On Jan 12, 2011, at 10:54 PM, Robert J. Hansen wrote:
> When you close a laptop, Windows (or Mac OS X, or Linux, or what-have-you)
> takes a snapshot of memory contents and writes it to disk. This can be a
> really big problem, since encryption keys, passphrases, and so forth are
> written out
When you close a laptop, Windows (or Mac OS X, or Linux, or what-have-you)
takes a snapshot of memory contents and writes it to disk. This can be a
really big problem, since encryption keys, passphrases, and so forth are
written out in the process. For instance, if you have gpg-agent set up to
On Wed, 12 Jan 2011 23:58:04 +0100, Bo Berglund
wrote:
>On Tue, 11 Jan 2011 23:12:48 +0100, Bo Berglund
> wrote:
>
>What I want to do is to encrypt a specific file before sending it as
>an attachment in an email. I need to encrypt it several times a week
>after it has been revised because it is a
On Tue, 11 Jan 2011 23:12:48 +0100, Bo Berglund
wrote:
Seems like noone can answer this question
Summary:
If I add a group definition in the configuration file of GPG, either
through the GPA "Edit/Backend preferences" or by directly editing the
conf file, how can I then use that group name t
Hello all
I'm very newbie at GPG, I'm a Debian user for some years ago, but I have
nothing to see with GPG until now, I think I understand the main flow and uses
of GPG, but I have a doubt:
suppose a group of friends, they want sign and/or cypher their email and files,
almost of them are Win
On 1/12/2011 11:24 AM, Daniel Kahn Gillmor wrote:
> "look -- here is Mr. X claiming that he is going to poison the
> reservoir. Please take this seriously, and note that it could only have
> come from Mr. X because it is signed with his key."
Mr. X has a conspirator, Ms. Y. Mr. X deliberately a
On 1/12/2011 12:10 PM, Hauke Laging wrote:
> Let's take this email as an example. I write it on my PC which may be
> more secure than the average system but has all the weaknesses of a
> system which does all the daily work.
As I recall, Werner has a story about receiving PGP-signed spam.
Apparent
On Jan 12, 2011, at 2:12 PM, MFPA wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
>
> On Wednesday 12 January 2011 at 4:13:44 PM, in
> , Robert J.
> Hansen wrote:
>
>
>> Show me the worth in a signed message that has any of
>> (a) an incorrect signature, (b) from an invali
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 12 January 2011 at 4:13:44 PM, in
, Robert J.
Hansen wrote:
> Show me the worth in a signed message that has any of
> (a) an incorrect signature, (b) from an invalid key, or
> (c) from someone you believe is utterly untrustworthy.
I am needing to do some testing with these size keys. Can someone advise me on
how to modify the code to generate these keys?
Thanks
> Message: 2
> Date: Tue, 11 Jan 2011 12:13:46 -0500
> From: "Robert J. Hansen"
> To: gnupg-users@gnupg.org
> Subject: Re: How to create non-standard key pair
I am out of the office until 01/13/2011.
I am out of the office until Thursday January 13th, 2011. If this is a
production problem, please call the solution center at 918-573-2336 or
email Bob Olson at robert.ol...@williams.com. I will have limited mail and
cell phone access.
Note: This is an
On 01/12/2011 11:13 AM, Robert J. Hansen wrote:
> Show me the worth in a signed message that has any of (a) an incorrect
> signature, (b) from an invalid key, or (c) from someone you believe is
> utterly untrustworthy.
As a devil's advocate, i'd point out that a message signed with a valid
key kno
On 01/12/2011 12:10 PM, Hauke Laging wrote:
> I mean: It is POSSIBLE to steal my secret key but it is not EASY. For normal
> email communication I regard this as enough. For signing treaties or other
> keys I use other keys (and a different environment).
yes, that's true; but here we've been tal
Am Mittwoch 12 Januar 2011 17:44:48 schrieb Daniel Kahn Gillmor:
> On 01/12/2011 11:39 AM, Hauke Laging wrote:
> > a) usual ("not thought about") email, just as a first hard line of
> > defense against forgery
>
> What do you think you would gain from a signature made by an individual
> if they di
> a) usual ("not thought about") email, just as a first hard line of defense
> against forgery
Doesn't work.
Here's the thought experiment I've been using for years. Imagine that I'm a
teaching assistant and I manage to make some of my undergrads very unhappy.
They bomb a test or something,
Hi!
The key used to sign GnuPG releases expired at the end of last year. I
prolonged the lifetime of that key for another 6 months to avoid the
frequently asked question if signatures made in the past by an expired
key are now invalid (in short: they are not).
I will sign future distributions wi
On 01/12/2011 11:39 AM, Hauke Laging wrote:
> a) usual ("not thought about") email, just as a first hard line of defense
> against forgery
What do you think you would gain from a signature made by an individual
if they did not think they were making it? How is this a "hard line of
defense agains
On Wed, 12 Jan 2011 14:25, mailinglis...@hauke-laging.de said:
> Which is simultaneously a solution for the spam problem (and an improvement
Signing mails is not a solution against spam.
Spammers have more processing power available than any anti-spam
measure. Signing would only help against s
Am Mittwoch 12 Januar 2011 17:15:48 schrieb Daniel Kahn Gillmor:
> If enigmail were to default to signing everything, then it would sign
> messages for people that they have not thought about. As a result, that
> weakens the meaning of their signature, to the point where even if they
> *have* tho
On Jan 12, 2011, at 11:13 AM, Robert J. Hansen wrote:
>> More often "I have no confidence they keep their secret keys strictly under
>> their control" might be the relevant objection.
>
> In my case, it's "I think these individuals are mentally unstable and
> violent," but yes. :)
>
>>> Speak
On 01/12/2011 10:57 AM, Robert J. Hansen wrote:
> Speaking for Enigmail, it's because 99% of the time signatures are worthless.
> They contribute to the illusion of data integrity while actually
providing no
> guarantees. It's best if you only sign messages you deliberately
intend to
> sign, messa
> More often "I have no confidence they keep their secret keys strictly under
> their control" might be the relevant objection.
In my case, it's "I think these individuals are mentally unstable and violent,"
but yes. :)
>> Speaking for Enigmail, it's because 99% of the time signatures are
>> w
Am Mittwoch 12 Januar 2011 16:57:27 schrieb Robert J. Hansen:
> Good signatures from validated keys belonging to untrustworthy people make
> no guarantees. There are a couple of people in the world who, even though
> I know their key fingerprints and have verified them face-to-face, I
> wouldn
> Signing the message guarantees the sender.
Only if certain conditions are met. The signature must (a) be correct (b)
issued from a validated key (c) belonging to a trusted party.
A bad signature makes no guarantees, not even a guarantee the message has been
tampered with. (After all, the er
Hello,
2011/1/11 Martin Gollowitzer :
> Hi,
>
> * jimbob palmer [110111 12:05]:
>> In Firefox I can sign or encrypt or encrypt+sign an e-mail.
>>
>> In what case would I want my encrypted emails also signed? Does it
>> provide any additional benefit over a pure encrypted email?
>
> A digital sign
Am Mittwoch 12 Januar 2011 11:48:39 schrieb Werner Koch:
> Note also, that signing an encrypted message creates a privacy problem
> in that it is obvious who actually sent (or well signed) the message.
Which is simultaneously a solution for the spam problem (and an improvement
against attacks by
Am Mittwoch 12 Januar 2011 06:52:59 schrieb David Shaw:
> No. It was generally felt that this was more of an attack on the user of
> crypto, rather than on the crypto itself.
That may be a difference to crypto but I doubt that it is a difference to the
user... Solutions are better than excuses
On Wed, 12 Jan 2011 04:56, k...@grant-olson.net said:
> I'm assuming this just needs the year end bump. Looks like it expired
> 12-31-2010.
Right, I should have prolonged it again. The original plan was to
switch to an OpenPGP v2 card in time. I didn't achieved that because I
missed to buy an n
On Wed, 12 Jan 2011 11:01, nicholas.c...@gmail.com said:
> in section 1.2 about not signing crypt texts? Am I right that openpgp
> always encrypts signed text, rather than signing encrypted text, and
No. It is common practice to sign and encrypt. For gpg it is not the
default. Before the intr
On Wed, 12 Jan 2011 10:01:17 +, Nicholas Cole wrote:
> That thread is clearly right about the bulk of the paper, which is
> clearly an attack on the user of the crypto. Signing ambiguous
> messages is not a good idea! But what about the suggestion they made
> in section 1.2 about not signing
On Wed, Jan 12, 2011 at 5:52 AM, David Shaw wrote:
> On Jan 11, 2011, at 3:09 PM, Nicholas Cole wrote:
>
>> On Tue, Jan 11, 2011 at 12:19 PM, wrote:
>>>
>>> If one is a purist, then one wants sign>encrypt>sign
>>>
>>> See http://world.std.com/~dtd/#sign_encrypt
>>
>> That is a really interesting
31 matches
Mail list logo
