-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Friday 26 February 2016 at 3:29:53 PM, in
, Robert J. Hansen wrote:
> "What do you *mean*, future keys will be expanding
> to 64 characters?!"
That could be mitigated against by switching from hexadecimal to, for
example, base 32. Preferably
On 02/26/2016 07:29 AM, Robert J. Hansen wrote:
Why is it more resource intensive?
It's far more intensive of a much more limited resource: user happiness.
Normal users tend to find hexadecimal frustrating:
"It's a *number*? But it uses A through F."
This is something that only experience
On 26/02/16 15:29, Robert J. Hansen wrote:
>
> "It's a *number*? But it uses A through F."
>
> "I don't understand. Why do I need the long ID?"
>
> "Wait, now I need to use the *entire* fingerprint?"
>
> "You can't be serious: I need to give a 40-character serial number
> whenever I need to id
> Why is it more resource intensive?
It's far more intensive of a much more limited resource: user happiness.
Normal users tend to find hexadecimal frustrating:
"It's a *number*? But it uses A through F."
"I don't understand. Why do I need the long ID?"
"Wait, now I need to use the *entire*
On Thu 2016-02-25 09:50:57 -0500, Kristian Fiskerstrand
wrote:
> Well, it depends. Sure, should always use full fingerprint for
> certificate validation etc, no question asked. But the internal keyid
> and the packet structure use 64 bit keyid as identifier
I consider it a bug that GnuPG uses th
On 02/25/2016 06:50 AM, Kristian Fiskerstrand wrote:
On 02/25/2016 02:38 PM, Peter Lebbing wrote:
(If this feels like droning on to you, just stop reading and go do
something fun!)
On 2016-02-25 14:25, Kristian Fiskerstrand wrote:
Now, the real question discussed here though isn't really
col
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/25/2016 08:30 PM, Peter Lebbing wrote:
> On 25/02/16 20:24, Kristian Fiskerstrand wrote:
>> 2.0 supports --batch --passphrase-fd 0
>
> Oh! I must have mixed up some things.
>
> Thanks for the rectification!
>
> I think perhaps I was thinking
On 25/02/16 20:24, Kristian Fiskerstrand wrote:
> 2.0 supports --batch --passphrase-fd 0
Oh! I must have mixed up some things.
Thanks for the rectification!
I think perhaps I was thinking of entering a smartcard PIN, for which you do
need a loopback pinentry (right??), and which was impossible t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/05/2016 12:23 PM, Peter Lebbing wrote:
> Furthermore, I think a reasonably often asked question is "Why
> can't I provide the password in a pipe to GnuPG anymore?". Old 1.4
> allowed this, but 2.0 is incapable of it and 2.1 needs a loopback
>
> Yeah, the no validation mode of encrypt-to really does call for
> prudence in this specific case
If an attacker can control your gpg.conf file, there are so many worse
things to do that it's hard for me to take this seriously.
___
Gnupg-users mailing
On 25/02/16 19:11, Robert J. Hansen wrote:
> If an attacker can control your gpg.conf file, there are so many worse
> things to do that it's hard for me to take this seriously.
I never, ever, once, argued the opposite. I sure hope you're not implying I am,
or that Kristian is. If you recall, I tal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/25/2016 03:54 PM, Peter Lebbing wrote:
> On 2016-02-25 15:50, Kristian Fiskerstrand wrote:
>> (in particular in cases where action from yourself is required,
>> default key for signing etc).
>
> I agree. Note that the discussed case, encrypt-t
On 2016-02-25 15:50, Kristian Fiskerstrand wrote:
(in particular in
cases where action from yourself is required, default key for signing
etc).
I agree. Note that the discussed case, encrypt-to, silently encrypts to
unvalidated keys that happen to be on a keyring. Just pick any key on
your ke
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/25/2016 02:38 PM, Peter Lebbing wrote:
> (If this feels like droning on to you, just stop reading and go do
> something fun!)
>
> On 2016-02-25 14:25, Kristian Fiskerstrand wrote:
>> Now, the real question discussed here though isn't really
>
(If this feels like droning on to you, just stop reading and go do
something fun!)
On 2016-02-25 14:25, Kristian Fiskerstrand wrote:
Now, the real question discussed here though isn't really collission
but preimage attack, that is a different story and far more difficult
:)
Thanks for the li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/05/2016 01:34 PM, Robert J. Hansen wrote:
>> If somebody can create a long-keyID-collision...
>
> That seems to be a big 'if' right now. Short collisions are easy;
> long ones are nontrivial. Or did I miss something?
https://www.ietf.org/ma
Le 2016-02-03 21:12, Robert J. Hansen a écrit :
> Time for my semi-regular FAQ perusing and updating. I plan on updating
> the FAQ to include a link to the FSF's email security guide, but that
> seems like such an unobjectionable change I'm not going to kick it
> around the list for pre-approval.
On 05/02/16 13:34, Robert J. Hansen wrote:
> Or did I miss something?
No, I don't think so. But I was under the impression that for a while now,
people were generally advised not to rely on the uniqueness of long key ID's.
And since this seems to be all you rely on with encrypt-to, key validity no
> If somebody can create a long-keyID-collision...
That seems to be a big 'if' right now. Short collisions are easy; long
ones are nontrivial. Or did I miss something?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/l
On 05/02/16 13:06, Robert J. Hansen wrote:
> What's the justification?
If somebody can create a long-keyID-collision, and you download your own key by
that key ID and also import the other one, they might be able to be the one that
gets "encrypted-to", I think? Another way to get on your keyring
> Okay, I take that back, since section 8.7 clearly shows options you could put
> in
> gpg.conf :).
I confess to some slight misdirection here. Is that a valid gpg.conf
file? Sure. Will it get someone in trouble? Probably not. But is it
needed? Not really. :)
> Regarding that section, I t
On 05/02/16 11:55, Peter Lebbing wrote:
> In fact, "things to put in gpg.conf" would seem directly opposed to:
Okay, I take that back, since section 8.7 clearly shows options you could put in
gpg.conf :).
Regarding that section, I think
> # Always add these two certificates to my recipients list
On 03/02/16 21:12, Robert J. Hansen wrote:
> Beyond that, if there's anything
> you've always thought the FAQ should mention, now's a great time to
> suggest it. :)
I just notice section 8.19. It says to verify a download:
> gpg foo.zip.asc
As became clear in this[1] discussion, you should alwa
On 05/02/16 00:25, da...@gbenet.com wrote:
> A list of do's and don'ts
Don't use --expert
> - weird and impracticable keys
... Don't use --expert ;P
> common sense usage - common sense
Stick to the defaults
> things to put in your gpg.conf :)
keyserver ...
And that's it.
Really. Having a l
> When the GnuPG default was not to show the key usage, I would have said:
> unnecessary detail. In my opinion, in a very broad sense, the FAQ should be
> aimed at people sticking to the defaults, not the people who tinker.
Let me put on the maintainer hat and speak ex cathedra a moment: The FAQ
i
On 04/02/16 09:56, Robert J. Hansen wrote:
> What say y'all?
When the GnuPG default was not to show the key usage, I would have said:
unnecessary detail. In my opinion, in a very broad sense, the FAQ should be
aimed at people sticking to the defaults, not the people who tinker.
But now GnuPG show
On 04/02/16 09:29, Robert J. Hansen wrote:
>> Out of curiosity - have you reviewed the latest version of ESD?
>
> The FSF asked Patrick Brunschwig and me to review it prior to
> publication. I don't know if Patrick turned in criticisms; I gave a
> couple of pages' worth. I'm pleased with the end
On 04/02/16 08:56, Robert J. Hansen wrote:
>> I propose to explain the different key in the keyring:
>
> As near as I can tell, this question isn't asked very frequently. If
> the opinion of the list is that it is, though, I'll certainly add it.
> What say y'all?
>
>
> Out of curiosity - have you reviewed the latest version of ESD?
The FSF asked Patrick Brunschwig and me to review it prior to
publication. I don't know if Patrick turned in criticisms; I gave a
couple of pages' worth. I'm pleased with the end result.
_
> I propose to explain the different key in the keyring:
As near as I can tell, this question isn't asked very frequently. If
the opinion of the list is that it is, though, I'll certainly add it.
What say y'all?
___
Gnupg-users mailing list
Gnupg-users
Hi Robert,
It's a great idea to update the FAQ.
I propose to explain the different key in the keyring:
- C for Certify. This key certify all other key in your keyring
- E for Encrypt. It's use for encryption/decryption. Be aware with
encryption subkey.
- S for Sign. This key is use for sign docum
On Wed, Feb 03, 2016 at 03:12:59PM -0500, Robert J. Hansen wrote:
> Time for my semi-regular FAQ perusing and updating.
Gorgeous!
> I plan on updating
> the FAQ to include a link to the FSF's email security guide,
Out of curiosity - have you reviewed the latest version of ESD?
signature.asc
De
Time for my semi-regular FAQ perusing and updating. I plan on updating
the FAQ to include a link to the FSF's email security guide, but that
seems like such an unobjectionable change I'm not going to kick it
around the list for pre-approval. Beyond that, if there's anything
you've always thought
On Wednesday 08 July 2015 at 17:45:55, Robert J. Hansen wrote:
> I have a small update to the FAQ that's ready to be pushed, but I'm held
> back slightly by my lack of comfort with org-mode (the format used for
> the FAQ).
Cool, please push it.
(And think about adding a version information.)
> Th
> Is this still true? My suggestion would to add some date indication
> so that readers can assume which version of the FAQ they are looking
> at.
I have a small update to the FAQ that's ready to be pushed, but I'm held
back slightly by my lack of comfort with org-mode (the format used for
the FA
First, the good news: yes, I did receive your emails about the FAQ.
Second, the bad news: I'm on vacation and won't be responding to them
for another couple of days. I haven't vanished, I'm just on holiday. :)
signature.asc
Description: OpenPGP digital signature
__
On Fri, 3 Jul 2015 11:01, bernh...@intevation.de said:
> Is this still true? My suggestion would to add some date indication
> so that readers can assume which version of the FAQ they are looking at.
There is just one offical version and that is at https://gnupg.org -
Documentation - FAQs, or:
Hi Robert,
again thanks for maintaining the GnuPG FAQ, I believe it is really important
to have good quality source for frequently needed answers!
Some suggestions:
https://gnupg.org/faq/gnupg-faq.html says
| When was this FAQ last checked for accuracy?
| October 2012.
Is this still true? My sug
38 matches
Mail list logo