Re: How to get your first key signed

On 10/12/2015 5:32 PM, David Niklas wrote: ... > As for why you can't find my key. I thought that if you upload to one > server it will spread it to them all. ... This is true in the case of servers in the sks pool[1], but not true of all keyservers. Some keyservers are privately operated and do n

Re: How to get your first key signed

Sorry to disappear and thanks for your answers! As for why you can't find my key. I thought that if you upload to one server it will spread it to them all. My key is at biglumber.com , I'll copy it, but I'm out of time now. Thanks again, David ___ Gnupg

Re: OpenPGP Signatures (was Re: How to get your first key signed)

> If that was what he meant to say, he didn't say it. Peter's right, and you're moving the goalposts. Please stop. > So, I'll make my question more general. Is anyone aware of a case in > which the validity or enforceability of an OpenPGP signature has been > argued? To repeat my answer: yes.

OpenPGP Signatures (was Re: How to get your first key signed)

"Peter Lebbing" wrote: > On 04/10/15 17:04, joe.asmod...@sigaint.org wrote: >> Therefore, I agree that a blanket holding that all digital >> signatures are non-repudiable is unlikely. > > I think you're moving the goal posts. I think Rob says that he's unaware > of any > case where a specific digi

Re: Unsubscription Request (was: Re: How to get your first key signed)

On Sun, 04 Oct 2015 21:55:49 +0200 Peter Lebbing wrote: Hello Peter, >equally disrespectful if I hadn't been one of the people at least >trying. Whilst it's laudable that people try and help her, I doubt she's even _reading_ stuff from the list any more. *Seeing* it, yes (obviously). As such,

Re: Unsubscription Request (was: Re: How to get your first key signed)

Hello Peter, On Sun, Oct 4, 2015 at 9:55 PM, Peter Lebbing wrote: > I personally > find this statement disrespectful to the people who tried to help miss > Lynn, > when she is not very approachable and offers no more explanation as to > why she can't just unsubscribe than the following > you ce

Re: Unsubscription Request (was: Re: How to get your first key signed)

On 04/10/15 20:05, Richard Höchenberger wrote: > I find the repeated explanations of how to unsubscribe extremely unhelpful, > bordering to disrespect, since it does not provide the kind of help this > users needs. Even though I might share your sentiment on the rest of your mail, I personally fin

Re: How to get your first key signed

On 04/10/15 17:04, joe.asmod...@sigaint.org wrote: > Therefore, I agree that a blanket holding that all digital > signatures are non-repudiable is unlikely. I think you're moving the goal posts. I think Rob says that he's unaware of any case where a specific digital signature was argued to be non-

Unsubscription Request (was: Re: How to get your first key signed)

Hello everyone, On Sat, Oct 3, 2015 at 8:23 PM, Crissy Lynn wrote: > Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! so for whatever reason, this user is obviously unable to successfully unsubscribe from this mailing list. Will not any of the list admins/moderators have mercy and

Re: How to get your first key signed

"Robert J. Hansen" wrote: > Yes, many! Digital signatures are enforceable in U.S. courts. > > Non-repudiability, though, as far as I know has never been successfully > argued. More to the point, I don't think it could be. I assume that enforcebility is determined using the standards applied to

Re: How to get your first key signed

On 10/02/2015 06:55 PM, Faramir wrote: > ... > Well, you don't really need your key signed for that... at least, > not the key with your name on it. You can make a key using the name > "mysoftwarename distribution key", and use it to sign the files. Once > people start using the software, they ma

Re: How to get your first key signed

> Are you aware of a court, anywhere in the world, which has considered the > issue? Yes, many! Digital signatures are enforceable in U.S. courts. Non-repudiability, though, as far as I know has never been successfully argued. More to the point, I don't think it could be.

Re: How to get your first key signed

"Robert J. Hansen" wrote: > The idea that OpenPGP signatures are non-repudiable is a fashionable bit > of nonsense: I am aware of no court, anywhere in the world, which has > recognized OpenPGP signatures as being non-repudiable. > Are you aware of a court, anywhere in the world, which has consid

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Saturday 3 October 2015 at 11:53:26 PM, in , Robert J. Hansen wrote: > If I commit a crime and it gets traced back to the > certificate we shared, then the authorities would have > to figure out which of us was using the certificate. This ma

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Saturday 3 October 2015 at 1:04:55 PM, in , Guan Xin wrote: > The word "will" does not infer history. No, but talking about something that happened in the past does. (-; > You know by > reputation I meant personal reputation, It was clear

Re: How to get your first key signed

> So you three will share the same reputation on the mailing list. Probably not. But if so, I'm fine with that: John and John are good people. And the point we were making -- which was that people invest way too much trust into unvalidated keys and/or possibly untrustworthy people -- was importa

Re: How to get your first key signed

On 2015-10-03 at 20:23, Crissy Lynn wrote: > Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! > If you knew how to subscribe, you should know how to unsubscribe, because: 1) If you told on this mailing list to be unsubscribed for the 600th time, then someone told you how to unsubscri

RE: How to get your first key signed

> Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! Please for the 601st time, follow the directions you have been give before: List-Unsubscribe: , And while you are at it,

Re: How to get your first key signed

> Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! You have been told how to unsubscribe. Perhaps try following those instructions? To recap: visit this URL. http://lists.gnupg.org/mailman/listinfo/gnupg-users At the bottom you'll see text of, "To unsubscribe from Gnupg-users, ge

Re: How to get your first key signed

On Sat, Oct 3, 2015 at 8:19 PM, Robert J. Hansen wrote: >> IF YOU THINK DIGITAL SIGNATURES ARE NOTHING >> THEN PLEASE KEEP AWAY FROM THIS MAILING LIST. > > A digital signature means surprisingly little. It's a kind of weak proof in China, and is much more than nothing. I have absolutely no idea

Re: How to get your first key signed

Please! For the 600th time! REMOVE ME FROM THIS MAILING LIST! > On Oct 3, 2015, at 1:44 PM, Guan Xin wrote: > >> On Sat, Oct 3, 2015 at 7:40 PM, Peter Lebbing >> wrote: >>> On 03/10/15 14:04, Guan Xin wrote: >>> What happened to being guilty once proven guilty until >>> proven innocent? >>>

Re: How to get your first key signed

> IF YOU THINK DIGITAL SIGNATURES ARE NOTHING > THEN PLEASE KEEP AWAY FROM THIS MAILING LIST. A digital signature means surprisingly little. These are the conditions that must be met for a signature to be meaningful: it must be correct, issued from a validated[*] certificate, and belong to a trus

Re: How to get your first key signed

On Sat, Oct 3, 2015 at 7:40 PM, Peter Lebbing wrote: > On 03/10/15 14:04, Guan Xin wrote: >> What happened to being guilty once proven guilty until >> proven innocent? >> Your key is the proof. > > Please stop trolling. > > Peter. "Please don't feed the troll" is an acceptable wording when said t

Re: How to get your first key signed

On Sat, Oct 3, 2015 at 7:40 PM, Peter Lebbing wrote: > On 03/10/15 14:04, Guan Xin wrote: >> What happened to being guilty once proven guilty until >> proven innocent? >> Your key is the proof. > > Please stop trolling. > > Peter. YOU who insist that digital signatures are no proof and worth noth

Re: How to get your first key signed

On 03/10/15 14:04, Guan Xin wrote: > What happened to being guilty once proven guilty until > proven innocent? > Your key is the proof. Please stop trolling. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My k

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 2 October 2015 at 5:51:52 AM, in , Guan Xin wrote: > So you three will share the same reputation on the > mailing list. No, their reputations and posting histories did not become merged. > If at least one of you commit crimes with

Re: How to get your first key signed

On Sat, Oct 3, 2015 at 1:33 PM, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > >> So you three will share the same reputation on the >> mailing list. > > No, their reputations and posting histories did not become merged. The word "will" does not infer history. You know by reputation I mea

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 30-09-2015 a las 14:17, David Niklas escribió: > Hello, Hello, > Now, I'm a student (think penny less), and live in a rural area > 100mi from the nearest LUG and people out here are _very_ computer > illiterate Well, I live in the capital

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 01-10-2015 a las 8:08, Bob Henson escribió: ... >> It /is/ totally meaningless. And we should educate users that it >> is meaningless. > > Agreed. But a new user who has yet to be educated would baulk at > trusting a key signed by Genghis Khan o

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 01-10-2015 a las 5:33, Bob Henson escribió: ... > Authority key, say. But a signature of any person's key that you > have not met and positively verified is worse than useless as it > degrades the whole trust process. Someone who I had never > pre

Re: How to get your first key signed

On Fri, Oct 2, 2015 at 7:01 AM, Anthony Papillion wrote: > > Sorry to just jump in here but I've been following the conversation > and this caught my eye. While checking the email address associated > with a key might not /always/ be useful (like in the case of IM, fax, > etc), it /can/ help provi

Re: How to get your first key signed

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/1/2015 11:51 PM, Guan Xin wrote: > On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen wrote: >> So sure, yes, without identity verification it's hard to have confidence >> in someone's legal identity, absolutely. But even with identity >> ver

Re: How to get your first key signed

On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen wrote: > > Some years ago a user on PGP-Basics was irate over how I refused to sign > my messages. My argument was basically the one you were using: that > nobody on the list had verified my identity and that made my signatures > of marginal use.

Re: How to get your first key signed

On 09/30/15 19:17, David Niklas wrote: > Hello, > I create for myself a gpg key and want to get it signed, however I've > sent out half a dozen requests and so far I've gotten only negative > responses to the effect that I must know so-and-so and we must met in > person (considering that the person

Re: How to get your first key signed

> Names are tremendously fluid instruments. Charles Martel, the hero of > France, didn't actually have a last name... Oh, man -- I completely forgot the great one from modernity. You can be elected President under a pseudonym. Not only that: *it's already happened*. President Ulysses Simpson G

Re: How to get your first key signed

> Doesn't all decent e-mail clients automagically check if a signature is > legit and matches the known public key? Probably not "all", but a lot, yes. The problem comes from you can't force a user to pay attention to a warning. Some years ago a friend of mine, Peter Likarish, invented a browser

Re: How to get your first key signed

(This came just to me, not to the mailing list. I'm assuming Bob intended to reply-all and just hit the wrong button. If I'm in error, Bob, please forgive me.) > What would be no use, and possibly harmful, would be to sign that > certificate just because you had seen it a couple of times - unle

Re: How to get your first key signed

On 15-10-01 13:05:28, Robert J. Hansen wrote: > > Whilst that is partially useful, surely it only vouches for the fact > > that the postings came from the same person and not who that person is - > > and as such is of very limited use. > > Yes. No. Somewhere in between. > > Some years ago a use

Re: How to get your first key signed

> Whilst that is partially useful, surely it only vouches for the fact > that the postings came from the same person and not who that person is - > and as such is of very limited use. Yes. No. Somewhere in between. Some years ago a user on PGP-Basics was irate over how I refused to sign my mess

Re: How to get your first key signed

On 01/10/15 15:18, Mark H. Wood wrote: > > To put my point more plainly: signatures on products and signatures > on keys mean different things, and to gain trust for them works in > different ways. Another case where common PGP terminology is confusing. You don't really "sign a key", you certify

Re: How to get your first key signed

On Thu, Oct 01, 2015 at 09:33:59AM +0100, Bob Henson wrote: > On 30/09/2015 8:58 pm, Robert J. Hansen wrote: > >> I create for myself a gpg key and want to get it signed > > > > More important than whether your certificate gets signed is who signs > > the certificate, who they are connected to, an

Re: How to get your first key signed

On 01/10/15 13:08, Bob Henson wrote: > If the program has been altered the signature will fail, will it not? Well, first of all, a checksum is not a cryptographic hash. It has different properties: a checksum usually has no collision resistance. Which is why the designers of WEP should have never

Re: How to get your first key signed

On 01/10/15 11:35, Peter Lebbing wrote: > > Well, it doesn't help me at all to know that the developer of said > software indeed has "David Niklas" on his passport. That gives me no > more confidence in the integrity of the software than if he had a > different name. All I need to know is that tha

Re: How to get your first key signed

On 01/10/2015 11:35 am, Peter Lebbing wrote: > On 01/10/15 10:33, Bob Henson wrote: >> There might be a possible exception where there is no individual >> person to meet - the verification signature with software, say. When >> you have downloaded the software from the same, known website for >> som

Re: How to get your first key signed

On 01/10/15 10:33, Bob Henson wrote: > There might be a possible exception where there is no individual > person to meet - the verification signature with software, say. When > you have downloaded the software from the same, known website for > some time it might be reasonable to sign the verificat

Re: How to get your first key signed

On 30/09/2015 8:58 pm, Robert J. Hansen wrote: >> I create for myself a gpg key and want to get it signed > > More important than whether your certificate gets signed is who signs > the certificate, who they are connected to, and so on. > > Some people will sign almost anything. People who get a

Re: How to get your first key signed

On Wednesday 30 September 2015 15:58:51 Robert J. Hansen wrote: > > I create for myself a gpg key and want to get it signed > > More important than whether your certificate gets signed is who signs > the certificate, who they are connected to, and so on. > > Some people will sign almost anything.

Re: How to get your first key signed

> I create for myself a gpg key and want to get it signed More important than whether your certificate gets signed is who signs the certificate, who they are connected to, and so on. Some people will sign almost anything. People who get a reputation for signing anything develop a reputation for