Re: Flooding attack against synchronising keyservers

Hi, all. pgpkeys.eu is fully operational, is accepting key submissions and is syncing with two similarly recovered peers. The number of keys in the dataset is back to pre-flooding levels, and site reliability has been significantly improved. If you are an operator and need assistance recovering

Re: Flooding attack against synchronising keyservers

On mar, mar 28 2023, H.-Dirk Schmitt wrote: > As adviced I temporarily disabled the peers on > keyserver{1,2}.computer42.org. Same for keys.escomposlinux.org > Waiting for a better solution … Let's hope there is one... Best regards, Iñaki. signature.asc Description: PGP signature __

Re: Flooding attack against synchronising keyservers

As adviced I temporarily disabled the peers on keyserver{1,2}.computer42.org. Waiting for a better solution … Best regards, H.-Dirk -- H.-Dirk Schmitt Dipl.Math. eMail:dirk.schm...@computer42.org mobile:+49 177 616 8564 phone: +49 2642 99 41 14 fax: +49 2642 99 41 15 Schillerstr. 42,

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via

Re: A key doesn't get imported from one of the keyservers

On 8/4/2021 10:35 AM, Werner Koch via Gnupg-users wrote: On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said: Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that doesn't permit distributing email addresses without consent. The key It is not a privacy policy but a se

Re: A key doesn't get imported from one of the keyservers

On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said: > Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that > doesn't permit distributing email addresses without consent. The key It is not a privacy policy but a serious misconception much like what keyserver.

Re: A key doesn't get imported from one of the keyservers

ey that resides on keys.openpgp.org? Are > the keys that are one these 3 keyservers the same? Server keys.openpgp.org is different from SKS keyservers. Read more about it here: https://keys.openpgp.org/about -- /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/ // OpenPGP: 4E1055DC84E9DFF613D

Re: A key doesn't get imported from one of the keyservers

Hi Yuri, > Is something wrong with the key that resides on keys.openpgp.org? Are > the keys that are one these 3 keyservers the same? Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that doesn't permit distributing email addresses without consent. The key in q

Re: A key doesn't get imported from one of the keyservers

> Okay, then... All the keyservers have the key. But keys.openpgp.org > doesn't let it get imported because the owner didn't consent to making > his email address publicly known by verifying his email address. > > Which means that the owner doesn't care much about

Re: A key doesn't get imported from one of the keyservers

Okay, then... All the keyservers have the key. But keys.openpgp.org doesn't let it get imported because the owner didn't consent to making his email address publicly known by verifying his email address. Which means that the owner doesn't care much about this, otherwise he would

A key doesn't get imported from one of the keyservers

p.org --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 gpg: key 3804BB82D39DC0E3: no user ID gpg: Total number processed: 1 Is something wrong with the key that resides on keys.openpgp.org? Are the keys that are one these 3 keyservers the same? Regards,

Re: Keyservers

On Thu, 4 Feb 2021 09:34, n...@copblock.app said: > I would like to bring up my own keyserver for my company, which would > contain only those keys which have been signed by one or more authorized > people. I would suggest to use LDAP - best OpenLDAP or Active Directory. See https://gnupg.org/bl

Keyservers

I would like to bring up my own keyserver for my company, which would contain only those keys which have been signed by one or more authorized people. Can anybody suggest software for this? sks-keyserver does not compile for me, and I don't know ocaml. mailvelope-keyserver fails its unit test

[Announce] GnuPG 2.2.17 released to mitigate attacks on keyservers

: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. [#4607] * gpg: If an

Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 16.12.2018, 22:06 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > > My proposal could be run also in parallel. I think it would be > > > only a weekend job for

Re: Garbled data in keyservers

On Sun, 16 Dec 2018 22:06:55 +0100, Stefan Claas wrote: > While testing today how to make someones pub key non-importable,non- > receivable, For the interested reader: and : gpg --keyserver-option import-clean --keyse

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 20:34:55 +0100, Dirk Gottschalk wrote: > Am Sonntag, den 09.12.2018, 20:03 +0100 schrieb Stefan Claas: > > My proposal could be run also in parallel. I think it would be > > only a weekend job for a programmer to modify the server code, > > so that it accepts only incoming and

Re: Garbled data in keyservers

gerprints for > > example can still be > > This would solve some problems but not others. I think Web Key Directory (for > people controlling their domains) coupled with Autocrypt (for everyone else) > already solves a large number of use cases people need key servers. The onl

Re: Garbled data in keyservers

a list of fingerprints for > example can still be This would solve some problems but not others. I think Web Key Directory (for people controlling their domains) coupled with Autocrypt (for everyone else) already solves a large number of use cases people need key servers. The only real proble

Re: Garbled data in keyservers

On Mon, 10 Dec 2018 14:25:08 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > That's an interesting idea, it seems GnuPG has some support for sending keys > via > e-mail. > By the way validation of keys sent from e-mail would require DKIM as it's easy > to spoof "From" (that's why most solutions

Re: Garbled data in keyservers

an email. >> >> [...] >> >> I didn't manage to get it running though ("gpg: keyserver send >failed: No >> keyserver available"), probably it depends on some package that I >don't have >> locally. > >As far as I know, most keyserver

Re: Garbled data in keyservers

> the word "add" in the subject line of an email. > > [...] > > I didn't manage to get it running though ("gpg: keyserver send failed: No > keyserver available"), probably it depends on some package that I don't have > locally. As far as I know,

Re: Garbled data in keyservers

nd keys to, and search for keys on. > (...) The scheme is the type of keyserver: "hkp" for the HTTP (or compatible) > keyservers, "ldap" for the LDAP keyservers, or *"mailto" for the Graff email > keyserver*. I didn't manage to get it running though ("g

Re: Garbled data in keyservers

On December 9, 2018 11:17:34 AM AKST, Stefan Claas wrote: >On Sun, 9 Dec 2018 21:11:12 +0100, Juergen Bruckner wrote: >> Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: >> > And further, why should anyone run something like a ca CA for free. >> > Sure, CAcert does it. But that's the

Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 09.12.2018, 21:13 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 20:55:36 +0100, Dirk Gottschalk wrote: > > Hello Dirk, > > > That I mentioned in the other reply I have sent a few seconds ago. > > > > > right? A key which would bear a CA sig would imho not have suc

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 21:11:12 +0100, Juergen Bruckner wrote: > Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: > > And further, why should anyone run something like a ca CA for free. > > Sure, CAcert does it. But that's the onlöy organisation I know who > > does this. > > Also WPIA [

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 20:55:36 +0100, Dirk Gottschalk wrote: Hello Dirk, > That I mentioned in the other reply I have sent a few seconds ago. > > > right? A key which would bear a CA sig would imho not have such > > additional and funny UID's or sigs, because it would make the key > > owner look a

Re: Garbled data in keyservers

Am 09.12.18 um 18:24 schrieb Dirk Gottschalk via Gnupg-users: > And further, why should anyone run something like a ca CA for free. > Sure, CAcert does it. But that's the onlöy organisation I know who does > this. Also WPIA [1] plans to do this and started a audit process for their CA. regards

Re: Garbled data in keyservers

word "add" in the subject line of an email. <https://www.rubin.ch/pgp/sendkey.en.html> > > People can then still use the old key servers (until they may become > > obsolete...) or use keybase. > > Keybase is an option, yes., And the Keyservers could be fix

Re: Garbled data in keyservers

On 09.12.2018 20:03, Stefan Claas wrote: > To bad that Werner's WKD is not widely adopted from email > service providers... Just for the record but it is adopted by e-mail service providers that are interested in OpenPGP (like ProtonMail and Posteo.de, see https://wiki.gnupg.org/WKD). As for "e-m

Re: Garbled data in keyservers

Hello Stefan. Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > Get a sig from a CA and then upload your key via email. > > > > > Tha

Fw: Garbled data in keyservers

Beginn der weitergeleiteten Nachricht: Datum: Sun, 9 Dec 2018 20:35:41 +0100 Von: Stefan Claas An: Dirk Gottschalk Betreff: Re: Garbled data in keyservers On Sun, 09 Dec 2018 20:26:21 +0100, Dirk Gottschalk wrote: Hi Dirk, > > I don't think so. Create an anon account at ProtonM

Re: Garbled data in keyservers

ld be neccessary do disable HKP for upload in GnuPG to avoid broken Clients and so on. > People can then still use the old key servers (until they may become > obsolete...) or use keybase. Keybase is an option, yes., And the Keyservers could be fixed. HKP for retrieval is very comfortable

Re: Garbled data in keyservers

Hi Stefan. Am Sonntag, den 09.12.2018, 19:38 +0100 schrieb Stefan Claas: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > Get a sig from a CA and then upload your key via email. > > > > > That's

Re: Garbled data in keyservers

Am Sonntag, den 09.12.2018, 19:54 +0100 schrieb Stefan Claas: > On Sun, 9 Dec 2018 19:51:37 +0100, Stefan Claas wrote: > > On Sun, 09 Dec 2018 18:24:38 +0100, Dirk Gottschalk wrote: > > Hi Dirk, > > > Get a sig from a CA and then upload your key via email. > > > Then the key servers do something

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 19:38:31 +0100, Stefan Claas wrote: > On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users > wrote: > > On December 9, 2018 7:54:01 AM EST, Stefan Claas > > wrote:: > > > > > >Get a sig from a CA and then upload your key via email. > > > > > That's a bit ste

Re: Garbled data in keyservers

On Sun, 9 Dec 2018 19:51:37 +0100, Stefan Claas wrote: > On Sun, 09 Dec 2018 18:24:38 +0100, Dirk Gottschalk wrote: Hi Dirk, > > > Get a sig from a CA and then upload your key via email. > > Then the key servers do something like a gpg --check-sigs > > to see if a key bears a valid CA sig and if

Re: Garbled data in keyservers

On Sun, 09 Dec 2018 08:23:03 -0900, justina colmena via Gnupg-users wrote: > On December 9, 2018 7:54:01 AM EST, Stefan Claas > wrote:: > > > >Get a sig from a CA and then upload your key via email. > > > That's a bit steep, and was never the original goal of PGP or GPG. No, in 2018 i think it

Re: Garbled data in keyservers

Hello Justina Am Sonntag, den 09.12.2018, 08:23 -0900 schrieb justina colmena via Gnupg-users: > On December 9, 2018 7:54:01 AM EST, Stefan Claas < > stefan.cl...@posteo.de> wrote:: > > Get a sig from a CA and then upload your key via email. > > > That's a bit steep, and was never the original go

Re: Garbled data in keyservers

Hi. Am Sonntag, den 09.12.2018, 13:54 +0100 schrieb Stefan Claas: > On Thu, 06 Dec 2018 15:22:14 +0100, Werner Koch wrote: > > > > That's right, but my thought is / was someone can (ab)use key > > > servers as data storage / retrieval system and then only provides > > > the key id > > > > As i

Re: Garbled data in keyservers

On December 9, 2018 7:54:01 AM EST, Stefan Claas wrote:: > >Get a sig from a CA and then upload your key via email. > That's a bit steep, and was never the original goal of PGP or GPG. If the goal is to eliminate the bulk of bad keys and junk from key servers, an account creation with basic ema

Re: Garbled data in keyservers

On Thu, 06 Dec 2018 15:22:14 +0100, Werner Koch wrote: > > That's right, but my thought is / was someone can (ab)use key > > servers as data storage / retrieval system and then only provides > > the key id > > As it has been commeted, there are easier ways to do that. I have read also the thre

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 14:05, stefan.cl...@posteo.de said: > Understood. Please check this example, a key with with plenty of data, > which only needs to be extracted. > > https://pgp.circl.lu/pks/lookup?op=get&search=0x73253A1F090C53B6 Surely you can put arbitrary data into into a user-id. > That

Re: Garbled data in keyservers

> > > > You can't add an UID to a key without having a signature from the > > primary key. If the keyservers accept that any OpenPGP > > implementation will simply skip such an UID. > > Understood. Please check this example, a key with with plenty of data,

Re: Garbled data in keyservers

On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote: > On Thu, 6 Dec 2018 10:22, stefan.cl...@posteo.de said: > > > As long as we have the option to add additional UID's to a key my > > You can't add an UID to a key without having a signature from the >

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 11:09:04 +0100, Wiktor Kwapisiewicz wrote: > >> But that "little program" would have to download the entire dump > >> and provide search feature itself, making it non-trivial for most > >> users. > > I don't think so... > > > > https://github.com/yakamok/keyserver-fs > > Yes

Re: Garbled data in keyservers

y and is intended for use only on linux > *Notice:* This Program is very slow to add data to the gpg pubkey so dont plan on super large files. I don't think a lot of users use this or would use this. It's more convenient and easier to store data somewhere else (pastebins?). Also, storing

Re: Garbled data in keyservers

On Thu, 6 Dec 2018 10:39:24 +0100, Wiktor Kwapisiewicz wrote: Hi Wiktor, > On 06.12.2018 10:24, Stefan Claas wrote: > > As long as we have the option to add additional UID's to a key my > > thinking was, after reading the links from Yegor, that one appends > > arbitrary data to a key and provide

Re: Garbled data in keyservers

On 06.12.2018 10:24, Stefan Claas wrote: > As long as we have the option to add additional UID's to a key my > thinking was, after reading the links from Yegor, that one appends > arbitrary data to a key and provides a link, at some other place, to > that key, in the form of URL://keyserver/keyid_

Re: Garbled data in keyservers

can be fetched via the web. > > Being able to search for a fingerprint does not allow you to search > for the latest blockbuster movie to get a torrent link. Thus there > is no incentive to use the keyservers as an index and running a > keyserver will be safer for most operators.

Re: Garbled data in keyservers

vie to get a torrent link. Thus there is no incentive to use the keyservers as an index and running a keyserver will be safer for most operators. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgplc6tga88Hi.pgp Description: P

Re: Garbled data in keyservers

d > with a key with fingerprint "0xff80ae9d1dec358d", and referred me to > the OpenKeychain app, which searched keyservers and found a matching > public key, which I was allowed to import to verify the signature, > which I did so successfully. Sure, thats the way it works.

Re: Garbled data in keyservers

penKeychain app, which searched keyservers and found a matching public key, which I was allowed to import to verify the signature, which I did so successfully. The fingerprints are some collision-resistant secure hashes, and in theory it is extraordinarily difficult to create another public ke

Re: Garbled data in keyservers

On Wed, 05 Dec 2018 18:53:20 +0100, Werner Koch wrote: > On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > > > Can you give more details about the security aspect? > > People believe that the keyservers magically return a matching key > for a mail address. Ther

Re: Garbled data in keyservers

On Wed, 5 Dec 2018 17:34, stefan.cl...@posteo.de said: > Can you give more details about the security aspect? People believe that the keyservers magically return a matching key for a mail address. There is no guarantee for this. In fact all people from the strong had meanwhile expired fa

Re: Garbled data in keyservers

On Wed, 05 Dec 2018 13:28:50 +0100, Werner Koch wrote: > A better way of using keyservers would be to entire disable their > search by name or mail address capabilities. Not only in the web > interface but also in their API. Of course that will be a radical > change but I consider i

Re: Garbled data in keyservers

On Wed, 5 Dec 2018 10:31, c...@cod-web.net said: > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know exactly why it's included in search There are sever

Re: Garbled data in keyservers

Thank you. Fun fact: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 > https://bitbucket.org/skskeyserver/sks-keyserver/issues/60 > were opened by Yegor Timoshenko himself ^__^ Thank you again for your quick and sharp answer! -- CoD ___

Re: Garbled data in keyservers

2) search any key but mine by email: works? Well, so it was for me > 3) now try with this email address > > On pool.sks-keyservers.net eveything works well while on other > keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I > never signed and I don't know

Garbled data in keyservers

s well while on other keyservers I get 47Mb of garbled data from Yegor Timoshenko key, which I never signed and I don't know exactly why it's included in search results. I had to use wget to download the web page since any browser will crash. Is this a bug I should submit somewhere? Can a

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 13/06/18 14:43, Daniel Kahn Gillmor wrote: > the proposed revocation distribution network wouldn't allow any user IDs > or third-party certifications, so most of the "trollwot" would not be > relevant. As I see it, the keyservers perform two related but distinct fun

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

>>> already happens) locally. >> >> the advantage is spam-abatement -- the keyservers have to keep track of >> what is attached to each blob they transport/persist. if all signatures >> that they transport for a given blob are cryptographically certified, >&g

Re: GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers

Thanks, Phil - I appreciate your help and your response. Thanks, Dave Sent from my iPhone > On Jan 23, 2018, at 9:51 PM, Phil Pennock wrote: > > Looks to me like a GnuPG bug. In fact, it looks very much like > https://dev.gnupg.org/T1447 which has been marked resolved. > > The hostname th

Re: GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers

On 2018-01-22 at 20:12 -0500, David Gray via Gnupg-users wrote: > I'm running GnuPG 2.2.4 on Windows. I'm able to successfully query the SKS > keyserver pool via HKPS (hkps://hkps.pool.sks-keyservers.net) with no > problems. I'm trying to query the hkps://keys.mailvelope.com keyserver, and > I'm

GnuPG 2.2.4 on Windows - problems accessing some HKPS keyservers

Good Evening - I'm running GnuPG 2.2.4 on Windows. I'm able to successfully query the SKS keyserver pool via HKPS (hkps://hkps.pool.sks-keyservers.net) with no problems. I'm trying to query the hkps://keys.mailvelope.com keyserver, and I'm not having any luck. I suspect I don't have the appr

Re: key distribution/verification/update mechanisms other than keyservers

plication" time). > 3. At search/display stage - almost as easy as 1, although more > computationally intensive as it would need to be calculated per download > (caching may help). Can be retrofitted to existing keyservers. I think a better way to consider retrofitting to existing keyser

Re: key distribution/verification/update mechanisms other than keyservers

ut requires all keyservers to cooperate. It also means starting from an empty set, effectively building a parallel keyserver network from scratch. 2. At replication stage - this would be effective, but to the best of our knowledge would cripple the algorithm. 3. At search/display stage - almost a

Re: key distribution/verification/update mechanisms other than keyservers

a new, parallel, more narrowly-focused keyserver network we should make sure to include that as well. > A way to implement this without requiring an external protocol would be > an extension to OpenPGP to either allow an Embedded Signature (5.2.3.26) > in a key signature. With ECC this woul

Re: key distribution/verification/update mechanisms other than keyservers

Werner Koch [2018-01-17 09:58:21+01] wrote: >>> (c) rejected all third-party certifications -- so data attached to >>> a given primary key is only accepted when certified by that primary >>> key. > This can help to avoid DoS attacks. I would love to see that to get my > key down to a reasonabl

Re: key distribution/verification/update mechanisms other than keyservers

ndition. A way to implement this without requiring an external protocol would be an extension to OpenPGP to either allow an Embedded Signature (5.2.3.26) in a key signature. With ECC this would not increase the size of a key signature too much. It puts a burden on the keyservers to check this s

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

r by a trusted client running locally, which is the current modus >> operandus. Any keyserver action doing this would just shift >> responsibilities to a third party for something better served (and >> already happens) locally. > > the advantage is spam-abatement -- the keyser

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

t; operandus. Any keyserver action doing this would just shift > responsibilities to a third party for something better served (and > already happens) locally. the advantage is spam-abatement -- the keyservers have to keep track of what is attached to each blob they transport/persist. if all si

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

> On 16 Jan 2018, at 22:26, Leo Gaspard wrote: > > It could also help limit the impact of the nightmare scenario RJH has > described, by making sure all the data is “cryptographically valid and > matching”, thus making it harder to just propagate arbitrary data down > the network. It would make

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 01/16/2018 10:56 PM, Kristian Fiskerstrand wrote: > On 01/16/2018 07:40 PM, Daniel Kahn Gillmor wrote: > >> The keyserver network (or some future variant of it) can of course play >> a role in parallel to any or all of these. for example, keyservers are >> particularl

Re: key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

On 01/16/2018 07:40 PM, Daniel Kahn Gillmor wrote: > The keyserver network (or some future variant of it) can of course play > a role in parallel to any or all of these. for example, keyservers are > particularly well-situated to offer key revocation, updates to expiry, > and sub

key distribution/verification/update mechanisms other than keyservers [was: Re: a step in the right direction]

itional information leakage. Note that the different schemes have different properties in terms of: * information leakage * cryptographic verification * third-party control * censorship * ... The keyserver network (or some future variant of it) can of course play a role in parallel to any or al

Re: Dirmngr fails to communicate with keyservers (W32 binaries for GnuPG 2.1.22)

On Mon, 31 Jul 2017 10:35:24 +0200, Andre Heinecke wrote: > Hi, > > On Sunday, July 30, 2017 11:41:01 AM CEST Kosuke Kaizuka wrote: >> On Sat, 29 Jul 2017 14:58:09 +0100, MFPA wrote:> >>> I have installed the W32 package for GnuPG 2.1.22 and I find keys >>&

Re: Dirmngr fails to communicate with keyservers (W32 binaries for GnuPG 2.1.22)

Hi, On Sunday, July 30, 2017 11:41:01 AM CEST Kosuke Kaizuka wrote: > On Sat, 29 Jul 2017 14:58:09 +0100, MFPA wrote:> > > I have installed the W32 package for GnuPG 2.1.22 and I find keys > > cannot be sent to keyservers, or fetched/refreshed. The operation > > fails wit

Re: Dirmngr fails to communicate with keyservers (W32 binaries for GnuPG 2.1.22)

On Sat, 29 Jul 2017 14:58:09 +0100, MFPA wrote:> > I have installed the W32 package for GnuPG 2.1.22 and I find keys > cannot be sent to keyservers, or fetched/refreshed. The operation > fails with the message "keyserver send failed: Resource temporarily > unavailable&quo

Dirmngr fails to communicate with keyservers (W32 binaries for GnuPG 2.1.22)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have installed the W32 package for GnuPG 2.1.22 and I find keys cannot be sent to keyservers, or fetched/refreshed. The operation fails with the message "keyserver send failed: Resource temporarily unavailable". In the event the di

Re: HTTPS keyservers (with SSL-keys recording)

On 170315-16:46+0100, Werner Koch wrote: > On Wed, 15 Mar 2017 10:14, miro.ro...@croatiafidelis.hr said: > > > keyserver hkps.pool.sks-keyservers.net:443 > > I guess we should better default to hkps:// if a scheme is not given. which is, IIUC, HTTPS key protocol, like hkp:// is HTTP key protocol.

Re: HTTPS keyservers (with SSL-keys recording)

On Wed, 15 Mar 2017 10:14, miro.ro...@croatiafidelis.hr said: > keyserver hkps.pool.sks-keyservers.net:443 I guess we should better default to hkps:// if a scheme is not given. I have not checked whether this is already the case. > I record SSL-keys all the time, and I believe every communicati

HTTPS keyservers (with SSL-keys recording), WAS: help

My reply is really to one issue of all, but the discussion is noteworthy, and also it took place 2 1/2 weeks ago, so I leave the whole email quoted. On 170228-00:35+0100, Damien Goutte-Gattat wrote: > Hi, > > On 02/27/2017 04:07 PM, r...@riseup.net wrote: > > I'll use my master key offline. Follo

Re: Using LDAP keyservers with gpg 2.1.11

OK ... I've done some more digging. The command KEYSERVER --clear was failing because it doesn't like the embedded username and password, i.e. it only works if the configuration just specifies ldaps://login.linaro.org. So, stripping the username and password out gets *that* bit of the code to w

Re: Using LDAP keyservers with gpg 2.1.11

On 7 April 2016 at 17:03, Kristian Fiskerstrand wrote: > is ldap listed as a schema when doing KEYSERVER --help ? you can also > check if ldd /usr/bin/dirmngr shows a linkage to libldap Sorry - how do I check the schema? I'm not sure what command you are asking me to run. With regards to the ldd

Re: Using LDAP keyservers with gpg 2.1.11

On 8 April 2016 at 11:55, Kristian Fiskerstrand wrote: >>> is ldap listed as a schema when doing KEYSERVER --help ? you can >>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap Thanks for this suggestion. dirmngr wasn't listing ldap, so I've installed the extra bits, rebuilt and now

Re: Using LDAP keyservers with gpg 2.1.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/08/2016 12:38 PM, Philip Colmer wrote: > On 7 April 2016 at 17:03, Kristian Fiskerstrand > wrote: >> is ldap listed as a schema when doing KEYSERVER --help ? you can >> also check if ldd /usr/bin/dirmngr shows a linkage to libldap > > Sorry

Re: Using LDAP keyservers with gpg 2.1.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/07/2016 04:58 PM, Philip Colmer wrote: > On 7 April 2016 at 15:40, Werner Koch wrote: >> On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: >> >>> However, with version 2.1.11, it isn't working. Enabling debug >>> options where I can f

Re: Using LDAP keyservers with gpg 2.1.11

On 7 April 2016 at 15:40, Werner Koch wrote: > On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: > >> However, with version 2.1.11, it isn't working. Enabling debug options >> where I can find them gives me this output: > > Please enable debugging for dirmngr and restart dirmngr. All netw

Re: Using LDAP keyservers with gpg 2.1.11

On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: > However, with version 2.1.11, it isn't working. Enabling debug options > where I can find them gives me this output: Please enable debugging for dirmngr and restart dirmngr. All network access is done via the dirmngr daemon which is sta

Using LDAP keyservers with gpg 2.1.11

I've configured our LDAP server to act as a keyserver for use with GnuPG. In testing, with version 1.x and 2.0, sending keys to the keyserver works. However, with version 2.1.11, it isn't working. Enabling debug options where I can find them gives me this output: gpg: enabled debug flags: packet

Re: Remove photos from OpenPGP key in the keyservers

On 09/03/16 18:47, Anthony Papillion wrote: > So am I > correct in this thinking: if I attach a picture to my key and upload > it to a keyserver then remove the picture and upload that 'version' of > my key to the server, the key on the server STILL HAS my picture and > the clients choose to ignore

Re: Remove photos from OpenPGP key in the keyservers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/08/2016 10:47 AM, Robert J. Hansen wrote: >> I'm pretty sure that, if you just send your modified key to the >> keyserver again, it will replace the one that's there. > > This is not correct. Apparently not. Thanks for the correction. I ma

Re: Remove photos from OpenPGP key in the keyservers

y, > photo) gets appended to the bottom. You can upload a new fact to > the keyservers, including a fact that repudiates a previous fact, > but it all just gets appended to the log and it's the client's job > to sort through it and decide what bits are still relevant. Thank you

Re: Remove photos from OpenPGP key in the keyservers

On 03/08/2016 11:08 AM, Anthony Papillion wrote: > > I'm pretty sure that, if you just send your modified key to the > keyserver again, it will replace the one that's there. > I tried it, deleting some subkeys locally, and adding others. I submitted it to the keyservers

Re: Remove photos from OpenPGP key in the keyservers

> How do keyservers manage DMCA claims? They go down. A few years ago Peter Pramberger, a keyserver operator in Austria, had a request from someone who had uploaded a certificate but was now asserting their right under EU data privacy directives to have their personal information removed. Af

Re: Remove photos from OpenPGP key in the keyservers

that is progressively filled. Your primary key is the first entry, and each "fact" that is associated with the primary key (id, certification, subkey, photo) gets appended to the bottom. You can upload a new fact to the keyservers, including a fact that repudiates a previous fact, but i

Re: Remove photos from OpenPGP key in the keyservers

On Tue, Mar 08, 2016 at 06:00:30PM +0100, Viktor Dick wrote: > I always wondered what would happen if someone uploaded something to the > keyservers where he has no permission to do so. An interesting presentation on the subjest is "Trolling the Web of Trust" [1] by Micah

Re: Remove photos from OpenPGP key in the keyservers

On 08.03.2016 16:33, Daniel Kahn Gillmor wrote: > Sorry, but no. The keyservers are globally-synced and append-only. you > will not be able to remove stuff once it's posted there. I always wondered what would happen if someone uploaded something to the keyservers where he has no pe

Re: Remove photos from OpenPGP key in the keyservers

> I'm pretty sure that, if you just send your modified key to the > keyserver again, it will replace the one that's there. This is not correct. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

  1   2   3   >