> Am 31.05.2017 um 15:14 schrieb Daniel Pocock :
>
> Are the CMS, PDF or XML standards flexible enough that a PGP signature
> could be used within any of them and thereby satisfy the legislation?
> Or could any of those standards potentially be amended/extended to allow
> use of PGP signatures?
Hi Daniel,
The eIDAS regulation is replacing the national e-signature laws to make
signatures (besides other other things) interoperable across borders. While the
law is fairly technology-neutral, the implementation acts have to reference
specific technologies, which are CMS, PDF- and XML signa
I think that we could reach a better mutual understanding when we put the
arguments into context.
Context A: non-technical users, such as Jenny, who encrypt mail with sensitive
content, or sign a message.
Context B: IT-experts with typical use cases of SW-signature or SSH-login.
I think that ma
> Am 09.04.2017 um 20:30 schrieb Doug Barton :
>
> On 04/09/2017 11:01 AM, Mike Gerwitz wrote:
>> If I know a threat exists, I'm going to evaluate my threat model and
>> decide whether or not it is worth my time to mitigate it; whether I can
>> hope to mitigate it; and whether attempting to do so
> Am 09.04.2017 um 17:26 schrieb Robert J. Hansen :
>
>> Good point, and I agree to that for a very basic assessment. However,
>> the assumption that only politicians and government employees holding
>> a security clearance are targeted by Mossad & co is a thing of the
>> past.
>
> It never was
> Am 09.04.2017 um 13:51 schrieb Robert J. Hansen :
>
>> A long and random passphrase is a good measure against dictionary and
>> brute force attacks. It does not defend against malware sniffing the
>> keyboard or scraping memory pages.
>
> Jim Mickens' essay, "This World Of Ours", ought be requ
> Am 09.04.2017 um 04:20 schrieb Robert J. Hansen :
>
>> BUT, leaving your private key on your laptop, tablet, or phone is
>> about as secure as leaving a spare key to your house under the door
>> mat.
>
> This is not true, not for any sensible definition of 'secure‘.
„secure“ is not a one-dime
e to gpg that users are warned about the issue, as
gpg will not yield a meaningful error message, even with -vvv.
Thanks, Rainer
>
> Doug
>
>
> On 03/22/2017 11:33 PM, Rainer Hoerbe wrote:
>> Just for the record: Adding entropy using haveged does not work in my setup
Just for the record: Adding entropy using haveged does not work in my setup -
it will cause the signature to fail without useful error message.
My setup is:
Linux keymgmt 4.9.14-200.fc25.x86_64 #1 SMP Mon Mar 13 19:26:40 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
...: D27600012401020100054EBD
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 4EBD
Name of cardholder: Rainer Hoerbe
Language prefs ...: de
Sex ..: male
URL of public key : [not set]
Login data ...: [not set]
Signature PIN : forced
Key attributes ...: rsa2048 rsa2048
10 matches
Mail list logo
