-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-20 03:02, Frank wrote:
>> Oh, wow! That raises some questions about the way the QMSK is
>> handled.
> Not if those keys were generated and signed in the QMSK-Environment
> before they were transferred to their owners, right?
>
As I wrote
> On 15. May 2017, at 04:21, Andrew David Wong adw-at-qubes-os.org
> |qubes-mailing-list/Example Allow| wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>> On 2017-05-14 20:57, Jean-Philippe Ouellet wrote:
>>> On Sun, May 14, 2017 at 3:11 PM, Andrew David Wong
>>> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, May 14, 2017 at 10:16:13PM -0500, Andrew David Wong wrote:
> On 2017-05-14 21:52, Peter Todd wrote:
> > On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote:
> (2), meanwhile, requires transferring the key to the QMSK's
> >>
> I didn't have the masterkey at hand. My solution has been to ask a few
> people I know with different ISPs to check out the webpage with it, but
> it is hosted by GitHub.
>
> How, for trust initialization, am I to know 427F 11FD 0FAA 4B08 0123
> F01C DDFA 1A3E 3687 9494 is actually Qubes master
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-14 21:52, Peter Todd wrote:
> On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote:
(2), meanwhile, requires transferring the key to the QMSK's
environment via:
>>>
>>>
>>>
>>> We're in agreement that's a less-tha
On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote:
> >> (2), meanwhile, requires transferring the key to the QMSK's environment
> >> via:
> >
> >
> >
> > We're in agreement that's a less-than-wise idea. :)
> >
>
> Great points. Thanks! I think your setup would have been prefera
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-14 21:36, Peter Todd wrote:
> On Sun, May 14, 2017 at 02:11:30PM -0500, Andrew David Wong wrote:
>>> Unfortunately the tools to actually find these paths all kinda suck, but
>>> they
>>> do at least the paths exist. The one I used to find
On Sun, May 14, 2017 at 02:11:30PM -0500, Andrew David Wong wrote:
> > Unfortunately the tools to actually find these paths all kinda suck, but
> > they
> > do at least the paths exist. The one I used to find the above is
> > https://pgp.cs.uu.nl/, however it has the significant limitation that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-14 20:57, Jean-Philippe Ouellet wrote:
> On Sun, May 14, 2017 at 3:11 PM, Andrew David Wong wrote:
>> On 2017-05-13 18:21, Peter Todd wrote:
>>> On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
There are many other
On Sun, May 14, 2017 at 09:57:45PM -0400, Jean-Philippe Ouellet wrote:
> > Let's assume that (5) would be too cumbersome and error-prone to qualify
> > as "practical." (3) would, again, entail that the machine is no
> > longer airgapped. (4) is inherently risky. The riskiest storage media
> > are,
On Sun, May 14, 2017 at 3:11 PM, Andrew David Wong wrote:
> On 2017-05-13 18:21, Peter Todd wrote:
>> On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
>>> There are many other methods you could use to attempt to verify the
>>> master key fingerprint aside from relying on the Qube
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 22:06, Chris Laprise wrote:
> On 05/13/2017 05:35 PM, Andrew David Wong wrote:
>> On 2017-05-13 16:01, Felipe Dau wrote:
>>> On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
There are many other methods you could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-14 14:11, Andrew David Wong wrote:
> In particular, it's safe to assume that there is no networking (or
> else it wouldn't be an air gap) and that no freely rewritable USB
> drives (i.e., drives without write-protect switches) are plugge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 18:21, Peter Todd wrote:
> On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
>> There are many other methods you could use to attempt to verify the
>> master key fingerprint aside from relying on the Qubes website. Here
On 05/13/2017 05:35 PM, Andrew David Wong wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 16:01, Felipe Dau wrote:
On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
There are many other methods you could use to attempt to verify the
master key fingerprint
On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
> There are many other methods you could use to attempt to verify the
> master key fingerprint aside from relying on the Qubes website. Here's
> a brief, non-exhaustive list:
>
> * Use different search engines to search for the fi
On Sat, May 13, 2017 at 04:35:18PM -0500, Andrew David Wong wrote:
> Thanks. I've added this information to the document.
Great!
Thanks,
-Felipe
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 16:01, Felipe Dau wrote:
> On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
>> There are many other methods you could use to attempt to verify the
>> master key fingerprint aside from relying on the Qubes website. Here
On Sat, May 13, 2017 at 03:18:39PM -0500, Andrew David Wong wrote:
> There are many other methods you could use to attempt to verify the
> master key fingerprint aside from relying on the Qubes website. Here's
> a brief, non-exhaustive list:
>
> * Use different search engines to search for the fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 14:53, Leo Gaspard wrote:
> On 05/13/2017 09:40 PM, Andrew David Wong wrote:
>> We agree, but we disagree about what constitutes "more security."
>> We believe that what many people regard as "more security" is
>> actually the illusion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 15:00, Hack wrote:
> On 05/13/2017 09:40 PM, Andrew David Wong wrote:
> On 2017-05-13 12:31, Hack wrote:
On 05/09/2017 09:13 PM, Ivan Mitev wrote:
>
>
> On 05/09/2017 09:46 PM, Hack wrote:
>> Hi,
>>
>> Why d
On 05/13/2017 09:40 PM, Andrew David Wong wrote:
> We agree, but we disagree about what constitutes "more security." We
> believe that what many people regard as "more security" is actually the
> illusion of security, and we believe that having more of the illusion of
> security is worse than havin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-05-13 12:31, Hack wrote:
> On 05/09/2017 09:13 PM, Ivan Mitev wrote:
>>
>>
>> On 05/09/2017 09:46 PM, Hack wrote:
>>> Hi,
>>>
>>> Why do you use GitHub instead of GitLab?
>>
>> Most likely because the devs historically chose github and it wor
23 matches
Mail list logo
