > >me for > >

Re: trust your corporation for keyowner identification?

On Thu, Nov 07, 2013 at 11:48:07AM +0100, Peter Lebbing wrote: > On 06/11/13 23:28, Leo Gaspard wrote: > > But mostly because signing is an attestion of your belief someone is who > > (s)he is. Thus, if you believe someone is who the UID states (s)he is as > > much as if you

Re: trust your corporation for keyowner identification?

(Sorry, failed again to reply to the list, so you probably have this message twice again.) On Tue, Nov 05, 2013 at 05:32:38PM -0800, Paul R. Ramer wrote: > >On Tuesday 5 November 2013 at 11:03:19 PM, in > >, Paul R. Ramer wrote: > > > >> But if you sign it with an exportable > >> signature, you ar

Re: trust your corporation for keyowner identification?

On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote: > I don't know how I can explain it any better than I have. I think you are > confusing assertion with verification. Unless you can differentiate between > the two in this case, I don't think you will see what I am talking about. >

Re: trust your corporation for keyowner identification?

On Mon, Nov 04, 2013 at 01:44:51PM -0800, Paul R. Ramer wrote: > MFPA wrote: > >Why do we need to establish they can also sign? Isn't it enough to > >demonstrate they control the email address and can decrypt, by signing > >one UID at a time and sending that signed copy of the key in an > >encrypt

Re: trust your corporation for keyowner identification?

(Sorry, I once again sent the message only to you and not to the list -- I really need to get used to mailing lists, sorry !) On Sat, Nov 02, 2013 at 07:08:15PM -0700, Paul R. Ramer wrote: > On 11/02/2013 02:25 PM, Leo Gaspard wrote: > > Isn't the presence of a UID sufficient f

Re: The symmetric ciphers

> The reason why the cryptanalytic community looked into whether DES forms a > group is because the 56-bit keyspace was too short and we critically needed > a way to compose DES into a stronger algorithm. That's not the case with > AES. Disclaimer : I am not a mathematician, only a student in mat

Re: Recommended key size for life long key

On Sun, Sep 08, 2013 at 06:29:01PM -0400, Robert J. Hansen wrote: > A factor of 125 is so small as to be irrelevant. Well... If factoring takes a month, with the factor of 125, it takes ten years. Seems not that irrelevant to me. Of course, this is made using completely made up numbers, as I do n

Re: Recommended key size for life long key

On Sun, Sep 08, 2013 at 03:15:24PM -0400, Avi wrote: > As must I. Robert has one of the clearest modes of exposition from > which I have ever been fortunate to benefit. I have to agree on this point. The issue is that I disagree with him on his stance : in my opinion, having a schedule stating wh

Re: understanding GnuPG "--clearsign" option

On Mon, Aug 12, 2013 at 11:40:35AM +0300, Martin T wrote: > Hi, > > one can sign the message with "--clearsign" option which adds ASCII > armored(Radix-64 encoding) "PGP signature" at the end of the text. > This "PGP signature" contains the UID of the signer, timestamp and key > ID. However, two q

Re: Clarifying the GnuPG License

On Wed, Jun 12, 2013 at 11:49:39AM +0200, Nils Faerber wrote: > IANAL but from my understanding: > 1. by invocation of the commandline commands: Yes > 2. invocation of GnuPG exe: Yes > 3. Linking, dynamically or statically, against a GnuPG DLL, presumed > that it is licensed under GPL: No IANAL ei

Re: gpg for anonymous users - Alternative to the web of trust?

Well... IMHO you did all what you had to/could do, if you want to keep confidentiality : claiming your public key in association with your name on several websites. Now, just hope no covert agency will try to impersonate you until a lot of people verify and sign your public key. On Tue, Mar 26, 20