Am 12.06.2017 um 23:50 schrieb Duane Whitty:
Thanks for your input much appreciated!
I would also add one word about USB sticks: It is very difficult to
know if they've been compromised and there are no tell-tale signs when
an attack is taking place. I never put a USB in my computer that has
On 17-06-12 05:45 PM, Stefan Claas wrote:
> On 12.06.17 22:35, Robert J. Hansen wrote:
>>> Is there something like a Standard Operating Procedure for GnuPG
>>> available, which fulfills security experts demands, and which can
>>> easily be adapted by an average GnuPG user, regardless of platform
On 12.06.17 22:35, Robert J. Hansen wrote:
>> Is there something like a Standard Operating Procedure for GnuPG
>> available, which fulfills security experts demands, and which can
>> easily be adapted by an average GnuPG user, regardless of platform
>> and client he/she uses?
> No. More to the po
> Is there something like a Standard Operating Procedure for GnuPG
> available, which fulfills security experts demands, and which can
> easily be adapted by an average GnuPG user, regardless of platform
> and client he/she uses?
No. More to the point, there can't be. Each user faces threats
sp
On 12.06.17 22:10, Robert J. Hansen wrote:
>> and transfer signed/encrypted messages from my online usage
>> computer with a USB stick to my offline computer and verify
>> decrypt the messages there. :-)
> If you think your online computer may be compromised, then you have no
> business sharing USB
> and transfer signed/encrypted messages from my online usage
> computer with a USB stick to my offline computer and verify
> decrypt the messages there. :-)
If you think your online computer may be compromised, then you have no
business sharing USB devices between it and your believed-safe comput
On 12.06.17 21:15, Peter Lebbing wrote:
>> (Remember there are two types of companies. Those who know they got
>> hacked and those who don't know yet that they got hacked.)
>>
>>
I should put that as a signature in my email and Usenet client! :-)
Regards
Stefan
On 12.06.17 21:21, Ludwig Hügelschäfer wrote:
> What you can do: Learn, learn by playing, learn by trying to
> understand what others write and by asking questions and become a
> reasonable critical user. That's the hard way, but you learn best.
> Second possibility would be to have a good experien
On 12.06.17 21:15, Peter Lebbing wrote:
> On 12/06/17 20:51, Stefan Claas wrote:
>> Maybe as an additional security feature Enigmail should give
>> a key with a set trust level of "Ultimate" a different color than
>> green.
> No, that's beside the point. Once somebody gets your user privileges,
> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12.06.17 20:51, Stefan Claas wrote:
> On 12.06.17 20:18, Ludwig Hügelschäfer wrote:
>> Hi,
>>
>> On 12.06.17 14:52, Stefan Claas wrote:
>>
>>> Hi Ludwig,
>>>
>>> I just checked again. On my Mac and on my Windows Notebook i
>>> get a green bar ,
On 12/06/17 20:51, Stefan Claas wrote:
> Maybe as an additional security feature Enigmail should give
> a key with a set trust level of "Ultimate" a different color than
> green.
No, that's beside the point. Once somebody gets your user privileges,
there is no "additional security". It's game over
On 12.06.17 20:18, Ludwig Hügelschäfer wrote:
> Hi,
>
> On 12.06.17 14:52, Stefan Claas wrote:
>
>> Hi Ludwig,
>>
>> I just checked again. On my Mac and on my Windows Notebook i get a
>> green bar , from a blue "Untrusted" key when i go into Enigmails
>> Key Management and set the trust of that key
Hi,
On 12.06.17 14:52, Stefan Claas wrote:
> Hi Ludwig,
>
> I just checked again. On my Mac and on my Windows Notebook i get a
> green bar , from a blue "Untrusted" key when i go into Enigmails
> Key Management and set the trust of that key to Ultimate...
Well, ultimate ownertrust is the wrong
> If Mallory would get somehow access to my Computer and replace one
> pub key from my communication partners with a fake one and sets the
> trust level to Ultimate. How can i detect this, if i'm not always
> looking at the complete Fingerprint and compare it with a separate
> list?
If Mallory can
I hadn't gotten round to answer your earlier questions yet, since I
noticed a point I should first spend some effort and thinking on.
On 12/06/17 16:14, Stefan Claas wrote:
> And a question for this... If Mallory would get
> somehow access to my Computer and replace one pub key from my
> communica
On 12.06.17 16:06, Peter Lebbing wrote:
> On 12/06/17 14:52, Stefan Claas wrote:
>> I just checked again. On my Mac and on my Windows Notebook
>> i get a green bar , from a blue "Untrusted" key when i go into
>> Enigmails Key Management and set the trust of that key to
>> Ultimate...
> Don't do thi
On 12/06/17 14:52, Stefan Claas wrote:
> I just checked again. On my Mac and on my Windows Notebook
> i get a green bar , from a blue "Untrusted" key when i go into
> Enigmails Key Management and set the trust of that key to
> Ultimate...
Don't do this! Or did you do it just for testing? "Ultimate
On 07.06.17 22:23, Ludwig Hügelschäfer wrote:
> Hi Stefan,
>
> On 06.06.17 22:19, Stefan Claas wrote:
>> On 06.06.17 20:46, Charlie Jonas wrote:
>>> On 2017-06-06 19:12, Stefan Claas wrote:
I tried also with Enigmail under OS X but when checking the
signatures here from the list members
On 07.06.17 22:23, Ludwig Hügelschäfer wrote:
> Hi Stefan,
>
> On 06.06.17 22:19, Stefan Claas wrote:
>> On 06.06.17 20:46, Charlie Jonas wrote:
>>> On 2017-06-06 19:12, Stefan Claas wrote:
I tried also with Enigmail under OS X but when checking the
signatures here from the list members i
Hi Stefan,
On 06.06.17 22:19, Stefan Claas wrote:
> On 06.06.17 20:46, Charlie Jonas wrote:
>> On 2017-06-06 19:12, Stefan Claas wrote:
>>> I tried also with Enigmail under OS X but when checking the
>>> signatures here from the list members i always get the blue
>>> "Untrusted Good Signature".
>>
Am 07.06.2017 um 10:57 schrieb Peter Lebbing:
On 07/06/17 07:55, Stefan Claas wrote:
The procedure went like this: I inserted my id-card in a certified
card reader, which i purchased, startet the german certified id-card
software "AusweisApp2" to connect to the CA Server and the server
checked
On 07/06/17 07:55, Stefan Claas wrote:
> The procedure went like this: I inserted my id-card in a certified
> card reader, which i purchased, startet the german certified id-card
> software "AusweisApp2" to connect to the CA Server and the server
> checked my id-card online and after verification s
Am 07.06.2017 um 08:50 schrieb Andrew Gallagher:
On 7 Jun 2017, at 06:55, Stefan Claas wrote:
The procedure went like this: I inserted my id-card in a certified
card reader, which i purchased, startet the german certified id-card
software "AusweisApp2" to connect to the CA Server and the serve
On 07.06.17 00:04, MFPA wrote:
>
>
> On Tuesday 6 June 2017 at 5:07:18 PM, in
> , Stefan Claas
> wrote:-
>
>
> > Therefore qualified CA's
> > in my opinion are mandatory where each user in each
> > country [may] register
> > with his/her id-card so that it's guaranteed that
> > Alice is not Eve.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tuesday 6 June 2017 at 5:07:18 PM, in
, Stefan Claas
wrote:-
> Therefore qualified CA's
> in my opinion are mandatory where each user in each
> country [may] register
> with his/her id-card so that it's guaranteed that
> Alice is not Eve.
Ass
On 06.06.17 20:46, Charlie Jonas wrote:
> On 2017-06-06 19:12, Stefan Claas wrote:
>> I tried also with Enigmail under OS X but when checking the signatures here
>> from the list members i always get the blue "Untrusted Good Signature".
> Yes I get this as well. Interestingly whatever trust level I
On 2017-06-06 19:12, Stefan Claas wrote:
> I tried also with Enigmail under OS X but when checking the signatures here
> from the list members i always get the blue "Untrusted Good Signature".
Yes I get this as well. Interestingly whatever trust level I give keys,
Enigmail on OSX seems to want to
On 06.06.17 12:46, Peter Lebbing wrote:
> On 06/06/17 05:30, Duane Whitty wrote:
>> As I understand the concept of TOFU (Trust On First Use), when you
>> receive a signed email gpg tests that signature against the key
>> retrieved from the public key servers associated with the email.
> TOFU is a
On 06.06.17 18:07, Stefan Claas wrote:
> On 06.06.17 04:11, Daniel Kahn Gillmor wrote:
>> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
what does "bullet-proof" mean, specifically?
>>> For me it means that the idendicons should be visu
On 06.06.17 04:11, Daniel Kahn Gillmor wrote:
> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>> what does "bullet-proof" mean, specifically?
>> For me it means that the idendicons should be visually easy to read
>> and cryptographically se
On 06/06/17 05:30, Duane Whitty wrote:
> As I understand the concept of TOFU (Trust On First Use), when you
> receive a signed email gpg tests that signature against the key
> retrieved from the public key servers associated with the email.
TOFU is about *consistency*. It says: this e-mail is sign
On 17-06-05 11:11 PM, Daniel Kahn Gillmor wrote:
> On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
>> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>>> what does "bullet-proof" mean, specifically?
>>
>> For me it means that the idendicons should be visually easy to read
>> and cryptographi
On Tue 2017-06-06 01:24:43 +0200, Stefan Claas wrote:
> On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
>> what does "bullet-proof" mean, specifically?
>
> For me it means that the idendicons should be visually easy to read
> and cryptographically secure. Sorry that i have no better explanation.
he
On 05.06.17 22:26, Daniel Kahn Gillmor wrote:
> On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>>> * in the "distinguishing" model, it's not clear that any of the schemes
>>>i've seen are actually better for most humans against a dedicated
>>>attacker who crafts fingerprints to make
On Mon 2017-06-05 16:22:26 +0200, Stefan Claas wrote:
>> * in the "distinguishing" model, it's not clear that any of the schemes
>>i've seen are actually better for most humans against a dedicated
>>attacker who crafts fingerprints to make visual identities that look
>>similar. do you
On 05.06.17 17:40, Stefan Claas wrote:
> And another thought, since this thread says "app developers". How would
> services like StartMail, ProtonMail or gmx.de for example handle this...?
>
> If i remember correctly users have not the possibillity to sign someone
> elses pub-key when they both use
On 05.06.17 16:22, Stefan Claas wrote:
> On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
>
>> I'd generally think that if you're looking for a tool to help people
>> remember and recognize keys that they've seen before, then a mail user
>> agent is in a great position to do exactly that: just tell th
On 04.06.17 22:20, Daniel Kahn Gillmor wrote:
> Hi Stefan--
>
> I think you're asking about two sort of different things.
>
> on the one hand, you're asserting that the 32-bit keyid isn't sufficient
> for any sort of cryptographic verification. that's absolutely correct,
> and enigmail really sho
38 matches
Mail list logo
