-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wednesday 23 November 2016 at 3:48:19 AM, in
, Carola
Grunwald wrote:-
> This concept of an enhanced transport security layer
> offers external
> adversaries least possible information while it
> doesn't preclude the
> sender from adding anoth
Daniel Kahn Gillmor wrote:
>On Wed 2016-11-23 03:46:57 -0500, Carola Grunwald wrote:
>> With GnuPG 1.4 I had no agent. And, in case it is, I've no idea why with
>> 2.x such a passphrase cache with all its risks has to be mandatory.
>
>in 2.0, the agent is a passphrase cache. in 2.1, the agent is
On 11/23/2016 3:10 PM, Stephan Beck wrote:
>
>
> Anthony Papillion:
>> Hello Everyone,
>>
>> When I run
>>
>> gpg2 --keyserver --refresh-keys
>>
>> I get a list of all of the keys in my keyring with the message that they
>> have not been changed (this is expected). At the bottom of the output, I
Peter Lebbing wrote:
>On 23/11/16 18:54, Carola Grunwald wrote:
>> Which relevant information does the single Received: header, describing
>> the recipient MTA's interaction with the exit remailer, leak?
>
>If you sign the data just before the interaction, the signature time and
>the time noted i
Andrew Gallagher wrote:
>On 23/11/16 17:54, Carola Grunwald wrote:
>> Andrew Gallagher wrote:
>>
>>> If you are worried about an attacker on the wire doing statistical
>>> analysis of your message sizes and patterns of use, you will
>>> probably have to go the whole hog and transport over Tor. A
Anthony Papillion:
> Hello Everyone,
>
> When I run
>
> gpg2 --keyserver --refresh-keys
>
> I get a list of all of the keys in my keyring with the message that they
> have not been changed (this is expected). At the bottom of the output, I
> see the following message:
>
> gpg: Total number p
On 23/11/16 18:54, Carola Grunwald wrote:
> Which relevant information does the single Received: header, describing
> the recipient MTA's interaction with the exit remailer, leak?
If you sign the data just before the interaction, the signature time and
the time noted in the Received:-header are vi
On 23/11/16 17:54, Carola Grunwald wrote:
> Andrew Gallagher wrote:
>
>> If you are worried about an attacker on the wire doing statistical
>> analysis of your message sizes and patterns of use, you will
>> probably have to go the whole hog and transport over Tor. And even
>> that is no panacea.
Andrew Gallagher wrote:
>
>> On 23 Nov 2016, at 03:48, Carola Grunwald wrote:
>>
>> But why does a person have to be in control of a signature key? Why not
>> a server in the name of a company resp. its employees.
>
>There is no problem having a server in control of a key. Just so long as we
>
On Wed 2016-11-23 03:46:57 -0500, Carola Grunwald wrote:
> With GnuPG 1.4 I had no agent. And, in case it is, I've no idea why with
> 2.x such a passphrase cache with all its risks has to be mandatory.
in 2.0, the agent is a passphrase cache. in 2.1, the agent is a proper
cryptographic agent, whi
Hello Everyone,
When I run
gpg2 --keyserver --refresh-keys
I get a list of all of the keys in my keyring with the message that they
have not been changed (this is expected). At the bottom of the output, I
see the following message:
gpg: Total number processed: 31
gpg: unchanged: 3
Peter Lebbing wrote:
>On 23/11/16 10:53, Andrew Gallagher wrote:
>> If the message is being automatically decrypted at the MTA then it
>> provides no more security than TLS.
>
>I could concur with this statement if we amend it a little: when two
>MTA's are explicitly configured as TLS peers. They
Peter Lebbing:
> On 23/11/16 11:14, Stephan Beck wrote:
>> [...] and properly symlink
>> /usr/bin/pinentry to the pinentry-curses you actually would like to use
>> if you are using text-mode only, I don't know why it should not work.
>
[...]So by installing the Debian pinentry-curses
> package,
Peter Lebbing:
> On 23/11/16 10:53, Andrew Gallagher wrote:
>> If the message is being automatically decrypted at the MTA then it
>> provides no more security than TLS.
>
> I could concur with this statement if we amend it a little: when two
> MTA's are explicitly configured as TLS peers. They h
On 21/11/16 12:04, Peter Lebbing wrote:
> Ah! I don't have time right now, but once I do, I'll try to see to write
> up some instructions...
Here are instructions for doing this on 2.1. First let me point out:
On 20/11/16 22:50, Anton Marchukov wrote:
> I think you will have to keep it as backup
On 23/11/16 10:19, Peter Lebbing wrote:
> I could concur with this statement if we amend it a little: when two
> MTA's are explicitly configured as TLS peers.
Absolutely. But if you're using a non-standard protocol, then you also
need to explicitly configure both sides. So in practical terms ther
On 23/11/16 07:44, David Adamson wrote:
> Werner was GTK+-2.0 a potential option for an appropriate development
> package for the GUI platform?
(I'm not Werner :) Yes, GTK+-2 is one of the pinentries. It's the one I
use, on my XFCE Debian jessie.
> gpg: lookup_hashtable failed: Unknown system err
On 23/11/16 11:14, Stephan Beck wrote:
> [...] and properly symlink
> /usr/bin/pinentry to the pinentry-curses you actually would like to use
> if you are using text-mode only, I don't know why it should not work.
Good one, the symlink. It makes me wonder: is the agent looking in the
right place f
On 23/11/16 10:53, Andrew Gallagher wrote:
> If the message is being automatically decrypted at the MTA then it
> provides no more security than TLS.
I could concur with this statement if we amend it a little: when two
MTA's are explicitly configured as TLS peers. They have to abort the
mail excha
Hi,
David Adamson:
> On Mon, Nov 21, 2016 at 8:15 PM, Stephan Beck wrote:
>> Ah, I forgot one thing: you have to add the following to your ~/.bashrc
>> file:
>> GPG_TTY=$(tty)
>> export GPG_TTY
>>
>> Does it work now?
>>
>> HTH
>>
>> Stephan
>
> Stephan I updated the .bashrc file in my home dire
> On 23 Nov 2016, at 03:48, Carola Grunwald wrote:
>
> But why does a person have to be in control of a signature key? Why not
> a server in the name of a company resp. its employees.
There is no problem having a server in control of a key. Just so long as we
understand that the key is now the
Daniel Kahn Gillmor wrote:
>On Tue 2016-11-22 11:20:26 -0500, Carola Grunwald wrote:
>> They don't have direct access to any key. Nevertheless by using someone
>> else's cached passphrase with 2.1 and its all-embracing keyring they may
>> succeed in decoding data not meant for them.
>
>fwiw, the
22 matches
Mail list logo
