Re: robots.txt and archiveteam.org...

1. GDPR, as any other bloated, convoluted, written in inhuman juridical language law, mostly benefits two kinds of people: lawyers and government-related officials. It incurs a lot of ado and expenses, gives vast grounds for power abuse and so on and so forth. It also benefits third kind of

robots.txt and archiveteam.org...

On 7/5/19 10:13 AM, Wiktor Kwapisiewicz via Gnupg-users - gnupg-users@gnupg.org wrote: As for robots.txt not all archiving sites respect it: https://www.archiveteam.org/index.php?title=Robots.txt Thanks for posting the link. To quote from the text there: > What this situation does, in fact,

Privacy vs. security

On 01/16/2018 06:05 PM, Andrew Gallagher - andr...@andrewg.com wrote: Ultimately, the PGP ecosystem prioritises security over privacy. They are not the same thing, and in some cases they are in conflict. Somewhat of a generalization, but essentially correct. More precisely - if I may - it's

Re: a step in the right direction

On 01/16/2018 01:17 AM, Robert J. Hansen - r...@sixdemonbag.org wrote: The SKS community has been discussing a considerably worse nightmare scenario for the past seven years. Considering the possibility that this particular system will be forced to conform to a more contemporary (and I would

Re: a step in the right direction

On 01/15/2018 10:45 PM, Robert J. Hansen - r...@sixdemonbag.org wrote: Which would be step in the right direction when compared with the current situation. ..> First, people in bad places like Syria and Iran lose the ability to... I would never allow my opinion of what are the "good places"

a step in the right direction

On 01/15/2018 06:53 PM, Andrew Gallagher wrote: On 15 Jan 2018, at 16:39, Stefan Claas wrote: Maybe we need (a court) case were a PGP user requests the removal of his / her keys until the operators and code maintainers wake up? You also need to prove that removal is

Re: New smart card / token alternative

On 11/08/2017 03:45 PM, Peter Lebbing wrote: On 08/11/17 16:27, ved...@nym.hush.com wrote: or, more practically, just post anonymously to a blog or website, using --throw-keyid, with a pre-arranged understanding that the sender and receiver post to and check certain websites I did not phrase

Re: New smart card / token alternative

On 11/06/2017 10:26 PM, ved...@nym.hush.com wrote: On 11/6/2017 at 4:55 PM, "Tim Steiner" wrote: With this solution you can keep the key offline, carry it with you and it > works even on a computer where you can't install software... > We are interested to hear feedback on

Re: Key Storage Abstraction?

On 10/15/2017 08:35 PM, Jamie H. via Gnupg-users wrote: > ...I'd like to actually access GPG*as* a library, but all the tools I see seem to invoke GPG as a program and then operate on its standard output... What you need is GPG as a pure crypto-engine; completely divorced from all key

Attack costs

Firstly, I think it's really easy to get carried away here with security measures one probably doesn't really need. If you do have a need for air-gapped computers then you also have a need for a lot of other security measures. 1) How good are the locks on the doors to your house? 2) What about

Safe transfer via USB devices

Use a USB floppy disk reader/writer and shred the floppies with cleartext after the use. Writing sensitive cleartext to USB flash "drives" that could potentially fall into the adversary's hands should be avoided. ___ Gnupg-users mailing list

Re: Key expiration question

On 06/13/2017 01:02 PM, Peter Lebbing wrote: An expired key will definitely not be able to issue valid signatures after the expiration date. There is nothing ~in the key itself~ that prevents any key from being used to create signatures, it is only a feature of the software used to create

Re: Don't send encrypted messages to random users

On 05/29/2017 11:52 PM, Konstantin Gribov - gros...@gmail.com wrote: Primary reason to publish a key is to make it available for fetching. It isn't a permission for anyone to annoy a person anyhow. Keservers have every characteristic of a public directory. What possible reason there could be

Don't send encrypted messages to random users

This I find surprising: if one does not want receiving encrypted messages from those that he does not have existing relationship with, why does he publish his public key on public keyservers? ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: "general purpose OS is fundamentally inadequate for trusted operations"

On 04/24/2017 12:42 AM, Robert J. Hansen wrote: -- but [smartcards] do not rise to the level listo is > ascribing to them... The central argument I've been making in this thread is not the promotion of smartcards, it is something best summarized by the quote from the Laurie-Singer paper:

yes, Virginia...

On 04/22/2017 11:12 AM, Peter Lebbing wrote: It feels like you are saying "if you have a real need for communication security, a smartcard will make you more secure"; No, this is not what I'm saying... When asked, I simply repeat that I completely agree with the above quoted "Laurie/Singer

"general purpose OS is fundamentally inadequate for trusted operations"

On 04/10/2017 03:25 AM, Robert J. Hansen - r...@sixdemonbag.org wrote: Preserve the security of your endpoint system. Nothing else will do. The year is 2017 and this is simply no longer a practical strategy: "...Our position is that the general purpose operating system is fundamentally