On Wed, 14 Jun 2023 10:22:36 +0200,
Andre Heinecke via Gnupg-users wrote:
> And the link to the website how to get a PGP Software linking to that fishy
> "openpgp.org" website which lists Gpg4win as "Outlook software" on the same
> level with Gpg4o? And which links to Claws mail as PGP software t
On Tue, 02 Nov 2021 18:35:01 +0100,
Phil Pennock via Gnupg-users wrote:
> On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote:
> > The signature on a Linux kernel can be verified successfully using
> > `--auto-key-retrieve', but the signature on an Emacs cannot be
> > verified in th
Hi Phil,
On Fri, 22 Oct 2021 17:00:11 +0200,
Phil Pennock via Gnupg-users wrote:
> When evaluating the trust we have in the identity attached to a key, I
> often see "WARNING: We have NO indication whether the key belongs to the
> person named as shown above"; at the same time, `--with-key-origin`
On Fri, 19 Mar 2021 08:33:17 +0100,
Robert J. Hansen via Gnupg-users wrote:
>
> > The next default is ECC (ed25519+cv25519) which is supported by most
> > OpenPGP implementations. Only if you have a need to communicate with
> > some niche implementaions you need to use rsa3072.
>
> Last I checke
On Fri, 22 Jan 2021 23:59:36 +0100,
Andrew Gallagher via Gnupg-users wrote:
> On 22/01/2021 17:29, Daniel Kahn Gillmor via Gnupg-users wrote:
> > this is a non-backward-compatible change to the format, so i think
> > that's probably not a great outcome.
>
> I can't help thinking that length finger
On Thu, 21 Jan 2021 17:10:31 +0100,
Daniel Kahn Gillmor wrote:
> For WKD services which cannot control their webserver to disable
> compression, and automate padding, a better approach would be to pad
> each published key with an OpenPGP literal data packet, whose content is
> filled with a high-en
On Mon, 18 Jan 2021 17:12:56 +0100,
Stefan Claas wrote:
> I repeat here once again GitHub has a *valid* SSL cert.
You're right. github has a valid TLS certificate. But that valid TLS
certificate is not valid for openpgpkey.sac001.github.io. That's just
the way it is, sorry.
:) Neal
__
On Mon, 18 Jan 2021 16:47:38 +0100,
Ángel wrote:
> So, while in the first case a bad certificate would be a critical
> failure, in the second the right thing would be to fetch the key
> *even if the certificate was invalid*, as it is used purely for
> discovery.
When you look up the openpgpkey.ex
On Mon, 18 Jan 2021 13:42:52 +0100,
André Colomb wrote:
> On 18/01/2021 10.14, Neal H. Walfield wrote:
> > In short: I understand the motivation for the subdomain. I understand
> > why one should first check there. But, I think we do our users a
> > disservice by not falli
Hi Angel,
On Thu, 14 Jan 2021 01:47:12 +0100,
Ángel wrote:
> On 2021-01-13 at 10:12 +0100, Neal H. Walfield wrote:
> As such, I do think sequoia is non-conformant, although I'm
> more interested in determining the proper behaviour of a WKD client.
>
> ...
> I think i
Hi Stefan,
On Sun, 17 Jan 2021 19:41:44 +0100,
Stefan Claas via Gnupg-users wrote:
> Please try to accept that GitHub (and maybe in the future others as well)
> has *no* bad certificate!
As others have tried to explain: the certificate that github uses for
sub.sub.github.com is invalid for sub.su
On Sun, 17 Jan 2021 19:27:05 +0100,
Ángel wrote:
> I feel there is a need for a proper wkd test suite (as well as a
> clarifying on the draft itself the things that are coming up).
FWIW, there is Wiktor Kwapisiewicz's wkd checker:
https://gitlab.com/wiktor-k/wkd-checker
https://wkd.sequoia-pg
Hi Andre,
On Tue, 12 Jan 2021 20:13:42 +0100,
André Colomb wrote:
> It has also been pointed out repeatedly in this thread that Sequoia
> apparently does not properly check the TLS certificate, which you have
> proven with your example setup. That could be called "modern" or
> "insecure". It has
Hi Stefan,
On Fri, 08 Jan 2021 23:05:52 +0100,
Stefan Claas via Gnupg-users wrote:
> On Fri, Jan 8, 2021 at 10:21 PM Stefan Claas
> wrote:
>
> > I guess the only way to fix it (for many people) would be
> > that, as of my understanding (now) the WKD check
> > and SSL cert check would be a bit mo
Hi Stefan,
A chosen-prefix collision attack works as follows: an attacker chooses
two message prefixes, and then uses near collisions blocks (in the
SHA-1 is a Shambles paper they needed about 10 such 512-bit blocks) to
align the internal state of the two hashes. Since SHA-1 is a
streaming functi
Hi Teemu,
On Sun, 11 Oct 2020 11:02:00 +0200,
Teemu Likonen wrote:
> * 2020-10-11 02:40:28+02, Stefan Claas wrote:
>
> > I was reading old GnuPG threads were people were asking if it's
> > possible to extract a signature from an encrypted message.
>
> It seems that there is a visible signature p
Hi Andrew,
On Sat, 19 Sep 2020 21:38:22 +0200,
Andrew Gallagher wrote:
> Hagrid “solves” the vandalism problem by abandoning
> decentralisation.
This is not strictly true.
When we think about updating keys, there are two types of information
that can be updated:
- Identity Information (User I
At Tue, 20 Feb 2018 16:08:35 +0100,
Werner Koch wrote:
> > Yet another complementary approach might be to aggressively police the
> > ecosystem by finding other software that deends on GnuPG in any of the
> > aforementioned brittle ways, and either ask those developers to stop
>
> That is what our
Hi,
At Thu, 15 Feb 2018 17:20:14 -0500,
Konstantin Ryabitsev wrote:
> But wait, now I can omit --trust-model from the command line and I get the
> same
> TOFU-based result, implying that trust-model tofu+pgp now sticks, even though
> I've modified no config files:
If you don't explicitly set the
At Wed, 11 Oct 2017 17:47:29 +0200,
Werner Koch wrote:
> On Wed, 11 Oct 2017 09:15, n...@walfield.org said:
>
> > I'm aware of an effort that tried to port GnuPG to Android. bionic
> > was a source of several problems. As far as I know, the work is
>
> Actually we solved the Bionic problems a l
At Wed, 11 Oct 2017 08:26:21 +0200,
Werner Koch wrote:
> On Tue, 10 Oct 2017 20:55, b...@adversary.org said:
>
> > Has anyone managed to get any part of the GPG libs to compile on
> > Android/Linux? As far as I'm aware no one has and all OpenPGP
>
> There might be a problems with the current rel
At Tue, 10 Oct 2017 23:55:32 -0400,
Robert J. Hansen wrote:
>
> > Amazing how much people want to comment on the color of this
> > particular bikeshed!
>
> I agree. Bikeshedding frustrates me: I'll leave it at that.
>
> Reviewing the last forty-odd emails on the subject, there are a small
> nu
Hi,
Unfortunately, there isn't enough information in this report to
reproduce your issue. If you feel comfortable sending me your TOFU db
and your pubring.gpg / pubring.kbx per private mail, as well as
telling me which key that is causing the problem, then I will take a
look.
Key: 8F17 7771 18A3
At Sat, 22 Jul 2017 00:01:45 +0200 (CEST),
wrote:
> I am using GnuPG 1.4.x to symmetrically encrypt files before I
> transfer them to "the cloud" for backup reasons.
> Is there any way to test these encrypted files for errors, i.e. to
> make sure they can be decrypted correctly without actually ha
Hi,
I'm collection examples of notations. If you somehow use notations,
I'd love to hear how you are using them. (If you prefer to remain
anonymous, please feel free to reply privately.)
Also, I'm curious if anyone has a good use for unsigned ("unhashed")
notations.
Thanks!
:) Neal
Key: 8F17
At Fri, 23 Jun 2017 13:45:39 +0300,
Teemu Likonen wrote:
> I don't know whether my thinking is common but perhaps it would be
> helpful if gpg's man page made clear that on conflict situation both
> keys go to "ask" mode. A quote from my gpg 2.1.18 manual:
I tried to improve the documentation in 2
At Tue, 27 Jun 2017 09:27:57 +0100,
MFPA wrote:
> On Monday 26 June 2017 at 10:31:04 AM, in
> ,
> Goddess: Primal Chaos wrote:-
>
>
> > Dear player, Thank you very much for contacting us
> > by mail.
>
>
> I've seen several of these messages on this list lately. It looks like
> somebody has su
At Mon, 26 Jun 2017 11:27:30 +0200,
martin f krafft wrote:
> > Martin, I think --no-auto-check-trustdb and a cron job will
> > already make it much more bearable, with the current state of
> > things. That's what I'd suggest.
>
> I've been doing that for a long time already, and yes, it mitigates
At Fri, 23 Jun 2017 02:07:19 +0100,
MFPA wrote:
> On Wednesday 21 June 2017 at 7:49:42 PM, in
> , Peter
> Lebbing wrote:-
>
> > I think it's a bad UX choice to
> > name an invalid
> > signature "UNTRUSTED Good" and a valid signature
> > "Good". I think it
> > suggests they both have some credibili
At Fri, 23 Jun 2017 13:04:02 -0400,
Brian Minton wrote:
>
> [1 ]
> On Fri, Jun 23, 2017 at 03:50:27PM +0200, Neal H. Walfield wrote:
> >
> > Ensuring that a cache is consistent is *hard*. I don't think we want
> > to add complexity (nevermind a c
At Fri, 23 Jun 2017 15:35:05 +0200,
martin f krafft wrote:
> also sprach Werner Koch [2017-06-22 19:02 +0200]:
> > For a key listing this means computing it for every listed key. And the
> > majority of frontends first do a key listing and show the validity of
> > the keys before you can encrypt
At Fri, 23 Jun 2017 13:22:23 +0200,
Peter Lebbing wrote:
> On 23/06/17 12:56, Neal H. Walfield wrote:
> > It's up to the GPG client to interpret it. This document (authored by
> > Andre and me) has some recommendations for MUAs:
>
> Ah! Thanks for the information.
>
At Fri, 23 Jun 2017 12:52:48 +0200,
Peter Lebbing wrote:
>
> [1 ]
> On 23/06/17 11:14, Neal H. Walfield wrote:
> > No, both keys are set to ask. The key with a lot of observed
> > signatures could be bad. This could occur, if there is a MitM, but
> > the MitM
At Thu, 22 Jun 2017 20:32:48 +0300,
Teemu Likonen wrote:
> Teemu Likonen [2017-06-22 09:42:50+03] wrote:
> > Does the SUMMARY field's value (0-4) have effect on how key's validity
> > is calculated or how TOFU conflicts are resolved or presented to a
> > user?
>
> I didn't get answers yet but I'll
At Thu, 22 Jun 2017 09:42:50 +0300,
Teemu Likonen wrote:
> It _seems_ to me that
>
> - Field 3 :: validity - A number with validity code.
>
> is the same thing as SUMMARY in TOFU_STATS. Am I right?
>
> And here's my question again: Does the SUMMARY field's value (0-4) have
> effect on how
use a key to be revoked. In
that case, if 0xdeadbeef is marginally trusted, we now need to
identify keys that were considered valid because of 0xdeadbeef, but no
longer are.
:) Neal
At Thu, 22 Jun 2017 15:00:52 +0200,
martin f krafft wrote:
>
> [1 ]
> also sprach Neal H. Walfield
At Wed, 21 Jun 2017 13:55:52 +0200,
martin f krafft wrote:
>
> also sprach Neal H. Walfield [2017-06-21 11:53 +0200]:
> > > 3. Is there a way to run --check-trustdb or --update-trustdb not
> > >over the entire key graph, but only traversing to a certain depth
Hi,
At Tue, 20 Jun 2017 15:34:44 +0200,
martin f krafft wrote:
> I've spent some time trying to figure out how to make actual use of
> the web-of-trust (the "pgp" trust-model), and I am turning to this
> list for some advice, related to a couple of questions:
>
> 1. My public keyring has several
Hi,
At Sun, 2 Apr 2017 18:23:14 -0500,
Will Senn wrote:
> but at the end of
> the day, I don't seem to be able to sign anything with the signing
> subkey if the master key is not present (with sec instead of sec#). Do
> you know how I get it to use the subkey (the manual says it will default
> to
At Sun, 2 Apr 2017 11:20:16 -0700,
Doug Barton wrote:
> On 04/01/2017 07:10 AM, Will Senn wrote:
> > 3. I've read
> > https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> > and other such pieces proclaiming the value of having the master key in
> > a safe place an
Hi,
At Wed, 15 Mar 2017 00:38:45 +,
MFPA wrote:
> I have been having GnuPG crash with the following message when listing
> keys:-
>
> gpg --list-keys
> gpg: O j: Assertion "conflict_set" in get_trust failed
> (/home/wk/b-w32/speedo/PLAY-release/gnupg-w32-2.1.19/g10/tofu.c:2787)
> This
On Sun, 17 Jul 2016 15:53:47 +0200,
Richard Höchenberger wrote:
> we've been using Schleuder2 for many years now, and it has always
> worked flawlessly on a medium-traffic mailing list as long as everyone
> used OpenPGP/MIME. Inline PGP will cause trouble from time to time.
Scleuder requires that
Hi,
On Sat, 16 Jul 2016 16:38:27 +0200,
Martin Konold wrote:
> what is currently the recommended setup for running encrypted mailing lists.
>
> I am thinking about some IBCPRE mechanism. see also https://en.wikipedia.org/
> wiki/Identity-based_conditional_proxy_re-encryption
>
> I think this wou
On Thu, 07 Jul 2016 11:32:30 +0200,
Fiedler Roman wrote:
> I'm trying to use gnupg to solve a usecase similar to the one depicted in
> [1], but the workaround from [1] is not suitable, because:
>
> * Each file I have is larger than the machine holding the keys
> * The keys cannot be moved
> * The
On Mon, 11 Apr 2016 10:49:32 +0200,
Erik Nellessen wrote:
>
> If I understand it correctly, --override-session-key does not allow me to set
> the session key before encryption. It allows me to set the session key when
> decrypting, so I can do it without using the private key. The option is used
On Sun, 10 Apr 2016 12:56:09 +0200,
Erik Nellessen wrote:
> No, this is not about encrypting large amounts of data with asymmetric
> encryption. ;) It is about encrypting and decrypting small strings, which are
> still way smaller than the public/private key. So I guess this could be
> possible
On Tue, 22 Dec 2015 15:08:46 +0100,
Matthias Apitz wrote:
>
> El día Tuesday, December 22, 2015 a las 03:03:39PM +0100, Neal H. Walfield
> escribió:
>
> > > Just to make sure: there have been no v1.x keys (I move away the old
> > > .gnupg dir), why are
On Tue, 22 Dec 2015 14:45:59 +0100,
Matthias Apitz wrote:
> El día Tuesday, December 22, 2015 a las 02:41:24PM +0100, Neal H. Walfield
> escribió:
>
> > Hi Matthias,
> >
> > On Tue, 22 Dec 2015 13:28:28 +0100,
> > Matthias Apitz wrote:
> > > Question: W
Hi Matthias,
On Tue, 22 Dec 2015 13:28:28 +0100,
Matthias Apitz wrote:
> Question: Why I do not have a file .gnupg/secring.kbx (as I have had
> with v1.x)? And, why are the keys stored in .gnupg/private-keys-v1.d?
The short answer is that we are using a new format.
Note: GnuPG 2 will automatical
Hi,
On Mon, 21 Dec 2015 10:28:47 +0100,
perillamint wrote:
> I'm having trouble setting up ssh auth using Ed25519 key.
>
> I tries to convert it using gpgkey2ssh and it returns
>
> Unsupported algorithm: 22
>
> Is there any version of gpgkey2ssh or other tool which allows converting
> ed25519 p
On Tue, 08 Dec 2015 13:16:29 +0100,
Peter Lebbing wrote:
> Again, no. Lots of programs get vague problems. It's just that it used
> to be that GNOME Keyring said "those problems are in GnuPG", whereas the
> GnuPG project said "those problems are caused by GNOME Keyring breaking
> our software". The
On Mon, 07 Dec 2015 01:05:51 +0100,
MFPA wrote:
> > * gpg: New trust models "tofu" and "tofu+pgp".
>
> > * gpg: New command --tofu-policy. New options
> > --tofu-default-policy and --tofu-db-format.
>
> Should these be available in the Windows version? I get:-
>
> gpg: unknown trust mo
Hi,
At Fri, 27 Nov 2015 16:43:09 +0800,
Charlie Brown wrote:
> I'm new to gpg, and I'm trying the agent.
>
> I noticed that when gpg needs to prompt me for pass phrase, the prompt
> shows up about 15 seconds after I issue the command (e.g. gpg
> --decrypt or git commit -S). The problem exists wit
At Thu, 5 Nov 2015 17:29:22 +,
MFPA wrote:
> On Thursday 29 October 2015 at 2:06:51 PM, in
> , Neal H. Walfield wrote:
> > Note: GpgME has not yet been extended to support TOFU
> > so these messages might not be shown.
>
> I would think that was quite important, for
Hi,
At Tue, 03 Nov 2015 16:56:27 +0100,
Andre Heinecke wrote:
> On Tuesday 03 November 2015 16:34:39 you wrote:
> > At Tue, 03 Nov 2015 16:10:24 +0100,
> >
> > Andre Heinecke wrote:
> > > Don't we need to lookup the new key anyway to make validity decisions?
> > > Until then we assume "Unknown" t
At Tue, 3 Nov 2015 15:37:06 +,
MFPA wrote:
> On Tuesday 3 November 2015 at 3:29:02 PM, in
> , Neal H. Walfield wrote:
>
>
> > The bindings are between user id and key. So, a new
> > binding will be created.
>
> Will it flag up to the user that it is creating a
At Tue, 03 Nov 2015 16:10:24 +0100,
Andre Heinecke wrote:
> Don't we need to lookup the new key anyway to make validity decisions? Until
> then we assume "Unknown" trust.
In the verify case, yes. But what about the sign case? We just see
that the old key has been revoked, but we don't know what
At Tue, 3 Nov 2015 15:18:57 +,
MFPA wrote:
> On Tuesday 3 November 2015 at 2:38:04 PM, in
> , Neal H. Walfield wrote:
>
>
> > In this case, we store the whole user id (lower cased).
> > Only if the user id is the empty string do we not store
> > a binding.
&g
Hi Andre,
At Fri, 30 Oct 2015 13:23:14 +0100,
Andre Heinecke wrote:
> On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote:
> > At Thu, 29 Oct 2015 18:48:43 +0100,
> >
> > Johannes Zarl-Zierl wrote:
> > > Out of curiosity: Does the TOFU implementation for g
At Tue, 3 Nov 2015 14:32:56 +,
MFPA wrote:
> On Friday 30 October 2015 at 12:09:51 PM, in
> , Neal H. Walfield wrote:
> > The user ids are used. These are authorative. If
> > there are N user ids, then N bindings are maintained.
>
> Presumably if no user-id contains
Hi,
At Sun, 1 Nov 2015 10:50:33 +,
MFPA wrote:
> Another thought. New signatures from a key that has long been inactive
> may arouse suspicion. Perhaps it would be useful to output how long
> ago was the last message verified. For example:-
>
> "66 messages signed over the past 3 years. The l
At Sat, 31 Oct 2015 11:57:05 +,
MFPA wrote:
> > First, some statistics are displayed, namely, that
> > we've verified 5 messages signed by this key in the
> > past last hour.
>
>
> Would it say the same if it were not five unique messages? For
> example, we read the same email five times and
At Fri, 30 Oct 2015 14:32:07 +,
MFPA wrote:
> On Friday 30 October 2015 at 11:51:27 AM, in
> , Neal H. Walfield wrote:
>
>
> > Sure. But your point is a red herring. There is
> > *currently* no way to do this. However, the next
> > version of the OpenPG
At Fri, 30 Oct 2015 12:06:14 +,
MFPA wrote:
> On Thursday 29 October 2015 at 2:06:51 PM, in
> , Neal H. Walfield wrote:
>
>
> > When you verify a
> > message from some user for the first time, GnuPG saves
> > the binding between the user id (actually, the
>
At Fri, 30 Oct 2015 11:43:28 +,
MFPA wrote:
> On Thursday 29 October 2015 at 9:28:54 PM, in
> , Neal H. Walfield wrote:
>
>
>
> > Unfortunately, it doesn't. This is because there is
> > currently no standard way to communicate the id of the
> > new
Hi Peter,
At Thu, 29 Oct 2015 19:57:29 +0100,
Peter Lebbing wrote:
>
> On 29/10/15 17:23, Daniel Baur wrote:
> > isn’t it a little bit problematic that GPG now logs how often I received
> > emails by someone else?
>
> I would think that in most situations, that is not a problem. If you
> exclus
At Thu, 29 Oct 2015 18:48:43 +0100,
Johannes Zarl-Zierl wrote:
> Out of curiosity: Does the TOFU implementation for gpg already allow for key
> transition statements / is this planned for some point in the future?
Unfortunately, it doesn't. This is because there is currently no
standard way to c
Hi,
Last week, I checked in the TOFU code for GnuPG. This code will be
part of the next release. It would be great to get some additional
testing before this happens!
Background
--
TOFU stands for Trust on First Use and is a concept that will be
familiar to anyone who regularly uses s
Hi Lachlan,
At Fri, 23 Oct 2015 10:58:22 +0200,
Lachlan Gunn wrote:
> Is there any way make GNUPG or libgpgme generate a signature from an
> externally-computed hash? My justifications for this are twofold:
In theory yes, in practice no. To generate an OpenPGP signature, the
OpenPGP implementati
At Mon, 5 Oct 2015 14:22:30 -0500,
Anthony Papillion wrote:
> I'm working on a project that requires a portable version of GnuPG and
> I'd like to use a modern version of it. As far as I can tell from
> searching, GnuPG stopped being portable somewhere in the 1.4.x branch.
GnuPG 2.x is still porta
Hi,
At Tue, 22 Sep 2015 11:07:22 -0400,
SGT. Garcia wrote:
>
> hello,
> this is my gpg-agent.conf:
>
> allow-preset-passphrase
> default-cache-ttl 31536000
>
> this has stopped working! i'm getting asked for password every 20 minutes or
> so.
> anyone else hitting this bug? hopefully i don't h
At Wed, 29 Jul 2015 15:14:07 +0200,
Ingo Klöcker wrote:
> If you replace "validation server" with "keysigning party participant" then
> you get one of the ways participants of keysigning parties get their
> signatures to the key owners. So, it's already done and people do upload
> their
> signe
At Wed, 29 Jul 2015 14:05:49 +0100,
MFPA wrote:
> On Wednesday 29 July 2015 at 1:09:54 PM, in
> , Neal H. Walfield wrote:
>
>
> > Personally, I think c is the killer in this plan:
> > people aren't going to bother to upload it (assuming
> > they even get th
At Wed, 29 Jul 2015 02:30:47 +0100,
MFPA wrote:
> On Monday 27 July 2015 at 1:15:57 PM, in
> , Neal H. Walfield wrote:
>
>
> > Regarding the design: personally, I wouldn't have the
> > user follow a link that includes a swiss number, but
> > have the user r
At Wed, 29 Jul 2015 01:03:53 +0100,
MFPA wrote:
> On Tuesday 28 July 2015 at 11:46:10 PM, in
> , Neal H. Walfield wrote:
> > At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote:
> >> It also eliminates any attempt to to establish a link
> >> between the key and the email
At Tue, 28 Jul 2015 19:22:29 +0100,
MFPA wrote:
> On Tuesday 28 July 2015 at 8:22:23 AM, in
> , Neal H. Walfield wrote:
>
> > Did you consider user a proof-of-work scheme? For
> > instance, the user does a 1 week PoW, signs the result
> > and attackes it to the key
Hi,
Did you consider user a proof-of-work scheme? For instance, the user
does a 1 week PoW, signs the result and attackes it to the key. These
would be refreshed about once a year.
This eliminates the verification servers and the problems associated
with them (namely, people need to trust them
At Mon, 27 Jul 2015 17:51:56 +0200,
Patrick Brunschwig wrote:
>
> On 27.07.15 14:15, Neal H. Walfield wrote:
> > Hi,
> >
> > I guess you mean this:
> >
> > The idea I have in mind is roughly as follows: if you upload a key to
> > a keyserver, the
Hi Nico,
At Mon, 27 Jul 2015 19:21:10 +0200,
n...@enigmail.net wrote:
>
> Thanks, Neal for the feedback.
> I will try to answer.
>
> Am 27.07.2015 um 14:15 schrieb Neal H. Walfield:
> > Hi,
> >
> > I guess you mean this:
> >
> > The idea I have i
Hi,
I guess you mean this:
The idea I have in mind is roughly as follows: if you upload a key to
a keyserver, the keyserver would send an encrypted email to every UID
in the key. Each encrypted mail contains a unique link to confirm the
email address. Once all email addresses are confirme
Hi,
At Thu, 04 Jun 2015 12:06:42 +0300,
Dmitry Falko wrote:
> Is there a common way to parse data returned from LISTKEYS
> command. Callback function receives buffer with colon-separated
> information about certificate,
> i need fingerprint to use it with IMPORT --re-import command.
Are you runni
At Tue, 28 Apr 2015 17:38:53 +0200,
Werner Koch wrote:
> On Tue, 28 Apr 2015 17:02, n...@walfield.org said:
>
> > I've added a checkbox to pinentry that asks: "Cache password with GKR"
> > and it is only shown if GKR is present. So it's opt-in.
>
> Good. While you are at it: Please also add a c
At Tue, 28 Apr 2015 10:26:05 -0400,
Robert J. Hansen wrote:
> > The solution is to fix Gnome Keyring :). I've spoken with Stef, the
> > main developer of GKR, and he confirmed that the only reason GKR
> > MITMs GPG Agent is so that it can intercept prompts for the password
> > to supply any cach
Hi Simon,
We've documented the problem at http://wiki.gnupg.org/GnomeKeyring .
At Tue, 28 Apr 2015 14:45:22 +0200,
Simon Josefsson wrote:
> Werner Koch writes:
>
> > I appreciated the opportunity to meet the GPG Tools developers, who
> > are very dedicated to make GnuPG working well on OS X
At Tue, 21 Apr 2015 10:26:19 +0200,
Bernhard Reiter wrote:
> on the OpenPGP Summit last weekend, people suggested to me
> that we could make the wiki look better.
>
> Help with adding or creating a better theme is appreciated,
> this is something you can do for the GnuPG Community. ;)
>
> How do
At Mon, 2 Mar 2015 12:35:30 +0100,
Bernhard Reiter wrote:
> On Saturday 28 February 2015 at 12:27:05, Neal H. Walfield wrote:
> > http://wiki.gnupg.org/LDAPKeyserver
>
> and while you were at it, you have also went through a number of wiki pages
> correcting and improv
Hi,
Nearly a decade ago, Walter Haidinger posted a how to describing how
to setup an OpenLDAP PGP keyserver.
http://lists.gnupg.org/pipermail/gnupg-users/2006-February/028058.html
In that time, OpenLDAP configuration has gotten a lot more
complicated. I've modernized and significantly expande
At Sun, 15 Feb 2015 12:16:58 +0100,
Michael Felt wrote:
> My key question is about the difference between v1.X and v2.X - are there
> security elements in v2 that are missing/weaker in v1 - or are the
> differences mainly that v2 supports/is always GUI while v1 is always CLI.
gpg2 is a more extens
At Thu, 03 Jul 2014 12:50:50 +0200,
Daniel Krebs wrote:
> da ich das gerade mit Matthias von der FSFE im Rahmen von
> #EmailSelfDefense diskutiere, mal eine Frage: Welche Analogien benutzt
> ihr, wenn ihr Menschen das Prinzip von PGP/GPG erklärt?
> Ich verwende ich meistens folgende Version:
>
>
FWIW, I was thinking of a stylized version of something like this:
http://i76.photobucket.com/albums/j24/joebnfran/blog%20pics2/octopus.jpg
(Found here:
http://hideousseacreatures.tumblr.com/post/61030684038/octopi-will-keep-trying-to-kill-you-after-theyre-dead)
Neal
__
At Tue, 17 Jun 2014 09:00:52 -0400,
Mark H. Wood wrote:
>
> On Tue, Jun 17, 2014 at 12:04:20PM +0200, Neal H. Walfield wrote:
> > At Tue, 17 Jun 2014 11:36:11 +0200,
> > Werner Koch wrote:
> > > the guy I am working with on a new website, recently asked why we do not
&g
At Tue, 17 Jun 2014 11:36:11 +0200,
Werner Koch wrote:
> the guy I am working with on a new website, recently asked why we do not
> have a mascot like many other projects. What's your opinion on that?
How about an Octopus? As I understand it, they like to try and open
locks.
Neal
_
92 matches
Mail list logo
