Am 11 Sep 2005 um 23:01 hat David Shaw geschrieben:
> On Fri, Sep 09, 2005 at 09:59:53AM -0500, John Clizbe wrote:
> > David Shaw wrote:
> > > There is perhaps an argument to be made for a
> > > "super clean" that does clean and also removes any
> > > signature where the signing key is
> > > not
Alphax wrote:
The time is ripe for a GPG variant: ("GPG-lean" ?): a public key
encryption utility with no built-in e-mail ties and no attempt
whatsoever to incorporate the solution for the authentication
problem. (For the majority of us, fingerprint-exchange-by-voice
>>is perfectly adequate).
David Shaw wrote:
>It wasn't an idle suggestion. You can assume that I do, in fact, know
>that this is possible, or I wouldn't have suggested it. Why on earth
>an email address is relevant here I have no idea. You don't need
>anything more than the IP address.
That depends. If that IP address
cdr wrote:
> MUS1876 wrote:
>> Alphax wrote:
>>> I have friends who currently don't want to use PGP because they
>>> fear that their keys will be uploaded to a keyserver, and then
>>> they will be spammed forever more.
>>
>>
>> I totally agree what friends of Alphax say.
>>
>> Wouldn't it be cute t
David Shaw wrote:
> On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote:
>
>>David Shaw wrote:
>>
>>
>>>I have sympathy for that argument, so wouldn't it be good to trace
>>>down where the sigs are entering the keyserver net, and ask whoever is
>>>doing it to stop? It seems like the obvi
On Fri, Sep 09, 2005 at 09:59:53AM -0500, John Clizbe wrote:
> David Shaw wrote:
> > There is perhaps an argument to be made for a "super clean" that does
> > clean and also removes any signature where the signing key is not
> > present (in fact, an early version of clean did that), but that's a
>
On Fri, Sep 09, 2005 at 03:00:31PM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >Known by *you*. I rather think the GD is a good signer, for what it
> >is.
>
> I think both of you need to make a difference between a bad signer that
> signs keys without doing sufficient checking, and a sign
On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >I have sympathy for that argument, so wouldn't it be good to trace
> >down where the sigs are entering the keyserver net, and ask whoever is
> >doing it to stop? It seems like the obvious first step.
>
> Assum
David Shaw wrote:
>I have sympathy for that argument, so wouldn't it be good to trace
>down where the sigs are entering the keyserver net, and ask whoever is
>doing it to stop? It seems like the obvious first step.
Assuming this is possible at all. I don't know exctly what keyservers log,
but I'
MUS1876 wrote:
I have
friends who currently don't want to use PGP because they fear that
>>their
keys will be uploaded to a keyserver, and then they will be spammed
forever more.
I totally agree what friends of Alphax say.
Wouldn't it be cute to have a sepcial option to flag both keys and
s
David Shaw wrote:
>Known by *you*. I rather think the GD is a good signer, for what it
>is.
I think both of you need to make a difference between a bad signer that
signs keys without doing sufficient checking, and a signer that spams
signatures in quantities that could become a DOS attack. The G
> I have
> friends who currently don't want to use PGP because they fear that their
> keys will be uploaded to a keyserver, and then they will be spammed
> forever more.
Hi,
I totally agree what friends of Alphax say.
Wouldn't it be cute to have a sepcial option to flag both keys and
subkeys as
On Sat, Sep 10, 2005 at 05:34:53PM +0200, MUS1876 wrote:
> > I have
> > friends who currently don't want to use PGP because they fear that their
> > keys will be uploaded to a keyserver, and then they will be spammed
> > forever more.
>
> Hi,
>
> I totally agree what friends of Alphax say.
>
> W
> I have
> friends who currently don't want to use PGP because they fear that their
> keys will be uploaded to a keyserver, and then they will be spammed
> forever more.
Hi,
I totally agree what friends of Alphax say.
Wouldn't it be cute to have a sepcial option to flag both keys and
subkeys as
On Sat, Sep 10, 2005 at 02:21:24PM +0200, Dirk Traulsen wrote:
> I hope, this will help you and that maybe somebody else can reproduce
> it.
Aha! I found the problem. It's actually a bug in the German
translation. I was testing in English, so never saw it. I'll file a
bug for that. Thanks f
Am 9 Sep 2005 um 10:46 hat David Shaw geschrieben:
> Unfortunately not, because without the signing key, gpg can't tell if
> a signature is valid or not. If there is no way to tell if a
> signature is valid then the wrong thing might happen in cleaning.
>
> Here's an example:
>
> signature 1 fro
Am 9 Sep 2005 um 10:29 hat David Shaw geschrieben:
> On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
>
> > Interestingly there is a difference, whether I use '--import' to get
> > a key from a 'key.asc' or '--recv-key' to import it from a
> > keyserver. It reproducibly asks for two
On Sat, Sep 10, 2005 at 12:28:22AM +0930, Alphax wrote:
> David Shaw wrote:
> > On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote:
> >
> >>David Shaw wrote:
> >>
> >>
> >>>I'd be all in favor of an option where users could elect to filter out
> >>>keys: that would put the user in contro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Shaw wrote:
> There is perhaps an argument to be made for a "super clean" that does
> clean and also removes any signature where the signing key is not
> present (in fact, an early version of clean did that), but that's a
> different thing than c
David Shaw wrote:
> On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote:
>
>>David Shaw wrote:
>>
>>
>>>I'd be all in favor of an option where users could elect to filter out
>>>keys: that would put the user in control. Forcing your decision on
>>>others by stripping signatures is a very
Johan Wevers wrote:
> Alphax wrote:
>>Removing duplicated signatures however would probably have little impact,
>>assuming you are removing only the newest ones
>
> Don't you mean keeping the newst ones?
>
Er, yes. However as David Shaw pointed out further down the thread,
there's no safe way to
On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
> Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:
>
> > Yes, I see what happened now. It's just a misunderstanding. "clean"
> > can't work unless you have the key that issued the signature that you
> > want cleaned (so it can know
On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
> Interestingly there is a difference, whether I use '--import' to get
> a key from a 'key.asc' or '--recv-key' to import it from a keyserver.
> It reproducibly asks for two different, not existing keys. On WinXP
> it is always 0022F
Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:
> Yes, I see what happened now. It's just a misunderstanding. "clean"
> can't work unless you have the key that issued the signature that you
> want cleaned (so it can know which signatures to remove). In your
> case, you need to fetch key CA57
Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:
> > 2. There is a line after the '--recv-key' which I don't understand:
> > 'gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FA10
> > gefunden' (my english translation: gpg: no ultimately trusted key
> > 0022FA10 found) As you can see i
On Fri, Sep 09, 2005 at 09:30:35AM -0400, Jason Harris wrote:
> On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote:
> > On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote:
>
> [I'll address your other points later.]
>
> > If you insist on presenting a different view to users th
On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote:
> On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote:
[I'll address your other points later.]
> If you insist on presenting a different view to users than the entire
> rest of the keyserver net, without any way to turn such a
On Fri, Sep 09, 2005 at 01:11:30PM +0200, Johan Wevers wrote:
> Alphax wrote:
>
> >Carrying out a full cleaning of keys stored on keyservers would
> >seriously damage the WoT.
>
> Too bad. However, if you just strip the GD signature off the damage won't
> be too large.
Then it needs to be done a
On Fri, Sep 09, 2005 at 07:38:31PM +0930, Alphax wrote:
> Johan Wevers wrote:
> > David Shaw wrote:
> >
> >
> >>I'd be all in favor of an option where users could elect to filter out
> >>keys: that would put the user in control. Forcing your decision on
> >>others by stripping signatures is a ve
On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >I'd be all in favor of an option where users could elect to filter out
> >keys: that would put the user in control. Forcing your decision on
> >others by stripping signatures is a very disturbing step.
>
> Con
On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote:
> > If I ran a keyserver, would it be appropriate for me to drop all
> > signatures from your key D39DA0E3 simply because they're available
> > somewhere else?
>
> keyserver.pgp.com doesn't synchronize with other keyservers, by design,
Alphax wrote:
>Carrying out a full cleaning of keys stored on keyservers would
>seriously damage the WoT.
Too bad. However, if you just strip the GD signature off the damage won't
be too large.
>Removing duplicated signatures however would probably have little impact,
>assuming you are removing
Johan Wevers wrote:
> David Shaw wrote:
>
>
>>I'd be all in favor of an option where users could elect to filter out
>>keys: that would put the user in control. Forcing your decision on
>>others by stripping signatures is a very disturbing step.
>
>
> Considering the behaviour of the GD, I'd s
David Shaw wrote:
>I'd be all in favor of an option where users could elect to filter out
>keys: that would put the user in control. Forcing your decision on
>others by stripping signatures is a very disturbing step.
Considering the behaviour of the GD, I'd say it's also a practical issue
about
On Thu, Sep 08, 2005 at 11:23:08PM -0400, David Shaw wrote:
> On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote:
> > Not at all. Anyone who wants sigs from the GD should use that
> > keyserver. They're still available from it, and, remember,
> > expired sigs don't affect the WoT, so w
On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote:
> On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote:
> > On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:
>
> > > keyserver.kjsl.com is now stripping all GD sigs. The extra variable
> > > in kd_search.c and code f
On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote:
> On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:
> > keyserver.kjsl.com is now stripping all GD sigs. The extra variable
> > in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively:
>
> It's your keyserver
On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote:
> On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote:
> > On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote:
>
> > > 3. Because now I was irritated, I did the same again with a different
> > > keyserver 'keyserver.k
On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote:
> On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote:
> > 3. Because now I was irritated, I did the same again with a different
> > keyserver 'keyserver.kjsl.com' and I got a completely different
> > result! When I fetched th
On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote:
> Am 8 Sep 2005 um 16:00 hat David Shaw geschrieben:
>
> > I'm trying, but I still can't duplicate the problem. Can you put
> > together a simple keyring and simple gpg.conf file that still shows
> > the problem?
>
> I did what you a
Am 8 Sep 2005 um 16:00 hat David Shaw geschrieben:
> I'm trying, but I still can't duplicate the problem. Can you put
> together a simple keyring and simple gpg.conf file that still shows
> the problem?
I did what you asked me to do and now I'm completely confused!
First I deleted my gpg.conf,
On Thu, Sep 08, 2005 at 10:25:20AM +0200, Dirk Traulsen wrote:
> Am 7 Sep 2005 um 19:23 hat David Shaw geschrieben:
>
> > I can't seem to duplicate your problem here. Are you sure you
> > saved the result when you exited from --edit-key?
>
> As you can see, I did.
> I get the message 'already c
file COPYING for details.
pub 1024D/08B0A90B created: 2000-12-20 expires: niemals usage:
CSA
trust: unbekannt Gültigkeit: unbekannt
[ unknown] (1). PuTTY Releases (DSA) <[EMAIL PROTECTED]>
Befehl> clean sigs
User ID "PuTTY Releases (DSA) <[EMAIL P
. If you look at the output at
> sigs from the key CA57AD7C, you see that there are 7 valid newer
> signatures from this key and a lot of older expired signatures.
> I thought, that these sigs should be deleted, if there is a newer
> valid signature from the same key.
>
> >From
wer
signatures from this key and a lot of older expired signatures.
I thought, that these sigs should be deleted, if there is a newer
valid signature from the same key.
>From the man page:
--edit-key KEY
clean sigs ... It also removes any signature
that is superced
45 matches
Mail list logo
