Hey.
I have the following scenario:
I'd like to archive private data to e.g. some cloud storage for backup
reasons.
Basically I'd see two ways to move on from here:
1) Put the data in on or more disk images which are encrypted with dm-
crypt/LUKS (e.g. using aes-xts-plain64)
2) Put the data i
I think heise is generally becoming more and more part of the rainbow
press in gerneral.. but their repeated fake news about crypto and weird
claims "crypto must become easy" (in the sense of: people shouldn't
need to mutually authenticate) starts to get really dangerous for the
unaware people beli
On Thu, 2017-02-23 at 13:58 -0500, Robert J. Hansen wrote:
> > "Migrating to SHA256"
> section in
> the FAQ?
What I always kinda wonder is, why crypto or security experts, at least
in some sense never seem to learn.
When MD5 got it's first scratches, some people started to demanded for
it's ASAP r
On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote:
> The PGP keyservers need email validation
no it's pretty useless from a security POV and they don't need it.
> not as a way to provide any kind of "trusted" status of that key, but
> rather so enable people to delete keys that should no l
On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote:
> No it's not, it is much simpler. When I call my wife and are in fact
> connected with a computer or agent impersonating her, they are unlikely
> being able to copy her voice so good that I don't hear it.
I guess you've missed some developmen
On Sat, 2015-02-28 at 18:45 +0100, Johan Wevers wrote:
> OK, not cryptographically. They could always try to bribe/threat/torture
> someone to cooperate. But that model fails if you want to perform
> unnoticed mass surveillance.
Admittedly, when it comes to "unnoticed mass surveillance" anonymous
On Sat, 2015-02-28 at 18:39 +0100, Johan Wevers wrote:
> OR, in case a key belongs to a well-known person, you've seen it
> mentioned in enough places and seen it used to sign gpg packages to be
> rather certain that if it were a forgery someone would have noticed by
> now and made noise about it.
On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote:
> In practice the Textsecure protocol works well of couyrse because it
> uses the phone number.
"In practise"... I guess that's also what most "normal" people believed
about their security before Snowden.
And a phone number is really no secur
On Sat, 2015-02-28 at 07:01 +0100, Marco Zehe wrote:
> So like everywhere, different opinions, and that one journalist’s
> opinion definitely doesn’t speak for all of the folks at c’t or Heise
> in General.
Well, that might be... but with respect to this question, there is only
one correct opinion
On Fri, 2015-02-27 at 22:40 +0100, Martin Behrendt wrote:
> At what point is a system a [semi-]proprietary system?
> How many computers are out there where not even a single part of the
> hardware (and firmware) is proprietary?
I rather meant Android here, which may have an open source core, but i
On Fri, 2015-02-27 at 22:25 +0100, Hauke Laging wrote:
> > Find trust paths
> What could that be good for? If you do not make very strange assumptions
> that could be of any use only if you assign certification trust to
> unknown keys which would be completely crazy.
I meant in the sense that I
On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote:
> Most people run Windows or Android (or use Lenovo stuff) and thus have
> anyway no control over their boxes.
To be honest, I don't think that anyone using Windows, Android, MacOS or
any other [semi-]proprietary system actually wants to be sec
On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote:
> So what exactly is the purpose of the keyserver then ?
Find trust paths, signature updates, self signature updates, key
revocation certs (but beware of the issues I've described in my mail a
few seconds before)...
Cheers,
Chris.
smime.
On Fri, 2015-02-27 at 20:56 +0100, Werner Koch wrote:
> There is no trust in keyservers by design. As soon as you start
> changing this you are turning PGP into a centralized system.
Well not necessarily - at least not in the sense of exactly one power
having control over the whole key network (a
Hey.
I really cannot understand why ct/heise and some others run these
Anti-OpenPGP campaigns recently, while at the same time hypocritically
claiming they'd be in favour of cryptography for people.
- Per se, users will need to have at least some basic understanding of
cryptography - otherwise a
On Sat, 2013-10-26 at 14:13 +0200, Werner Koch wrote:
> Now, if
> you want to protect something you need to think like the attacker - what
> will an attacker do to get the plaintext (or fake a signature)? Spend
> millions on breaking a few 2k keys (assuming this is at all possible
> within the ne
On Thu, 2013-10-24 at 21:05 +0200, Sylvain wrote:
> Is this zealotry on the Debian front, or something to update in gnupg?
As they write,... they don't see a specific (i.e. technical or
performance) reason not to do so.
Some people may argue that 2048 is secure enough for many many years to
come.
On Mon, 2013-03-25 at 15:30 -0700, Jack Bates wrote:
> How do I dump all the properties of a key?
pgpdump
Cheers,
C.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailma
Hi David.
Long time ago, the following[0] ;)
I recently stumbled across that question again,... when I deployed
haveged on our faculty's HPC cluster...
So I've asked[1] around at lkml, whether a malicious (or just bad)
entropy source could spoil the kernel's RNG.
Ted Ts'o, who currently maintain
On Tue, 2012-05-22 at 17:50 +0200, Peter Lebbing wrote:
> Or bugs only affecting large keys are not found because so few people use it,
> and it becomes an attack vector affecting only those using large keys.
While this could happen, I'd guess it would be rather vice versa
And eventually large
Hi.
This pops up over and over again...
>From a technical point of view that seems to be not only a intended
limitation,... at least it's not enough to change the max size in the
code,... there seem to be several buffers one would need to enlarge in
order to make bigger keys.
Personally I'd pref
On Wed, 2011-01-26 at 15:37 -0500, Avi wrote:
> As someone who uses GnuPG on a USB stick under Windows, I sincerely
> hope that elliptical curves get added to the 1.4 trunk.
I know this won't happen,... but I'd rather see a roadmap to phase out
1.x...
Maintaining to branches is not only a big eff
On Wed, 2010-11-10 at 14:58 -0500, Daniel Kahn Gillmor wrote:
> hrm, even if i can do this, it probably isn't very convincing for most
> people following gnupg-users :(
It was suggested before, to ad such functionality, but declined IIRC.
> > Have a look the the archive, it was mentioned before h
Hi.
That's fairly easy by hacking the code and resigning.
Have a look the the archive, it was mentioned before how it works.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http
Hi.
Just found out, that a policy _is_ actually set when using
--set-policy-urls when creating a key (--gen-key)
But it seems there is no way of changing that later..
I've looked through the code but could not find the place why it's
ignored when just e.g. changing the keyserver/prefs/etc.
Hi.
I've just realised that policy URLs (--set-policy-urls) seem to be not
set on self-sigs (e.g. when resigning the key via changing the prefs or
so).
If that's not a bug,... why have you chosen not to put it on self-sigs?
AFAIU RFC4880 it's just the policy under which a signature was made.
So o
http://www.roguedaemon.net/rephrase/
or google.com
Cheers,
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Fri, 2010-04-30 at 19:44 -0400, David Shaw wrote:
> Looks very interesting. I'm curious how this differs from the
> SIM-sized card in a SIM-sized USB reader? For example, the regular
> 2.0 OpenPGP card in a SCR3320 USB stick reader
> (http://www.scmmicro.com/security/view_product_en.php?PID=6)
On Wed, 2010-04-28 at 19:37 +0200, Joke de Buhr wrote:
> Is there any way of transferring my existing 4096 bit keys to the card.
> Generating new 3072 bit keys worked fine but it would be a lot better if I
> could stick to my 4096 keys.
Obviously not...
Cheers,
Chris.
smime.p7s
Description: S
On Mon, 2010-04-26 at 08:57 +0200, Werner Koch wrote:
> Actually the working group informally agreed on this draft after we
> changed a few US centric things.
Nice to read. I was just about to reply, that it might make sense to
start implementation in gpg even if standardisation has not yet fully
f
I'd personally prefer having a real OpenPGP plugin for gpg,...
Wouldn't that be the real solution?
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/l
So let's hope the ECC draft makes it soon to be finished :)
... and implemented in gpg ;)
Cheers,
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote:
> then could you plz explain why it is not giving me any error on server
> B that has a gpg version 1.4?
I'm not sure, but it's likely that the older version did simply not
check for this.
Using a key with UIDs that are not signed by that key is da
You simply should not use such a key (without signed UIDs),.. except you
really really know what you're doing.
The key is probably damaged, or it might be even an attack.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-us
Hi.
I have a case where I need to enter both, the passphrase and a message
(that should be decrypted), via standard input.
(Well, in principle it another non-interactive way for the passphrase
would be ok, too, but not --passphrase-fd and neither --passphrase
string).
It seems that the fo
Hi.
One additional question:
Is it possible to give multiple trust signatures to the same subject,
but with different levels and trust amounts.
e.g.
[myself] +-trust 1 sig / value=120-+> [some person or trustworthy CA] --trust 1
sig --> [some sub CA, which is "less" trustworthy]
`-trus
On Thu, 2009-09-10 at 22:46 -0400, David Shaw wrote:
> The place for all such suggestions is the IETF OpenPGP working group:
> http://www.imc.org/ietf-openpgp/
Yeah I know,.. and if you remember, most of what I've mentioned before
was already discussed at that list... but with no very big support
Hi.
I just wanted to fresh up my knowledge on trust signatures and have it
confirmed whether I've understood it correctly.
So first of all, level 0 TSigs are identical to normal non-trust-sigs.
e.g.:
[my self] --normal sig--> [person A] +-normal sig--> [person B]
On Thu, 2009-09-10 at 22:55 -0400, Daniel Kahn Gillmor wrote:
> There is also open hardware for random number generation, for whatever
> that's worth:
>
> http://warmcat.com/_wp/whirlygig-rng/
I think David already pointed me to this one some time ago,.. but
they're not yet selling it, right?
C
On Thu, 2009-09-10 at 22:23 -0400, David Shaw wrote:
> Sure, but your computer vendor "could" have a relationship with the
> NSA and put some special code in the BIOS to capture keyboard input
> and periodically send it to a central server. Your disk drive vendor
> "could" keep a few extra s
On Thu, 2009-09-10 at 20:38 -0400, Daniel Kahn Gillmor wrote:
> Worse than this: the devices could produce measurably "good" entropy
> that happens to be predictable to a malicious individual in control of a
> special secret.
>
> For example, if such a key were to contain a copy of the secret, and
On Thu, 2009-09-10 at 22:52 -0400, David Shaw wrote:
> I suspect you are more in danger of being hit by meteors several times
> in a row as you walk to your friend's house with the USB stick, than
> you are in danger from SHA-1.
I was watching Armageddon yesterday evening... so watch out what y
On Thu, 2009-09-10 at 22:35 -0400, David Shaw wrote:
> Yes. It's not that gpg has a driver for it though. The developers of
> the entropy key were clever and instead of making programs write new
> code to use the key, they made a program that reads the key and feeds
> the Linux entropy pool
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th ke
Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote:
> Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?
> The people behind OpenPGP are working on a new OpenPGP proposal that
> will u
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th key
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
> In case you missed it, using 15 as a key value is no longer a viable
> option:
> http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Thank God! I've used 17 ;)
Cheers,
Chris.
smime.p7s
Description
On Thu, 2009-09-10 at 10:29 -0400, Brian Mearns wrote:
> > Thank God! I've used 17 ;)
> No you didn't, 17 is prime. =D
*D'Ohh* ... caught me ;)
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg
For me, pool.sks-keyservers.net seems to work right now:
$ dig any pool.sks-keyservers.net
; <<>> DiG 9.6.1-P1 <<>> any pool.sks-keyservers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11901
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 2,
In principle it is possible by issuing new self-sigs, but gnupg
doesn't support this AFAIK.
Chris.
This message was sent using IMP, the Internet Messaging Program.
___
Gnupg-users mai
On Tue, 2009-05-05 at 22:16 -0400, David Shaw wrote:
> > I'm not sure if this leads to the same discussion that we had some
> > time
> > ago on the WG-list (about explicitly revoking previous self-sigs),...
> > but if a key has self-sigs with different hash-algos,... does this
> > "allow" downgra
On Mon, 2009-05-04 at 23:46 -0400, David Shaw wrote:
> I believe that's it. Fingerprints, revocation signatures (which use
> fingerprints internally), and the MDC.
> While I would start (did start, actually, a few years ago) using
> SHA-256 to certify other people's keys, I wouldn't bother r
On Mon, 2009-05-04 at 13:39 +0200, Werner Koch wrote:
> The forthcoming new keyring
> format will cope with that by not allowing a second key with the same
> fingerprint.
Ah,.. I've always thought this would be already the case ^^
When will we see this new format?
Chris.
smime.p7s
Description
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
> It's important to remember that this isn't a completely SHA-1 free
> key, as that is not currently possible in the OpenPGP protocol, but it
> is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the finge
On Mon, 2009-05-04 at 13:39 +0200, Werner Koch wrote:
> The only real crypto use in the protocol is with the revocation key
> (designated revoker) which uses a 20 byte fingerprint to specify the
> key. However I cannot see where there is a threat.
Ok,.. but most people do not exchange they key-dat
On Fri, 2009-04-24 at 11:28 -0700, bkumfer wrote:
> Thank you again. Is there a difference between encrypting a file vs.
> encrypting an email?
Not really,... but with eMail,.. there mail be "additional" standards
used (PGP for MIME).
Chris.
smime.p7s
Description: S/MIME cryptographic signature
On Mon, 2009-02-16 at 09:19 +0100, Werner Koch wrote:
> They will use a hardware logger and don't care about any encrypted
> stuff
> in your pocket.
Of course this is possible,.. but perhaps only for someone more
powerful. (NSA could perhaps even replace your CPU with one that has an
additional OS
On Fri, 2009-02-13 at 19:30 +0100, Sven Radde wrote:
> "They" will have difficulties installing a keylogger if the unencrypted
> /boot is always in your pocket and the HDD contains just encrypted
> gibberish.
Correct :-)
> I wonder when Linux will be able to utilize a TPM to integrity-protect
> /
On Fri, 2009-02-13 at 10:58 +0100, Michael Kesper wrote:
> What is the additional gain to having an unencrypted /boot partition on
> the same device?
What do you mean?
> As I see it, only "boring" data gets ever written in
> cleartext to the harddrive then.
But even this data is sensitive, as one
On Thu, 2009-02-12 at 21:52 -0800, doesntmatter wrote:
> Can this be undone?
Of course not.
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-u
On Thu, 2009-02-12 at 00:09 +0100, Ingo Klöcker wrote:
> On Wednesday 11 February 2009, Christoph Anton Mitterer wrote:
> > On Wed, 2009-02-11 at 22:37 +0100, Ingo Klöcker wrote:
> > > > Your machine suspends, and writes a snapshot of its memory to
> > > > disk. Su
On Wed, 2009-02-11 at 17:00 -0500, David Shaw wrote:
> If the answer is "Yes", then you're not protecting very much. You did
> not succeed in doing what you were trying to do. If the answer is
> "No", you at least avoided the usual pitfalls.
Yep,... you're right =)
It should be really possibly t
On Wed, 2009-02-11 at 22:37 +0100, Ingo Klöcker wrote:
> > Your machine suspends, and writes a snapshot of its memory to disk.
> > Sure, let's say it's even encrypted. When you wake the machine, is
> > the encrypted disk still mounted?
>
> Obviously not.
Why? This IS of course possible...
Of c
Hi.
Does anyone of you have an idea whether it could make problems to use
gnupg on Celeron or Atom CPUs?
I mean could this have an effect on the PRNG, e.g. that the entropy is
worse? Or something similar?
Regards,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
__
A good workaround is to use disk encryption (dm-crypt or similar things).
Best wishes,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Thanks for your info :-)
Best wishes,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi.
Does anyone of you have an idea whether it could make problems to use
gnupg on Celeron or Atom CPUs?
I mean could this have an effect on the PRNG, e.g. that the entropy is
worse? Or something similar?
Regards,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
__
e gpgsm, which is also
part of GnuPG.
gpg/gpg2 -> OpenPGP
gpgsm -> X.509
Regards,
--
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München
christoph.anton.mitte...@physik.uni-muenchen.de
m...@christoph.anton.mitterer.name
smime.p7s
Descrip
On Tue, 2009-02-03 at 11:48 +0100, Werner Koch wrote:
> > hkp://pgp.mit.edu
>
> Do not use this server becuase it runs way too old software!
Has ever anyone tried to convince the Athena guys at MIT, to switch
their server?
Unfortunately it's still very well-known...
--
On Mon, 2008-06-23 at 16:30 +0200, Werner Koch wrote:
> On Mon, 23 Jun 2008 13:30,
> [EMAIL PROTECTED] said:
>
> > I set the flag, that nobody writes the key to disk (by accident) if he
> > uses gpg manually on the encrypted file.
>
> You can't avoid that. --for-your-eyes-only is a very weak ga
On Mon, 2008-06-23 at 11:59 +0200, Werner Koch wrote:
> Add option "--batch".
Doesn't this disable any interactions like entering the passphrase?
Thanks,
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/
On Mon, 2008-06-23 at 17:45 +0700, Vlad "SATtva" Miller wrote:
> Or, if interactive mode is desired, place this in your initrd script:
>
> mv /dev/tty /dev/tty.bak
> cp -a /dev/console /dev/tty
>
> #
> # do gpg stuff here
> #
>
> rm /dev/tty
> mv /dev/tty.bak /dev/tty
That's what I do right now
On Mon, 2008-06-23 at 11:51 +0200, Werner Koch wrote:
> > I'm suggesting that such keys have the for-your-eyes flag set (because
> > it shouldn't be necessary to write them to disk).
> This flag is a property of the encrypted message and not of the key.
Of course,.. with "key", I didn't meant any O
I've just seen:
On Sat, 2008-06-21 at 21:46 +0200, Christoph Anton Mitterer wrote:
> /dev/tty is not available (an won't be)
/dev/tty is there (5,0) and readable.
No idea which problems gpg has... :-/
Chris.
smime.p7s
Description: S/MIME cryptograp
Hi.
I have to use gpg from within an initrd.
/dev/tty is not available (an won't be) only /dev/console is here.
But whatever I do gpg complains:
Without --no-tty it complains that /dev/tty isn't there (gpg: cannot
open '/dev/tty': No such device or address)
With it, in complains "gpg: Sorry, no
Hi.
I'm writing a suite of scripts and a little frame work for the use
cryptsetup/dm-crypt within an initrd for Debian
This also includes a keyscript to decrypt (symmetrically) OpenPGP
encrypted dm-crypt keys.
I'm suggesting that such keys have the for-your-eyes flag set (because
it shouldn't be
On Thu, 2008-05-15 at 09:24 +0200, Sven Radde wrote:
> FWIW, german digital signature laws AFAIK mandate a key length of
> exactly 1024 bits even for the strongest class of signatures.
> Certificates for electronic banking (also a heavily regulated field) are
> of 1024 bits (or is even 768 still
On Thu, 2008-05-15 at 01:42 -0500, Robert J. Hansen wrote:
> If 2kbit RSA/DSA/ElG ever becomes attackable either via cryptanalysis,
> brute force or developments in large number theory, the solution will be
> to move to entirely new algorithm families, not to just tack on another
> few bits to the
On Wed, 2008-05-14 at 16:51 -0500, Robert J. Hansen wrote:
> Christoph Anton Mitterer wrote:
> > gpg is not intended and for disk encryption, which requires special
> > techniques (good IV initialisation method etc).
> As opposed to OpenPGP's idiosyncratic CFB mode, which p
On Wed, 2008-05-14 at 22:58 +0200, gabrix wrote:
> Mine is just a suggestion to improve our dear gnupg.
> What is missing in linux is a killer crypt application .
> I recently used two windows application pgp and bestcrypt . And they both
> have , disk encryption , mail encryption , key generator
On Sat, 2008-04-26 at 02:20 -0500, Robert J. Hansen wrote:
> I'd like to see GPG remain the name for only 1.4.
>
> GnuPG 2.x introduces a lot of new crypto support that is not related
> to
> OpenPGP. The original metonymy is no longer appropriate.
>
> Call it GnuPS, for the GNU Privacy Suite. If
On Thu, 2008-04-24 at 07:56 +0200, Michel Messerschmidt wrote:
> What about second/third ... names, name changes (e.g. marriage),
> offical pseudonyms (e.g. artist names in Germany), ... ?
Yes of course,.. and lots of other things in other countries and
cultures.
> > The reason: As a mathematicio
Quoting reynt0 <[EMAIL PROTECTED]>:
Well, not specially (ignoring the polite grammar using the
form of questions). What it was is a suggestion, stated
in third person and a first person example, why one part
of your suggestions/opinions might not be a good fit
with gpg. IMHO, of course. That's
On Wed, 2008-04-23 at 13:41 -0400, reynt0 wrote:
> (This is a late comment, I'm catching up reading email, and
> Herr C.A.M has mentioned his idea a couple of times.)
[snip snap]
Does this contain any question?
Regards,
Chris.
___
Gnupg-users mailing
On Mon, 2008-04-21 at 16:33 +0200, Werner Koch wrote:
> This will not happen. 1.4. builds on a wide variety of platforms
> whereas 2.0 requires a decent POSIX or Windows platform.
I've already thought that...
> Frankly, I do not see the problem. The BInd folks are running Bind 8
> and Bind 9 fo
On Mon, 2008-04-21 at 09:21 -0500, Robert J. Hansen wrote:
> If GnuPG 1.4.x suddenly gets marked "deprecated" and begins to be phased
> out, a whole lot of people are going to start asking "why? Official
> word on the GnuPG list was that GnuPG 1.4 was still perfectly safe and
> would be maintai
On Mon, 2008-04-21 at 09:43 -0400, David Shaw wrote:
> How about:
>
> 1.4 == GnuPG Classic
> 2.0 == GnuPG Plus
If both should continue to develop (on a long time view) why not:
1.4 == GnuPG Classic
2.0 == GnuPG
Chris.
___
Gnupg-users mailing list
Gnup
On Mon, 2008-04-21 at 08:59 -0500, Robert J. Hansen wrote:
> I imagine this idea would get a lot of pushback from 1.4 users. I know
> that I'd be bothered by it.
What's the reason?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.o
On Mon, 2008-04-21 at 09:30 -0400, Mark H. Wood wrote:
> So, perhaps 1.4 should be GnuPG and 2.0 should be GnuPG-Plus.
> (Please, no "++"!)
I think that renaming would actually increase the confusion.
It would be better to consider to slowly phase out the 1.4x branch.
Chris-
On Sun, 2008-04-20 at 11:40 +0200, Ingo Klöcker wrote:
> On Sunday 20 April 2008, Robert J. Hansen wrote:
> > Windows NT 3.51 --> Windows NT 4.0
> > Windows 2000 --> Windows 2003 Server
> > FreeBSD 5.2 --> FreeBSD 6.0
> > Fedora Core 8 --> Fedora Core 9
> > GnuPG 1.4 --> GnuPG 2.0
> One of those is
On Sun, 2008-04-20 at 10:31 +0200, Sven Radde wrote:
> While it isn't directly true for GnuPG, interpreting the issue in this
> way (i.e. "use 1.4 only if 2.x isn't possible for you") would not do any
> harm, would it?
Yes, that's what I'd prefer.
Chris.
_
Dear Robert.
On Sat, 2008-04-19 at 21:41 -0500, Robert J. Hansen wrote:
> Yes: that's the point I was making. Regular users are taught to think
> this. This is generally true. GnuPG is not following the regular
> versioning conventions.
Uhm what I mainly wonder is,... what is the main differenc
On Sat, 2008-04-19 at 19:45 -0500, Robert J. Hansen wrote:
> Regular users are taught to think that bigger version numbers are
> better, more recent, more capable, more bug-free, etc.
Well,.. that's what nearly each version naming model implies.
Of course those examples are different, however for a
On Sat, 2008-04-19 at 20:37 -0400, David Shaw wrote:
> Do people find the 1.4.x / 2.0.x thing confusing?
Well,.. partly,... (at least when speaking for myself).
Of course it makes sense to provide security fixes for the 1.x branch,
but I always wonder why you don't switch to the 2.x for the main
de
r, such attributes could be his name town,
ZIP-code or even his ebay account).
And I would like to see a redesigned standard much more stricter and
definite. The RFC itself says, that it uses a "wishy-washy" style, I
think that could lead to security problems.
> Work with a scalpel,
d.
Well,.. I didn't claim that it would do it by default ;)
Regards,
--
Dipl.-Inf. (FH) Christoph Anton Mitterer
eMail:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Jabber/XMPP:
[EMAIL PROTECTED]
Ludwig-Maximilians-Universität München
Lehrstuhl für experimentelle Physik – Elementarteilchenphysik
the C
flag a general certification use (not only OpenPGP keys/UIDs) or only
certification of OpenPGP keys/UIDs.
In the later case one should probably stick with "CS"
What do you think?
Greetings,
--
Dipl.-Inf. (FH) Christoph Anton Mitterer
eMail:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Dear Robert.
On Tue, 2008-04-15 at 20:35 -0500, Robert J. Hansen wrote:
> Christoph Anton Mitterer wrote:
> > But it does not say that it has to contain the must-have algos.
> As has been mentioned here at least twice now, see section 13.2, where
> it explicitly says if the MUSTs
Ok in fact this belongs also to the WG,.. but (apart from the fact that
I'm really unsure if I like the idea of must have algos at all - in each
case they have some very practical use) it would be an idea, to change
them or at least add some other must haves.
As Robert already point
Ok, if I modify it,.. and create a 0x1F with key usage, key
> > server-prefs, algorithm prefs, and so on... Will gpg understand this?
> No.
Ah... is this by intention? Or just not yet implemented? To say it
differently,.. which subpacktes or understood on the 0x1F signatures?
Best wishes,
1 - 100 of 167 matches
Mail list logo
