Re: Smart Card 4096 Key Question

2014-09-02 Thread Philip Jackson
On 01/09/14 23:04, Ville Määttä wrote: > I bought my SCR3500 and SCR335 V2 from Identive / Chipdrive [1]. I had a > problem adding VAT number to the order myself but at least they ship (and > kindly handled fixing the bill afterwards). Though, they only seem to have an > SCT3511 there, not a 351

Re: Smart Card 4096 Key Question

2014-09-01 Thread Ville Määttä
I bought my SCR3500 and SCR335 V2 from Identive / Chipdrive [1]. I had a problem adding VAT number to the order myself but at least they ship (and kindly handled fixing the bill afterwards). Though, they only seem to have an SCT3511 there, not a 3512. [1] http://www.chipdrive.de -- Ville Määt

Re: Smart Card 4096 Key Question

2014-09-01 Thread Tristan Santore
On 01/09/14 15:18, Philip Jackson wrote: > On 01/09/14 08:16, Werner Koch wrote: >> On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: >> >>> Yes the card can have a 4096bit Auth, Sign and Encryption key. You have >> Correct. >> >>> to generate them on a machine though, not on c

Re: Smart Card 4096 Key Question

2014-09-01 Thread Philip Jackson
On 01/09/14 08:16, Werner Koch wrote: > On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: > >> Yes the card can have a 4096bit Auth, Sign and Encryption key. You have > > Correct. > >> to generate them on a machine though, not on card. > > The cards generate them just fine.

Re: Smart Card 4096 Key Question

2014-08-31 Thread Werner Koch
On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: > Yes the card can have a 4096bit Auth, Sign and Encryption key. You have Correct. > to generate them on a machine though, not on card. The cards generate them just fine. Note that this is only true for the ZeitControl as c

Re: Smart Card 4096 Key Question

2014-08-31 Thread Tristan Santore
On 31/08/14 18:31, Jonathan Brown wrote: > Can an OpenPGP 2.0 smart card hold 3 4096 keys at the same-time? > Additionally could an OpenPGP 2.0 Smart card hold 4 4096 keys as well? > > This is assuming you are using a GPG version that supports this. Sorry > I couldnt find this answer online. > > >

Smart Card 4096 Key Question

2014-08-31 Thread Jonathan Brown
Can an OpenPGP 2.0 smart card hold 3 4096 keys at the same-time? Additionally could an OpenPGP 2.0 Smart card hold 4 4096 keys as well? This is assuming you are using a GPG version that supports this. Sorry I couldnt find this answer online. ___ Gnupg-us

Re: key question

2010-03-19 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 19 March 2010 at 6:54:06 AM, in , Paul Richard Ramer wrote: > On Sat, 13 Mar 2010 20:05:21 + MFPA wrote: >> It looks to me as if the answer is "yes." Unless each >> person who had one of your email addresses already >> knew the o

Re: key question

2010-03-18 Thread Paul Richard Ramer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, 13 Mar 2010 20:05:21 + MFPA wrote: >> I can't speak for other people, but I can for me. Take >> > a look at the UIDs on my key, which is >> > 0xC7C66ADF3DB6D884. And also, take a look at my master >> > key 0x2188A92DF05045C2 that I sign

Re: key question

2010-03-17 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 17 March 2010 at 12:58:37 AM, in , reynt0 wrote: > On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: . . . >> When the reader is Big Brother, or a potential >> employer or blackmailer etc., that might matter. When >> the reader is

Re: key question

2010-03-16 Thread reynt0
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: . . . In fact, just by posting to this mailing list we have given up some privacy or anonymity. The nature of the way we write, what we think, the experiences that we relate--all of these reveal something about ourselves. When the reader is Big B

Re: key question

2010-03-16 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 16 March 2010 at 6:02:15 AM, in , Paul Richard Ramer wrote: > On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: >> I don't understand the comment that they were never >> private information. They will have been private >> information f

Re: key question

2010-03-15 Thread Paul Richard Ramer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello MFPA, On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: >> I think that I disclosed less than you may have gotten >> the impression that I did, since those addresses were >> never private information. > > I don't understand the comment that they

Re: key question

2010-03-15 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 15 March 2010 at 7:54:03 AM, in , Paul Richard Ramer wrote: > If you knew more about how I shared those e-mail > addresses, you might conclude differently. OK > I think that I disclosed less than you may have gotten > the impress

Re: key question

2010-03-15 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 15 March 2010 at 8:28:16 AM, in , Paul Richard Ramer wrote: > Better than useful, it is essential. :-) Essential? Plenty of people manage without it. (-; > Good judgment will lead to good decisions. Good judgment will lead to a

Re: key question

2010-03-15 Thread Paul Richard Ramer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 8 Mar 2010 18:31:41 + MFPA wrote: >> I am also assuming that the user has intelligence and judgment. > > A useful combination, sadly not common enough (-; Better than useful, it is essential. :-) >> I mean that he must be able to real

Re: key question

2010-03-15 Thread Paul Richard Ramer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, 13 Mar 2010 20:05:21 + MFPA wrote: >> And by the way, I apply this rule to me. > > Which rule? You've already stated that you don't believe the holder > should upload the key if the originator doesn't want, so presumably > you mean that

Re: key question

2010-03-13 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 13 March 2010 at 11:15:32 AM, in , Paul Richard Ramer wrote: > The issue of law is not "an integral part of the > answer" to the question of what should be. It is an > integral part of the answer to what is. I see what you mean,

Re: key question

2010-03-13 Thread Paul Richard Ramer
Hello MFPA, I couldn't respond to your post for a while. So here it is. On Mon, 8 Mar 2010 21:38:18 + MFPA wrote: >> I never asserted that you said the key's originator owned the >> information stored in the key. I was quoting the context of what your >> reply about the originator having "s

Re[2]: key question

2010-03-08 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Paul On Monday 8 March 2010 at 5:35:08 AM, you wrote: > MFPA wrote: >> On Saturday 6 March 2010 at 8:55:48 AM, you wrote: >> >> >>> On Sat, 27 Feb 2010 03:52:02 + MFPA wrote: > (b) the person owns the information has the right to >

Re[2]: key question

2010-03-08 Thread MFPA
Hi Paul On Monday 8 March 2010 at 7:44:42 AM, you wrote: > I am assuming that a person inhabited with the desire to protect his > personal information would analyze the safety of using a UID with the > information that he wants to protect. I think you may be assuming an awful lot, especially i

Re: key question

2010-03-07 Thread Paul Richard Ramer
MFPA wrote: >> In each of these cases, John Doe made the mistake of thinking that >> he could keep his personal information in his key, and that he could >> keep his key off the keyservers. If John were to make the wisest >> decision about keeping his personal informaton secret, wouldn't he >> choo

Re: key question

2010-03-07 Thread Paul Richard Ramer
Hello MFPA, I will summarize the "rights" and restrictions that I believe you say that an OpenPGP user has with another's public key. I will call this the rules of "Key Rights Management" or KRM for short. Rights of the Key Originator * Can restrict the uploading of

Re: key question

2010-03-07 Thread Paul Richard Ramer
MFPA wrote: > On Saturday 6 March 2010 at 8:55:48 AM, you wrote: > > >> On Sat, 27 Feb 2010 03:52:02 + MFPA wrote: (b) the person owns the information has the right to control how it is disseminated, and > > This was someone's re-interpretation of my point. Spot the extra ">"? Hel

Re[2]: key question

2010-03-07 Thread MFPA
Hi Mark On Thursday 4 March 2010 at 5:25:09 PM, you wrote: > Were I the individual, I would think long and hard about using a tool > which would require me to defeat its features that create identity > labels (however false or information-poor) and carry them along with > the message. I would

Re[4]: key question

2010-03-07 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi David On Sunday 7 March 2010 at 5:53:51 PM, you wrote: > On Mar 7, 2010, at 11:46 AM, MFPA wrote: >> (And yes, I know gpg now >> allows you to omit the email address without having to use --expert, >> but you are still asked for it.) > There

Re: Re[2]: key question

2010-03-07 Thread David Shaw
On Mar 7, 2010, at 11:46 AM, MFPA wrote: > The default configurations of PGP and gpg ask for a name, email > address, and comment when you create a key. Last time I looked (v8.x), > PGP would not even create a key without something that looked like an > email address - hence the a...@b.c in my UID

Re[2]: key question

2010-03-07 Thread MFPA
Hi Paul On Saturday 6 March 2010 at 8:54:41 AM, you wrote: > Hello MFPA, > During this whole debate, you have assumed one thing in your argument > that I don't believe anyone has pointed out as being flawed. You have > assumed that the person (I will call him John Doe) would have decided > to

Re[2]: key question

2010-03-06 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Paul On Saturday 6 March 2010 at 8:55:48 AM, you wrote: > On Sat, 27 Feb 2010 03:52:02 + MFPA wrote: >> > (b) the person owns the information has the right to >> > control how it is disseminated, and This was someone's re-interpretation o

Re: key question

2010-03-06 Thread Paul Richard Ramer
Hello MFPA, During this whole debate, you have assumed one thing in your argument that I don't believe anyone has pointed out as being flawed. You have assumed that the person (I will call him John Doe) would have decided to create a UID that contained the personal information that he wants to ke

Re: key question

2010-03-06 Thread Paul Richard Ramer
On Sat, 27 Feb 2010 03:52:02 + MFPA wrote: > > (b) the person owns the information has the right to > > control how it is disseminated, and > > The data subject does have various rights concerning the personal > information that is about him. Hello MFPA, How far do the "rights" of the key hol

Re: key question

2010-03-04 Thread Mark H. Wood
On Wed, Mar 03, 2010 at 06:44:25PM +, MFPA wrote: > On Wednesday 3 March 2010 at 4:16:21 PM, you wrote: > > On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote: > >> There are privacy issues, especially if user-ids on the key contain > >> email addresses. In some cases, the authorities knowing

Re: key question

2010-03-03 Thread David Shaw
On Mar 3, 2010, at 11:16 AM, Mark H. Wood wrote: > On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote: >> There are privacy issues, especially if user-ids on the key contain >> email addresses. In some cases, the authorities knowing an individual >> used encryption could be a problem. > > There

Re[2]: key question

2010-03-03 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert On Wednesday 3 March 2010 at 6:52:17 PM, you wrote: > It is not reasonable that their definition of privacy will overlap with > yours, no. I don't get to define what "privacy" means for anyone other > than me. You don't get to define

Re: key question

2010-03-03 Thread Robert J. Hansen
On 3/3/2010 1:44 PM, MFPA wrote: >> I feel there is a strong assumption among OpenPGP users that our >> community is, *ahem*, open. > > Is it not also a reasonable assumption, that those who use and promote > privacy-enhancing software will value and respect privacy? It is not reasonable that the

Re: key question

2010-03-03 Thread Robert J. Hansen
On 3/3/2010 1:25 PM, Daniel Kahn Gillmor wrote: >> There are issues of tradecraft, then. Using OpenPGP as a tool for >> committing crimes is kind of stupid. > > Can we not go down this line of argument, please? I agree that OpenPGP implementations can be useful tools for the advancement of hum

Re[2]: key question

2010-03-03 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Mark On Wednesday 3 March 2010 at 4:16:21 PM, you wrote: > On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote: >> There are privacy issues, especially if user-ids on the key contain >> email addresses. In some cases, the authorities knowing

Re: key question

2010-03-03 Thread Daniel Kahn Gillmor
On 03/03/2010 11:16 AM, Mark H. Wood wrote: > On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote: >> There are privacy issues, especially if user-ids on the key contain >> email addresses. In some cases, the authorities knowing an individual >> used encryption could be a problem. > > There are i

Re: key question

2010-03-03 Thread Mark H. Wood
On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote: > There are privacy issues, especially if user-ids on the key contain > email addresses. In some cases, the authorities knowing an individual > used encryption could be a problem. There are issues of tradecraft, then. Using OpenPGP as a tool f

Re: key question

2010-03-03 Thread Mark H. Wood
On Sat, Feb 27, 2010 at 12:30:21AM +, MFPA wrote: > No impact on the web of trust. But your online presence (and possibly > that of somebody else with the same name) can feed into decisions > about employing you or doing business with you, often/usually made by > people who don't actually under

Re: key question

2010-03-01 Thread reynt0
On Sun, 28 Feb 2010, David Shaw wrote: On Feb 28, 2010, at 4:20 PM, reynt0 wrote: On Sat, 27 Feb 2010, Robert J. Hansen wrote: . . . The perfect is the enemy of the good. Just to note, did RJH actually intend to write "...the enemy of the good enough.", which I believe is the usual quote?

Re: key question

2010-02-28 Thread Paul Richard Ramer
On Sun, 2010-02-28 at 16:06 -0500, reynt0 wrote: > On Sat, 27 Feb 2010, Paul Richard Ramer wrote: > . . . > > Speculation isn't any more progress than an idea is action. Speculation > > buttressed with facts leads, in time, to progress. But speculation, > . . . > > And speculation often has

Re: key question

2010-02-28 Thread Robert J. Hansen
> Understood, and I agree it makes no such statement. However, it does make a > reasonably good statement that you were physically located near that person > at a certain point in time, roughly what that time was, and roughly where > (geographically) it happened. This is assuming the signature

Re: key question

2010-02-28 Thread David Shaw
On Feb 28, 2010, at 8:09 PM, Robert J. Hansen wrote: >> You can certainly tell a lot about someone by the signatures on their key. >> Either directly from the signature or because those signatures point to >> other keys that have their own signatures, etc. With your permission, may I >> see w

Re[2]: Fwd: Re: key question

2010-02-28 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi reynt0 On Sunday 28 February 2010 at 9:18:55 PM, you wrote: > Now all the serious ones, or maybe the merely curious, > have to do is to search "FREFF"--or maybe buy from Google the > info Google has about FREFF if nothing can be found easily b

Re: key question

2010-02-28 Thread Robert J. Hansen
> You can certainly tell a lot about someone by the signatures on their key. > Either directly from the signature or because those signatures point to other > keys that have their own signatures, etc. With your permission, may I see > what I can find from the signatures on your key D6B98E10?

Re: key question

2010-02-28 Thread David Shaw
On Feb 28, 2010, at 4:20 PM, reynt0 wrote: > On Sat, 27 Feb 2010, Robert J. Hansen wrote: > . . . >> The perfect is the enemy of the good. > > Just to note, did RJH actually intend to write > "...the enemy of the good enough.", which I believe is > the usual quote? The two are rather different i

Re: key question

2010-02-28 Thread David Shaw
On Feb 27, 2010, at 3:23 PM, Robert J. Hansen wrote: >> I agree that "generally speaking, it's a good idea to put keys on the >> keyservers". I don't know if that makes it conventional wisdom, or who the >> arbiter of such wisdom might be, but clearly a very common use of OpenPGP is >> for enc

Re: key question

2010-02-28 Thread Robert J. Hansen
>> The perfect is the enemy of the good. It's a pretty common engineering maxim. It's not a statement about morality -- or, at least, it wasn't my intent for it to be taken as such. For an excellent engineering example of the difference between perfect and good, compare Project Xanadu to the W

Re: key question

2010-02-28 Thread reynt0
On Sat, 27 Feb 2010, Robert J. Hansen wrote: . . . The perfect is the enemy of the good. Just to note, did RJH actually intend to write "...the enemy of the good enough.", which I believe is the usual quote? The two are rather different ideas, even more so if morality has been included as an

Re: key question

2010-02-28 Thread Grant Olson
> > > > That isn't how the web of trust works. Well, it *can* work that way for you, since you can choose who to trust and who not to, but that's not the information encoded in there. I "know" dozens of people on the net. I've exchanged encrypted mail with them, I've worked with them, in some ca

Re: Fwd: Re: key question

2010-02-28 Thread reynt0
On Sun, 28 Feb 2010, MFPA wrote: . . . no way to prove you're MFPA. So I can't sign your key. If you knew me personally, you could. And as I already said, do you know MFPA's not my legal identity? There used to be somebody in my town who had officially changed his name to FREFF. (Never did u

Re: key question

2010-02-28 Thread reynt0
On Sat, 27 Feb 2010, Paul Richard Ramer wrote: . . . Speculation isn't any more progress than an idea is action. Speculation buttressed with facts leads, in time, to progress. But speculation, . . . And speculation often has the very useful effect of stimulating search for new facts where p

Re: key question

2010-02-28 Thread David Shaw
On Feb 27, 2010, at 4:54 PM, Grant Olson wrote: > Doh! Originally sent off list... Maybe Robert got a psychic vibe... > > On 2/27/2010 2:21 PM, MFPA wrote: >> >> I don't want such a vote. Whether somebody chooses to include an email >> address in their UID is up to the individual. I have not s

Re: Re[2]: key question

2010-02-28 Thread David Shaw
On Feb 28, 2010, at 12:54 AM, MFPA wrote: > On Saturday 27 February 2010 at 11:19:43 PM, you wrote: > > > >> GnuPG doesn't, at least as of 1.4.10, force you to include an e-mail >> address in your user ID. It merely requests an e-mail address, and you >> can just press enter and ignore the req

Re[2]: key question

2010-02-28 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi John On Saturday 27 February 2010 at 10:21:20 PM, you wrote: > MFPA wrote: >> My contention is that the de >> facto standard of revealing email addresses in key UIDs could actually be >> mitigating *against* the use of encrypted mail, by dis

Re: Re[2]: key question

2010-02-27 Thread Robert J. Hansen
> Kind of "let's agree to disagree?" More like, "since you are reacting emotionally and refuse to even entertain the possibility of being persuaded, there is no point in continuing this conversation." I wish you a pleasant day. ___ Gnupg-users maili

Re: key question

2010-02-27 Thread Paul Richard Ramer
I think that MFPA has succinctly summed up his point of view in these two quotes. On Sun, 2010-02-28 at 04:33 +, MFPA wrote: > > What you're saying here is, "even if the advice were sound for one > > million users, and destructive to the privacy of just one, I still > > would not change becaus

Re: key question

2010-02-27 Thread Paul Richard Ramer
On Sun, 2010-02-28 at 04:33 +, MFPA wrote: > > Speculation is great, but speculation isn't fact -- and we need to > > change the way we do things based on facts, not on speculations. We > > can agree on facts, but our speculations will likely not overlap very much > > at all. > > I'm sure an

Re[2]: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Paul On Saturday 27 February 2010 at 11:19:43 PM, you wrote: > GnuPG doesn't, at least as of 1.4.10, force you to include an e-mail > address in your user ID. It merely requests an e-mail address, and you > can just press enter and ignore th

Re: Fwd: Re: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Grant On Saturday 27 February 2010 at 9:54:56 PM, you wrote: > It sounds like you're using the software to do the opposite thing that > many people do. I think digital signatures are utilized much more than > encrypted communication. I don'

Re[2]: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert On Saturday 27 February 2010 at 8:03:15 PM, you wrote: > On Feb 27, 2010, at 2:21 PM, MFPA wrote: >> I have always been taught to challenge the status quo. "Because that's >> the way we do it" is *never* a good reason to continue doing

Re: key question

2010-02-27 Thread Doug Barton
On 02/27/10 14:21, John Clizbe wrote: > Nor have we seen compelling arguments for their omission as a general rule I think it would be more accurate to say that we haven't seen any arguments that will sway those with strongly held beliefs on either side. Since we're not likely to see them any time

Re: key question

2010-02-27 Thread John Clizbe
MFPA wrote: > Hi > On Saturday 27 February 2010 at 6:11:29 AM, in > , Robert J. Hansen wrote: >>> In any case, I've never seen a convincing argument *for* including email >>> addresses in the UID of a PGP key. Nor have we seen compelling arguments for their omission as a general rule >> First,

Re: key question

2010-02-27 Thread Paul Richard Ramer
On Sat, 2010-02-27 at 19:21 +, MFPA wrote: > There is a widespread perception (rightly or wrongly) that exposing > your email address publicly on the internet will lead to that email > address being spammed into oblivion. The new openPGP user is exhorted > to create a key pair using their name

Re: key question

2010-02-27 Thread John Clizbe
This may be a dup - I think the original went out with the wrong From addr MFPA wrote: > Hi > On Saturday 27 February 2010 at 6:11:29 AM, in > , Robert J. Hansen wrote: >>> In any case, I've never seen a convincing argument *for* including email >>> addresses in the UID of a PGP key. Nor have w

Fwd: Re: key question

2010-02-27 Thread Grant Olson
Doh! Originally sent off list... Maybe Robert got a psychic vibe... On 2/27/2010 2:21 PM, MFPA wrote: > > I don't want such a vote. Whether somebody chooses to include an email > address in their UID is up to the individual. I have not seen anything > that convinces me it is better for me to in

Re: Re[2]: key question

2010-02-27 Thread Robert J. Hansen
On Feb 27, 2010, at 4:10 PM, Robert J. Hansen wrote: > Keep it on the list, please, and not in private mail. Oh, ack. I completely misread the To- line, and didn't see the cc: to gnupg-users. My error, and my apologies to MFPA. :) ___ Gnupg-users

Re: Re[2]: key question

2010-02-27 Thread Robert J. Hansen
> And whist you have stated that you check first, you have advocated > that it's OK not to. Somebody following your advice could land this > hypothetical Cuban in a whole lot of trouble. The hypothetical Cuban had a lot bigger problems the instant he shared his public key with people he shouldn't

Re[2]: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert On Saturday 27 February 2010 at 8:23:25 PM, you wrote: > On Feb 27, 2010, at 3:02 PM, David Shaw wrote: >> With regards to the second statement, you give a great reason >> yourself a few paragraphs up: "If you live in Cuba and you're

Re: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 27 February 2010 at 4:22:27 PM, in , Robert J. Hansen wrote: > His position seems to have shifted. As the thread has progressed, the posts I'm replying to have shifted from "It is a good idea to send your key to the keyservers,"

Re: key question

2010-02-27 Thread Robert J. Hansen
On Feb 27, 2010, at 3:02 PM, David Shaw wrote: > Much as the email headers do in your example. If the mail is not encrypted, > the headers just show that it might be. In practice, headers won't show much > as the majority of modern mail programs have the capability for encryption of > one sor

Re: key question

2010-02-27 Thread Robert J. Hansen
On Feb 27, 2010, at 2:21 PM, MFPA wrote: > I have always been taught to challenge the status quo. "Because that's > the way we do it" is *never* a good reason to continue doing something > in a particular way. The status quo has something going for it: it works. 95% of all new ideas are awful an

Re: key question

2010-02-27 Thread David Shaw
On Feb 27, 2010, at 11:22 AM, Robert J. Hansen wrote: > On 2/27/10 9:58 AM, David Shaw wrote: >> Do you really mean to suggest that a US authority getting email >> headers - even without a warrant - is easier than typing a name into >> a search box on a keyserver? > > No. You're right, that's

Re: key question

2010-02-27 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 27 February 2010 at 6:11:29 AM, in , Robert J. Hansen wrote: > There is a perceived need for $150 bowls of soup, as > evidenced by dozens of high-priced gourmet restaurants > in major cities. The existence of a market for a > ser

Re: key question

2010-02-27 Thread Robert J. Hansen
On 2/27/10 9:58 AM, David Shaw wrote: > Do you really mean to suggest that a US authority getting email > headers - even without a warrant - is easier than typing a name into > a search box on a keyserver? No. You're right, that's clearly easier. However, that only tells you whether someone ha

Re: key question

2010-02-27 Thread David Shaw
On Feb 26, 2010, at 12:04 PM, Robert J. Hansen wrote: >> In some cases, the authorities knowing an individual used encryption >> could be a problem. > > Why? Because they have a key on the keyservers? If this is what you're > worried about, rest easy: there are so many easier ways to learn whet

OT: key question

2010-02-27 Thread Jerry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 27 Feb 2010 08:24:07 -0500 John W. Moore III articulated: > UAV & Missile Operators don't need to know what the message said; just > where You are at the time it is Sent. Radio transmissions are > targeted using "Huff-Duff" & GPS; Email is '

Re: key question

2010-02-27 Thread John W. Moore III
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jerry wrote: > Maybe not totally apropos to this discussion; however, I worked in > "traffic analysis" for several years. If given enough leeway, you would > be amazed at the information you can gather about an individual, and at > its astonishing a

Re: key question

2010-02-27 Thread Jerry
On Fri, 26 Feb 2010 12:04:36 -0500 Robert J. Hansen articulated: > Investigators also don't develop very many leads based on "gee, this > person uses crypto." Many more leads are developed based on kludge > investigation -- what security geeks call "traffic analysis." If they > nab a child porn

Re: key question

2010-02-26 Thread Robert J. Hansen
On 2/26/10 11:55 PM, MFPA wrote: > Maybe not but there is a perceived need, as evidenced by services > like spamgourmet and all the disposable email address outfits There is a perceived need for $150 bowls of soup, as evidenced by dozens of high-priced gourmet restaurants in major cities. The exi

Re: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 26 February 2010 at 5:04:36 PM, in , Robert J. Hansen wrote: > On 2/26/10 10:53 AM, MFPA wrote: >> There are privacy issues, especially if user-ids on the key contain >> email addresses. > This isn't persuasive. It's been hammered

Re[2]: key question

2010-02-26 Thread MFPA
Hi Robert On Friday 26 February 2010 at 9:14:58 PM, you wrote: > You are asserting that (a) the person who created the public key owns > the information, Actually, I am asserting that the public key is likely to contain personal information appertaining to the person who created that key. Th

Re: Re[4]: key question

2010-02-26 Thread David Shaw
On Feb 26, 2010, at 7:30 PM, MFPA wrote: > On Friday 26 February 2010 at 10:12:29 PM, you wrote: > > >> The nefarious UID signature is not uncommon. There are many >> "presid...@whitehouse.gov" keys (and other famous figures) that have >> signed well-known keys. It's just easily-ignored noise,

Re: key question

2010-02-26 Thread Richard Geddes
As well as backing up your private key and password on other electronic storage (CD/memory stick... encrypted of course), I recommend that you print your private key, a revocation certificate, and your passphrase on paper, and store that document in a safe place... a secure lock box, ... a safe

Re[4]: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi David On Friday 26 February 2010 at 10:12:29 PM, you wrote: > The nefarious UID signature is not uncommon. There are many > "presid...@whitehouse.gov" keys (and other famous figures) that have > signed well-known keys. It's just easily-ignor

Re: key question

2010-02-26 Thread John Clizbe
MFPA wrote: >> I never understood how anyone would want to use PGP for e-mail privacy, >> and, subsequently, keep the public key a secret! I don't see any reason >> why a person would keep his key off the public keyservers, short of >> preventing spam. And you know what, he would get spammed any

Re: Re[2]: key question

2010-02-26 Thread David Shaw
On Feb 26, 2010, at 4:03 PM, MFPA wrote: > Not including your name or your email address in the UID offers > protection against the accidental upload scenario. But somebody could > still generate a key with a UID suggesting nefarious activities, sign > your key with it, and upload it. Or their UID

Re: key question

2010-02-26 Thread David Shaw
On Feb 26, 2010, at 4:10 PM, MFPA wrote: >>> Just curious... Does support just mean it sets the >>> bit? Or will it turn an attempt to --send-keys on >>> that key into a no-op? > >> Support means it gives the user the ability to set and >> clear the bit (it is set by default). > > Would there n

Re[2]: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi David On Friday 26 February 2010 at 4:33:03 PM, you wrote: > On Feb 26, 2010, at 11:24 AM, Robert J. Hansen wrote: >> On 2/26/10 9:49 AM, MFPA wrote: >>> I thought signing somebody's key was just stating to the world that >>> you believe the

Re: key question

2010-02-26 Thread Robert J. Hansen
On 2/26/10 3:14 PM, MFPA wrote: > But if it bears only a slight resemblance to a duck, it is probably > *not* a duck. You are asserting that (a) the person who created the public key owns the information, (b) the person owns the information has the right to control how it is disseminated, and (c)

Re: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 26 February 2010 at 8:39:07 PM, in , David Shaw wrote: > On Feb 26, 2010, at 3:37 PM, Grant Olson wrote: >>> Alas, while GnuPG supports the flag, no keyserver >>> does. >>> David >> Just curious... Does support just mean it sets t

Re[2]: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Grant On Friday 26 February 2010 at 6:30:16 PM, you wrote: > As a practical matter, even if your contacts agree to respect your > wishes, it's still pretty easy for them to accidentally send it to > the keyservers. Perhaps mis-typing a command

Re: key question

2010-02-26 Thread David Shaw
On Feb 26, 2010, at 3:37 PM, Grant Olson wrote: > >> >> Alas, while GnuPG supports the flag, no keyserver does. >> >> David >> > > Just curious... Does support just mean it sets the bit? Or will it turn > an attempt to --send-keys on that key into a no-op? Support means it gives the user th

Re: key question

2010-02-26 Thread Grant Olson
> > Alas, while GnuPG supports the flag, no keyserver does. > > David > Just curious... Does support just mean it sets the bit? Or will it turn an attempt to --send-keys on that key into a no-op? signature.asc Description: OpenPGP digital signature _

Re[2]: key question

2010-02-26 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert On Friday 26 February 2010 at 6:05:56 PM, you wrote: > On 2/26/10 12:38 PM, MFPA wrote: >> I am *not* advocating the implementation of any form of >> Digital Restrictions Malware (DRM). > You can say you're not advocating DRM -- but if

Re: key question

2010-02-26 Thread David Shaw
On Feb 26, 2010, at 1:30 PM, Grant Olson wrote: > On 2/26/2010 12:38 PM, MFPA wrote: >> >> I am *not* advocating the implementation of any form of >> Digital Restrictions Malware (DRM). >> >> Uploading a somebody else's key without first checking it is OK by >> them is a breach of their privacy

Re: key question

2010-02-26 Thread Faramir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 MFPA escribió: ... > Do many people check the keyservers for a possible key when they > contact somebody they have not emailed before? Well, I have done that once or twice... ... > Use of encryption may put an individual under suspicion of illega

Re: key question

2010-02-26 Thread Grant Olson
On 2/26/2010 12:38 PM, MFPA wrote: > > I am *not* advocating the implementation of any form of > Digital Restrictions Malware (DRM). > > Uploading a somebody else's key without first checking it is OK by > them is a breach of their privacy and could well be illegal/unlawful > in jurisdictions with

Re: key question

2010-02-26 Thread Robert J. Hansen
On 2/26/10 12:38 PM, MFPA wrote: > I am *not* advocating the implementation of any form of > Digital Restrictions Malware (DRM). You can say you're not advocating DRM -- but if it looks like a duck, swims like a duck, flies like a duck and quacks like a duck, then it's a duck. "Digital": yes, the

  1   2   >