On 07/03/2019 07:16 AM, Ryan McGinnis via Gnupg-users wrote:
> Not sure why the phone number thing bothers people -- having a
> phone at all in the first place means you are easily tracked.
Well, that's why I only use phones (and not smartphones) for routine
meatspace stuff where I don't care
On 03.07.2019 20:30, Alyssa Ross wrote:
Oh, interesting. Thank you for showing this to me. I had it in my head
that a "weak" signature would count as a marginal in the web of trust,
but I suppose I was wrong about that.
In that case, I agree that ask-cert-level doesn't make sense as a
default.
Alyssa Ross writes:
>> > For example, why isn't ask-cert-level a default?
>>
>> For an alternative view on ask-cert-level see also:
>>
>> https://debian-administration.org/users/dkg/weblog/98
>
> Oh, interesting. Thank you for showing this to me. I had it in my head
> that a "weak" signature
> > For example, why isn't ask-cert-level a default?
>
> For an alternative view on ask-cert-level see also:
>
> https://debian-administration.org/users/dkg/weblog/98
Oh, interesting. Thank you for showing this to me. I had it in my head
that a "weak" signature would count as a marginal in the
Alyssa Ross wrote:
Apologies for my late reply, I have overlooked your reply, sorry!
> For example, why isn't ask-cert-level a default? I'm guessing it's just
> because at some point it didn't exist, and the developers didn't want to
> make a backwards incompatible change. But it means that, out
Not sure why the phone number thing bothers people -- having a phone at all in
the first place means you are easily tracked. What Signal (and any encryption
system, really) does is try to prevent in-transit interception and surveillance
of the actual data content. It can't hide the metadata
On 07/02/2019 05:18 AM, Robert J. Hansen wrote:
>> Signal went the other way. Build a verifiably secure communications
>> platform so easy that literally anyone can figure it out.
>
> I think this is a misunderstanding of Signal.
> Signal is, by its very nature, tightly tied to one specific
That is true that I am probably being unfair - my focus on GPG for email is
more a nostalgic sadness that secure (beyond TLS transport) email never really
became ubiquitous. In the end the protocol of email itself couldn’t keep up
with way people needed to communicate, so email is now a bit of
> Signal went the other way. Build a verifiably secure communications platform
> so easy that literally anyone can figure it out.
I think this is a misunderstanding of Signal.
OpenPGP is, by its very nature, agnostic to ... well, just about
everything. It was originally intended for email but
By the way, I just *love* my iPhone’s desire to help me with words it thinks
I’ve misspelled. :)
-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
‐‐‐ Original Message ‐‐‐
On Tuesday, July 2, 2019 7:10 AM, Ryan
Right, I probably wasn’t being very clear with what I meant. What I’m saying
is that people who use PGP at the moment are rather tech savvy, lady over from
the legacy of the fact that for most of PGP’s existence a user *had* to be tech
savvy to even get PGP backed out of the metaphorical
On 01.07.2019 23:08, Juergen Bruckner via Gnupg-users wrote:
Well that not pretty "in the wild" but its pretty new:
The Austrian Parliament and some parts of the Austria Government have
released a website [1] where the PGP-Keys of Members of the Parliament
and other people in the government are
On 02.07.2019 00:58, Alyssa Ross wrote:
For example, why isn't ask-cert-level a default?
For an alternative view on ask-cert-level see also:
https://debian-administration.org/users/dkg/weblog/98
I do agree that no two people use gpg in the same way.
Kind regards,
Wiktor
--
On 01/07/2019 23:55, Ryan McGinnis via Gnupg-users wrote:
> Null modem transfer of your messages? Yikes. To me that’s the issue
> with PGP in general as it relates to secure communications
None of any of the alternatives to OpenPGP you mention solve the issue
that a secure offline system sets
Am Dienstag 02 Juli 2019 00:58:32 schrieb Alyssa Ross:
> A large part of what makes alternative encryption software like Signal
> successful is its simplicity.
Though at some points it is too simple to use (from my point of view).
My main point of critic are the central server architecture, the
Am Dienstag 02 Juli 2019 05:47:56 schrieb Robert J. Hansen:
> Remember that for about fifteen years GnuPG received basically nil for
> funding.
In the last 20 years there has been significant cross-funding through
contracts that the companies g10 code, KDAB, some other companies and
Intevation
On Mon, 1 Jul 2019 23:47, r...@sixdemonbag.org said:
> for development. My donation capped at $500. For several of those
> years, I was one of the largest individual contributors to GnuPG.
Right, your donation encouraged me to keep on working on this set of
tool which is used at many more
On Mon, 1 Jul 2019 22:58, h...@alyssa.is said:
> For example, why isn't ask-cert-level a default? I'm guessing it's just
> because at some point it didn't exist, and the developers didn't want to
Because we have good defaults and options to chnage them in the config.
We do not want to expose
> GnuPG is cross-platform and in no way tied to Linux, but I think you
> have a point about the CLI-focused design of it. The problem isn't that
> it's CLI-based per se, but that this design has made it far too easy for
> it to accumulate features without much consideration for how the whole
>
> I think also (sorry to say this Werner!) the problem is that
> GnuPG is Linux cli based and not like MacPGP from Mr. Zimmermann,
> back in the 90's was GUI based with much lesser commands and
> easier to learn. There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and
Ryan McGinnis via Gnupg-users wrote:
>
> Null modem transfer of your messages? Yikes. To me that’s the issue with
> PGP in general as it relates to secure communications - the nerds and the
> criminals and the spies know how to work it, but your average end user
> doesn’t need their step one
Null modem transfer of your messages? Yikes. To me that’s the issue with PGP
in general as it relates to secure communications - the nerds and the criminals
and the spies know how to work it, but your average end user doesn’t need their
step one to be “go to a Goodwill in a city you don’t
Hello to all,
Am 01.07.19 um 00:23 schrieb Ryan McGinnis via Gnupg-users:
> Does anyone know what PGP’s peak adoption rate was? I always loved it in
> concept but very very rarely saw people actually trying to use it in the
> wild, outside of the types of people who read this list.
Well
On Mon, 1 Jul 2019 15:13, gnupg-users@gnupg.org said:
> distribution keys in Gentoo. However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
Actually gpg updates expired keys via WKD. However, to not break things
and not to go out
Andrew Gallagher wrote:
> On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> > I use encryption tools *offline*
> > on my Notebook and then copy/paste the encrypted messages
> > into CoolTerm to transfer them then via my USB to USB Nullmodem
> > cable to my online computer. :-)
>
> That
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain. I suppose this has been discussed to death, but
wouldn't it make sense
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops, forgot to sign it.
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level
On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote:
> I use encryption tools *offline*
> on my Notebook and then copy/paste the encrypted messages
> into CoolTerm to transfer them then via my USB to USB Nullmodem
> cable to my online computer. :-)
That seems excessively baroque. What's your
Michał Górny via Gnupg-users wrote:
> On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote:
> > On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > > I agree with Professor Green. Maybe he and his students can
> > > program a POC something more simple, preferably in Golang and
> > >
Andrew Gallagher wrote:
> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang? Not Rust? :-P
He he, I have tried
On 2019/07/01 15:47, Michał Górny wrote:
> I do find it odd how many projects choose exotic languages and then
> become defunct because few years later nobody wants to touch them.
> Presuming you're still able to build them. It's ironic people still
> don't see that even though SKS has just
On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote:
> On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> > I agree with Professor Green. Maybe he and his students can
> > program a POC something more simple, preferably in Golang and
> > while using the NaCl* library.
>
> Golang?
On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote:
> I agree with Professor Green. Maybe he and his students can
> program a POC something more simple, preferably in Golang and
> while using the NaCl* library.
Golang? Not Rust? :-P
I do find it odd how many projects make such a big deal of
On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
The problem with autocrypt are the cases where its security measures
are
tested. There is not good way to interact with the users in those cases.
I know this is not parts of its design goals, but it works against a
David wrote:
> Your Thoughts :)
>
> https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
>
I agree with Professor Green. Maybe he and his students can
program a POC something more simple, preferably in Golang and
while using the NaCl* library.
I think also (
On Mon, 2019-07-01 at 12:18 +0200, Bernhard Reiter wrote:
> Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> > Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> > most mature and the easiest for email users.
>
> The problem with autocrypt are the cases
Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> most mature and the easiest for email users.
The problem with autocrypt are the cases where its security measures are
tested. There is not good way to
On 30/06/2019 21:01, Ralph Seichter wrote:
> * da...@gbenet.com:
>
>> Your Thoughts :)
>
> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
&g
> This list will be long.
Yes. And frankly, it's a bigger subject than just GnuPG: to be
effective we'd need to get buy-in from OpenPGP.js and Sequoia, for starters.
Optimistically, we'd be looking at two years of work, maybe more.
One of the things I'm beginning to consider, though, is that
> On 1 Jul 2019, at 00:36, Robert J. Hansen wrote:
>
> Would this be painful? Sure. But it doesn't involve throwing out
> the OpenPGP spec, just overhauling how we implement it and the
> supporting software ecosystem. That would be *hard*, don't get me
> wrong, and I am *in no way* saying
> I think the article is five years old, has not aged well (e.g. MUA
> integration has improved), and that nothing better than PGP has come
> along in the meantime.
I think Matthew Green is a very sharp fellow and his criticisms are
thoroughly on-point. My biggest complaint about that article is
> Does anyone know what PGP’s peak adoption rate was?
We're living in it. OpenPGP is used on a scale the protocol designers
never dreamed, mostly for verifying operating system packages.
Peak _email_ adoption rate? It's never been any kind of serious player
in that space. I've seen it used
of people who read this list.
-Ryan McGinnis
https://bigstormpicture.com
PGP: 486ED7AD
Sent with ProtonMail
‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 3:01 PM, Ralph Seichter wrote:
> * da...@gbenet.com:
>
> > Your Thoughts :)
>
> I think the article is f
* da...@gbenet.com:
> Your Thoughts :)
I think the article is five years old, has not aged well (e.g. MUA
integration has improved), and that nothing better than PGP has come
along in the meantime.
Next. ;-)
-Ralph
___
Gnupg-users mailing list
Gn
Your Thoughts :)
https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
--
People Should Not Be Afraid Of Their Government - Their Government
Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION
Becomes A DUTY! Join the Rebellion Today! https://gbenet.com
"The researchers didn't perform an exhaustive analysis of the encryption
methods devised by Alice and Bob"
So there isn't much that can be said. The experiment was pretty much a
game of life between the couple and Eve, with the more than predictable
outcome that Eve shows signs of gaining ground
Hi All,
I was sharing thoughts on AI in Linux facebook and Sean Rickerd shared this link
https://arstechnica.com/information-technology/2016/10/google-ai-neural-network-cryptography/
David
--
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of
the
kind.Stern,
47 matches
Mail list logo
