Re: Keysigning party: after the event challenges

On Sun, Feb 10, 2019 at 03:36:05PM +0100, André Ockers wrote: > Hi Peter, > > Thank you very much. > > > Op 09-02-19 om 12:48 schreef Peter Lebbing: > > Hello André, > > > > On 09/02/2019 09:06, André Ockers wrote: > >> - 171 official keysigning p

Re: Keysigning party: after the event challenges

Hi Peter, Thank you very much. Op 09-02-19 om 12:48 schreef Peter Lebbing: > Hello André, > > On 09/02/2019 09:06, André Ockers wrote: >> - 171 official keysigning party participants, of who 107 showed up to my >> awareness; > This is going to be a pain to do manually. B

Re: Keysigning party: after the event challenges

Hello André, On 09/02/2019 09:06, André Ockers wrote: > - 171 official keysigning party participants, of who 107 showed up to my > awareness; This is going to be a pain to do manually. But you don't have to! As the FOSDEM keysigning party page[1] notes, "You may find caff a help

Re: Keysigning party: after the event challenges

André Ockers [2019-02-09 09:06:43+01] wrote: > $ gpg --fingerprint <599C62A291810408> > bash: syntax error near unexpected symbol 'newline' Your Bash shell uses characters "<" and ">" for input and output redirection. Remove those characters: gpg --fingerprint 599C62A291810408 -- /// Teemu

Keysigning party: after the event challenges

Dear GnuPG users, I went to the FOSDEM keysigning party [1] and now I'm in trouble. The situation is: - GNU/Linux Trisquel + Icedove (= Thunderbird rebranded) + Enigmail here at home; - 171 official keysigning party participants, of who 107 showed up to my awareness; - 5 participants h

Re: cryptnet.net (which hosts "GnuPG Keysigning Party HOWTO") down?

On Mittwoch, 1. November 2017 10:52:43 CET Johan Ho wrote: > I tried to look up the "keysigning party howto" on the GnuPG website > (https://gnupg.org/documentation/howtos.html), but apparently > www.cryptnet.net is down (ERR_CONNECTION_REFUSED) so most of the > language

cryptnet.net (which hosts "GnuPG Keysigning Party HOWTO") down?

I tried to look up the "keysigning party howto" on the GnuPG website (https://gnupg.org/documentation/howtos.html), but apparently www.cryptnet.net is down (ERR_CONNECTION_REFUSED) so most of the language links there don't work. I tried a few days ago and today, but it sti

Re: Hybrid keysigning party, your opinion?

don't mind having signatures submitted by signers to keyservers. Thank you for organizing a party! I'm definitely up for assisting with the organization. The keysigning party has been scheduled for monday 7/8/17, and I'm drafting the wiki pages with instructions as we speak, usi

Re: Hybrid keysigning party, your opinion?

On 19/02/17 21:16, Nils Vogels wrote: > I'll read up on this thread from the archives, but I'm exploring possibilities > to enhance the FOSDEM format with the use of QR for on-the-spot signing for > those who want to and don't mind having signatures submitted by signers to > keyservers. Thank you

Re: Hybrid keysigning party, your opinion?

Hey Peter, I've submitted a keysigning party at sha2017 earlier, so we should have a slot to try something out. I'll read up on this thread from the archives, but I'm exploring possibilities to enhance the FOSDEM format with the use of QR for on-the-spot signing for those

Re: Hybrid keysigning party, your opinion?

Le 2017-02-19 à 01:45, Peter Lebbing a écrit : > It failed on a trivial point: by the Friday before the congress, I had only > received four signups. A list with five keys is a poor list indeed. I switched > the model to the classic "bring keyslips" model. Ah, fair enough. That's a bit unfortunat

Re: Hybrid keysigning party, your opinion?

On 18/02/17 16:15, Peter Lebbing wrote: > O Come, All Ye Hackful! Adeste Fiddle-es[2]! Yea ! Philip signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-u

Re: Hybrid keysigning party, your opinion?

no value judgement in how I use "untrusting" here, it's just a way to sum up a group of people in a single adjective. Next opportunity for a keysigning party for me will be SHA 2017, starting the 4th of August in Zeewolde, The Netherlands[1]. O Come, All Ye Hackful! Adeste Fiddle-e

Re: Hybrid keysigning party, your opinion?

Hello, Le 2016-12-05 à 00:03, Peter Lebbing a écrit : > I am asking for your thoughts on a variant of the organization of the > keysigning party. I'll explain my reasoning and intentions, and I would > like to know if you think I forgot to think of something important. Is &

Re: Hybrid keysigning party, your opinion?

Le 2016-12-14 à 04:34, Peter Lebbing a écrit : > Oh, not at all, I hadn't even noticed one could see it that way. My bad; such is the life of the email-user. > Or hang a truly huge printout on the wall and at the start of the > session, together observe that it is correct. Any latecomers can be t

Re: Hybrid keysigning party, your opinion?

On 12/12/16 06:27, Lachlan Gunn wrote: > My apologies if I came across as overly harsh. Oh, not at all, I hadn't even noticed one could see it that way. . What I meant was that it > took me a little bit of time to work out exactly what you meant, so > someone unfamilar with the web of trust will

Re: Hybrid keysigning party, your opinion?

they can just print the detailed list! They then also have the opportunity to have gpgsigs annotate it with the signatures they already did at an earlier keysigning party, saving them the trouble of re-identifying someone for nothing. (Note that not all people consider this "for nothing", so

Re: Recording keysigning attendants on phone

the projector, and they all follow either > the standard Sassaman method or Peter's hybrid one. Thanks for the explanation, Lachlan. Ok, I see, preparations (required in the Sassaman Efficient keysigning event model), in your scheme, are done electronically right before the event starts, ar

Re: Hybrid keysigning party, your opinion?

Le 2016-12-12 à 03:45, Peter Lebbing a écrit : > My e-mail was 1424 words though, so I am afraid I ended up in your > wishful thinking area. > > The remaining 1607 words are in the sections "Background" and "Option > for advanced users", and those words happen to include the name Lachlan. > Go che

Re: Hybrid keysigning party, your opinion?

Le 2016-12-12 à 03:45, Peter Lebbing a écrit : > I really like this suggestion! I had to think about it for a while > before I could see a way to make it work. The trouble is that I want > caff to be able to process the file, and for that I need to keep it > having much of the same patterns. I ende

Recording keysigning attendants on phone (was: Hybrid keysigning party, your opinion?)

Le 2016-12-08 à 22:30, Stephan Beck a écrit : > Yes, to your first question. How you would do that via the > hash-on-the-projector method, is not clear to me, though. Would that be > for generating the (initial) list of the organizers as in Sassaman > Efficient (as an additional service for people

(OT) Hybrid keysigning party, your opinion?

On 11/12/16 21:37, Robert J. Hansen wrote: > Peter's correction was made in a spirit of utterly pedantic attention > to detail [a spirit I share!] Hah! Guilty as charged :-). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want s

Re: Hybrid keysigning party, your opinion?

> Or you might not because it was based on a stupid thinking error on my > side. Let's make it "a chance of 1 in 2^128", which could be the chance > of you trying a symmetric encryption key and actually being right about it. I'm glad you made the correction: that error was so profound. :) (

Re: Hybrid keysigning party, your opinion?

On 11/12/16 18:22, Peter Lebbing wrote: > You might recognise the chosen quantity :-). Or you might not because it was based on a stupid thinking error on my side. Let's make it "a chance of 1 in 2^128", which could be the chance of you trying a symmetric encryption key and actually being right ab

Re: Hybrid keysigning party, your opinion?

On 08/12/16 15:08, Lachlan Gunn wrote: > Can't they get this from the other participants in the line? Checking > with a few people at random gives reasonable assurance that this is what > was agreed on at the beginning, or they can check them all if they want > to be certain. Personally, I find c

Re: Hybrid keysigning party, your opinion?

On 08/12/16 14:51, Lachlan Gunn wrote: > Personally I am of the mind that anything longer than that email is > wishful thinking, you have to get people to actually follow it. The e-mail wasn't meant to be the text for participants. I've spent all afternoon writing a text at the 33C3 wiki[1], but o

Re: Hybrid keysigning party, your opinion?

Peter Lebbing: > On 08/12/16 14:14, Stephan Beck wrote: >> Just some meditations: >> >> So, the late attendees can see and hear that the ordinary participants >> confirm the checksum and that their fingerprints check out? > > Yes, the late attendees definitely need to be there at the beginning

Re: Hybrid keysigning party, your opinion?

Le 2016-12-09 à 00:25, Peter Lebbing a écrit : > Yes, the late attendees definitely need to be there at the beginning of the > party, verifying that the SHA256 checksum printed at the top of their scrubbed > list is the one being read aloud and hearing everybody confirm their > fingerprint > is co

Re: Hybrid keysigning party, your opinion?

Le 2016-12-08 à 22:05, Peter Lebbing a écrit : > Stephan and Lachlan, thank you for thinking about this! I need to make a > decision soon, I really need feedback! Not a problem, efficient keysigning is something I've been pondering for a while, so I'm really glad to see people wor

Re: Hybrid keysigning party, your opinion?

hem an unmodified file? I'd worry about my computer and my internet connection then, not the time lost during the keysigning. > Then, by checking serial numbers, as you say, it's ok :-) Checking serial numbers <-> UID mappings is /purely/ to catch out dishonesty on the part of the per

Re: Hybrid keysigning party, your opinion?

Peter Lebbing: > Stephan and Lachlan, thank you for thinking about this! I need to make a > decision soon, I really need feedback! > > On 07/12/16 22:44, Stephan Beck wrote: >> Doesn't your proposal imply that late attendees could >> make their way through all the k

Re: Hybrid keysigning party, your opinion?

Hi, Lachlan Gunn: > Le 2016-12-08 à 08:14, Stephan Beck a écrit : >> Doesn't your proposal imply that late attendees could >> make their way through all the keysigning without fingerprint >> verification? Or do I miss something? > > If I understand correctly, the

Re: Hybrid keysigning party, your opinion?

Stephan and Lachlan, thank you for thinking about this! I need to make a decision soon, I really need feedback! On 07/12/16 22:44, Stephan Beck wrote: > Doesn't your proposal imply that late attendees could > make their way through all the keysigning without fingerprint > verific

Recording keysigning attendants on phone (was: Hybrid keysigning party, your opinion?)

arks with the same type of pen you used, and then sneak it back into your possession. That's a physical act that requires an intimate level of proximity. A phone or tablet is a wirelessly connected device that could be hacked from a distance, and it could be done even before the keysigning. I

Re: Hybrid keysigning party, your opinion?

Le 2016-12-08 à 08:14, Stephan Beck a écrit : > Doesn't your proposal imply that late attendees could > make their way through all the keysigning without fingerprint > verification? Or do I miss something? If I understand correctly, the late attendees still get a copy of the fing

Re: Hybrid keysigning party, your opinion?

Peter Lebbing: > Hi all, > > In just a few weeks, the 33C3 will be held in Hamburg, the 33th Chaos > Communication Congress organized by the Chaos Computer Club. I intend to > organize a keysigning party, just because they are fun. > > I am asking for your thought

Hybrid keysigning party, your opinion?

Hi all, In just a few weeks, the 33C3 will be held in Hamburg, the 33th Chaos Communication Congress organized by the Chaos Computer Club. I intend to organize a keysigning party, just because they are fun. I am asking for your thoughts on a variant of the organization of the keysigning party

Re: 31C3, keysigning party

Hi. On Thu, Dec 11, 2014 at 01:49:36PM +0100, Peter Lebbing wrote: > Probably monkeyscan from monkeysign... FWIW: A tool with a similar goal is GNOME Keysign: https://github.com/muelli/geysigning (Note that the repository will move, so this link will become defunct) Contrasting caff or monkeysign

Re: 31C3, keysigning party

ers. > > I intend to organise a keysigning party if no one else does. There is one advertized already: https://events.ccc.de/congress/2014/wiki/Session:Keysigning_Party > Now I'm considering a mixed-mode party, basing on Sassaman-Efficient, > but falling back to slips of paper as pr

Re: 31C3, keysigning party

On 11/12/14 17:58, Guilhem Moulin wrote: > There is one advertized already: Excellent! And thank you for pointing it out, especially since they expect you to sign up /way before/ the event. I hope they'll allow people in who didn't sign up (who will bring their own slips of paper or QR code for

Re: 31C3, keysigning party

On 11/12/14 14:46, Tobias Mueller wrote: > FWIW: A tool with a similar goal is GNOME Keysign: Thanks for the pointer! > Contrasting caff or monkeysign, it does not rely on keyservers. Neither does caff, if the organiser of the keyparty simply collects all keys (sent by the participants) and send

Re: 31C3, keysigning party

On 11/12/14 13:22, Peter Lebbing wrote: > Oh, and there's this 2D > barcode keysigning thing as well, should look it up. It was demonstrated to me > at the keysigning at OHM2013. Probably monkeyscan from monkeysign... the latter has been mentioned numerous times on this list, btw.

Re: 31C3, keysigning party

On 11/12/14 11:39, Werner Koch wrote: > Hi! Hi! > I will be at the 31C3 at Hamburg from the 28th (late afternoon) to the > 30th. You may find me at the FSFE Assembly or ask there for my local > communication parameters. I intend to organise a keysigning party if no one else does.

Re: Keysigning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 3 December 2014 at 10:13:04 AM, in , Kristian Fiskerstrand wrote: > This one means you should update your version of gnupg. > It was a bug back in 2.0.24 and 2.0.25 (and the 1.4 > versions released around the same time). Intere

Re: Keysigning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 02-12-2014 a las 7:53, Robin Mathew Rajan escibió: > Hello David, :) > > I already uploaded my public key to a public key server some months > ago. But there's no local Linux users group where I live! I sent > emails to some people listed at bigl

Re: Keysigning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/03/2014 12:47 AM, MFPA wrote: > Hi > > > On Tuesday 2 December 2014 at 12:30:11 PM, in > , Robin Mathew Rajan > wrote: > > > >> My key is available on these key servers. > > When GnuPG searched for the key to verify your signatures, It >

Re: Keysigning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 2 December 2014 at 12:30:11 PM, in , Robin Mathew Rajan wrote: > My key is available on these key servers. When GnuPG searched for the key to verify your signatures, It failed with:- gpg: key 0x7D3A6C5A47CF3842: rejected by import

Re: Keysigning

On Tue, Dec 02, 2014 at 10:23:13AM -0700, Aaron Toponce wrote: > Yes. You can get me through Tox. My Tox ID is: > > 76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696 Hmm. It seems to have been truncated in the paste. The actual Tox ID is: 30861A76AC69FEB7DA042DFD75F30574CEE3

Re: Keysigning

On Tue, Dec 02, 2014 at 01:57:13PM +0530, Robin Mathew Rajan wrote: > Where can I get my keys signed? Does here anyone provide keysigning services > through video conference? :) Yes. You can get me through Tox. My Tox ID is: 76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD3

Re: Keysigning

y signing >> through video conferencing, might help in reducing 'crypto divide' (like >> that in 'digital divide'). :) >> >> Regards, >> Robin Mathew Rajan >> https://www.robinmathewrajan.com/ >> >> >> On 02-12

Re: Keysigning

ds, > Robin Mathew Rajan > https://www.robinmathewrajan.com/ > > > On 02-12-2014 PM 03:05, da...@gbenet.com wrote: >> On 02/12/14 08:27, Robin Mathew Rajan wrote: >>> Hello, >>> >>> Where can I get my keys signed? Does here anyone provide keysigning &

Re: Keysigning

...@gbenet.com wrote: > On 02/12/14 08:27, Robin Mathew Rajan wrote: >> Hello, >> >> Where can I get my keys signed? Does here anyone provide keysigning services >> through video conference? :) >> >> Thanks and regards, >> Robin Mathew Rajan >> >&

Re: Keysigning

On 02/12/14 08:27, Robin Mathew Rajan wrote: > Hello, > > Where can I get my keys signed? Does here anyone provide keysigning services > through video conference? :) > > Thanks and regards, > Robin Mathew Rajan > > ___

Keysigning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, Where can I get my keys signed? Does here anyone provide keysigning services through video conference? :) Thanks and regards, Robin Mathew Rajan -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCgAGBQJUfXfhAAoJEJyRZAJNoXmuFecP

Re: keysigning: lsign and offline master key

Daniel Kahn Gillmor: > 0) --export-options export-local on your air-gapped system, combined > with --import-options import-local on your "regular" system. > Would either of these workflows meet your goals? Thanks! That's exactly what I was looking for. -- nb.linux

Re: keysigning: lsign and offline master key

Am Sa 04.01.2014, 21:41:32 schrieb nb.linux: > How can I lsign a key and transfer the local signature from my air > gapped system? --export-options export-local-sigs Not necessary for import if the importing system knows the signing key as secret key (no matter whether the mainkey is available

Re: keysigning: lsign and offline master key

On 01/04/2014 04:41 PM, nb.linux wrote: > - ...here I'm stuck, because (as I understand the lsign) I cannot export > the signature... > > Is this right? > How can I lsign a key and transfer the local signature from my air > gapped system? > Maybe by copying the keyring files between the systems?

keysigning: lsign and offline master key

Hi, I have an offline master key with C/S capabilities and two subkeys (E, S). When (publicly) signing keys, usually I load my air gapped system with the master key, sign each individual UID of the key to sign, and export the signatures. Then send the signatures encrypted to the UID. How would th

Keysigning Event Aachen

Aloha, Oecher Keysigning Party III Do 15.12.2011, 18:30 Uhr s.t. Aachen, Elisenbrunnen (linker Flügel) http://mareichelt.com/okp3/ pgpblGwdhal7M.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org

Re: keysigning parties

> I am having a really hard time finding any *current* info on > key signing parties. I was wondering if someone could point me in the > right direction. What sort of information do you need? If it's, "how do I find one?", the best answer is, "throw one!" Turn it into a social event: do someth

Re: keysigning parties

> Are you looking for information about how a keysigning party is run > today? If by "a" you mean "one particular," I have no objection: if by "a" you mean "in general," I object. :) There are techniques that focus on "let's get this ove

Re: keysigning parties

was wondering if someone could point me in the >> right direction. > > Are you looking to find a party to get your key signed? [...] > Are you looking for information about what happens at the parties[...] Are you looking for information about how a keysigning party is run today

Re: keysigning parties

in the > right direction. Are you looking to find a party to get your key signed? If so, check out www.biglumber.com. That has both individual people as well as events (parties). Are you looking for information about what happens at the parties (i.e. the keysigning protocols)? If so, check out t

keysigning parties

Hello, This is my first post to this list so please excuse me if i violate any etiquette. I am having a really hard time finding any *current* info on key signing parties. I was wondering if someone could point me in the right direction. Thanks, -- Aaron _

Keysigning event party in Cebit 2011?

Hi, I've just learned that I might attend Cebit. I was wondering if there was plans to have a keysigning event / party ? and if so where the meet point would be. Ludo -- http://perso.hirlimann.net/~ludo/blog/ http://flickr.com/photos/lhirlimann signature.asc Description: OpenPGP di

Fyi: keysigning parties in Brazil

Hi, this wiki, maintained by "Associação Software Livre", is dedicated to coordinate (and subsequently, list) all of the keysigning parties in Brazil: http://wiki.softwarelivre.org/KSP/WebHomeEn regards, and a harmonious 2011 to you all, Marcio B

FYI: Keysigning events at FOSDEM (Feb 7th) and Chemnitz Linux-Days (March 13th)

Hi, for those interested in keysigning there are two upcoming events: PGP/GPG/CA Keysigning events on Sunday Feb 7th at FOSDEM in Brussels http://fosdem.org/2010/keysigning Deadline for key submission: Monday, Feb 1st 2010 (hurry up!) PGP/GPG Keysigning event on Saturday March 13th at Chemnitz

FYI: Keysigning Party at FrOSCon 2009 in Sankt Augustin (August 22nd)

Hi, for those interested, there's going to be a keysigning party at FrOSCon 2009 in Sankt Augustin on August 22nd, 12:30h: http://ksp.froscon.org/ Deadline for key submission is Thursday, August 20th 2009. More info about the conference is online at http://www.froscon.org/ -- left

Re: FYI: Keysigning at Linuxtag 2009 in Berlin (June 26th)

When you come to london? 2009/6/9 markus reichelt : > Hi, > > > for those interested, there's going to be again a keysigning party at > Linuxtag 2009 in Berlin (June 26th): > > http://wiki.linuxtag.org/w/Keysigning_2009 > > Deadline for key submission is Sunday, J

FYI: Keysigning at Linuxtag 2009 in Berlin (June 26th)

Hi, for those interested, there's going to be again a keysigning party at Linuxtag 2009 in Berlin (June 26th): http://wiki.linuxtag.org/w/Keysigning_2009 Deadline for key submission is Sunday, June 21st, 23:59 (Sorry for the late announcement, last year's keysigning was announc

Re: FYI: Keysigning events at FOSDEM (Feb 8th) and Chemnitzer Linux-Tage (March 14th)

* markus reichelt wrote: > PGP/GPG Keysigning event on Saturday March 14th 18:00h at Chemnitz > Linux Days in ... Chemnitz. > > Deadline for key submission: *Monday March 9th* This is just a friendly (and last) reminder that you can still participate, just honour the deadline. M

Re: FYI: Keysigning events at FOSDEM (Feb 8th) and Chemnitzer Linux-Tage (March 14th)

* markus reichelt wrote: > PGP/GPG/CA Keysigning events on Sunday Feb 8th at FOSDEM in > Brussels The exact time is yet to be announced, more info (in > English) at http://fosdem.org/2009/keysigning > > Deadline for key submission: Thursday Jan 29th, 8:00 PM CEST This is just

FYI: Keysigning events at FOSDEM (Feb 8th) and Chemnitzer Linux-Tage (March 14th)

Hi, for those interested in keysigning there are two upcoming events: PGP/GPG/CA Keysigning events on Sunday Feb 8th at FOSDEM in Brussels The exact time is yet to be announced, more info (in English) at http://fosdem.org/2009/keysigning Deadline for key submission: Thursday Jan 29th, 8:00 PM

FYI: Keysigning at FROSCON 2008 in Bonn-Rhein-Sieg (August 23rd)

Hi, for those interested, there's going to be again a keysigning party at FROSCON 2008 in Bonn-Rhein-Sieg (August 23rd): http://ksp.froscon.org/ -- left blank, right bald pgpvVe1LZ4gS3.pgp Description: PGP signature ___ Gnupg-users mailing

Re: FYI: Keysigning at Linuxtag 2008 in Berlin (May 30th)

On Wed, 16 Apr 2008 17:11, [EMAIL PROTECTED] said: > http://wiki.linuxtag.net/w/Keysigning_2008 Please don't use this procedure - it just don't works. Within a group of cryptographers it is a nice protocol but not in the real world. The procedure does not cope with the problem that people don't

FYI: Keysigning at Linuxtag 2008 in Berlin (May 30th)

Hi, for those interested, there's going to be again a keysigning party at Linuxtag 2008 in Berlin (May 30th): http://wiki.linuxtag.net/w/Keysigning_2008 -- left blank, right bald pgprFLK2anXpA.pgp Description: PGP signature ___ Gnupg-

Keysigning request

Is there anyone in the Chicago area who would be willing and able to meet me to sign my GPG key? Yes, I have looked on Biglumber and contacted several people from there. Yes, I have searched for WoT groups in the area. No, not one person has met with me yet. I will only be in Chicago for the ne

Keysigning request

Is there anyone in the Chicago area who would be willing and able to meet me to sign my GPG key? Yes, I have looked on Biglumber and contacted several people from there. Yes, I have searched for WoT groups in the area. If you, or someone you know, is in the Chicago area and would be able to meet

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Atom Smasher wrote: > pgp Key Signing Observations: Overlooked Social and Technical > Considerations > > > there's a few sections in that article that might be of interest. Indeed, thank you Atom

Re: Keysigning challenge policies/procedures

On Thu, 6 Jul 2006, Todd Zullinger wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) == pgp Key Signing

Re: Keysigning challenge policies/procedures

On Sunday 09 July 2006 06:27, Alphax wrote: > Michael Kallas wrote: > > David Shaw schrieb: > >> I've been away on vacation and only picked up this thread now. > >> This statement is not correct. Back in the PGP 2.x days, this > >> might have been true, but with OpenPGP, there is no particular >

Re: Keysigning challenge policies/procedures

Hi, Alphax schrieb: > Suppose you send an email to Address W and encrypt an "authentication > token" to Key X. You recieve a reply from Address Y, containing the > authentication token, which has been signed with Key Z. > > This tells you that /someone/ with access to W has recieved a message; >

Re: Keysigning challenge policies/procedures

Michael Kallas wrote: > David Shaw schrieb: >> I've been away on vacation and only picked up this thread now. This >> statement is not correct. Back in the PGP 2.x days, this might have >> been true, but with OpenPGP, there is no particular requirement that >> the ability to sign and the ability

Re: Keysigning challenge policies/procedures

David Shaw schrieb: > I've been away on vacation and only picked up this thread now. This > statement is not correct. Back in the PGP 2.x days, this might have > been true, but with OpenPGP, there is no particular requirement that > the ability to sign and the ability to decrypt are connected. Y

Re: Keysigning challenge policies/procedures

e key owner. Marcus and Ingo have very been helpful in providing pretty specific procedures that they've used (and documented) for key signing. I've read with interest the comments that you've made over the years as the topic of keysigning has come up and I'd be very appre

Re: Keysigning challenge policies/procedures

On Fri, Jul 07, 2006 at 07:22:40PM +0200, Mark Kirchner wrote: > On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote: > > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > > > >> What I don't see in any of the links is more information about sending > >> an email challenge before signing a key. (My apo

Re: Keysigning challenge policies/procedures

nly a handful were > sign-only or certification-only keys. I did simply sign them with a > lower verification level. Me, too. I just give these sign-only keys a level of 2 as explained in my policy. I have been at several (large) keysigning parties and luckily there are not so many sign-only keys

Re: Keysigning challenge policies/procedures

On Fri, Jul 07, 2006 at 04:15:03PM -0400, Todd Zullinger wrote: > Ingo Klöcker wrote: > > On Friday 07 July 2006 17:09, Todd Zullinger wrote: > [...] > >> But that does mean that you can't get a signed key to someone if > >> the key you've signed doesn't have any encryption capabilities, > >> corre

Re: Keysigning challenge policies/procedures

On Fri, Jul 07, 2006 at 08:39:37PM +0200, Ingo Klöcker wrote: > On Friday 07 July 2006 17:09, Todd Zullinger wrote: > > Marcus Frings wrote: > > > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > > >> What I don't see in any of the links is more information about > > >> sending an email challenge befo

Re: Keysigning challenge policies/procedures

On Fri, Jul 07, 2006 at 11:19:47AM +0200, Marcus Frings wrote: > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > > > What I don't see in any of the links is more information about sending > > an email challenge before signing a key. (My apologies if I'm > > overlooking it on your page or any of the

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: > On Friday 07 July 2006 16:56, Todd Zullinger wrote: [...] >> Could you elaborate a little on the procedure you use to generate the >> challenges? I'd love to have some examples of how other folks do >> things to present to my fel

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: > On Friday 07 July 2006 17:09, Todd Zullinger wrote: [...] >> But that does mean that you can't get a signed key to someone if >> the key you've signed doesn't have any encryption capabilities, >> correct? > > That's obviously cor

Re: Keysigning challenge policies/procedures

On Friday 07 July 2006 17:09, Todd Zullinger wrote: > Marcus Frings wrote: > > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > >> What I don't see in any of the links is more information about > >> sending an email challenge before signing a key. (My apologies if > >> I'm overlooking it on your page

Re: Keysigning challenge policies/procedures

On Friday 07 July 2006 16:56, Todd Zullinger wrote: > Ingo Klöcker wrote: > > I haven't used it myself because I'm using a self-written script > > for creating challenges with KMail. > > Could you elaborate a little on the procedure you use to generate the > challenges? I'd love to have some examp

Re: Keysigning challenge policies/procedures

On Friday, July 7, 2006, 11:19:47 AM, Marcus wrote: > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > >> What I don't see in any of the links is more information about sending >> an email challenge before signing a key. (My apologies if I'm >> overlooking it on your page or any of the others.) > > B

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > >> What I don't see in any of the links is more information about >> sending an email challenge before signing a key. (My apologies if >> I'm overlooking it on your page or any of t

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: > Try CA-Bot (http://cabot.alioth.debian.org/). Thanks Ingo. > I haven't used it myself because I'm using a self-written script for > creating challenges with KMail. Could you elaborate a little on the procedure you use to genera

Re: Keysigning challenge policies/procedures

* Todd Zullinger <[EMAIL PROTECTED]> wrote: > What I don't see in any of the links is more information about sending > an email challenge before signing a key. (My apologies if I'm > overlooking it on your page or any of the others.) Before I used a protocol to signing keys where I sent out rand

Re: Keysigning challenge policies/procedures

Am Freitag, 7. Juli 2006 06:31 schrieb Todd Zullinger: > What I don't see in any of the links is more information about > sending an email challenge before signing a key. (My apologies if > I'm overlooking it on your page or any of the others.) > > It's been discussed here before but I've not foun

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: > * Todd Zullinger <[EMAIL PROTECTED]> wrote: > >> I was wondering if some folks here have detailed their challenge >> policies and procedures and if you'd mind sharing them if you have? >> Even handier would be some scripts to he

  1   2   >