mike _ wrote:
> So maybe the problem is that under su, gpg-agent fails to launch
> /usr/bin/pinentry (which in turn decides whether to launch
> pinentry-curses, or a QT or GTK equivalent). If I run gpg under strace
> and look through the output there is no mention of /usr/bin/pinentry
> being cal
Daniel Kahn Gillmor wrote:
> Actually, it is fairly common in certain circumstances: Certifying
> that another user's key is correctly bound to their User ID (a.k.a.
> "signing someone's key") is effectively making a signature over a
> document that you did not originate.
Yes. And then if you tak
On 05/24/2009 02:15 AM, Robert J. Hansen wrote:
> It depends on what sort of threat you're facing. In this case, the MD5
> attack is predicated on the victim signing documents they did not
> originate. This is often considered bad policy, since it tends to
> facilitate attacks like this. This us
re identity -- may I suggest considering (a) DNA swipe(s) at key-signing party?
On Thu, May 21, 2009 at 2:24 PM, Robert J. Hansen wrote:
> (also cc'd to GnuPG-Users. This thread seems like it's more appropriate
> there; let's continue it there if possible.)
>
> John W. Moore III wrote:
>> Presu
Wow Felipe ... WowT
On Sun, May 24, 2009 at 8:38 AM, webmas...@felipe1982.com
<+gpg2+maniams+aec56db6fa.webmaster#felipe1982@spamgourmet.com> wrote:
>
> > As of this writing, no algorithm supported by GnuPG has been
> > compromised. Even MD5 is still on its feet.
> i don't think this is cor
