Re: Do we need / want (or already have) a mascot for OpenPGP?

2013-07-08 Thread reynt0
On Mon, 8 Jul 2013, Fraser Tweedale wrote: How about an armadillo? On Sun, Jul 07, 2013 at 11:09:20PM +0200, Randolph D. wrote: http://www.pierros.de/images/Masken_Larven_Larve_Domina_schwarz.jpg 2013/7/7 reynt0 rey...@cs.albany.edu: On 07.07.2013, Hauke Laging wrote: . . . Linux has its

Re: Do we need / want (or already have) a mascot for OpenPGP?

2013-07-07 Thread reynt0
On 07.07.2013, Hauke Laging wrote: . . . Linux has its cuddly penguin, BSD its devil, openSUSE the chameleon... Whether the GNU gnu increases the fun factor is a difficult question... ;-) I guess it would be good to have something like that for OpenPGP. Something that people both like and

Re: Recommendations for handling (multiple) user IDs - personal and company ones

2013-06-10 Thread reynt0
On Sun, 9 Jun 2013, Robert J. Hansen wrote: . . . That's why I'm so skeptical of all claims that if we just fix the UI we'll solve the adoption problem. The problem isn't UI. . . . As pointed out at the start of a gestural interface programming book I have, Apple iOS made it possible to use

Re: [OT] Why are you using the GPG / PGP keys?

2013-05-28 Thread reynt0
On Tues, May 28, 2013 Mark H. Wood wrote: . . . Were we doing stuff by email five years ago which really didn't fit the email model very well, which stuff is today escaping to media better designed for it? . . . Speaking only from my own observations, the quick chatty time-wasting email

Re: US banks that can send PGP/MIME e-mail

2013-03-02 Thread reynt0
On Sat, 2 Mar 2013, Anonymous wrote: . . . It's really not a good time to attempt to prop these guys up, when every economy in the world is suffering acutely from their colossal and aggregate incompetence. Not to mention the situations where available intelligence was used to do various

Re: trampCrypt family of CLI programs

2012-08-02 Thread reynt0
On Wed, 1 Aug 2012, Robert J. Hansen wrote: . . . Feynman warned against this thinking in science. He called it cargo-cult science, after the South Pacific islanders who built . . . Really excellent. Thanks for taking the time to contribute so much detail elucidating the metaphor so well.

Re: changing the default for --keyid-format

2012-05-29 Thread reynt0
On Tue, 29 May 2012, Robert J. Hansen wrote: . . . Tabular data is the Right Thing To Do in two major use cases. The first is when you have a noninteractive display of identical field(s) for multiple pieces of data. Consider a printed almanac: if it wants to convey a list of countries and

Re: Draft of nine new FAQ questions

2012-05-25 Thread reynt0
On Thu, 24 May 2012, Robert J. Hansen wrote: On 5/24/12 7:56 PM, reynt0 wrote: . . . The idea is just to maximize usability to maximum audience, . . . Maximum audience is not the same as maximum usability. The two are different properties. When it comes to the written word, ease

Re: Draft of nine new FAQ questions

2012-05-24 Thread reynt0
On Wed, 23 May 2012, Robert J. Hansen wrote: On 5/23/12 6:50 PM, reynt0 wrote: Also, just to mention, best to avoid smart apostrophes/quotes in the final version, naturally, right? Not a whelk’s chance in a supernova. Those aren’t smart quotes, they’re perfectly valid UTF-8 typographic

Re: Draft of nine new FAQ questions

2012-05-23 Thread reynt0
On Wed, 23 May 2012, Robert J. Hansen wrote: . . . I have a draft version of nine frequently asked questions ready for community review: http://keyservers.org/gnupgfaq.xhtml Any and all feedback (save for visual design, layout, etc.) will be gratefully accepted. Thank you! Here

Re: small security glitches

2012-03-02 Thread reynt0
On Fri, 2 Mar 2012, Post Carter wrote: . . . so I think we just have a terminology discrepancy here. What is a bit confusing is using the words encrypted vs. decrypted and ciphertext vs. cleartext when we're talking about an attacker inserting contents into the message. I have been reading

Re: US 11 Circ: 5th Am. passphrase demands

2012-02-24 Thread reynt0
On Thu, 23 Feb 2012, Robert J. Hansen wrote: The United States 11th Circuit Court of Appeals, which is one small step away from the United States Supreme Court, has issued a decision in connection to a grand jury's subpoena requiring the appellant to produce unencrypted copies of six hard

Re: PGP/MIME use

2012-02-20 Thread reynt0
On 2/20/12 2:24 PM, steveb...@gulli.com wrote: . . . Mozilla is founded [funded probably] by Google. Without Google they would be gone. Googles business model is not to protect the user but to analyze him. That is not possible when you use mail encryption. The question is still valid and imo,

Re: Wittgenstein (was Re: PGP/MIME)

2012-02-02 Thread reynt0
On Thu, 2 Feb 2012, Robert J. Hansen wrote: . . . Oh, Wittgenstein's wonderful. I have a quote from him on a Post-It on my monitor: What makes a subject difficult to understand ... is not that some special instruction about abstruse things is necessary to understand

Re: PGP/MIME use (was Re: META)

2012-01-31 Thread reynt0
On Tue, 31 Jan 2012, re...@webconquest.com wrote: Most problems these days on the internet are, in my opinion, related to people being completely anonymous. If you stand behind your words, show so by signing your posts. If the idea is more important than who said it, signing (in both the

Re: STEED - Usable end-to-end encryption

2011-11-04 Thread reynt0
On Oct 25, 2011, gn...@lists.grepular.com wrote: . . . (*) there's a nasty privacy issue when you're able to trigger a receiving email client to do arbitrary http lookups. It means the sender is able to determine when the recipient downloaded the email, and what IP address they were using at

Re: What is the benefit of signing an encrypted email

2011-02-01 Thread reynt0
On Wed, 19 Jan 2011, Werner Koch wrote: I'd like to see a feature in MUAs to wrap the entire mail as presented in the composer into a message/rfc822 container and send the actual message out with the same headers as in the rfc822 container. This allows to sign the entire mail including the

Re: key question

2010-03-16 Thread reynt0
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: . . . In fact, just by posting to this mailing list we have given up some privacy or anonymity. The nature of the way we write, what we think, the experiences that we relate--all of these reveal something about ourselves. When the reader is Big

Re: Continued PKA problems on Windows

2010-03-04 Thread reynt0
On Wed, 3 Mar 2010, Robert J. Hansen wrote: . . . system. For that matter, I'm writing this from a true-blue, certified UNIX: OS X. I think it's quite real, despite the fact major parts of the desktop are closed-source. And despite, sadly, that the EULA for OS10.4+ (like WinXP+, IIUC)

Re: key question

2010-03-01 Thread reynt0
On Sun, 28 Feb 2010, David Shaw wrote: On Feb 28, 2010, at 4:20 PM, reynt0 wrote: On Sat, 27 Feb 2010, Robert J. Hansen wrote: . . . The perfect is the enemy of the good. Just to note, did RJH actually intend to write ...the enemy of the good enough., which I believe is the usual quote

Re: key question

2010-02-28 Thread reynt0
On Sat, 27 Feb 2010, Paul Richard Ramer wrote: . . . Speculation isn't any more progress than an idea is action. Speculation buttressed with facts leads, in time, to progress. But speculation, . . . And speculation often has the very useful effect of stimulating search for new facts where

Re: Fwd: Re: key question

2010-02-28 Thread reynt0
On Sun, 28 Feb 2010, MFPA wrote: . . . no way to prove you're MFPA. So I can't sign your key. If you knew me personally, you could. And as I already said, do you know MFPA's not my legal identity? There used to be somebody in my town who had officially changed his name to FREFF. (Never did

Re: key question

2010-02-28 Thread reynt0
On Sat, 27 Feb 2010, Robert J. Hansen wrote: . . . The perfect is the enemy of the good. Just to note, did RJH actually intend to write ...the enemy of the good enough., which I believe is the usual quote? The two are rather different ideas, even more so if morality has been included as an

Re: Questions about --group for group encryptions.

2010-02-26 Thread reynt0
(responding to only the parts of ZZ's post which seem directed to my prior post) On Wed, 24 Feb 2010, Zy Zylek wrote: . . . By full many-to-many encryption/decryption functionality, do you mean many people and many files? Basically yes (to that). I apologize for being too brief. By

Re: howto secure older keys after the recent attacks

2009-09-10 Thread reynt0
On Fri, 2009-09-11 Christoph Anton Mitterer wrote: . . . sell bad devices that produce poor entropy thus rendering our (symmetric and asymmetric) keys, signatures etc. useless. . . . Just out of curiousity, about how poor entropy might make it easy to break encryption: Is it necessary for

Re: Exposing email addresses on key servers

2009-06-29 Thread reynt0
On Sun, 28 Jun 2009, Werner Koch wrote: . . . really stop us from putting invalid email address in the UID, so is Before doing so, you should evaluate whether it is still worth the trouble. Without an email address most people would not bother to send you an encrypted message. . . . I

Re: How to verify a detached signature

2009-06-15 Thread reynt0
On Mon, 15 Jun 2009 gpg2.20.mani...@dfgh.net wrote [both and are by gpg2.20.maniams]: . . . 3. This sender has so far sent me multiple files with signatures. The data files are named filename_dd_mm_yy.html and the signature is always called signature.bin (no date of no identifiable marks).

Re: Security Concern: Unsigned Windows Executable

2009-06-06 Thread reynt0
On Fri, 5 Jun 2009, Robert J. Hansen wrote: . . . Active MitM is pretty much the military incendiary bomb in the living room. A competent attacker who is controlling your network traffic and wishes to subvert your system has so many ways to do it that you stand effectively no chance of

Re: Security Concern: Unsigned Windows Executable

2009-06-06 Thread reynt0
On Fri, 5 Jun 2009, Robert J. Hansen wrote: . . . I do not believe it is possible to ensure the security of your computers or your communications when in the presence of an active MitM done by a competent attacker. . . . I'm curious. Not counting DOS (which can always be done by cuting your

Re: Keyserver doesn't honour removed signatures

2009-04-17 Thread reynt0
On Thu, 16 Apr 2009, Robert J. Hansen wrote: . . . Add it all together and USENET was at best a network-choking bandwidth hog, and at worst was a lawsuit waiting to happen. And thus, many full USENET . . . H :), when I was starting to learn about computers, I thought USENET was a candy

crypto conference

2009-04-01 Thread reynt0
This might not be the right place to post this, but gnupg-users is the only crypto-related list I follow so I'll mention this here since possibly of interest, and people can repost elsewhere if they feel it appropriate. DIMACS (Center for Discrete Mathematics and Theoretical Computer Science)

Re: OT: virus on the wild?

2009-01-22 Thread reynt0
To be brief, since this is pretty far OT: On Thu, 22 Jan 2009, Faramir wrote: . . . And the third and last question is: why the AV detected the virus _before_ I visited the site? . . . It is easy to imagine a software automatically reviewing all browser page-loads, and, before any links are

Re: New GnuPT-Version and new WinPT-Website

2008-12-02 Thread reynt0
On Tue, 2 Dec 2008, Barry wrote: . . . Sorry for not posting the link. A little Mistake, but... Google is eberybody's friend, I see. Well, maybe not people who worry about Google's mega-info-vacuum adding more information to Google's profile of them. Or (in maximum paranoid mode), googling

Re: Teaching crypto to newbies

2008-12-01 Thread reynt0
On Mon, 1 Dec 2008, Robert J. Hansen wrote: reynt0 wrote: So newbies may be due some slack when they don't do well with learning trust as logic, because it isn't logic. On the contrary, it _is_ logic. It's an exercise in theorem proving. Given: I trust Alice to sign keys; Alice has signed

Re: Signature semantics

2008-11-06 Thread reynt0
On Wed, 5 Nov 2008, David Shaw wrote: . . . I'm always in favor of documentation. I wouldn't restrict it to notes about signatures though - a general quick start guide (there are several out there that can be used or adapted) would be very handy to ship in the installer. If someone really

keyboard sniffing - old topic, more info

2008-11-04 Thread reynt0
Some months ago the topic arose of sniffability of keyboard sounds, about which I gave a little information. I now see that some researchers in der Schweiz recently did sniffing of keyboard EMF radiations which might be of interest here (http://lasecwww.epfl.ch/keyboard/ (note the lab name

Re: Signature semantics

2008-11-04 Thread reynt0
On Mon, 3 Nov 2008, Robert J. Hansen wrote: . . . Right, and this much doesn't bother me. It's when people start ascribing meaning to bad signatures, or the nonexistence of signatures, that I begin to get frustrated. A bad signature doesn't mean the message was tampered with -- the

Re: Signature semantics

2008-11-04 Thread reynt0
On Tue, 4 Nov 2008, Robert J. Hansen wrote: . . . Idiot-proofing is a very bad idea. Systems cannot be made idiot-proof, since we're constantly developing higher and better grades of idiots. Systems can be made user-friendly; they cannot be made idiot-proof. . . . H, so the problem is

Re: Anyone know what became of the Gaim-E Project?

2008-11-04 Thread reynt0
On Tue, 4 Nov 2008, Robert J. Hansen wrote: . . . signatures. They're very useful when you have: * a correct signature * from a validated key * belonging to someone you trust If any of those three conditions fail, I think digital signatures are pretty much useless.

Re: Signature semantics

2008-11-04 Thread reynt0
On Tue, 4 Nov 2008 [EMAIL PROTECTED] wrote: . . . then, in that case, . . . how about this as a feature; . . . FWIW, as others in this thread have suggested without being explicit, the KISS (Keep It Simple Stupid) idea may be better than an aim to have something like a popup wizard

Re: Changing preferences

2008-09-23 Thread reynt0
On Sun, 21 Sep 2008, Robert J. Hansen wrote: . . . GnuPG's preference lists are arcane and counterintuitive, and the source of a great deal of frustration. If it would help to get some documentation written outlining precisely how it works and why, I would be happy to stop the bikeshedding and

Re: Changing preferences

2008-09-21 Thread reynt0
On Thu, 18 Sep 2008, David Shaw wrote: . . . 1) Take the intersection of all recipients preference lists. This rules out any algorithms that would be unusable by someone. 2) Elect a decider. The decider is the one person whose ordered list we will honor the rankings for. If the user has

Re: Someone has harvested my address

2008-09-12 Thread reynt0
On Thu, 11 Sep 2008, Robert J. Hansen wrote: . . . My rephrasing would be, Using GnuPG doesn't make your communications perfectly secure: however, it potentially makes your communications a heck of a lot more secure than you'd be without it. A heavy emphasis needs to be placed on

Re: Someone has harvested my address

2008-09-10 Thread reynt0
On Wed, 10 Sep 2008, Sven Radde wrote: . . . Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen: The conversation we're not having, which I think we should be having, is how can we have trusted communications on a hostile network when we don't know if we really control our own

Re: Welcome to the Quantum Internet - By Davide Castelvecch

2008-08-23 Thread reynt0
On Fri, 22 Aug 2008, Robert J. Hansen wrote: . . . reynt0 wrote: Wouldn't the claim be: cannot listen in on such a transaction between Alice and Bob without affecting the transaction in a detectable way? Depends on how pedantic you want to be, and how you define 'transaction'. Frankly

Re: Securely delete files...

2008-08-22 Thread reynt0
On Thu, 21 Aug 2008, David Shaw wrote: . . . whether the filesystem you are using overwrites in place or not. Many modern filesystems (Reiser, XFS) do not necessarily overwrite in place. More primitive filesystems (like the FAT FS that is used on many external disks) do overwrite in place.

Re: Welcome to the Quantum Internet - By Davide Castelvecch

2008-08-22 Thread reynt0
On Fri, 22 Aug 2008, Charly Avital wrote: . . . This is a magazine feature, I don't know how accurate it might be; if someone cares to comment, I'll be grateful. http://www.sciencenews.org/view/feature/id/34762/title/Welcome_to_the_Quantum_Internet Here's a url for what seems to be the

Re: Some questions

2008-08-11 Thread reynt0
On Sun, 10 Aug 2008, Andrew Berg wrote: . . . I've gotten into the habit of typing my passwords very quickly with very little finger movement in order to make it difficult for anyone looking over my shoulder to figure them out. Or anyone sitting to the side of you two seats away, who is doing

Re: Some questions

2008-08-10 Thread reynt0
On Fri, 8 Aug 2008, Alexander W. Janssen wrote: . . . Werner Koch wrote: Further, entering the passphrase is subject to side channel atatcks like should surfing or recording the sound of the keyboard. Don't tell me there are actually real attacks by recording the sound of the keyboard...?!

Re: I need a portable GUI for GnuPG

2008-07-07 Thread reynt0
On Sat, 5 Jul 2008, Robert J. Hansen wrote: . . . If you decide well, if I _have_ to use an untrusted machine, then at least I'll be using an on-screen keyboard, that's all well and good. . . . FWIW as a generaI comment because I haven't looked at the prog in question: Aren't on-screen

Re: Wildcards in uids?

2008-06-04 Thread reynt0
On Wed, 4 Jun 2008, Phil Reynolds wrote: On Wed, Jun 04, 2008 at 03:18:00PM -0400, David Shaw wrote: I think I did understand the query. You have email addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], and so on. The question was is a catch all suffixes UID possible. The answer to that

Re: playing with cryptography...

2008-05-24 Thread reynt0
On Fri, 23 May 2008, Faramir wrote: reynt0 escribió [format slightly neatened by reynt0]: is Philosophy 101 stuff (as RJH said), but the subject is serious and important, IMHO, and the more people can be aware of this on like a Philosophy 401 basis the less at-risk they will be. Wow

Re: Protecting private key on USB flash drive: how to?

2008-05-12 Thread reynt0
On Sat, 10 May 2008, Faramir wrote: . . . image file (and what would look more innocent that a folder with some pretty girls in swimsuits? well, maybe pretty girls without swimsuits). . . . Photos of happy puppies and sad puppies? ___ Gnupg-users

Re: playing with cryptography...

2008-05-03 Thread reynt0
On 02 May 2008 [EMAIL PROTECTED] wrote: . . . This also doesn't mean that You really are Ramon Loureiro, since the Certificate doesn't carry Your _Name_ indicating that Other People have eyeballed You + Government Issued Documentation affirming that You actually are who You say You are. To

Re: Naming of GnuPG

2008-04-21 Thread reynt0
On Mon, 21 Apr 2008, Christoph Anton Mitterer wrote: . . . - Set up some place (perhaps in the FAQ and even in the download area) where you just say all that, namely: New features will probably go to 2.x, both will have the same security support, for the places where both provide the same stuff

Re: GnuPG v2.x?

2008-04-09 Thread reynt0
On Wed, 9 Apr 2008, Paul wrote: [back to the original, so quotation accuracy is not the issue] On Tue, 08 Apr 2008 22:17:03 +0200 Ingo Kl?cker [EMAIL PROTECTED] wrote: The S/MIME implementation in KMail (via gpgme/gpgsm) is the only Free Software implementation of S/MIME that has passed the

Re: Need tips on how to backup my keys

2008-01-24 Thread reynt0
On Thu, 24 Jan 2008, Steven Woody wrote: . . . But where should I keep the copy? . . . One distinction is a place you control versus a place you don't control. For the latter, there is likely to be a distinction about how much they are like being under your own control. A bank box to

Re: Revoke a key - What is with the decrypted messages?

2007-11-23 Thread reynt0
Thanks. That's exactly what I wanted to be clear about, but didn't want to try to specify all possible details by my (inexpert) self. On Fri, 23 Nov 2007, John W. Moore III wrote: . . . reynt0 wrote: Just a maybe picky question: Does stops new use mean absolutely, like mechanical

Re: PGP messages getting flagged as spam

2007-10-17 Thread reynt0
On Tue, 16 Oct 2007, Robert J. Hansen wrote: . . . Vote-from-home over the internet is probably going to happen sooner or later in some jurisdiction, if only because it is possible for a vendor . . . IIRC there was a Technische Universitaet or similar in Austria a while ago that was going

Re: [Macgpg-users] 1.4.7 packages for OS X

2007-03-08 Thread reynt0
I apologize if I am wasting the time of some busy and appreciated people, but I'd like to ask for clarification: The latest macgpg.sourceforge.net HowTo, v4.16, says gcc 4.0.1 is needed. That gcc seems to be Apple-natively available only with OS 10.4, and not installable in 10.3.9 (with reliable

Re: 1.4.7 packages for OS X

2007-03-06 Thread reynt0
With full appreciation for your and everyone's work, could I ask that, when posting, people be specific which OSX they are talking about? I'm still looking for an easy way to get the latest gnupg but for OS 10.3.9, not OS 10.4.x. That is, a way which doesn't involve having to install extraneous

Re: Logo ballot reminder

2006-12-01 Thread reynt0
On Fri Dec 01, 2006, Alphax wrote: I saw something weird where moving entries around didn't preserve the order that you had put things in... I ended up writing out all the option numbers on scraps of paper and shuffling them around until they were in the order I wanted :) Similar for me

Re: [Announce] GnuPG 2.0.1 released

2006-11-30 Thread reynt0
On Wed, 29 Nov 2006, Benjamin Donnachie wrote: . . . When I get time, I will prepare a packaged up version for MacOS which will be available through the mac-gpg project. May one ask, is there any chance there will be such a packaged version for OS10.3.x as well as for 10.4.x? Presently, the