Duplicate copies of list messages when you are also addressed personally [Was: Re: Fwd: Re: German ct magazine postulates death of pgp encryption]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday 3 March 2015 at 3:02:43 PM, in , michaelquig...@theway.org wrote: > I believe if you are personally addressed, the list > management software doesn't send you a duplicate copy > of the message. The option is set at

Re: German ct magazine postulates death of pgp encryption

>> Services like keybase.io with poor security practices... > > I fail to see how this is a failure on the side of the keyservers... I fully agree with Kristian. I further don't see how keybase.io amounts to "poor security practice". The Web of Trust is, itself, a poor practice because it's rar

Re: German ct magazine postulates death of pgp encryption

On Tue, 2015-03-03 at 14:00 +0100, Hans of Guardian wrote: > The PGP keyservers need email validation no it's pretty useless from a security POV and they don't need it. > not as a way to provide any kind of "trusted" status of that key, but > rather so enable people to delete keys that should no l

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

"Gnupg-users" wrote on 03/03/2015 09:41:25 AM: > - Message from Stephan Beck on Tue, 03 Mar > 2015 15:40:45 +0100 - > > To: gnupg-users@gnupg.org > > Subject: Re: Fwd: Re: German ct magazine postulates death of pgp encryption > > Am 03.03.2015 um

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/03/2015 02:00 PM, Hans of Guardian wrote: > > On Feb 27, 2015, at 8:56 PM, Werner Koch wrote: > ... > > Services like keybase.io with poor security practices are going to > rapidly take over from the PGP keyserver pool because they addre

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/03/2015 04:20 PM, Kristian Fiskerstrand wrote: > On 03/03/2015 01:50 PM, Hans of Guardian wrote: > >> On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > ... > >>> The standard PGP keyserver pool is a mess with racist spam, >>> lo

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/03/2015 01:50 PM, Hans of Guardian wrote: > > On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > > On 02/27/2015 12:43 PM, Hauke Laging wrote: Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker: > Maybe implementation with

Re: German ct magazine postulates death of pgp encryption

On Feb 27, 2015, at 1:11 PM, Kristian Fiskerstrand wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 02/27/2015 12:43 PM, Hauke Laging wrote: >> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker: >> >>> Maybe implementation with an opt-in could preserve publishing of >>> faked keys

Re: German ct magazine postulates death of pgp encryption

On Feb 27, 2015, at 8:56 PM, Werner Koch wrote: > On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > >> that anyone can upload _every_ key to a keyserver is an issue. If >> keyservers would do some sort of verification (e.g. confirmation of >> the email addresses) then this would lead to mu

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

Am 03.03.2015 um 14:00 schrieb Ville Määttä: > On 03.03.15 14:54, Stephan Beck wrote: >> as your message hasn't reached the list inspite of being addressed to it > > It did :). > Strange, I did only receive the PM, not the listmail, so I thought it might be useful to resend it. In that case, sorr

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/03/2015 01:54 PM, Stephan Beck wrote: > Hi Peter, > > as your message hasn't reached the list inspite of being addressed > to it, I resend it. Fwiw, it reached the list just fine: http://lists.gnupg.org/pipermail/gnupg-users/2015-March/05293

Re: Fwd: Re: German ct magazine postulates death of pgp encryption

On 03.03.15 14:54, Stephan Beck wrote: > as your message hasn't reached the list inspite of being addressed to it It did :). -- Ville signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://list

Fwd: Re: German ct magazine postulates death of pgp encryption

Hi Peter, as your message hasn't reached the list inspite of being addressed to it, I resend it. Thanks Stephan Weitergeleitete Nachricht Betreff: Re: German ct magazine postulates death of pgp encryption Datum: Mon, 02 Mar 2015 18:53:57 +0100 Von: Peter Lebbing An: St

Re: German ct magazine postulates death of pgp encryption

On 02-03-2015 22:23, ved...@nym.hush.com wrote: > http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ > > I wouldn't trust it with my real key, but would make a new > 'smartphone' key signed with my real key, and comment it as > for phone use only. You can't, it uses an own key scheme

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/02/2015 12:12 PM, Kristian Fiskerstrand wrote: > On 03/02/2015 10:16 AM, gnupgpacker wrote: >> Hello, Seems I inadvertently sent this message only directly without CCing the list > > > .. > > >> This procedure should be implemented in key

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

On Mon, 02 Mar 2015 22:24:45 +0100, Johan Wevers wrote: > For once, I've never heard of the police > trying something like this to obtain confessions or information: the > chance of failure in an indivicual case are too big. I'm guessing the reason is more that this would be a legal mine field

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

On 01-03-2015 22:01, flapflap wrote: > Just think about the "grandchild trick" ([0], unfortunately not in > English) which is a method where the criminals phone (often elder) > people and tell them that they are a grandchild, nephew, or other remote > relative and need some money for some reason

Re: German ct magazine postulates death of pgp encryption

This month's Wired has an article about encryption for voice and text using pgp, and intercompatibility between i-phone and android while using it. http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ I wouldn't trust it with my real key, but would make a new 'smartphone' key signed w

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Monday 2 March 2015 at 9:40:12 AM, in , Jonathan Schleifer wrote: > It's not only your computer. Likewise, it is not just my computer that would be wasting orders of magnitude more energy on "proof of work" for all outgoing messages than it c

Re: German ct magazine postulates death of pgp encryption

On 02/03/15 11:35, Stephan Beck wrote: > Sticking to that "perfect position argument", in what kind of position are > (would be) the people that control (packaging of) your distro? (Just > curious.) I think they basically completely control my system. For individual Debian Developers, it might ne

Re: German ct magazine postulates death of pgp encryption

On Sun, 1 Mar 2015 23:43, js-gnupg-us...@webkeks.org said: > I don't really agree with that. The goal is that the proof of work for a > single message takes 4 minutes. At that rate, sending spam really is not So you can send 360 mail a day. Assuming your 24/7 business make 700 Euro a day each m

Re: German ct magazine postulates death of pgp encryption

Am 28.02.2015 um 13:31 schrieb Peter Lebbing: > PS: By the way, my ISP and some of it's employees are in a perfect position to > do a man in the middle. No doubt about it. And we actually don't know how they "use" their position. Well, looking at some sort of collaboration published a few weeks

RE: German ct magazine postulates death of pgp encryption

Hello, > On Behalf Of Patrick Brunschwig > Sent: Sunday, March 01, 2015 3:42 PM > The idea I have in mind is roughly as follows: if you upload a key to > a keyserver, the keyserver would send an encrypted email to every UID > in the key. Each encrypted mail contains a unique link to confirm the >

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/02/2015 04:50 AM, Chuck Peters wrote: > Kristian Fiskerstrand said: You wouldn't need the keyservers to be involved in this at all. Anyone could set up such a mail verification CA outside of the keyserver network. > > How

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 1 March 2015 at 10:43:25 PM, in , Jonathan Schleifer wrote: > The goal is that the > proof of work for a single message takes 4 minutes. Currently at work, when I ask somebody a question by email it is not unusual to see the CC of the

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 1 March 2015 at 6:58:19 PM, in , Jonathan Schleifer wrote: > That "wasted energy" is a lot less than the energy we > currently waste on spam, I suspect my computer wastes very little energy in downloading and storing a few dozen spam m

Re: German ct magazine postulates death of pgp encryption

Kristian Fiskerstrand said: > >> > >> You wouldn't need the keyservers to be involved in this at all. > >> Anyone could set up such a mail verification CA outside of the > >> keyserver network. How about storing keys in a more distributed manner, DNS, in addition to some other method of authen

Re: German ct magazine postulates death of pgp encryption

On Mon, 2 Mar 2015 00:13:07 +0100, Ingo Klöcker wrote: > On what kind of hardware? A high-end gamer PC? Or a low end mobile phone? According to the paper, the goal is to take 4 minutes on an average PC and that it shall be adjusted according to hardware improvements. > There are much larger b

Re: German ct magazine postulates death of pgp encryption

On Sunday 01 March 2015 23:43:25 Jonathan Schleifer wrote: > Am 01.03.2015 um 23:25 schrieb Ingo Klöcker : > > And most spam is sent by bots. The spammers don't really care how much > > energy the bots burn. Yes, the amount of spam might decrease because > > the bots cannot hammer out that many bit

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 01.03.2015 um 23:25 schrieb Ingo Klöcker : > And most spam is sent by bots. The spammers don't really care how much > energy the bots burn. Yes, the amount of spam might decrease because > the bots cannot hammer out that many bitmessages as SMTP

Re: German ct magazine postulates death of pgp encryption

On Sunday 01 March 2015 19:58:19 Jonathan Schleifer wrote: > Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists- gro...@riseup.net>: > >> and also gets rid of spam > >> by requiring a proof of work to send something. > > > > Surely, "proof of work" is evidence of performing some otherwise

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

Johan Wevers: > On 28-02-2015 15:09, Daniel Kahn Gillmor wrote: > >> We had this discussion recently over on messag...@moderncrypto.org. > > What is described there is a much more confined problem. > >> It's far from "trivial", but breaking voice-based authentication >> (particularly in the alre

New "validating keyserver" architecture (was: Re: German ct magazine postulates death of pgp encryption)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1 Mar 2015 at 17:21, Patrick Brunschwig wrote: > On 01.03.15 16:38, Kristian Fiskerstrand wrote: > >>> In general I believe this to be an insufficient form of > >>> identification that really doesn't provide much of anything > >>> useful, but at

Re: German ct magazine postulates death of pgp encryption

Am 01.03.2015 um 17:45 schrieb MFPA <2014-667rhzu3dc-lists-gro...@riseup.net>: >> and also gets rid of spam >> by requiring a proof of work to send something. > > Surely, "proof of work" is evidence of performing some otherwise > unnecessary CPU cycles. This wastes energy. In a system used by > b

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 06:08 PM, Kristian Fiskerstrand wrote: > On 03/01/2015 06:01 PM, Marco Zehe wrote: >> Hi Kristian, > >>> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand >>> : >>> ... > that have enabled it. Another issue with the current > im

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01.03.15 18:11, MFPA wrote: > > > On Sunday 1 March 2015 at 2:41:33 PM, in > , Patrick Brunschwig wrote: > > > >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted ema

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 1 March 2015 at 2:41:33 PM, in , Patrick Brunschwig wrote: > The idea I have in mind is roughly as follows: if you > upload a key to a keyserver, the keyserver would send > an encrypted email to every UID in the key. Each > encrypted m

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 06:01 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand >> : >> >> Since the author's first reaction was closing it WONTFIX I didn't >> bother, with that kind of behavior they can't possi

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 05:31 PM, Marco Zehe wrote: > Hi Patrick, > >> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig >> : >> >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted e

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 27 February 2015 at 11:15:36 AM, in , Peter Lebbing wrote: > So what did this key attract, being on the keyserver > for four years now? > 22 Nigerian 419 scams. That's it. Twenty-two! They came > in batches; I haven't seen anything sin

Re: German ct magazine postulates death of pgp encryption

Hi Kristian, > Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand > : > > Since the author's first reaction was closing it WONTFIX I didn't > bother, with that kind of behavior they can't possibly take security > seriously. Error in judgement that has since been corrected. These things someti

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 05:45 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand >> : >> >> Seriously? Please look at >> https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that >> implementation, which

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 1 March 2015 at 12:21:20 PM, in , Jonathan Schleifer wrote: > and also gets rid of spam > by requiring a proof of work to send something. Surely, "proof of work" is evidence of performing some otherwise unnecessary CPU cycles. This was

Re: German ct magazine postulates death of pgp encryption

Hi Kristian, > Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand > : > > Seriously? Please look at > https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that > implementation, which opens up another can of worms (encrypts to {S,C} > key, not encryption key, dual usage of same key mat

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01.03.15 17:31, Marco Zehe wrote: > Hi Patrick, > >> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig >> : >> >> The idea I have in mind is roughly as follows: if you upload a >> key to a keyserver, the keyserver would send an encrypted email

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 05:36 PM, Marco Zehe wrote: > Hi Kristian, > >> Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand >> : >> >> You wouldn't need the keyservers to be involved in this at all. >> Anyone could set up such a mail verification CA outsi

Re: German ct magazine postulates death of pgp encryption

Hi Kristian, > Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand > : > > You wouldn't need the keyservers to be involved in this at all. Anyone > could set up such a mail verification CA outside of the keyserver network. In theory, yes. And keybase.io goes in that direction, although they do

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 27 February 2015 at 12:23:18 PM, in , Ralph Seichter wrote: > The thought of letting PGP die as an e-mail encryption > mechanism for the "masses" (the non-tech-savvy average > users) and to have it replaced with something my mother > co

Re: German ct magazine postulates death of pgp encryption

Hi Patrick, > Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig : > > The idea I have in mind is roughly as follows: if you upload a key to > a keyserver, the keyserver would send an encrypted email to every UID > in the key. Each encrypted mail contains a unique link to confirm the > email addre

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01.03.15 16:38, Kristian Fiskerstrand wrote: >>> In general I believe this to be an insufficient form of >>> identification that really doesn't provide much of anything >>> useful, but at least the PGP keyserver does it reasonably sane >>> in it

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Saturday 28 February 2015 at 5:54:21 PM, in , Johan Wevers wrote: > For once, it > requires much contextual knowledge about what both > persons know of each other. Why? Most of my phone calls to regular business contacts consist entirely of d

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 04:35 PM, Patrick Brunschwig wrote: > On 01.03.15 15:58, Kristian Fiskerstrand wrote: >> On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: >>> On 27.02.15 20:56, Werner Koch wrote: On Fri, 27 Feb 2015 17:26, patr...@enigmail.net sa

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01.03.15 15:58, Kristian Fiskerstrand wrote: > On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: >> On 27.02.15 20:56, Werner Koch wrote: >>> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > that anyone can upload _every_ key to a key

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/01/2015 03:41 PM, Patrick Brunschwig wrote: > On 27.02.15 20:56, Werner Koch wrote: >> On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > >>> that anyone can upload _every_ key to a keyserver is an issue. >>> If keyservers would do some s

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27.02.15 20:56, Werner Koch wrote: > On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > >> that anyone can upload _every_ key to a keyserver is an issue. If >> keyservers would do some sort of verification (e.g. confirmation >> of the email

Re: German ct magazine postulates death of pgp encryption

On 01/03/15 13:21, Jonathan Schleifer wrote: > You mean like BitMessage ? It was Werner who floated the idea of replacing SMTP here on gnupg-users. After thinking about it, it made a lot of sense to me. You could search gnupg-users for his messages about this

Re: Re: German ct magazine postulates death of pgp encryption

Jonathan Schleifer wrote: > > Let me stress again that the proper course might be to replace SMTP > > (e-mail) and > > then work from that. If you have a sieve and wish for something to hold > > liquids, > > you could plug up all the holes or say "Blow this for a lark" and get a pan. > > You me

Re: German ct magazine postulates death of pgp encryption

Am 28.02.2015 um 14:12 schrieb Peter Lebbing : > On 28/02/15 14:06, Ralph Seichter wrote: >> but PGP does not work for mass e-mail protection > > Let me stress again that the proper course might be to replace SMTP (e-mail) > and > then work from that. If you have a sieve and wish for something t

Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

Hi Doug, > Am 28.02.2015 um 21:36 schrieb Doug Barton : > > It's overwhelmingly likely that you are overthinking this. :) Yes, I have been known to have that tendency sometimes. :) Thanks! Will do as you suggest, then. Marco signature.asc Description: Message signed with OpenPGP using GPGMa

Re: Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

On 2/27/15 10:10 PM, Marco Zehe wrote: Hi Werner et al, Am 27.02.2015 um 20:56 schrieb Werner Koch : There is no trust in keyservers by design. As soon as you start changing this you are turning PGP into a centralized system. OK, then I have a very practical question: Even though this is my

Re: German ct magazine postulates death of pgp encryption

On 2/27/15 3:15 AM, Peter Lebbing wrote: So what did this key attract, being on the keyserver for four years now? 22 Nigerian 419 scams. That's it. Twenty-two! They came in batches; I haven't seen anything since March last year. I've had a similar key out there for longer than four years, and

Re: German ct magazine postulates death of pgp encryption

On Sat, 2015-02-28 at 19:01 +0100, Johan Wevers wrote: > No it's not, it is much simpler. When I call my wife and are in fact > connected with a computer or agent impersonating her, they are unlikely > being able to copy her voice so good that I don't hear it. I guess you've missed some developmen

Re: German ct magazine postulates death of pgp encryption

On Sat, 2015-02-28 at 18:45 +0100, Johan Wevers wrote: > OK, not cryptographically. They could always try to bribe/threat/torture > someone to cooperate. But that model fails if you want to perform > unnoticed mass surveillance. Admittedly, when it comes to "unnoticed mass surveillance" anonymous

Re: German ct magazine postulates death of pgp encryption

On 28-02-2015 18:21, Christoph Anton Mitterer wrote: > Not sure what you refer to,... but if it's authentication schemes like > ZRTP (which TextSecure wouldn't use)... No it's not, it is much simpler. When I call my wife and are in fact connected with a computer or agent impersonating her, they a

Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

On 28-02-2015 15:09, Daniel Kahn Gillmor wrote: > We had this discussion recently over on messag...@moderncrypto.org. What is described there is a much more confined problem. > It's far from "trivial", but breaking voice-based authentication > (particularly in the already-noisy realm of mobile p

Re: German ct magazine postulates death of pgp encryption

On 28-02-2015 13:40, Peter Lebbing wrote: > On 28/02/15 13:28, Johan Wevers wrote: >> I don't see even the NSA breaking that. > > Heh, famous last words ;). OK, not cryptographically. They could always try to bribe/threat/torture someone to cooperate. But that model fails if you want to perform

Re: German ct magazine postulates death of pgp encryption

On Sat, 2015-02-28 at 13:28 +0100, Johan Wevers wrote: > In practice the Textsecure protocol works well of couyrse because it > uses the phone number. "In practise"... I guess that's also what most "normal" people believed about their security before Snowden. And a phone number is really no secur

Re: German ct magazine postulates death of pgp encryption

On 28/02/15 16:25, Bjarni Runar Einarsson wrote: > E-mail is the *only* surviving decentralized free and open messaging > system with any clout today. Literally everything else in common use is > proprietary and centralized. We should all be deeply worried about this. Well, I think it's a bit grim

Re: Re: German ct magazine postulates death of pgp encryption

Peter Lebbing wrote: > On 28/02/15 14:06, Ralph Seichter wrote: > > but PGP does not work for mass e-mail protection > > Let me stress again that the proper course might be to replace SMTP (e-mail) > and > then work from that. If you have a sieve and wish for something to hold > liquids, > you

strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]

On Sat 2015-02-28 13:28:06 +0100, Johan Wevers wrote: > In practice the Textsecure protocol works well of couyrse because it > uses the phone number. One usually knows that number already from a > contact. Most people I communicatw with often I even recognise by > voice alone - taking over the pho

Re: German ct magazine postulates death of pgp encryption

On 28/02/15 14:06, Ralph Seichter wrote: > but PGP does not work for mass e-mail protection Let me stress again that the proper course might be to replace SMTP (e-mail) and then work from that. If you have a sieve and wish for something to hold liquids, you could plug up all the holes or say "Blow

Re: German ct magazine postulates death of pgp encryption

It looks like we agree on most aspects, but to get back to the original question of this thread: From what I have seen since the nineties (I do remember donating money for Philip Zimmermann), PGP is great for users with a solid foundation in cryptography, but it is too complicated for avarage users

Re: German ct magazine postulates death of pgp encryption

On 28/02/15 13:28, Johan Wevers wrote: > I don't see even the NSA breaking that. Heh, famous last words ;). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at

Re: German ct magazine postulates death of pgp encryption

On 2015-02-28 12:37, Ralph Seichter wrote: > On 28.02.2015 00:48, Hugo Osvaldo Barrera wrote: > > > Please, stop spreading the iMessage falacy, it's system offers privacy > > only from *some* parties, but not from everyone. > > I invite you to read my message again. I used iMessage as an example

Re: German ct magazine postulates death of pgp encryption

I think a bit of opportunistic encryption without proper identity verification can be a very good thing. I was just pointing out that you need to know the limits of that way of working, and make a conscious decision whether you need proper verification or not. But I didn't indicate that clearly en

Re: German ct magazine postulates death of pgp encryption

On 27-02-2015 19:16, Christoph Anton Mitterer wrote: > This is basically what they want: Anonymous cryptography, whose complete > security is based on some good luck whether you've communicated with the > right peer the first time. In practice the Textsecure protocol works well of couyrse because

Re: German ct magazine postulates death of pgp encryption

On 27-02-2015 16:57, Mark H. Wood wrote: > It's always good to look for patterns that lead to useful > simplification. But there comes a point at which no further > simplfication can be done without making the system less useful. Well, in making it more beginner friendly, I imagine a system that

Re: German ct magazine postulates death of pgp encryption

On 28.02.2015 00:48, Hugo Osvaldo Barrera wrote: > Please, stop spreading the iMessage falacy, it's system offers privacy > only from *some* parties, but not from everyone. I invite you to read my message again. I used iMessage as an example for usability (as did c't editor Jürgen Schmidt), not f

Re: German ct magazine postulates death of pgp encryption

Hi Andreas, > Am 27.02.2015 um 21:12 schrieb Andreas Schwier > : > The keyserver would make sense, if my mail client would automatically > fetch the public key from a server, based on the e-mail address of the > sender and some identity data (e.g. fingerprint) in the mail signature. FWIW, that’s

Re: German ct magazine postulates death of pgp encryption

On Sat, 2015-02-28 at 07:01 +0100, Marco Zehe wrote: > So like everywhere, different opinions, and that one journalist’s > opinion definitely doesn’t speak for all of the folks at c’t or Heise > in General. Well, that might be... but with respect to this question, there is only one correct opinion

Best practice to make one's key known, was Re: German ct magazine postulates death of pgp encryption

Hi Werner et al, > Am 27.02.2015 um 20:56 schrieb Werner Koch : > > There is no trust in keyservers by design. As soon as you start > changing this you are turning PGP into a centralized system. OK, then I have a very practical question: Even though this is my fourth or fifth attempt at establ

Re: German ct magazine postulates death of pgp encryption

Hi Chris, > Am 27.02.2015 um 19:16 schrieb Christoph Anton Mitterer > : > > This is basically what they want: Anonymous cryptography, whose complete > security is based on some good luck whether you've communicated with the > right peer the first time. > > But instead of just advertising that c

Re: German ct magazine postulates death of pgp encryption

On 02/27/2015 01:12 PM, Andreas Schwier wrote: > So what exactly is the purpose of the keyserver then ? If you expect me > to still verify fingerprints out of band, why would I grab a - probably > bogus key - from a keyserver first place ? I could immediately ask my > peer to send it by mail. I

Re: German ct magazine postulates death of pgp encryption

On 2015-02-27 13:23, Ralph Seichter wrote: > > Your positions to this ct approach? > > The c't magazine is mostly well respected in Germany and the editors > have some valid points; the latest articles are by no means mindless > rants or PGP-bashing. The thought of letting PGP die as an e-mail > e

Re: German ct magazine postulates death of pgp encryption

On Fri, 2015-02-27 at 22:40 +0100, Martin Behrendt wrote: > At what point is a system a [semi-]proprietary system? > How many computers are out there where not even a single part of the > hardware (and firmware) is proprietary? I rather meant Android here, which may have an open source core, but i

Re: German ct magazine postulates death of pgp encryption

Am Fr 27.02.2015, 13:11:33 schrieb Kristian Fiskerstrand: > > We need keyservers which are a lot better that today's. IMHO that > > also means that a keyserver should tell a client for each offered > > certificate whether it (or a trusted keyserver) has made such an > > email verification. > > Th

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.02.2015 um 22:28 schrieb Christoph Anton Mitterer: > On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote: >> Most people run Windows or Android (or use Lenovo stuff) and thus >> have anyway no control over their boxes. > To be honest, I don't th

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/27/2015 11:21 PM, Hauke Laging wrote: > Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing: > >> But what about that Man in the Middle who does nothing more than >> receive your message encrypted to their key and forward it to >> the real recip

Re: German ct magazine postulates death of pgp encryption

Am Fr 27.02.2015, 23:05:07 schrieb Peter Lebbing: > But what about that Man in the Middle who does nothing more than > receive your message encrypted to their key and forward it to the > real recipient you are building a trust relationship with? He does have to do more: He has to intercept the me

Re: German ct magazine postulates death of pgp encryption

Am Fr 27.02.2015, 20:56:00 schrieb Werner Koch: > On Fri, 27 Feb 2015 17:26, patr...@enigmail.net said: > > that anyone can upload _every_ key to a keyserver is an issue. If > > keyservers would do some sort of verification (e.g. confirmation of > > the email addresses) then this would lead to much

Re: German ct magazine postulates death of pgp encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/27/2015 09:56 PM, Werner Koch wrote: > On Fri, 27 Feb 2015 21:07, > kristian.fiskerstr...@sumptuouscapital.com said: > >> Increasing the information on keyservers like this, in particular >> in the descriptive parts can be considered, would it

Re: German ct magazine postulates death of pgp encryption

On 27/02/15 21:12, Andreas Schwier wrote: > I'd rather start a communication > with a bogus key and establish trust in my genuine peer from the > conversation we are having. But what about that Man in the Middle who does nothing more than receive your message encrypted to their key and forward it

Re: trust paths (was: German ct magazine postulates death of pgp encryption)

On Fri, 2015-02-27 at 22:25 +0100, Hauke Laging wrote: > > Find trust paths > What could that be good for? If you do not make very strange assumptions > that could be of any use only if you assign certification trust to > unknown keys which would be completely crazy. I meant in the sense that I

Re: German ct magazine postulates death of pgp encryption

On Fri, 2015-02-27 at 22:15 +0100, Werner Koch wrote: > Most people run Windows or Android (or use Lenovo stuff) and thus have > anyway no control over their boxes. To be honest, I don't think that anyone using Windows, Android, MacOS or any other [semi-]proprietary system actually wants to be sec

Re: trust paths (was: German ct magazine postulates death of pgp encryption)

Am Fr 27.02.2015, 21:25:40 schrieb Christoph Anton Mitterer: > On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote: > > So what exactly is the purpose of the keyserver then ? > > Find trust paths What could that be good for? If you do not make very strange assumptions that could be of any u

Re: German ct magazine postulates death of pgp encryption

On Fri, 27 Feb 2015 21:24, cales...@scientia.net said: > - Nothing is encrypted (so everyone eavesdropping will know that I just > downloaded the key for nsa-whistleblow...@wikileaks.org... and five Which he will anyway see as soon as you send the mail. Iff we have an anonymous network both pr

Re: German ct magazine postulates death of pgp encryption

On Fri, 2015-02-27 at 21:12 +0100, Andreas Schwier wrote: > So what exactly is the purpose of the keyserver then ? Find trust paths, signature updates, self signature updates, key revocation certs (but beware of the issues I've described in my mail a few seconds before)... Cheers, Chris. smime.

Re: German ct magazine postulates death of pgp encryption

On Fri, 27 Feb 2015 21:07, kristian.fiskerstr...@sumptuouscapital.com said: > Increasing the information on keyservers like this, in particular in > the descriptive parts can be considered, would it suffice to be part > of the standard web interface for keyserver intro, or would it have to > be ad

Re: German ct magazine postulates death of pgp encryption

On Fri, 2015-02-27 at 20:56 +0100, Werner Koch wrote: > There is no trust in keyservers by design. As soon as you start > changing this you are turning PGP into a centralized system. Well not necessarily - at least not in the sense of exactly one power having control over the whole key network (a

Re: German ct magazine postulates death of pgp encryption

>> But that's the main primary reason of the article at all. The fact >> that anyone can upload _every_ key to a keyserver is an issue. If > > No, it is not, it has always been very clear no to rely on the > existence of a key on either a keyserver or on a local keyring without > proper verificat

  1   2   >