On Thu, 30 Jun 2005 13:34:21 +0200, Janusz A Urbanowicz said:
> Yes, but if the threat model involves TEMPEST, should it also involve
> TEMPEST from optical wavelenghts (reflected light)?
I depends on your needs; closing the shutters is one solution against
it.
Shalom-Salam,
Werner
__
On Wed, Jun 29, 2005 at 07:16:59PM +0200, Werner Koch wrote:
> On Wed, 29 Jun 2005 16:54:39 +0200, Janusz A Urbanowicz said:
>
> > The aim of the secure viewer then was to make difficult to obtain eyes-only
> > message text as a file or a pipe. It checked if output is a live tty,
>
> Okay, that
the
> protocol RFC.
In fact there used to be a long discussion whether to keep the
for-your-eyes-only feature in OpenPGP or to drop it. It does not
belong into the standard as OpenPGP defines a message format and not
an application.
Shalom-Salam,
Werner
__
Werner Koch wrote the following on 6/29/05 10:36 AM:
> On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said:
>
>
>>Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS.
>
>
> Huh, that's new to me. Both versions are pure command line tools
> without a graphical pa
On Wed, Jun 29, 2005 at 04:36:53PM +0200, Werner Koch wrote:
> On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said:
>
> > Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS.
>
> Huh, that's new to me. Both versions are pure command line tools
> without a graphica
On Wed, 29 Jun 2005 10:55:02 +0200, Janusz A Urbanowicz said:
> Some form of secure viewer was present in PGP 2.3 and 2.6 which were FLOSS.
Huh, that's new to me. Both versions are pure command line tools
without a graphical part. No way to make use fo filtered fonts.
I am not sure what kind o
On Tue, Jun 28, 2005 at 04:58:52AM -0400, Charly Avital wrote:
> > However, GnuPG can call other programs to do other tasks (keyserver
> > access programs, JPEG viewers for photo IDs), so it's not impossible
> > that GnuPG could call an external secure viewer program. I don't know
> > of one offh
On Tue, 28 Jun 2005 23:49:54 +0200 (MET DST), Johan Wevers said:
> Are you saying that my idea to output a picture with tempest-resistant
> fonts won't couse a problem, or that even if tempest-resistant fonts are
> patented only the fonts from the above URL can be used for this purpose?
In case s
Johan Wevers wrote:
> Jean-David Beyer wrote:
>
>
>>I do not see how it would be possible to stop the reader (i.e., the person,
>>not the program) from copying and pasting that decrypted email;
>
>
> It isn't. And if all else fails he can still write it down by hand. It's
> considerd more like
Werner Koch wrote:
>There is just one caveat:
[...]
>| http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip
>Where this - but only this - shouldn't be a problem even if the EU
>continues to ignore the will of its citizens and national parliaments
>in next week's parliament reading on software patent.
On 2005-06-28 13:44:19 +0200, Johan Wevers wrote:
> Jean-David Beyer wrote:
>
> > I do not see how it would be possible to stop the reader (i.e.,
> > the person, not the program) from copying and pasting that
> > decrypted email;
>
> It isn't. And if all else fails he can still write it down by ha
On Tue, 28 Jun 2005 11:16:00 +0200 (MET DST), Johan Wevers said:
> Which makes me think... outputting the text to a .jpg (or .gif or .png)
> with secure fonts shown in the picture. The picture could then be looked
> at in an external vieuwer. That would be completely portable.
Actually a neat ide
On Tue, 28 Jun 2005 04:58:52 -0400, Charly Avital said:
> I may not understand what you mean by "portable".
> I suppose that a secure viewer (software program) could not be nearly
> ported to GnuPG?
GnuPG is a command line tyool which only manges text input and output
and as such it is pretty por
Jean-David Beyer wrote:
>I do not see how it would be possible to stop the reader (i.e., the person,
>not the program) from copying and pasting that decrypted email;
It isn't. And if all else fails he can still write it down by hand. It's
considerd more like a hint, not as a 100% secure thing. An
David Shaw wrote:
>is a command line application, and you can't really make a secure
>viewer on the command line, and by its nature a secure viewer would
>not be nearly portable enough.
[...]
>However, GnuPG can call other programs to do other tasks (keyserver
>access programs, JPEG viewers for
: sender
>> requested "for-your-eyes-only"
>>
>> Is this line intended for the recipient's information only, or is there
>> a way the recipient can actually view the decrypted/verified text in a
>> secure viewer mode? I apologize if this a repetition o
David Shaw wrote the following on 6/27/05 11:18 PM:
[...]
> If I understand your question,
> no, there is no secure viewer built
> into GnuPG. There are many reasons, but two good ones are that GnuPG
> is a command line application, and you can't really make a secure
> viewer on the command line
On Mon, 27 Jun 2005 23:18:26 -0400, David Shaw said:
> However, GnuPG can call other programs to do other tasks (keyserver
> access programs, JPEG viewers for photo IDs), so it's not impossible
> that GnuPG could call an external secure viewer program. I don't know
> of one offhand though.
Nor d
On Mon, Jun 27, 2005 at 11:16:47AM +, Charly Avital wrote:
> when a message processed in MacGPG (GnuPG for the Mac), with those two
> options, is decrypted using GnuPG (e.g. by command line) the verbose gpg
> output contains a line reading:
> gpg: NOTE: sender requested "f
If there is no text to be decrypted or verified, how does the receiving
GnuPG + MUA "knows" that this was an encrypted and signed message?
>
>>At the receiving end, how does GnuPG processes a message that has
>>been encrypted using
>>"--for-your-eyes-only",
On Sun, Jun 26, 2005 at 11:55:52PM -0400, Charly Avital wrote:
> According to man gpg:
> ---
> Set the `for your eyes only' flag in the message. This
> causes GnuPG to refuse to save the file unless the --output
> option is given, and PGP to use the &q
According to man gpg:
---
Set the `for your eyes only' flag in the message. This
causes GnuPG to refuse to save the file unless the --output
option is given, and PGP to use the "secure viewer" with a
Tempest-resistant font to display the messag
es not display
any mention of for-your-eyes-only.
All this requires some more testing (and some attention from PGP);
it's interesting to note that, as I reported previously, a message
composed with GnuPG, with the for-your-eyes-only and output options
enabled, is correctly decrypt
23 matches
Mail list logo
