-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 5:52 PM, MFPA wrote:
>> If they want to mess with you, they don't need your permission.
>> As is, you've explicitly asked them, "would you please sign
>> certificate 0xDEADBEEF, fingerprint so-and-so, here's my
>> credentials."
>
> True
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 6:23 PM, MFPA wrote:
> Suggestions like this tend to get lambasted because they do not
> enhance security, and privacy appears to be seen as unimportant.
Not in the slightest. The idea is certainly worthwhile. It's just
that there's no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 21 January 2012 at 10:01:51 PM, in
, Robert J. Hansen wrote:
> If they want to mess with you, they don't need your
> permission. As is, you've explicitly asked them,
> "would you please sign certificate 0xDEADBEEF,
> fingerprint s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 23 January 2012 at 3:04:45 PM, in
, Holger wrote:
> Please simply accept that it's an issue for me as well
> as many others. Harvesting is supereasy: full keydumps
> are readily available.
It sounds like you value the flavour of pri
On 1/23/12 4:08 PM, John Clizbe wrote:
> Depending on the source, a consensus seems to be forming that beyond
> a 2048 or 3072 bit modulus for DSA2 or RSA, folks need to switch to
> ECC.
Emphatic agreement -- this is clarification, not dispute:
A lot of people like to refer to _Applied Cryptograp
Chris Poole wrote:
> On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
> wrote:
>
>> Because it's also used to sign other people's keys. Using a very large
>> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
>> be unusable. You have to not only verify signatures on other
On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
wrote:
> Because it's also used to sign other people's keys. Using a very large
> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
> be unusable. You have to not only verify signatures on other keys but
> also the signatu
On Mon, Jan 23, 2012 at 6:16 PM, Robert J. Hansen wrote:
> You may say the only purpose of the primary key is to sign the subkeys,
> but if it's technically possible for the primary key to sign documents
> then the purpose of the primary key is to sign documents.
>
> This is why I think it's kind
On 1/23/12 12:52 PM, Hubert Kario wrote:
>>> And there's a very good reson why you shouldn't be a fan of such
>>> comparisions: Unlike physical security, properly implemented
>>> cryptography is unbreakable at this time.
>
> I didn't claim that any crypto is properly implemented.
This is not wh
On 1/23/12 9:18 AM, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys
How do you enforce that? If it is technically possible to sign a
document with your primary key, then good luck telling a judge "n
On Monday 23 of January 2012 18:18:35 Robert J. Hansen wrote:
> On 1/23/12 11:34 AM, Hubert Kario wrote:
> > And there's a very good reson why you shouldn't be a fan of such
> > comparisions: Unlike physical security, properly implemented
> > cryptography is unbreakable at this time.
>
> This, of c
On Mon, Jan 23, 2012 at 02:18:54PM +, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys, why not simply make it
> stupidly
> large? Equivalent to 256 bits with a symmetric cipher, or 512 bits?
Bec
On 1/23/12 11:34 AM, Hubert Kario wrote:
> And there's a very good reson why you shouldn't be a fan of such
> comparisions: Unlike physical security, properly implemented
> cryptography is unbreakable at this time.
This, of course, handwaves the fact that cryptography more or less
*can't* be imple
On Monday 23 of January 2012 16:35:45 Holger wrote:
> 2012-01-23T03:09:55-05:00, Robert J. Hansen:
> > > Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> > > address to be pulled from the key on a keyserver, in fact, I'm
> > > convinced harvesting probably takes place.
> >
> > As
On 01/23/2012 10:35 AM, Holger wrote:
> I'm not a fan of comparisons at all
All argument from analogy is intellectual fraud, but they can be useful
to illuminate arguments. :)
> but I'd say my e-mail address feels more like my postal address, thus
> I tend to handle them similarly.
So, you keep
On 01/23/2012 03:24 PM, Mark H. Wood wrote:
> On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
>
> (...)
>
> I guess that the lesson is: don't assume. Find out for yourself
> whether a CA is worthy of your trust, before trusting.
Well, that could be a big challenge. In addition consi
2012-01-23T03:09:55-05:00, Robert J. Hansen:
> > Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> > address to be pulled from the key on a keyserver, in fact, I'm
> > convinced harvesting probably takes place.
>
> As am I. However, it should be pointed out that this is no rea
On Sun, Jan 22, 2012 at 4:02 AM, Robert J. Hansen wrote:
> A 1024-bit key has about an 80-bit keyspace, which is a factor of 16 million
> larger. Given the advances in supercomputing in the last decade it is
> reasonable to believe 1024-bit keys are either breakable now or will be in the
> near
On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
> On Jan 21, 2012, at 10:12 AM, Aaron Toponce wrote:
>
> > What are your thoughts on using root CAs as a trusted 3rd party for
> > trusting that a key is owned by whom it claims? Of course, this is merely
> > for casual checking, but it s
2012-01-22T23:33:38-06:00, John Clizbe:
> Holger wrote:
> > 2012-01-22T16:11:14-08:00, Doug Barton:
> > > On 01/22/2012 10:05, Holger wrote:
> > > > I intend to use gpg only for receiving encrypted e-mail, not signing
> > > > my outgoing e-mail. Because I don't want my name or e-mail address
> > >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Reference:
Subject: Re: Using root CAs as a trusted 3rd party
Date: Sat, 21 Jan 2012 13:49:20 -0800
From: Ken Hagler
To: Aaron Toponce
CC: gnupg-users@gnupg.org
> On Jan 21, 2012, at 10:12 AM, Aaron T
Hi,
I created a pre-release of an GnuPG 1.4.12 installer for Windows:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.12-git51c1e84.exe
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.12-git51c1e84.exe.sig
Sources are in the same directory. This version is built using a newer
> Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> address to be pulled from the key on a keyserver, in fact, I'm
> convinced harvesting probably takes place.
As am I. However, it should be pointed out that this is no reason to
avoid using the keyservers.
One of the best way
23 matches
Mail list logo
