On 08.05.2021 15:04, Stefan Vasilev via Gnupg-users wrote:
Hi,
thanks! I already found a solution by using an .onion based email
provider,
with clearnet usage support. Super simple registration, where the user
only
supplies a username and a password. Nothing more. :-)
Regards
Stefan
Th
On 2021-01-22 11:23, Werner Koch via Gnupg-users wrote:
> You are on the best way to be one on of those few for
> whom I had to flip the moderate flag.
God sees everything, so to speak, dear Werner!
Best regards
Stefan
#deplatforming does not work in a free world!
_
On Fri, Jan 22, 2021 at 3:20 AM Robert J. Hansen wrote:
>
> > *Appologies* Robert for highjacking your thread!!!
>
> I have never understood why people apologize for doing something they
> know is wrong, and then do it anyway. You could see that starting a new
> thread was appropriate; you know t
On Thu, Jan 21, 2021 at 11:00 PM Andrew Gallagher via Gnupg-users
wrote:
>
>
> > On 21 Jan 2021, at 20:27, Stefan Claas via Gnupg-users
> > wrote:
> >
> > *Appologies* Robert for highjacking your thread!!!
>
> Can we please try to k
On Sun, Jan 17, 2021 at 9:59 PM Robert J. Hansen via Gnupg-users
wrote:
>
> A little more than a month ago I said I'd match all donations made to
> GnuPG from December 10 to January 6. I'm happy to report y'all made me
> contribute 370 Euros, or about $450 USD. The money has been paid and
> is s
On Thu, Jan 21, 2021 at 12:25 PM Andrew Gallagher via Gnupg-users
wrote:
>
> On 21/01/2021 07:10, Stefan Claas via Gnupg-users wrote:
> > On Thu, Jan 21, 2021 at 8:02 AM Stefan Claas
> > wrote:
> >
> >> The nice things about OpenPGP amored messages is also that
On Thu, Jan 21, 2021 at 8:02 AM Stefan Claas
wrote:
> The nice things about OpenPGP amored messages is also that
> procmail and friends can be used at providers to filter -BEGIN blah
P.S. When Stale Schumacher ran the International PGP Homepage in the 90's
people could download PGP for Unix,
On Thu, Jan 21, 2021 at 12:25 AM Ángel wrote:
> Last night, I prepared the domain wkdtest.pgp.16bits.net It is a valid
> wkd server. I have just created and uploaded there a new pgp key, and
> you have to obtain it:
>
>
> «We have intercepted the following communication sent to an spy using
> an
On Wed, Jan 20, 2021 at 9:21 PM Stefan Claas
wrote:
>
> On Wed, Jan 20, 2021 at 4:15 PM Stefan Claas
> wrote:
> >
> > On Wed, Jan 20, 2021 at 1:55 PM Werner Koch wrote:
> >
> > > Broken implementations are not a reason to break correct
> > > implementations.
> >
> > Since 'broken' implementation
On Wed, Jan 20, 2021 at 4:15 PM Stefan Claas
wrote:
>
> On Wed, Jan 20, 2021 at 1:55 PM Werner Koch wrote:
>
> > Broken implementations are not a reason to break correct
> > implementations.
>
> Since 'broken' implementations are available and can handle both cases,
> and this is now generally kn
On Wed, Jan 20, 2021 at 6:11 PM wrote:
>
> On Wed, Jan 20, 2021, mettodo via Gnupg-users wrote:
>
> > 14 of 20 tests failed when doing "make check" for gnupg 2.2.27. What
> > should I do?
>
> Most certainly you should not tell anyone which OS or compiler
> or options you used.
> Neither should you
On Wed, Jan 20, 2021 at 1:55 PM Werner Koch wrote:
> Broken implementations are not a reason to break correct
> implementations.
Since 'broken' implementations are available and can handle both cases,
and this is now generally known, people do *not* need to follow a *draft*
and can *happily* wri
On Wed, Jan 20, 2021 at 12:41 AM Ángel wrote:
> A list of all (well, most) openpgpkey subdomains can be easily created.
Yes and I believe that what Neal and you (in your new posting) have explained
makes it only worthwhile for Mallory to start his work, because he has such an
openpgpkey list cr
On Tue, Jan 19, 2021 at 11:01 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> I checked the manual, and there is even a non-permanent solution:
>
> - --export-filter keep-uid="mbox = ..."
>
> lets you filter the exported uids :-)
Cool :-) , I did no
On Tue, Jan 19, 2021 at 7:06 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 1:14 PM Werner Koch via Gnupg-users
> wrote:
> >
> > On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
> >
> > > When you look up the openpgpkey.example.org domain, you are revealing
> > > to anyone snooping DNS traff
On Tue, Jan 19, 2021 at 1:14 PM Werner Koch via Gnupg-users
wrote:
>
> On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
>
> > When you look up the openpgpkey.example.org domain, you are revealing
> > to anyone snooping DNS traffic that you are using OpenPGP and are
> > looking for a key related t
On Tue, Jan 19, 2021 at 5:16 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 5:05 PM Stefan Claas
> wrote:
>
> > A policy file could look like this, with remark lines at the
> > beginning:
> >
> > # WKD policy for sac001.github.io (WRONG)
> # WKD policy file for https://sac001.github.io
> > #
On Tue, Jan 19, 2021 at 6:28 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 6:26 PM Erich Eckner via Gnupg-users
> wrote:
>
> > Advanced method is set up, direct method is not. The key has multiple UIDs
> > (one for each of my email addresses). Or did I do something wrong when
> > exporting t
On Tue, Jan 19, 2021 at 6:26 PM Erich Eckner via Gnupg-users
wrote:
> Advanced method is set up, direct method is not. The key has multiple UIDs
> (one for each of my email addresses). Or did I do something wrong when
> exporting the key to the WKD? Should I have removed the other UIDs there?
> (
On Tue, Jan 19, 2021 at 5:24 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> I'm playing around with my WKD setup (guess, why) and encountered the
> error in the subject when doing `gpg - --locate-external-keys
> er...@eckner.net`. Retri
On Tue, Jan 19, 2021 at 9:51 AM Neal H. Walfield wrote:
>
> On Mon, 18 Jan 2021 17:12:56 +0100,
> Stefan Claas wrote:
> > I repeat here once again GitHub has a *valid* SSL cert.
>
> You're right. github has a valid TLS certificate. But that valid TLS
> certificate is not valid for openpgpkey.sac
On Tue, Jan 19, 2021 at 5:05 PM Stefan Claas
wrote:
> A policy file could look like this, with remark lines at the
> beginning:
>
> # WKD policy for sac001.github.io (WRONG)
# WKD policy file for https://sac001.github.io
> # Maintainer: Stefan Claas, ste...@sac001.github.io
> # Updated: current d
On Tue, Jan 19, 2021 at 2:36 AM Ángel wrote:
>
> On 2021-01-17 at 23:43 +, Stefan Claas via Gnupg-users wrote:
> > I encountered only one MITM attack a couple of years ago so far, from an
> > SKS user. He was a retired police officer from Austria, who contacted me.
> >
On Tue, Jan 19, 2021 at 11:15 AM Werner Koch wrote:
>
> Stefan,
>
> It has been mentioned several time here that the use of the openpgpkey
> sub-domain is required to allow implementation of the Web Key Directory
> in browsers. This is a real world use case and pretty important for web
> mailers
@Stefan, are you aware that in your scheme involving sac001.github.io,whoever
convinces GitHub to give them control over that subdomain, cansilently replace
those public keys and start a man-in-the-middle attack?You could not even rely
on the TLS layer, because GitHub probably willnot revoke the
On Mon, Jan 18, 2021 at 8:43 AM Neal H. Walfield wrote:
>
> On Sun, 17 Jan 2021 19:27:05 +0100,
> Ángel wrote:
> > I feel there is a need for a proper wkd test suite (as well as a
> > clarifying on the draft itself the things that are coming up).
>
> FWIW, there is Wiktor Kwapisiewicz's wkd checke
On Sun, Jan 17, 2021 at 11:02 PM Remco Rijnders wrote:
>
> On Sun, Jan 17, 2021 at 10:27:24PM +0100, Stefan wrote in
> :
> >On Sun, Jan 17, 2021 at 10:16 PM Juergen Bruckner via Gnupg-users
> > wrote:
> >
> >Hi Juergen.
> >
> >> Your showcase with github.io also says nothing else than that Sequoia
On Sun, Jan 17, 2021 at 10:16 PM Juergen Bruckner via Gnupg-users
wrote:
Hi Juergen.
> Your showcase with github.io also says nothing else than that Sequoia
> considers an invalid certificate to be correct. That this happens in
> audited software says just as much about the value of the audit.
On Sun, Jan 17, 2021 at 9:40 PM Juergen Bruckner via Gnupg-users
wrote:
>
> I can only agree with Andre's words.
Perfectly fine for me if you take this route.
> And as far as Sequoia is concerned, Stefen's explanations only confirmed
> that this is software that I definitely don't want to use.
On Sun, Jan 17, 2021 at 9:21 PM André Colomb wrote:
>
> Hi Stefan,
Hi Andre,
> Don't you find it strange that you are the only one still insisting that
> it's valid when several very knowledgeable people have explained to you
> in many different ways why it's simply not true?
Yes, very strange
On Sun, Jan 17, 2021 at 7:30 PM Ángel wrote:
>
> On 2021-01-17 at 16:28 +0100, Stefan Claas wrote:
> > sorry, but simply said I discovered now that a second major and
> > trusted
> > contender, Mailvelope supported by BSI and audited, works also as
> > sequoia-pgp does. Werner and his (shrinking i
On Sun, Jan 17, 2021 at 9:14 AM Stefan Claas
wrote:
> Regarding a multi-purpose key and WKD. I mentioned here already
> that a multi-purpose usage key can be used for other tasks as well,
> besides popular email. Remember only my old thread where I asked
> for some volunteers in the EU, which all
On Sun, Jan 17, 2021 at 4:28 PM Stefan Claas
wrote:
>
> On Sun, Jan 17, 2021 at 3:49 PM Ángel wrote:
>
> [...]
>
> sorry, but simply said I discovered now that a second major and trusted
> contender, Mailvelope supported by BSI and audited, works also as
> sequoia-pgp does. Werner and his (shrink
On Sun, Jan 17, 2021 at 3:49 PM Ángel wrote:
[...]
sorry, but simply said I discovered now that a second major and trusted
contender, Mailvelope supported by BSI and audited, works also as
sequoia-pgp does. Werner and his (shrinking in numbers) supporters
should think now what do to, instead of
On Sun, Jan 17, 2021 at 12:33 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Sun, 17 Jan 2021, Stefan Claas wrote:
>
> > On Sun, Jan 17, 2021 at 10:51 AM Erich Eckner via Gnupg-users
> > wrote:
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >>
On Sun, Jan 17, 2021 at 11:18 AM Stefan Claas
wrote:
> Well, Mailvelope, for example is a Browser based add-on with WKD support.
> Mailvelope can be used with services like Gmail, so that you don't need a MUA.
>
> There is also now a competing product for Mailvelope, from IIRC, the
> United State
On Sun, Jan 17, 2021 at 10:51 AM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi all,
>
> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>
> > On Thu, 14 Jan 2021 01:47, Ángel said:
> >
> >> I understand this to mean it as "only use the dir
On Sun, Jan 17, 2021 at 4:52 AM raf via Gnupg-users
wrote:
>
> On Sat, Jan 16, 2021 at 02:25:14AM +0100, Ángel wrote:
>
> > On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > > My intention was only to promote WKD OpenPGP usage for github.io
> > &
On Sun, Jan 17, 2021 at 12:10 AM Ayoub Misherghi wrote:
>
>
> On 1/16/2021 3:18 AM, Stefan Claas wrote:
>
> On Sat, Jan 16, 2021 at 11:57 AM Stefan Claas
> wrote:
>
> On Sat, Jan 16, 2021 at 11:34 AM Ayoub Misherghi via Gnupg-users
> wrote:
>
> The intention is to sign and encrypt "data.file" pr
On Sun, Jan 17, 2021 at 12:09 AM raf via Gnupg-users
wrote:
>
> On Sat, Jan 16, 2021 at 02:20:17AM +0100, Stefan Claas
> wrote:
>
> > On Sat, Jan 16, 2021 at 1:45 AM raf via Gnupg-users
> > wrote:
> >
> > > But there is no certificate that covers that sub-sub-domain.
> > > That's why browsers c
On Sat, Jan 16, 2021 at 11:07 PM Ángel wrote:
> You don't need a wildcard entry. You could simply request a certificate
> with the right name that will be needed.
Yes, for me as little nobody that is correct. But I guess we should not
forget the real host masters dealing with a couple (of growin
On Sat, Jan 16, 2021 at 12:55 PM Stefan Claas
wrote:
>
> On Sat, Jan 16, 2021 at 12:52 PM Stefan Claas
> wrote:
> >
> > On Sat, Jan 16, 2021 at 10:32 AM Juergen Bruckner via Gnupg-users
> > wrote:
> > >
> > > Hello Group!
> >
> > > BTW ... do any of you know a tutorial to set up WKD for 'Dummies
On Sat, Jan 16, 2021 at 12:52 PM Stefan Claas
wrote:
>
> On Sat, Jan 16, 2021 at 10:32 AM Juergen Bruckner via Gnupg-users
> wrote:
> >
> > Hello Group!
>
> > BTW ... do any of you know a tutorial to set up WKD for 'Dummies'?
>
> Hi Juergen,
>
> me as a Windows DAU (Dümmster Anzunehmnder User) us
On Sat, Jan 16, 2021 at 10:32 AM Juergen Bruckner via Gnupg-users
wrote:
>
> Hello Group!
> BTW ... do any of you know a tutorial to set up WKD for 'Dummies'?
Hi Juergen,
me as a Windows DAU (Dümmster Anzunehmnder User) used the direct-method:
Create in your web server's root directory the fol
On Sat, Jan 16, 2021 at 11:57 AM Stefan Claas
wrote:
>
> On Sat, Jan 16, 2021 at 11:34 AM Ayoub Misherghi via Gnupg-users
> wrote:
> >
> >
> > The intention is to sign and encrypt "data.file" producing a detached
> > signature file.
> >
> >
> > a@b:c$ gpg -s -e -b -r Mike data.file
> >
> > gpg:
On Sat, Jan 16, 2021 at 11:34 AM Ayoub Misherghi via Gnupg-users
wrote:
>
>
> The intention is to sign and encrypt "data.file" producing a detached
> signature file.
>
>
> a@b:c$ gpg -s -e -b -r Mike data.file
>
> gpg: conflicting commands
>
>
> Why is there a conflict? I do not want to produce a
On Sat, Jan 16, 2021 at 2:25 AM Ángel wrote:
>
> On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > If you or someone else set's up a web server, for a big organisation
> > or for yourself, you simple put in the .well-known folder some
> > content
On Sat, Jan 16, 2021 at 1:45 AM raf via Gnupg-users
wrote:
> But there is no certificate that covers that sub-sub-domain.
> That's why browsers complain if you go to
> https://openpgpkey.sac001.github.io/.
A quick question, if you don't mind. Why do people here on this ML
insist on a sub-sub dom
On Fri, Jan 15, 2021 at 7:39 PM Ángel wrote:
>
> On 2021-01-15 at 07:56 +0100, Stefan Claas via Gnupg-users wrote:
> > Don't you think when GitHub, a major player, would have an invalid
> > SSL cert, that maybe one of the millions programmers there would not
> > have
On Fri, Jan 15, 2021 at 2:04 AM raf via Gnupg-users
wrote:
[...]
> I'm really not an expert, and the above might not make
> any sense. I'm just thinking aloud.
Me neither ... :-) For me, the questions I had is still unresolved
when it comes to properly explaing what security implication
it give
On Thu, Jan 14, 2021 at 11:15 PM Ayoub Misherghi via Gnupg-users
wrote:
>
>
> On 1/14/2021 10:37 AM, ved...@nym.hush.com wrote:
>
> On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users"
> wrote:
>
>
> I am encrypting and signing documents with myself as the receiver. Nobody
> else will wan
On Thu, Jan 14, 2021 at 9:30 PM Ayoub Misherghi wrote:
> Yes I see, thanks. You went at length to help me. Can you please point me to
> a reference that
>
> discusses the standard format of the signature file? I might do something
> silly.
Here is the offical OpenPGP RFC:
https://tools.ietf.o
On Thu, Jan 14, 2021 at 8:16 PM Stefan Claas
wrote:
>
> On Thu, Jan 14, 2021 at 10:46 AM Ayoub Misherghi via Gnupg-users
> wrote:
> >
> >
> > I am encrypting and signing documents with myself as the receiver. Nobody
> > else will want to look inside them. Is it possible to add encrypted
> > com
On Thu, Jan 14, 2021 at 10:46 AM Ayoub Misherghi via Gnupg-users
wrote:
>
>
> I am encrypting and signing documents with myself as the receiver. Nobody
> else will want to look inside them. Is it possible to add encrypted comments
> or other information to a separated signature file; and later r
On Thu, Jan 14, 2021 at 9:42 AM André Colomb wrote:
>
> Hi Stefan,
>
> On 14/01/2021 08.01, Stefan Claas via Gnupg-users wrote:
> > The greatest benefit would have been if the author of WKD, namly Werner
> > Koch,
> > had been so kind to explain to us why
On Thu, Jan 14, 2021 at 9:35 AM André Colomb wrote:
>
> On 14/01/2021 00.06, Stefan Claas wrote:
> > Maybe, I don't know, readers here on the ML are asking themselves now why
> > do we
> > have two methods, e.g. what is their purpose and what informations can
> > one gain from
> > an IMHO very ni
On Thu, Jan 14, 2021 at 1:50 AM Ángel wrote:
> PPS: Another benefit would be that we could have avoided this long
> thread. :-)
The greatest benefit would have been if the author of WKD, namly Werner Koch,
had been so kind to explain to us why WKD needs two methods and what
security implications
On Wed, Jan 13, 2021 at 11:45 PM André Colomb wrote:
>
> Am 13. Januar 2021 21:44:07 MEZ schrieb Stefan Claas via Gnupg-users
> :
> >Hi Juergen,
> >
> >looks like you are a bit upset, like probably others as well.
>
> I hope others don't mind me speaking i
On Wed, Jan 13, 2021 at 10:00 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, 13 Jan 2021, Juergen Bruckner via Gnupg-users wrote:
>
> > Hello Stefan!
>
> Hi all,
>
> >
> >
> > [...]
> >> sequoia did the right step and I hope for people rely
On Wed, Jan 13, 2021 at 9:24 PM Juergen Bruckner via Gnupg-users
wrote:
>
> Hello Stefan!
>
>
> [...]
> > sequoia did the right step and I hope for people relying on GnuPG that
> > it is possible for them in the future too.
>
> So did Sequoia do that?
> You consider not to follow policies "the rig
On Wed, Jan 13, 2021 at 7:26 PM André Colomb wrote:
>
> On 13/01/2021 17.56, Stefan Claas wrote:
> >> What are droplets? For which domain did you generate a wildcard
> >> certificate? What are the DNS settings on that domain? I could take a
> >> look at what responses are returned from the real
On Wed, Jan 13, 2021 at 8:42 AM Daniele Nicolodi wrote:
>
> On 12/01/2021 23:30, Stefan Claas wrote:
> > The reason why I like also the option for, let's say github.io pages
> > is that, like I have shown in the whole thread that a very well known
> > site like GitHub, with it's millions of softwa
On Wed, Jan 13, 2021 at 4:36 PM André Colomb wrote:
>
> Hi Stefan,
>
> On 13/01/2021 17.07, Stefan Claas wrote:
> > On Wed, Jan 13, 2021 at 10:22 AM André Colomb wrote:
> >
> >> So the core problem, as with Stefan's case, is the lack of control over
> >> the domain's DNS settings. Which the WKD
On Wed, Jan 13, 2021 at 10:22 AM André Colomb wrote:
> So the core problem, as with Stefan's case, is the lack of control over
> the domain's DNS settings. Which the WKD mechanism relies upon to
> delegate trust to the domain operators.
Hi Andre, I wouldn't formulate it this way. I already ment
On Wed, Jan 13, 2021 at 12:00 AM André Colomb wrote:
>
> On 12/01/2021 23.47, Stefan Claas wrote:
> > Mmmh ... github.io or GitHub does *not* have issues with wildcard
> > domains ...
>
> Here we are back at you denying facts, or maybe just generalizing too
> much. As several others have put it a
On Tue, Jan 12, 2021 at 11:46 PM André Colomb wrote:
>
> Hi Stefan,
>
> On 12/01/2021 23.16, Stefan Claas wrote:
> > Andre, please appoligze that I snipped your reply and that I only
> > give a short reply, your explanations of server/client IO was
> > welcome.
>
> I'm happy if it helps keeping th
On Tue, Jan 12, 2021 at 11:32 PM Remco Rijnders wrote:
>
> On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in
> :
> >> How can GPG solve bugs that are not in the GPG code or infrastructure? I
> >> think André did a great job explaining what the issues are. How do you
> >> think they can be a
On Tue, Jan 12, 2021 at 11:02 PM Daniele Nicolodi wrote:
> The point of WKD is using the trust of the CA machinery (and the
> assumption that the email infrastructure and web servers serving a
> specific domain are run by the same organization) to securely retrieve
> OpenPGP keys associated to an
On Tue, Jan 12, 2021 at 10:58 PM André Colomb wrote:
[...]
Andre, please appoligze that I snipped your reply and that I only
give a short reply, your explanations of server/client IO was
welcome.
In my OP I only asked for help from the community to set-up
WKD for GnuPG or gpg4win usage and I ga
On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi wrote:
>
> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 8:17 PM André Colomb wrote:
> >>
> >> Hi Stefan,
> >
> >> So there are two "bugs" involved here
On Tue, Jan 12, 2021 at 9:43 PM Andrew Gallagher wrote:
>
>
> > On 12 Jan 2021, at 19:44, Stefan Claas via Gnupg-users
> > wrote:
> >
> > Hi Andre, currently I can only accept the fact that these two "bugs" are
> > currently not resolved in GnuPG an
On Tue, Jan 12, 2021 at 8:17 PM André Colomb wrote:
>
> Hi Stefan,
> So there are two "bugs" involved here. 1. GitHub presenting an invalid
> certificate for the sub-subdomain and 2. Sequoia not noticing that.
> Neither of these are bugs in GnuPG. If you can accept these facts, then
> it makes
On Tue, Jan 12, 2021 at 5:36 PM Ingo Klöcker wrote:
>
> On Dienstag, 12. Januar 2021 12:47:59 CET Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher
> wrote:
> > > Yes, WKD is great. But as André has explained, there is an overhead
On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
wrote:
>
> On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> wrote:
> And for the fun factor I could put also an .ots file from my pub key into
> the hu directory,thus making Mallory a bit angry ... :-D
Unfortunaly I am no skilled Golang programmer, ot
On Tue, Jan 12, 2021 at 2:22 PM Stefan Claas
wrote:
>
> On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
> wrote:
> >
> > On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> > wrote:
>
> > And for the fun factor I could put also an .ots file from my pub key into
> > the hu directory,thus making Mallory
On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
wrote:
> Well, I am not sure about the details for a server or a user when it comes
> to overhead and if you mean with one particular vendow GitHub, well
> that may be the beginning, for such request. But like I mentioned if people
> would wish to man
On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher wrote:
>
> On 12/01/2021 11:27, Stefan Claas wrote:
> > The point for me is WKD exists and can be used as an cheap inhouse
> > solution, for families or organizations, if it would allow cost effective
> > wildcard subdomain support for SSL certs, w
On Tue, Jan 12, 2021 at 11:49 AM Andrew Gallagher wrote:
>
> On 12/01/2021 08:25, Stefan Claas via Gnupg-users wrote:
>
> > if this would work, like I mentioned in my bund.de example, organizations
> > would have the freedom to choose WKD instead of hockeypuck or Hagrid,
>
On Mon, Jan 11, 2021 at 11:03 PM Ángel wrote:
>
> On 2021-01-11 at 16:36 +0100, Stefan Claas wrote:
> > On Sun, Jan 10, 2021 at 11:22 PM Ángel wrote:
> > > On 2021-01-10 at 18:47 +0100, Stefan Claas wrote:
> > > > Can you tell me/us in laymen terms how this works with gnupg.org?
> > >
> > > Sure.
On Mon, Jan 11, 2021 at 6:16 PM Andrew Gallagher wrote:
>
> On 11/01/2021 16:32, Stefan Claas via Gnupg-users wrote:
> > I will do this in the next couple of days, in case Werner does not
> > chime in (assuming
> > he is not 'AWOL').
>
> Stefan, please dial
On Mon, Jan 11, 2021 at 4:55 PM ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users
wrote:
>
> 12021/00/10 04:42.21 ನಲ್ಲಿ, Stefan Claas via Gnupg-users
> ಬರೆದರು:
> > Not sure if Let's Encrypt issues such certs. If, I could set-up two
> > droplets at
> > Digital Ocean, a bob.300bau
On Mon, Jan 11, 2021 at 10:55 AM Daniel Pocock wrote:
>
>
> I was going through some old hardware and came across this device
>
> Is it useful with gnupg or any other free software?
>
> Can anybody provide any links about how to use it with free software?
> Or is it better to just throw it away/re
On Sun, Jan 10, 2021 at 11:22 PM Ángel wrote:
>
> On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote:
> > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > openpgpkey.gnupg.org has address 217.69.77.222
> > openpgpkey.gnupg.org
On Sun, Jan 10, 2021 at 6:01 PM Ángel wrote:
> sequoia is in the wrong here. You don't have a valid SSL cert for
> openpgpkey.sac001.github.io Either they are not supporting the advanced
> method (maybe they follow an older draft?) or they ignore the
> certificate failure (which would be quite ba
On Sat, Jan 9, 2021 at 11:49 PM Stefan Claas
wrote:
> Like I said in my previous reply to Ingo, It would be nice if GitHub staff
> would
> see this thread and talk with Werner.
Well, I just wrote GitHub support and asked if their staff can check
this thread,
which I linked to in my message.
Le
On Sat, Jan 9, 2021 at 11:42 PM Ángel wrote:
>
> On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> > I believe GitHub is doing it right, because it is a
> > valid option according to their SSL cert data, and Werner simply
> > overlooked this option.
>
On Sat, Jan 9, 2021 at 11:09 PM Ingo Klöcker wrote:
>
> On Samstag, 9. Januar 2021 20:50:54 CET Stefan Claas via Gnupg-users wrote:
> > On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas
> > wrote:
> > > host sac001.github.io
> > > sac001.github.io has address 185.19
On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas
wrote:
> host sac001.github.io
> sac001.github.io has address 185.199.111.153
> sac001.github.io has address 185.199.109.153
> sac001.github.io has address 185.199.110.153
> sac001.github.io has address 185.199.108.153
>
> works as well and why can sequ
On Sat, Jan 9, 2021 at 7:27 PM Ingo Klöcker wrote:
>
> On Samstag, 9. Januar 2021 15:43:14 CET Stefan Claas via Gnupg-users wrote:
> > Example: If I would be the host master of the domain bund.de with it's
> > many subdomains and authorities would request that WKD, as an
On Fri, Jan 8, 2021 at 11:34 PM Stefan Claas
wrote:
> But (sorry to say this here on the GnuPG ML) good news is
> I just tested it with an older version of sequoia-pgp and guess
> what it works for me. :-)
>
> sq wkd get ste...@sac001.github.io
> -BEGIN PGP PUBLIC KEY BLOCK-
> Comment: 37
On Sat, Jan 9, 2021 at 2:37 PM Stefan Claas
wrote:
> Hi Neal,
>
> thanks for the reply, much appreciated! Simply said, for the average
> user like me, I believe GitHub is doing it right, because it is a
> valid option according to their SSL cert data, and Werner simply
> overlooked this option. I
On Sat, Jan 9, 2021 at 11:37 AM Neal H. Walfield wrote:
> It appears that gpg is trying the advanced lookup method, gets an
> error, and then doesn't fallback to the direct lookup method. This is
> consistent with the I-D:
>
>3.1. Key Discovery
>
>...
>
>There are two variants on ho
On Fri, Jan 8, 2021 at 11:27 PM André Colomb wrote:
>
> Hi Stefan,
>
> your key seems to work fine over that WKD setup.
>
> > Now Wiktor's WKD checker gives the proper
> > results in the first part, not sure why not in the
> > second part.
>
> You don't need the "Advanced" method if the direct one
On Fri, Jan 8, 2021 at 10:21 PM Stefan Claas
wrote:
> I guess the only way to fix it (for many people) would be
> that, as of my understanding (now) the WKD check
> and SSL cert check would be a bit more flexible, either
> in allowing subdomains, like the github.io ones in form
> of a fix in the
On Fri, Jan 8, 2021 at 10:07 PM André Colomb wrote:
>
> Hi Stefan,
>
> > I just started to set-up a github-page and have also verified
> > the page via Brave. I tried to set-up WKD for the page, like
> > I did in the past for my 300baud.de Domain, but fetching
> > the key with GnuPG does not work
On Fri, Jan 8, 2021 at 7:36 PM Stefan Claas
wrote:
>
> Ok, had a typo in the openpgpkey folder, ouch.
>
> Now Wiktor's WKD checker gives the proper
> results in the first part, not sure why not in the
> second part.
>
> Need to try to fetch my pub key.
Does not work, 'wrong name'
I guess I could
Ok, had a typo in the openpgpkey folder, ouch.
Now Wiktor's WKD checker gives the proper
results in the first part, not sure why not in the
second part.
Need to try to fetch my pub key.
Regards
Stefan
On Fri, Jan 8, 2021 at 6:42 PM Stefan Claas
wrote:
>
> Hi all,
>
> I just started to set-up a
Hi all,
I just started to set-up a github-page and have also verified
the page via Brave. I tried to set-up WKD for the page, like
I did in the past for my 300baud.de Domain, but fetching
the key with GnuPG does not work for me. :-(
My key UID there is 'ste...@sac001.github.io'
It would be reall
On Wed, Jan 6, 2021 at 3:00 PM Werner Koch wrote:
>
> On Tue, 5 Jan 2021 16:46, Stefan Claas said:
>
> > Not sure I understand you correctly, but why are then SKS key servers
> > still in operation, which allows third parties to look up who signed
> > who's key and with what trust level and GnuPG
On Wed, Jan 6, 2021 at 12:09 AM Stefan Claas
wrote:
> What you say would fit more for a cross-platform OpenSource app
> like Bitmessage, compared to PGP's or GnuPG's privacy philosophy.
Regarding Bitmessage and OpenPGP. There was an announcement
made last year about an Bitmessage OpenPGP chan, w
1 - 100 of 294 matches
Mail list logo
