On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:
On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
The traditional argument against this sort of feature is that someone
with control over your local socket would most likely have control over
your g
On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
> Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
>
>> The traditional argument against this sort of feature is that someone
>> with control over your local socket would most likely have control over
>> your graphical environment, and therefore coul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 16.02.15 00:07, Robert J. Hansen wrote:
>> A "bad signature" _only shows one thing_: The message was
>> modified along the way from the signing process (at the senders
>> computer) to the verification process (at your computer).
>
> It doesn't ev
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> writes:
>>> My preference is Inline: I want everything right there
>>> in the message body where I can see it.
>
>> Exactly what is it you feel the over powering urge to
>> see?
>
> If the message text is covered by a signature, I want to see the
> s
On Sat 2015-02-14 08:28:19 -0500, Werner Koch wrote:
> On Fri, 13 Feb 2015 23:23, d...@fifthhorseman.net said:
>
>> Encouraging this kind of use seems risky. I certainly wouldn't want to
>> do it without being able to have gpg-agent prompt me on my local machine
>> for each use of the key. Its cu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/15/15 12:26 PM, Daniel Kahn Gillmor wrote:
| On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote:
|> FWIW, I hate this debate, and try hard to stay out of it. But it really
|> bothers me when people spread factually incorrect information,
|> es
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sunday 15 February 2015 at 7:55:05 PM, in
,
Matthias Mansfeld wrote:
> One point for inline vs. MIME: You can easily Ctrl-V
> the complete inline signed or encrypted mail in the
> clipboard and Ctrl-V it in any GnuPG Interface. Doesn't
> wo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sunday 15 February 2015 at 4:25:56 PM, in
, Ludwig Hügelschäfer wrote:
> The only place to get trust to the senders key (i.e. to
> make it "valid" for you) is to meet the key owner in
> real life, verify the identity documents, his
> fingerpri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sunday 15 February 2015 at 3:12:01 PM, in
, Stephan Beck wrote:
> Didn't you say before you got the same error message as
> I did?
Yes, I get "gpg: BAD signature from "Xavier Maillard
" [unknown]". But that is not an error message,
simply a
Am So 15.02.2015, 20:55:05 schrieb Matthias Mansfeld:
> One point for inline vs. MIME: You can easily Ctrl-V the complete
> inline signed or encrypted mail in the clipboard and Ctrl-V it in any
> GnuPG Interface. Doesn't work with a PGP/MIME mail.
Let's hope that changes soon:
https://bugs.kde.o
> A "bad signature" _only shows one thing_: The message was modified
> along the way from the signing process (at the senders computer) to
> the verification process (at your computer).
It doesn't even show that.
The modification can be in the signature, not the message -- meaning
it's possible
> What's wrong with what I am doing?
You provide GnuPG with only the *signature*. You need to also give it
the *signed data* (the message) so that it can perform the verification.
If you want to do that manually (something you don’t usually do with
PGP/MIME signatures, since it’s quite cumbe
A correction:
5) gpg outputs:
gpg: no signed data
gpg: can't hash datafile: Error opening file
Am 15.02.2015 um 22:42 schrieb Stephan Beck:
> Hi, Christopher,
>
> Am 15.02.2015 um 20:14 schrieb Christopher Beck:
>>
>> On Sunday 15 February 2015 16:30:33 Stephan Beck wrote:
>>> Am 15.02.2015 um 1
On 02/15/2015 12:16 PM, Michael Felt wrote:
My key question is about the difference between v1.X and v2.X - are there
security elements in v2 that are missing/weaker in v1 - or are the
differences mainly that v2 supports/is always GUI while v1 is always CLI.
The gpg program is always CLI-only,
Hi, Christopher,
Am 15.02.2015 um 20:14 schrieb Christopher Beck:
>
> On Sunday 15 February 2015 16:30:33 Stephan Beck wrote:
>> Am 15.02.2015 um 12:26 schrieb Ludwig Hügelschäfer:
>>> On 14.02.15 23:05, Stephan Beck wrote:
>
> Sometimes my signatures are being counted as bad ones. But I figure
On Sunday 15 February 2015 15:20:39 Jerry wrote:
> On Sun, 15 Feb 2015 20:55:05 +0100, Matthias Mansfeld stated:
> > One point for inline vs. MIME: You can easily Ctrl-V the complete
> > inline signed or encrypted mail in the clipboard and Ctrl-V it in any
> > GnuPG Interface. Doesn't work with a
Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
> The traditional argument against this sort of feature is that someone
> with control over your local socket would most likely have control over
> your graphical environment, and therefore could dismiss or hide any
> prompt that comes up (so th
On Sun, 15 Feb 2015 20:55:05 +0100, Matthias Mansfeld stated:
> One point for inline vs. MIME: You can easily Ctrl-V the complete
> inline signed or encrypted mail in the clipboard and Ctrl-V it in any
> GnuPG Interface. Doesn't work with a PGP/MIME mail.
I have never, ever had a reason to do
On Sat 2015-02-14 16:36:08 -0500, Doug Barton wrote:
> FWIW, I hate this debate, and try hard to stay out of it. But it really
> bothers me when people spread factually incorrect information,
> especially when they try to use that as the basis of their arguments
> for/against one method or the o
Zitat von Christopher Beck :
According to the question in the topic: inline signatures always worked, MIME
didn't. I still wonder why, and after my next exams I'll investigate on
that...
One point for inline vs. MIME: You can easily Ctrl-V the complete
inline signed or encrypted mail in the
On Sunday 15 February 2015 16:30:33 Stephan Beck wrote:
> Am 15.02.2015 um 12:26 schrieb Ludwig Hügelschäfer:
> > On 14.02.15 23:05, Stephan Beck wrote:
> >> Well, it's rather a precautionary measure than an actual security
> >> measure, , reminding me of not trusting the key owner's ability to
>
Am 15.02.2015 um 17:25 schrieb Ludwig Hügelschäfer:
> On 15.02.15 16:30, Stephan Beck wrote:
>
> The only place to get trust to the senders key (i.e. to make it
> "valid" for you) is to meet the key owner in real life, verify the
> identity documents, his fingerprint and mail addresses and sign h
Hi, Hauke,
Am 15.02.2015 um 17:04 schrieb Hauke Laging:
> Am So 15.02.2015, 16:12:01 schrieb Stephan Beck:
>
>> X-GPG-Key-ID: 0xBA4909B78F04DE1B
>> X-GPG-Key:
>> http://wwwkeys.pgp.net/pks/lookup?search=0xBA4909B78F04DE1B&op=index
>> X-GPG-Fingerprint: 9983 DCA1 1FAC 8DA7 653A F9AA BA49 09B7 8F0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 15.02.15 17:11, Damien Goutte-Gattat wrote:
> Error - signature verification failed Public key DE2FFC869AFA5165
> needed to verify signature
^^
This is a bug in Enigmail 1.7.2. The sentence should be: "Public
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 15.02.15 16:30, Stephan Beck wrote:
> OK, I give you that, strictly speaking, it might not be the same,
> but at the moment I had no other measure at hand to remind me of
> being careful with that kind of event. And a bad signature event is
> not
On 02/15/2015 04:12 PM, Stephan Beck wrote:
Obviously, it indicates a key ID 0xBA4909B78F04DE1B and links to a key that is
not the key the message was signed with (which is DE2FFC869AFA5165, according to
Enigmail/gpg), even if the fingerprint is given as well.
Well, the 0xDE2FFC869AFA5165 key i
Am So 15.02.2015, 16:12:01 schrieb Stephan Beck:
> X-GPG-Key-ID: 0xBA4909B78F04DE1B
> X-GPG-Key:
> http://wwwkeys.pgp.net/pks/lookup?search=0xBA4909B78F04DE1B&op=index
> X-GPG-Fingerprint: 9983 DCA1 1FAC 8DA7 653A F9AA BA49 09B7 8F04 DE1B
>
> Obviously, it indicates a key ID 0xBA4909B78F04DE1B a
Am 15.02.2015 um 12:26 schrieb Ludwig Hügelschäfer:
> On 14.02.15 23:05, Stephan Beck wrote:
>
>> Well, it's rather a precautionary measure than an actual security
>> measure, , reminding me of not trusting the key owner's ability to
>> handle and verify signatures correctly, if he/she uses a signa
Hi MFPA
Am 15.02.2015 um 13:14 schrieb MFPA:
>
>
> On Saturday 14 February 2015 at 10:05:24 PM, in
> , Stephan Beck wrote:
>
>
>> Well, it's rather a precautionary measure than an
>> actual security measure, , reminding me of not trusting
>> the key owner's ability to handle and verify signatu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Saturday 14 February 2015 at 10:05:24 PM, in
, Stephan Beck wrote:
> Well, it's rather a precautionary measure than an
> actual security measure, , reminding me of not trusting
> the key owner's ability to handle and verify signatures
> correc
This is not a bug report. Short history - I have tried to package gnupg
several times, the gunpg v1.* has never been difficult - and maybe I shall
just leave it at that.
My key question is about the difference between v1.X and v2.X - are there
security elements in v2 that are missing/weaker in v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 14.02.15 23:05, Stephan Beck wrote:
> Well, it's rather a precautionary measure than an actual security
> measure, , reminding me of not trusting the key owner's ability to
> handle and verify signatures correctly, if he/she uses a signature
> no
32 matches
Mail list logo
