Re: keybase.io

On 09/01/2016 12:02 AM, Werner Koch wrote: > On Thu, 1 Sep 2016 02:55, miri...@riseup.net said: > >> verification of meatspace identity is a benefit, no? There's no >> privacy in attending a key signing party, is there? > > I have long stopped to consider key signing parties a useful thing. > Th

Re: keybase.io

On Thu, 1 Sep 2016 02:55, miri...@riseup.net said: > verification of meatspace identity is a benefit, no? There's no privacy > in attending a key signing party, is there? I have long stopped to consider key signing parties a useful thing. The WoT is helpful but is independent of such events. T

Re: keybase.io (was: Key Discovery Made Simple)

Werner, On Wed, Aug 31, 2016 at 5:45 PM, Werner Koch wrote: > I am not sure, but I heard that keybase.io is moving towards a > centralized system for encrypted message exchange. keybase.io ulterior motive is for the end user to use their PGP/GPG Javascript implementation but it is not mandatory

Re: keybase.io

On 08/31/2016 01:45 AM, Werner Koch wrote: > On Wed, 31 Aug 2016 04:27, miri...@riseup.net said: > >> What are the defects in ? > > They not even try to minimize the use of meta data but use privacy > invading services (Facebook, Twitter, etc) to connect the key into a way >

Re: Key Discovery Made Simple

Peter Lebbing wrote: > On 31/08/16 01:47, gn...@raf.org wrote: > > In the cronjob, "*/4" is invalid on > > systemd systems (or at least Debian8) > > In Debian 8, the default cron daemon seems to come from the package 'cron'. I > don't think you get the 'systemd-cron' package by default: you need

RE: Decryption Key Compatibility between GNUPG V 2.030 and GnUPG 2.0.27

> Could this issue be due to the difference in GPG version between the 2 > servers? Unlikely. It's much more likely that you only imported the public key on the Production box. On the Production box, try this: C:\> \path\to\gpg.exe --list-secret-keys If the key isn't listed there, then you f

Decryption Key Compatibility between GNUPG V 2.030 and GnUPG 2.0.27

Hi, We have GPG v 2.0.27 installed on our Windows X64 Development Server. In this server, we are able to successfully decrypt our gpg files using a private key imported through kleopatra. We have another Windows X64 Server (Our PROD Server) where we installed GPG 2.030. We imported the gpg ke

RE: Key Discovery Made Simple

> In Germany they are proud of their Email Made in Germany label which is > merely the use of TLS between MTAs. So things are moving a bit... I hope they accelerate their movement. :) I've never learned how to politely say, "all right, then I think this wraps up the conversation" without soundi

Re: Key Discovery Made Simple

On Wed, 31 Aug 2016 15:32, r...@sixdemonbag.org said: > I'm having a hard time imagining why a mail provider would adopt WKD when > probably less than 1% of their userbase uses OpenPGP in the first place. In Germany they are proud of their Email Made in Germany label which is merely the use of TL

RE: Key Discovery Made Simple

> "Most of our users" are not the target audience for the description on how > to setup the Web Key Service. Obviously this is for sysadmins and geeks > running their own mail servers. I want to be careful about my criticism here, because it's really easy to sound like I'm telling someone else wh

Re: GPL license responsibility

On Wed, Aug 31, 2016 at 11:49 AM, Dimitrova Elena wrote: > Dear GnuPG mailing list, > > I have just downloaded GnuPG and I intend to use it for signing private > metadata files. The signing process will happen through calling: > > gpg --clearsign < ~/…./…./name_of_file.txt > name_of_file_signed.t

Re: GPL license responsibility

On 31/08/16 10:49, Dimitrova Elena wrote: > > I will not alter any part of the source code. In this case what are my > obligations under the GPL license? In this case you have no obligations. Fly, and be free. ;-) The only time when the GPL becomes significant is when you are distributing modif

Re: GPL license responsibility

On Wed, Aug 31, 2016 at 09:49:26AM +, Dimitrova Elena wrote: > I will not alter any part of the source code. In this case what are > my obligations under the GPL license? Hello, GPL obligations happen when you *distribute* software. In this case you are not (re)distributing GPG or any de

Re: Key Discovery Made Simple

On Wed, 31 Aug 2016 12:58, pe...@digitalbrains.com said: > Specifically, the -f argument to make. It's clear you need to invoke this > command and others in the home directory of the user (and not a Oh yeah I copied it from my command line history ;-) Will fix it. Shalom-Salam, Werner --

Re: GPL license responsibility

On Wed, 31 Aug 2016 11:49, dimitr...@lec.mavt.ethz.ch said: > I will not alter any part of the source code. In this case what are my > obligations under the GPL license? As long as you only use the software, there are no restrictions. If you convey the software to others you have to make the s

Re: Key Discovery Made Simple

On Wed, 31 Aug 2016 10:31, tehpeh-gn...@tty1.net said: > The option --with-wkd-hash is not implemented in gnupg 2.1.11 (on > Debian testing). Maybe change this to "Install GnuPG 2.1.15 or later". Yeah, that was a typo. Gniibe already remarked that on Jabber and it has been fixed now. Thanks for

GPL license responsibility

Dear GnuPG mailing list, I have just downloaded GnuPG and I intend to use it for signing private metadata files. The signing process will happen through calling: gpg --clearsign < ~/…./…./name_of_file.txt > name_of_file_signed.txt from the command window directly and the verification process w

Re: Key Discovery Made Simple

On 31/08/16 01:47, gn...@raf.org wrote: > In the cronjob, "*/4" is invalid on > systemd systems (or at least Debian8) In Debian 8, the default cron daemon seems to come from the package 'cron'. I don't think you get the 'systemd-cron' package by default: you need to explicitly install it, and unin

Re: Key Discovery Made Simple

Well, as long as we are submitting minor corrections to the blog post, I wondered about the directory name in this command: > $ make -f ~/b-w32/speedo/gnupg-2.1.15/build-aux/speedo.mk\ > > INSTALL_PREFIX=. speedo_pkg_gnupg_configure='--enable-gpg2-is-gpg \ > > --disable-g13 --ena

Re: Key Discovery Made Simple

On Tue, 30 Aug 2016 21:02, kloec...@kde.org said: > The web key discovery _is_ aimed at regular users. Werner's message suggest > that KMail's development version does already support this new key discovery Actually this has been introduced with GnuPG 2.1.13 and you can make use of it by adding

Re: Key Discovery Made Simple

On Tue, 30 Aug 2016 18:10, melvincarva...@gmail.com said: > Just regarding the web server part, and not the email part. > > Could the semantic web be leveraged to store your key on an HTTPS page? No. The whole point is that there is an authoritativea mapping from mail address to key. You can't

Re: Key Discovery Made Simple

On 2016-08-30 15:39, Werner Koch wrote: .. 1.1 Install GnuPG 2.1 The option --with-wkd-hash is not implemented in gnupg 2.1.11 (on Debian testing). Maybe change this to "Install GnuPG 2.1.15 or later". , | $ tar xjf gnupg-2.1.5.tar.bz2 ` change to "tar xjf gnupg-2.1.15.tar.b

Re: Key Discovery Made Simple

On Tue, 30 Aug 2016 20:12, r...@sixdemonbag.org said: > Most of our users don't run their own domains, don't have full > authority over the mail server, and don't have webservers that can "Most of our users" are not the target audience for the description on how to setup the Web Key Service. Obv

keybase.io (was: Key Discovery Made Simple)

On Wed, 31 Aug 2016 04:27, miri...@riseup.net said: > What are the defects in ? They not even try to minimize the use of meta data but use privacy invading services (Facebook, Twitter, etc) to connect the key into a way larger network than what we have with the Web of Trust.

Re: Key Discovery Made Simple

On Tue, 30 Aug 2016 18:04, 3pfwunb...@snkmail.com said: > Maybe add some _brief_ words about trust. We understand how Well, I should have explained what I mean by Key Discovery: We do key discovery to get a key for a given mail address the first time we want to write to that address. At that p

Re: Key Discovery Made Simple

On Wed, 31 Aug 2016 01:47, gn...@raf.org said: > In the cronjob, "*/4" is invalid on > systemd systems (or at least Debian8) > and will cause the entire crontab to > be ignored. Use "0-56/4" instead. man 5 crontab says: Steps are also permitted after an asterisk, so if you want to say ``ever