> dkg stands for Daniel Kahn Gillmor. He is a highly respected member
> in the GnuPG/OpenPGP scene and maintains GnuPG for the Linux Debian
> OS.
He would prefer you refer to Debian as the GNU/Linux Debian OS. :)
dkg is also a genuinely pleasant person. I've met him a couple of times
at confere
Werner Koch wrote:
> On Wed, 20 May 2020 19:11, Stefan Claas said:
>
> > Curious as I am, did Mr Schönbohm never asked you why your public
> > keyblock is not signed by Governikus?
>
> I don't know a Mr. Schönbohm. I know Governikus and recently noticed
> that their software does not even supp
On Wed, 20 May 2020 15:16, Mark said:
> It must be... With all the talk of "anonymous" keys I wanted to see if I
> could create one with Kleopatra, especially since it says optional for
> name.
The name should indeed be optiona; If that has not been fixed in the
latest version, please file a bug.
On Wed, 20 May 2020 19:11, Stefan Claas said:
> Curious as I am, did Mr Schönbohm never asked you why your public
> keyblock is not signed by Governikus?
I don't know a Mr. Schönbohm. I know Governikus and recently noticed
that their software does not even support the recommended set of
algorith
Mark wrote:
> Thanks I may take a look at it and just see what it does. I'm still
> VERY much a novice in regards to all this so just trying to learn
> more. My "experiment" with Kleopatra was just to see if I could since
> it said "optional" for the name part.
>
> Sorry, not sure who dkg is bu
That is very true. I have a friend whose first name is M'Lou and she's
had all kinds of issues when systems freak out over her first name.
On 5/21/2020 6:48 AM, Mark H. Wood via Gnupg-users wrote:
> On Wed, May 20, 2020 at 03:27:28PM -0700, Mark wrote:
>> Did a bit more experimenting with it. Yo
Thanks I may take a look at it and just see what it does. I'm still VERY
much a novice in regards to all this so just trying to learn more. My
"experiment" with Kleopatra was just to see if I could since it said
"optional" for the name part.
Sorry, not sure who dkg is but have seen those initials
On Wed, May 20, 2020 at 03:27:28PM -0700, Mark wrote:
> Did a bit more experimenting with it. You can have something only in
> the first name field but it has to be a minimum of 5 characters and the
> first one must be a letter. ..
*sigh*
https://www.kalzumeus.com/2010/06/17/falsehoods-programme
Mark wrote:
Hi,
> Did a bit more experimenting with it. You can have something only in
> the first name field but it has to be a minimum of 5 characters and
> the first one must be a letter. ..
If you are familiar with GnuPG in command line mode you may try out
sequoia pgp, which I compiled a Wi
Did a bit more experimenting with it. You can have something only in
the first name field but it has to be a minimum of 5 characters and the
first one must be a letter. ..
On 5/20/2020 3:16 PM, Mark wrote:
> It must be... With all the talk of "anonymous" keys I wanted to see if I
> could create
It must be... With all the talk of "anonymous" keys I wanted to see if I
could create one with Kleopatra, especially since it says optional for
name.
On 5/20/2020 12:27 AM, Andrew Gallagher wrote:
>> On 20 May 2020, at 06:32, Mark wrote:
>>
>> Just to test this out I tried creating a new key in K
Stefan Claas wrote:
> I ask, because don't you think that this could not have an impact on
> the spread and usage of GnuPG in the EU for business purposes etc.
With that I mean the acceptance of GnuPG Signatures, compared to costly
eIDAS solutions.
Best regards
Stefan
> ___
Werner Koch via Gnupg-users wrote:
> On Tue, 19 May 2020 10:29, Robert J. Hansen said:
>
> > * PII-free UIDs are possible today
>
> Well, according to European law this is not that easy because a public
> key is in most cases an attribute which identifies a natural person.
Curious as I am, did
On Tue, 19 May 2020 10:29, Robert J. Hansen said:
> * PII-free UIDs are possible today
Well, according to European law this is not that easy because a public
key is in most cases an attribute which identifies a natural person.
This is the same as with phone numbers and mail addresses. In Germany
On 18/05/2020 07:14, Werner Koch via Gnupg-users wrote:
> Go readup on the failures and impracticalities of CRLs and OCSP.
While I agree that revocation is a Very Hard Problem, I'm not convinced
that its abandonment is warranted. Letsencrypt have sidestepped the
issue by issuing short-expiration c
> On 20 May 2020, at 06:32, Mark wrote:
>
> Just to test this out I tried creating a new key in Kleopatra with no
> name and then with just a single name and it would not let me do it. It
> had to have a first and at least a last initial.
This must be a Kleopatra limitation. I have successfull
Just to test this out I tried creating a new key in Kleopatra with no
name and then with just a single name and it would not let me do it. It
had to have a first and at least a last initial.
On 5/19/2020 7:29 AM, Robert J. Hansen wrote:
>> With the freeform approach, when I would have to use (aut
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 15 May 2020 at 11:12:31 PM, in
, Peter Pentchev
wrote:-
> to generate a random UID?
Would a random UID be the way to go? How about a placeholder UID that
was replaced at the end of key generation by a UID that matches the
key-ID or
Robert J. Hansen wrote:
> > With the freeform approach, when I would have to use (auto)
> > generated random chars or the fingerprint then I would have
> > problems memorizing if this was your, dkg's or Werner's public
> > keyblock and it could be also more error prone (typos), when using
> > thi
> With the freeform approach, when I would have to use (auto) generated
> random chars or the fingerprint then I would have problems memorizing
> if this was your, dkg's or Werner's public keyblock and it could be
> also more error prone (typos), when using this method, in CLI mode.
--group {name=v
On Mon, 18 May 2020 12:16, Robert J. Hansen said:
> Centralized key management schemes are sometimes very useful.
I fully agree and I personally known that this is a common use case.
However, people requiring such a use case do not talk in the public
about their specific infrastructure and are a
On 18-05-2020 18:16, Robert J. Hansen wrote:
> Instead of
> spending 30 minutes talking about why it's okay if public certificates
> are shared, we could instead just say "we're not going to share your
> public key with anyone without your written consent" and spend those 30
> minutes talking abut
> And by that changing the distributed system of keyservers into a
> centralized key database like PGP tried this with their Universal
> Server. Which unavoidable will change OpenPGP to a centralized systems.
I think that's a little excessive, Werner. OpenPGP was always intended
to be flexible o
Andrew Gallagher wrote:
> On 18/05/2020 12:12, Stefan Claas wrote:
> > You can argue now that you can give a freeform UID the name rob or
> > rjh too, but this would maybe not so good, because your are
> > publicity known as rob or rjh, thus defeating the purpose a bit.
>
> If your threat model
Stefan Claas wrote:
> Robert J. Hansen wrote:
> > If you want the documentation to reflect PII-free UIDs, please say
> > that. This could be a useful discussion. If the community believes
> > PII-free UIDs should be in the FAQ I will happily write up an entry
> > for it.
>
> Please discuss it
On 18/05/2020 12:12, Stefan Claas wrote:
> You can argue now that you can give a freeform UID the name rob or rjh
> too, but this would maybe not so good, because your are publicity known
> as rob or rjh, thus defeating the purpose a bit.
If your threat model includes your endpoint device being co
On Sun, 17 May 2020 10:48, Vincent Breitmoser said:
> 1. Without consent, we don't distribute email addresses.
And by that changing the distributed system of keyservers into a
centralized key database like PGP tried this with their Universal
Server. Which unavoidable will change OpenPGP to a cen
> I'm just curious as to what this "GNU" way is? I assume you would
> just a non identifiable email address and then either leave your
> name blank, incomplete, or just plain incorrect.
GNU is a project by the Free Software Foundation. They're very focused
on what they call "free software", wher
I'm just curious as to what this "GNU" way is? I assume you would just a
non identifiable email address and then either leave your name blank,
incomplete, or just plain incorrect.
Is there another way I am missing?
Thanks
On 5/16/2020 8:56 AM, Robert J. Hansen wrote:
>> So, when you like to comm
Hey folks,
this thread touches on userid-less keys, and keyservers.
I agree with Peter and Rob's points that userid-less keys are questionable for
use as-is. OpenPGP transfers information in the self-signatures of user ids. If
we use keys without any known UID, we might miss out on e.g. expirat
> Werner sits as secretary of the (largely dormant) group that guides
> OpenPGP development, but there are a lot of non-GnuPG people who are
> deeply involved in giving feedback on proposed changes. He's the
> secretary, not the dictator.
Not everyone agrees.
https://mailarchive.ietf.org/arch/
> I’d like to point out that the options you are referring to are actually
> enabled by default nowadays (since 2.2.17).
Thank you, Damien. :)
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
htt
On Sat, May 16, 2020 at 04:28:58PM -0400, Robert J. Hansen wrote:
With judicious use of the various -clean options, the key spamming bug
is effectively dead...
I’d like to point out that the options you are referring to are actually
enabled by default nowadays (since 2.2.17). So from an user’s
> Have the bureaucrats who define standards have finally fixed the DOS
> issues about keys spammed with signatures or is it still being
> "discussed whether they are even needed."?
GnuPG had a bug in the key importation code which made it run in time
proportional to the square of the number of sig
On 16-05-2020 17:56, Robert J. Hansen wrote:
> I tell them, "I will not be able to use OpenPGP with you until such time
> as you UID conforms to the standard.
You confuse "not being able to" with "not willing to".
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.
On 16-05-2020 15:57, Peter Pentchev wrote:
> But it is
> also fine for other people to say "okay, sure, you have your
> experimental features, but I'll wait until they're standardized until
> I do the work on implementing them myself; also, let's discuss whether
> they are even needed."
Have the
Robert J. Hansen wrote:
> > How does this work in general, let's say I am a dev and would add
> > this too, to my OpenPGP app. Is there an OpenPGP board where devs
> > can vote for or against a feature, so that Werner has then to
> > follow suite, or is he in the position to say no and every dev h
> GnuPG users can interact perfectly well with people who use OpenPGP
> software :) As Robert J. Hansen said, if you (or somebody else) want to
> extend the standard, there is an IETF working group and mailing list for
> that.
Please, just "Rob". :)
I share a name with Robert "rsnake" Hansen of
> So, when you like to communicate with a person who uses such a new
> key how do you proceed then?
I tell them, "I will not be able to use OpenPGP with you until such time
as you UID conforms to the standard. Would you like help in making your
user ID standards-conformant in a way that reveals n
Peter Pentchev wrote:
> On Sat, May 16, 2020 at 04:55:11PM +0300, Peter Pentchev wrote:
> > On Sat, May 16, 2020 at 01:36:10AM +0200, Stefan Claas wrote:
> > > Peter Pentchev wrote:
> > >
> > > > On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> > >
> > > > > You know what, the m
On Sat, May 16, 2020 at 04:55:11PM +0300, Peter Pentchev wrote:
> On Sat, May 16, 2020 at 01:36:10AM +0200, Stefan Claas wrote:
> > Peter Pentchev wrote:
> >
> > > On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> >
> > > > You know what, the most interesting thing of this ML for m
On Sat, May 16, 2020 at 01:36:10AM +0200, Stefan Claas wrote:
> Peter Pentchev wrote:
>
> > On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
>
> > > You know what, the most interesting thing of this ML for me is that
> > > when people, do a request or suggestion the old guard is alw
r...@sixdemonbag.org wrote:
> (Sent from my phone)
>
> If and when people insisting on UID-less keys want to communicate
> with me, I'll tell them the same thing I told users of Imad Faiad's
> PGP 6.5.8ckt builds, Disastry's PGP builds, and many more:
>
> "I'm sorry, but you're not confirming t
(Sent from my phone)If and when people insisting on UID-less keys want to communicate with me, I'll tell them the same thing I told users of Imad Faiad's PGP 6.5.8ckt builds, Disastry's PGP builds, and many more:"I'm sorry, but you're not confirming to the specification. If you wish for me to make
Peter Pentchev wrote:
> On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> > You know what, the most interesting thing of this ML for me is that
> > when people, do a request or suggestion the old guard is always
> > there to defend some standard and are not accepting that a new
> >
On Fri, May 15, 2020 at 10:54:32PM +0200, Stefan Claas wrote:
> Peter Pentchev wrote:
>
> > On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
>
> > > Mind you, I have only asked that GnuPG should support the import and
> > > processing of UID-less public key blocks and did not reques
Peter Pentchev wrote:
> On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
> > Mind you, I have only asked that GnuPG should support the import and
> > processing of UID-less public key blocks and did not requested that
> > this should be a default behaviour in the key generation proc
On Fri, May 15, 2020 at 10:33:12PM +0300, Peter Pentchev wrote:
> On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
> > Robert J. Hansen wrote:
> >
> > > > We now have the situation that either parents or teachers, etc. can
> > > > choose between a software which allows UID-less publ
On Fri, May 15, 2020 at 07:07:40PM +0200, Stefan Claas wrote:
> Robert J. Hansen wrote:
>
> > > We now have the situation that either parents or teachers, etc. can
> > > choose between a software which allows UID-less public key
> > > generation, for their minors / students, themselves...
> >
On 15.05.2020 16:43, Andrew Gallagher wrote:
> The inputs to the WoT are the signatures and the ownertrust values, and
> the outputs are UID validities. "Key validity" is neither an input nor a
> meaningful output of the system.
Key validity directly influences the "WARNING: This key is not certi
Robert J. Hansen wrote:
> > We now have the situation that either parents or teachers, etc. can
> > choose between a software which allows UID-less public key
> > generation, for their minors / students, themselves...
>
> They are free to use whatever identifier they like for a UID, even
> jus
> We now have the situation that either parents or teachers, etc. can
> choose between a software which allows UID-less public key
> generation, for their minors / students, themselves...
They are free to use whatever identifier they like for a UID, even just
the key ID. A UID-free certificate
Robert J. Hansen wrote:
> > GnuPG always asks IIRC new users for their Name and email address
> > and does not tell them in advance that they can use a free form UID,
> > without an email address, thus being able to use a key for multiple
> > accounts or purposes, without adding additional UIDs.
On Fri, 15 May 2020 14:35, Ingo Klöcker said:
> UIDs. No UID -> invalid key. Why do you want to be able to import a key in
> GnuPG that would be utterly unusable?
FWIW, the expiration time of a key is also bound to the user-id as well
as key preferences and all kind of other possiblke gadgets.
On 15/05/2020 14:34, Wiktor Kwapisiewicz wrote:
>
> When you sign someone else User ID it's not your User ID that is doing
> the signing it it's your key that's why you need a key validity that's
> separated from User ID (key validity is calculated from User ID validity).
The inputs to the WoT ar
On 15.05.2020 15:21, Andrew Gallagher wrote:
> Ownertrust is per-key, but validity is per-UID.
Andrew there are two validity values:
$ gpg --edit-key andrewg
pub rsa4096/FB73E21AF1163937
created: 2013-07-02 expires: 2021-01-07 usage: SCA
--> trust: unknown validity: marginal <-
> GnuPG always asks IIRC new users for their Name and email address
> and does not tell them in advance that they can use a free form UID,
> without an email address, thus being able to use a key for multiple
> accounts or purposes, without adding additional UIDs.
It is not the job of the command-
On 15/05/2020 14:01, Wiktor Kwapisiewicz via Gnupg-users wrote:
> AFAIK key validity and owner trust are per key not per User ID.
Ownertrust is per-key, but validity is per-UID. On my local machine `gpg
--list-keys wik...@metacode.biz` shows:
```
pub rsa4096/0x6C8857E0D8E8F074 2017-01-01 [C] [e
I think we are conflating two related but distinct ideas here.
On 15/05/2020 13:35, Ingo Klöcker wrote:
> Why do you want to be able to import a key in
> GnuPG that would be utterly unusable?
There are use cases where you might want to transfer only the
modifications to a key, without necessaril
Hi Ingo,
On 15.05.2020 14:35, Ingo Klöcker wrote:
> Because in GnuPG the validity of keys is bound to validity and owner trust of
> UIDs. No UID -> invalid key. Why do you want to be able to import a key in
> GnuPG that would be utterly unusable?
AFAIK key validity and owner trust are per key n
On Freitag, 15. Mai 2020 13:29:31 CEST Stefan Claas wrote:
> What I don't understand is why you are not liking the idea to allow
> GnuPG to automatically import and process UID-less public key blocks,
> if people who trust the GnuPG brand ask for this?
Because in GnuPG the validity of keys is boun
Werner Koch wrote:
> On Thu, 14 May 2020 23:01, Stefan Claas said:
>
> > you would consider including it in GnuPG too and reflecting it in
> > the respective RFC?
>
> The User-IDs are an integral part of OpenPGP and at the core of its
> design. All kind of important information is bound to the
On Thu, 14 May 2020 23:01, Stefan Claas said:
> you would consider including it in GnuPG too and reflecting it in the
> respective RFC?
The User-IDs are an integral part of OpenPGP and at the core of its
design. All kind of important information is bound to the user ids and
thus a key w/o a user
63 matches
Mail list logo
