On 01/09/14 23:04, Ville Määttä wrote:
> I bought my SCR3500 and SCR335 V2 from Identive / Chipdrive [1]. I had a
> problem adding VAT number to the order myself but at least they ship (and
> kindly handled fixing the bill afterwards). Though, they only seem to have an
> SCT3511 there, not a 351
I bought my SCR3500 and SCR335 V2 from Identive / Chipdrive [1]. I had a
problem adding VAT number to the order myself but at least they ship (and
kindly handled fixing the bill afterwards). Though, they only seem to have an
SCT3511 there, not a 3512.
[1] http://www.chipdrive.de
--
Ville Määt
On 01/09/14 15:18, Philip Jackson wrote:
> On 01/09/14 08:16, Werner Koch wrote:
>> On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said:
>>
>>> Yes the card can have a 4096bit Auth, Sign and Encryption key. You have
>> Correct.
>>
>>> to generate them on a machine though, not on c
On 01/09/14 08:16, Werner Koch wrote:
> On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said:
>
>> Yes the card can have a 4096bit Auth, Sign and Encryption key. You have
>
> Correct.
>
>> to generate them on a machine though, not on card.
>
> The cards generate them just fine.
On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said:
> Yes the card can have a 4096bit Auth, Sign and Encryption key. You have
Correct.
> to generate them on a machine though, not on card.
The cards generate them just fine.
Note that this is only true for the ZeitControl as c
On 31/08/14 18:31, Jonathan Brown wrote:
> Can an OpenPGP 2.0 smart card hold 3 4096 keys at the same-time?
> Additionally could an OpenPGP 2.0 Smart card hold 4 4096 keys as well?
>
> This is assuming you are using a GPG version that supports this. Sorry
> I couldnt find this answer online.
>
>
>
Can an OpenPGP 2.0 smart card hold 3 4096 keys at the same-time?
Additionally could an OpenPGP 2.0 Smart card hold 4 4096 keys as well?
This is assuming you are using a GPG version that supports this. Sorry I
couldnt find this answer online.
___
Gnupg-us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 19 March 2010 at 6:54:06 AM, in
, Paul Richard Ramer wrote:
> On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
>> It looks to me as if the answer is "yes." Unless each
>> person who had one of your email addresses already
>> knew the o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
>> I can't speak for other people, but I can for me. Take
>> > a look at the UIDs on my key, which is
>> > 0xC7C66ADF3DB6D884. And also, take a look at my master
>> > key 0x2188A92DF05045C2 that I sign
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 17 March 2010 at 12:58:37 AM, in
, reynt0
wrote:
> On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: . . .
>> When the reader is Big Brother, or a potential
>> employer or blackmailer etc., that might matter. When
>> the reader is
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:
. . .
In fact, just by posting to this mailing list we have
given up some privacy or anonymity. The nature of the
way we write, what we think, the experiences that we
relate--all of these reveal something about ourselves.
When the reader is Big B
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 16 March 2010 at 6:02:15 AM, in
, Paul Richard Ramer wrote:
> On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:
>> I don't understand the comment that they were never
>> private information. They will have been private
>> information f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello MFPA,
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:
>> I think that I disclosed less than you may have gotten
>> the impression that I did, since those addresses were
>> never private information.
>
> I don't understand the comment that they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 15 March 2010 at 7:54:03 AM, in
, Paul Richard Ramer wrote:
> If you knew more about how I shared those e-mail
> addresses, you might conclude differently.
OK
> I think that I disclosed less than you may have gotten
> the impress
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 15 March 2010 at 8:28:16 AM, in
, Paul Richard Ramer wrote:
> Better than useful, it is essential. :-)
Essential? Plenty of people manage without it. (-;
> Good judgment will lead to good decisions.
Good judgment will lead to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, 8 Mar 2010 18:31:41 + MFPA wrote:
>> I am also assuming that the user has intelligence and judgment.
>
> A useful combination, sadly not common enough (-;
Better than useful, it is essential. :-)
>> I mean that he must be able to real
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
>> And by the way, I apply this rule to me.
>
> Which rule? You've already stated that you don't believe the holder
> should upload the key if the originator doesn't want, so presumably
> you mean that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 13 March 2010 at 11:15:32 AM, in
, Paul Richard Ramer wrote:
> The issue of law is not "an integral part of the
> answer" to the question of what should be. It is an
> integral part of the answer to what is.
I see what you mean,
Hello MFPA,
I couldn't respond to your post for a while. So here it is.
On Mon, 8 Mar 2010 21:38:18 + MFPA wrote:
>> I never asserted that you said the key's originator owned the
>> information stored in the key. I was quoting the context of what your
>> reply about the originator having "s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Paul
On Monday 8 March 2010 at 5:35:08 AM, you wrote:
> MFPA wrote:
>> On Saturday 6 March 2010 at 8:55:48 AM, you wrote:
>>
>>
>>> On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
> (b) the person owns the information has the right to
>
Hi Paul
On Monday 8 March 2010 at 7:44:42 AM, you wrote:
> I am assuming that a person inhabited with the desire to protect his
> personal information would analyze the safety of using a UID with the
> information that he wants to protect.
I think you may be assuming an awful lot, especially i
MFPA wrote:
>> In each of these cases, John Doe made the mistake of thinking that
>> he could keep his personal information in his key, and that he could
>> keep his key off the keyservers. If John were to make the wisest
>> decision about keeping his personal informaton secret, wouldn't he
>> choo
Hello MFPA,
I will summarize the "rights" and restrictions that I believe you say
that an OpenPGP user has with another's public key. I will call this
the rules of "Key Rights Management" or KRM for short.
Rights of the Key Originator
* Can restrict the uploading of
MFPA wrote:
> On Saturday 6 March 2010 at 8:55:48 AM, you wrote:
>
>
>> On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
(b) the person owns the information has the right to
control how it is disseminated, and
>
> This was someone's re-interpretation of my point. Spot the extra ">"?
Hel
Hi Mark
On Thursday 4 March 2010 at 5:25:09 PM, you wrote:
> Were I the individual, I would think long and hard about using a tool
> which would require me to defeat its features that create identity
> labels (however false or information-poor) and carry them along with
> the message. I would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi David
On Sunday 7 March 2010 at 5:53:51 PM, you wrote:
> On Mar 7, 2010, at 11:46 AM, MFPA wrote:
>> (And yes, I know gpg now
>> allows you to omit the email address without having to use --expert,
>> but you are still asked for it.)
> There
On Mar 7, 2010, at 11:46 AM, MFPA wrote:
> The default configurations of PGP and gpg ask for a name, email
> address, and comment when you create a key. Last time I looked (v8.x),
> PGP would not even create a key without something that looked like an
> email address - hence the a...@b.c in my UID
Hi Paul
On Saturday 6 March 2010 at 8:54:41 AM, you wrote:
> Hello MFPA,
> During this whole debate, you have assumed one thing in your argument
> that I don't believe anyone has pointed out as being flawed. You have
> assumed that the person (I will call him John Doe) would have decided
> to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Paul
On Saturday 6 March 2010 at 8:55:48 AM, you wrote:
> On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
>> > (b) the person owns the information has the right to
>> > control how it is disseminated, and
This was someone's re-interpretation o
Hello MFPA,
During this whole debate, you have assumed one thing in your argument
that I don't believe anyone has pointed out as being flawed. You have
assumed that the person (I will call him John Doe) would have decided
to create a UID that contained the personal information that he wants
to ke
On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
> > (b) the person owns the information has the right to
> > control how it is disseminated, and
>
> The data subject does have various rights concerning the personal
> information that is about him.
Hello MFPA,
How far do the "rights" of the key hol
On Wed, Mar 03, 2010 at 06:44:25PM +, MFPA wrote:
> On Wednesday 3 March 2010 at 4:16:21 PM, you wrote:
> > On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
> >> There are privacy issues, especially if user-ids on the key contain
> >> email addresses. In some cases, the authorities knowing
On Mar 3, 2010, at 11:16 AM, Mark H. Wood wrote:
> On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing an individual
>> used encryption could be a problem.
>
> There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Robert
On Wednesday 3 March 2010 at 6:52:17 PM, you wrote:
> It is not reasonable that their definition of privacy will overlap with
> yours, no. I don't get to define what "privacy" means for anyone other
> than me. You don't get to define
On 3/3/2010 1:44 PM, MFPA wrote:
>> I feel there is a strong assumption among OpenPGP users that our
>> community is, *ahem*, open.
>
> Is it not also a reasonable assumption, that those who use and promote
> privacy-enhancing software will value and respect privacy?
It is not reasonable that the
On 3/3/2010 1:25 PM, Daniel Kahn Gillmor wrote:
>> There are issues of tradecraft, then. Using OpenPGP as a tool for
>> committing crimes is kind of stupid.
>
> Can we not go down this line of argument, please?
I agree that OpenPGP implementations can be useful tools for the
advancement of hum
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Mark
On Wednesday 3 March 2010 at 4:16:21 PM, you wrote:
> On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing
On 03/03/2010 11:16 AM, Mark H. Wood wrote:
> On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses. In some cases, the authorities knowing an individual
>> used encryption could be a problem.
>
> There are i
On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
> There are privacy issues, especially if user-ids on the key contain
> email addresses. In some cases, the authorities knowing an individual
> used encryption could be a problem.
There are issues of tradecraft, then. Using OpenPGP as a tool f
On Sat, Feb 27, 2010 at 12:30:21AM +, MFPA wrote:
> No impact on the web of trust. But your online presence (and possibly
> that of somebody else with the same name) can feed into decisions
> about employing you or doing business with you, often/usually made by
> people who don't actually under
On Sun, 28 Feb 2010, David Shaw wrote:
On Feb 28, 2010, at 4:20 PM, reynt0 wrote:
On Sat, 27 Feb 2010, Robert J. Hansen wrote:
. . .
The perfect is the enemy of the good.
Just to note, did RJH actually intend to write
"...the enemy of the good enough.", which I believe is
the usual quote?
On Sun, 2010-02-28 at 16:06 -0500, reynt0 wrote:
> On Sat, 27 Feb 2010, Paul Richard Ramer wrote:
> . . .
> > Speculation isn't any more progress than an idea is action. Speculation
> > buttressed with facts leads, in time, to progress. But speculation,
> . . .
>
> And speculation often has
> Understood, and I agree it makes no such statement. However, it does make a
> reasonably good statement that you were physically located near that person
> at a certain point in time, roughly what that time was, and roughly where
> (geographically) it happened.
This is assuming the signature
On Feb 28, 2010, at 8:09 PM, Robert J. Hansen wrote:
>> You can certainly tell a lot about someone by the signatures on their key.
>> Either directly from the signature or because those signatures point to
>> other keys that have their own signatures, etc. With your permission, may I
>> see w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi reynt0
On Sunday 28 February 2010 at 9:18:55 PM, you wrote:
> Now all the serious ones, or maybe the merely curious,
> have to do is to search "FREFF"--or maybe buy from Google the
> info Google has about FREFF if nothing can be found easily b
> You can certainly tell a lot about someone by the signatures on their key.
> Either directly from the signature or because those signatures point to other
> keys that have their own signatures, etc. With your permission, may I see
> what I can find from the signatures on your key D6B98E10?
On Feb 28, 2010, at 4:20 PM, reynt0 wrote:
> On Sat, 27 Feb 2010, Robert J. Hansen wrote:
> . . .
>> The perfect is the enemy of the good.
>
> Just to note, did RJH actually intend to write
> "...the enemy of the good enough.", which I believe is
> the usual quote? The two are rather different i
On Feb 27, 2010, at 3:23 PM, Robert J. Hansen wrote:
>> I agree that "generally speaking, it's a good idea to put keys on the
>> keyservers". I don't know if that makes it conventional wisdom, or who the
>> arbiter of such wisdom might be, but clearly a very common use of OpenPGP is
>> for enc
>> The perfect is the enemy of the good.
It's a pretty common engineering maxim. It's not a statement about morality --
or, at least, it wasn't my intent for it to be taken as such.
For an excellent engineering example of the difference between perfect and
good, compare Project Xanadu to the W
On Sat, 27 Feb 2010, Robert J. Hansen wrote:
. . .
The perfect is the enemy of the good.
Just to note, did RJH actually intend to write
"...the enemy of the good enough.", which I believe is
the usual quote? The two are rather different ideas,
even more so if morality has been included as an
> >
> > That isn't how the web of trust works. Well, it *can* work that way
for you, since you can choose who to trust and who not to, but that's
not the information encoded in there. I "know" dozens of people on the
net. I've exchanged encrypted mail with them, I've worked with them, in
some ca
On Sun, 28 Feb 2010, MFPA wrote:
. . .
no way to prove you're MFPA. So I can't sign your key.
If you knew me personally, you could.
And as I already said, do you know MFPA's not my legal identity?
There used to be somebody in my town who had officially changed his
name to FREFF. (Never did u
On Sat, 27 Feb 2010, Paul Richard Ramer wrote:
. . .
Speculation isn't any more progress than an idea is action. Speculation
buttressed with facts leads, in time, to progress. But speculation,
. . .
And speculation often has the very useful effect of stimulating
search for new facts where p
On Feb 27, 2010, at 4:54 PM, Grant Olson wrote:
> Doh! Originally sent off list... Maybe Robert got a psychic vibe...
>
> On 2/27/2010 2:21 PM, MFPA wrote:
>>
>> I don't want such a vote. Whether somebody chooses to include an email
>> address in their UID is up to the individual. I have not s
On Feb 28, 2010, at 12:54 AM, MFPA wrote:
> On Saturday 27 February 2010 at 11:19:43 PM, you wrote:
>
>
>
>> GnuPG doesn't, at least as of 1.4.10, force you to include an e-mail
>> address in your user ID. It merely requests an e-mail address, and you
>> can just press enter and ignore the req
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi John
On Saturday 27 February 2010 at 10:21:20 PM, you wrote:
> MFPA wrote:
>> My contention is that the de
>> facto standard of revealing email addresses in key UIDs could actually be
>> mitigating *against* the use of encrypted mail, by dis
> Kind of "let's agree to disagree?"
More like, "since you are reacting emotionally and refuse to even entertain the
possibility of being persuaded, there is no point in continuing this
conversation."
I wish you a pleasant day.
___
Gnupg-users maili
I think that MFPA has succinctly summed up his point of view in these
two quotes.
On Sun, 2010-02-28 at 04:33 +, MFPA wrote:
> > What you're saying here is, "even if the advice were sound for one
> > million users, and destructive to the privacy of just one, I still
> > would not change becaus
On Sun, 2010-02-28 at 04:33 +, MFPA wrote:
> > Speculation is great, but speculation isn't fact -- and we need to
> > change the way we do things based on facts, not on speculations. We
> > can agree on facts, but our speculations will likely not overlap very much
> > at all.
>
> I'm sure an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Paul
On Saturday 27 February 2010 at 11:19:43 PM, you wrote:
> GnuPG doesn't, at least as of 1.4.10, force you to include an e-mail
> address in your user ID. It merely requests an e-mail address, and you
> can just press enter and ignore th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Grant
On Saturday 27 February 2010 at 9:54:56 PM, you wrote:
> It sounds like you're using the software to do the opposite thing that
> many people do. I think digital signatures are utilized much more than
> encrypted communication.
I don'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Robert
On Saturday 27 February 2010 at 8:03:15 PM, you wrote:
> On Feb 27, 2010, at 2:21 PM, MFPA wrote:
>> I have always been taught to challenge the status quo. "Because that's
>> the way we do it" is *never* a good reason to continue doing
On 02/27/10 14:21, John Clizbe wrote:
> Nor have we seen compelling arguments for their omission as a general rule
I think it would be more accurate to say that we haven't seen any
arguments that will sway those with strongly held beliefs on either
side. Since we're not likely to see them any time
MFPA wrote:
> Hi
> On Saturday 27 February 2010 at 6:11:29 AM, in
> , Robert J. Hansen wrote:
>>> In any case, I've never seen a convincing argument *for* including email
>>> addresses in the UID of a PGP key.
Nor have we seen compelling arguments for their omission as a general rule
>> First,
On Sat, 2010-02-27 at 19:21 +, MFPA wrote:
> There is a widespread perception (rightly or wrongly) that exposing
> your email address publicly on the internet will lead to that email
> address being spammed into oblivion. The new openPGP user is exhorted
> to create a key pair using their name
This may be a dup - I think the original went out with the wrong From addr
MFPA wrote:
> Hi
> On Saturday 27 February 2010 at 6:11:29 AM, in
> , Robert J. Hansen wrote:
>>> In any case, I've never seen a convincing argument *for* including email
>>> addresses in the UID of a PGP key.
Nor have w
Doh! Originally sent off list... Maybe Robert got a psychic vibe...
On 2/27/2010 2:21 PM, MFPA wrote:
>
> I don't want such a vote. Whether somebody chooses to include an email
> address in their UID is up to the individual. I have not seen anything
> that convinces me it is better for me to in
On Feb 27, 2010, at 4:10 PM, Robert J. Hansen wrote:
> Keep it on the list, please, and not in private mail.
Oh, ack. I completely misread the To- line, and didn't see the cc: to
gnupg-users. My error, and my apologies to MFPA. :)
___
Gnupg-users
> And whist you have stated that you check first, you have advocated
> that it's OK not to. Somebody following your advice could land this
> hypothetical Cuban in a whole lot of trouble.
The hypothetical Cuban had a lot bigger problems the instant he shared his
public key with people he shouldn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Robert
On Saturday 27 February 2010 at 8:23:25 PM, you wrote:
> On Feb 27, 2010, at 3:02 PM, David Shaw wrote:
>> With regards to the second statement, you give a great reason
>> yourself a few paragraphs up: "If you live in Cuba and you're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 27 February 2010 at 4:22:27 PM, in
, Robert J. Hansen wrote:
> His position seems to have shifted.
As the thread has progressed, the posts I'm replying to have shifted
from "It is a good idea to send your key to the keyservers,"
On Feb 27, 2010, at 3:02 PM, David Shaw wrote:
> Much as the email headers do in your example. If the mail is not encrypted,
> the headers just show that it might be. In practice, headers won't show much
> as the majority of modern mail programs have the capability for encryption of
> one sor
On Feb 27, 2010, at 2:21 PM, MFPA wrote:
> I have always been taught to challenge the status quo. "Because that's
> the way we do it" is *never* a good reason to continue doing something
> in a particular way.
The status quo has something going for it: it works. 95% of all new ideas are
awful an
On Feb 27, 2010, at 11:22 AM, Robert J. Hansen wrote:
> On 2/27/10 9:58 AM, David Shaw wrote:
>> Do you really mean to suggest that a US authority getting email
>> headers - even without a warrant - is easier than typing a name into
>> a search box on a keyserver?
>
> No. You're right, that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 27 February 2010 at 6:11:29 AM, in
, Robert J. Hansen wrote:
> There is a perceived need for $150 bowls of soup, as
> evidenced by dozens of high-priced gourmet restaurants
> in major cities. The existence of a market for a
> ser
On 2/27/10 9:58 AM, David Shaw wrote:
> Do you really mean to suggest that a US authority getting email
> headers - even without a warrant - is easier than typing a name into
> a search box on a keyserver?
No. You're right, that's clearly easier. However, that only tells you
whether someone ha
On Feb 26, 2010, at 12:04 PM, Robert J. Hansen wrote:
>> In some cases, the authorities knowing an individual used encryption
>> could be a problem.
>
> Why? Because they have a key on the keyservers? If this is what you're
> worried about, rest easy: there are so many easier ways to learn whet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 27 Feb 2010 08:24:07 -0500
John W. Moore III articulated:
> UAV & Missile Operators don't need to know what the message said; just
> where You are at the time it is Sent. Radio transmissions are
> targeted using "Huff-Duff" & GPS; Email is '
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jerry wrote:
> Maybe not totally apropos to this discussion; however, I worked in
> "traffic analysis" for several years. If given enough leeway, you would
> be amazed at the information you can gather about an individual, and at
> its astonishing a
On Fri, 26 Feb 2010 12:04:36 -0500
Robert J. Hansen articulated:
> Investigators also don't develop very many leads based on "gee, this
> person uses crypto." Many more leads are developed based on kludge
> investigation -- what security geeks call "traffic analysis." If they
> nab a child porn
On 2/26/10 11:55 PM, MFPA wrote:
> Maybe not but there is a perceived need, as evidenced by services
> like spamgourmet and all the disposable email address outfits
There is a perceived need for $150 bowls of soup, as evidenced by dozens
of high-priced gourmet restaurants in major cities. The exi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 26 February 2010 at 5:04:36 PM, in
, Robert J. Hansen wrote:
> On 2/26/10 10:53 AM, MFPA wrote:
>> There are privacy issues, especially if user-ids on the key contain
>> email addresses.
> This isn't persuasive. It's been hammered
Hi Robert
On Friday 26 February 2010 at 9:14:58 PM, you wrote:
> You are asserting that (a) the person who created the public key owns
> the information,
Actually, I am asserting that the public key is likely to contain
personal information appertaining to the person who created that key.
Th
On Feb 26, 2010, at 7:30 PM, MFPA wrote:
> On Friday 26 February 2010 at 10:12:29 PM, you wrote:
>
>
>> The nefarious UID signature is not uncommon. There are many
>> "presid...@whitehouse.gov" keys (and other famous figures) that have
>> signed well-known keys. It's just easily-ignored noise,
As well as backing up your private key and password on other electronic
storage (CD/memory stick... encrypted of course), I recommend that you
print your private key, a revocation certificate, and your passphrase on
paper, and store that document in a safe place... a secure lock box, ...
a safe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi David
On Friday 26 February 2010 at 10:12:29 PM, you wrote:
> The nefarious UID signature is not uncommon. There are many
> "presid...@whitehouse.gov" keys (and other famous figures) that have
> signed well-known keys. It's just easily-ignor
MFPA wrote:
>> I never understood how anyone would want to use PGP for e-mail privacy,
>> and, subsequently, keep the public key a secret! I don't see any reason
>> why a person would keep his key off the public keyservers, short of
>> preventing spam. And you know what, he would get spammed any
On Feb 26, 2010, at 4:03 PM, MFPA wrote:
> Not including your name or your email address in the UID offers
> protection against the accidental upload scenario. But somebody could
> still generate a key with a UID suggesting nefarious activities, sign
> your key with it, and upload it. Or their UID
On Feb 26, 2010, at 4:10 PM, MFPA wrote:
>>> Just curious... Does support just mean it sets the
>>> bit? Or will it turn an attempt to --send-keys on
>>> that key into a no-op?
>
>> Support means it gives the user the ability to set and
>> clear the bit (it is set by default).
>
> Would there n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi David
On Friday 26 February 2010 at 4:33:03 PM, you wrote:
> On Feb 26, 2010, at 11:24 AM, Robert J. Hansen wrote:
>> On 2/26/10 9:49 AM, MFPA wrote:
>>> I thought signing somebody's key was just stating to the world that
>>> you believe the
On 2/26/10 3:14 PM, MFPA wrote:
> But if it bears only a slight resemblance to a duck, it is probably
> *not* a duck.
You are asserting that (a) the person who created the public key owns
the information, (b) the person owns the information has the right to
control how it is disseminated, and (c)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 26 February 2010 at 8:39:07 PM, in
, David Shaw
wrote:
> On Feb 26, 2010, at 3:37 PM, Grant Olson wrote:
>>> Alas, while GnuPG supports the flag, no keyserver
>>> does.
>>> David
>> Just curious... Does support just mean it sets t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Grant
On Friday 26 February 2010 at 6:30:16 PM, you wrote:
> As a practical matter, even if your contacts agree to respect your
> wishes, it's still pretty easy for them to accidentally send it to
> the keyservers. Perhaps mis-typing a command
On Feb 26, 2010, at 3:37 PM, Grant Olson wrote:
>
>>
>> Alas, while GnuPG supports the flag, no keyserver does.
>>
>> David
>>
>
> Just curious... Does support just mean it sets the bit? Or will it turn
> an attempt to --send-keys on that key into a no-op?
Support means it gives the user th
>
> Alas, while GnuPG supports the flag, no keyserver does.
>
> David
>
Just curious... Does support just mean it sets the bit? Or will it turn
an attempt to --send-keys on that key into a no-op?
signature.asc
Description: OpenPGP digital signature
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Robert
On Friday 26 February 2010 at 6:05:56 PM, you wrote:
> On 2/26/10 12:38 PM, MFPA wrote:
>> I am *not* advocating the implementation of any form of
>> Digital Restrictions Malware (DRM).
> You can say you're not advocating DRM -- but if
On Feb 26, 2010, at 1:30 PM, Grant Olson wrote:
> On 2/26/2010 12:38 PM, MFPA wrote:
>>
>> I am *not* advocating the implementation of any form of
>> Digital Restrictions Malware (DRM).
>>
>> Uploading a somebody else's key without first checking it is OK by
>> them is a breach of their privacy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
MFPA escribió:
...
> Do many people check the keyservers for a possible key when they
> contact somebody they have not emailed before?
Well, I have done that once or twice...
...
> Use of encryption may put an individual under suspicion of illega
On 2/26/2010 12:38 PM, MFPA wrote:
>
> I am *not* advocating the implementation of any form of
> Digital Restrictions Malware (DRM).
>
> Uploading a somebody else's key without first checking it is OK by
> them is a breach of their privacy and could well be illegal/unlawful
> in jurisdictions with
On 2/26/10 12:38 PM, MFPA wrote:
> I am *not* advocating the implementation of any form of
> Digital Restrictions Malware (DRM).
You can say you're not advocating DRM -- but if it looks like a duck,
swims like a duck, flies like a duck and quacks like a duck, then it's a
duck.
"Digital": yes, the
1 - 100 of 121 matches
Mail list logo