On Sep 24, 2010, at 1:17 PM, Daniel Kahn Gillmor wrote:
> second, what does "this option implies --ask-sig-expire ..." mean? it
> seems to mean "this implies that the following options are not
> available" or something like that.
You are correct. The manual is incorrect. Setting force-v3-sigs
Jameson Rollins wrote:
> We should be careful not to overstate the impatience of users too much.
> I've seen plenty of people wait many seconds for google maps to load on
> phones without giving up on the whole process. I also have an extremely
> slow machine were I routinely have to wait a long t
On Monday 27 September 2010 15:51:10 Jameson Rollins wrote:
> On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig Hügelschäfer
wrote:
> > Ack. 1.5 seconds is about the limit where a good GUI should issue a
> > reaction. This is where the human mind is starting to think there's
> > something wrong.
>
> We
On Sep 24, 2010, at 2:52 PM, Phil Brooke wrote:
> On Fri, 24 Sep 2010, David Shaw wrote:
>> There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
>> Signer's User ID). I don't think anyone implements it though.
>
> Is there any particular difficulty or reason for it not b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 27 September 2010 at 8:14:31 PM, in
, Heinz Diehl wrote:
> Hmm, maybe I miss the point, but hey, we're living in
> the age where dual- and quadcore processors are as
> common as our daily bread,
In "proper" computers. But in mobile
On 27.09.2010, Vjaceslavs Klimovs wrote:
> 2048 bit keys are suitable - it's "user+sys" what matters in this case,
> but not "real" by all means, as that includes waiting for passphrase
> input too.
Hmm, maybe I miss the point, but hey, we're living in the age where dual-
and quadcore processors
On Mon, 27 Sep 2010 21:25:21 +0200, Ludwig Hügelschäfer
wrote:
> Ack. 1.5 seconds is about the limit where a good GUI should issue a
> reaction. This is where the human mind is starting to think there's
> something wrong.
We should be careful not to overstate the impatience of users too much.
I'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote on 27.09.10 15:57:
> "Dreadfully" is a difficult thing to enumerate anyway. For me, FWIW, it
> would be "over 1-2 seconds".
Ack. 1.5 seconds is about the limit where a good GUI should issue a
reaction. This is where the human min
On 09/27/2010 10:55 AM, Jameson Rollins wrote:
> On Mon, 27 Sep 2010 16:28:07 +0200, Vjaceslavs Klimovs
> wrote:
>> 2048 bit keys are suitable - it's "user+sys" what matters in this case,
>> but not "real" by all means, as that includes waiting for passphrase
>> input too.
>
> I think this is re
Jean-David Beyer wrote:
> David Smith wrote:
>> Not truly "quantitative", but I notice a significant difference
>> between encrypting emails to people with 1024-bit keys vs people with
>> 4096-bit keys. I'd say that the difference is in the order 3-6
>> seconds.
>
>> I'm running GnuPG 1.4.x on a
On Mon, 27 Sep 2010 16:28:07 +0200, Vjaceslavs Klimovs
wrote:
> 2048 bit keys are suitable - it's "user+sys" what matters in this case,
> but not "real" by all means, as that includes waiting for passphrase
> input too.
I think this is really a UI issue, in which case "real" is what you
really c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Smith wrote:
> Daniel Kahn Gillmor wrote:
>> On 09/24/2010 09:54 AM, David Shaw wrote:
>>> It won't work with the current generation of OpenPGP smartcards.
>>> It also will be dreadfully slow if you (or someone you are
>>> communicating with) eve
On Mon, 27 Sep 2010 15:56:52 +0200, Vjaceslavs Klimovs
wrote:
> I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg
> 1.4.6, here is what I got:
>
> Encrypting and signing, 2048 bit RSA keys:
>
> real0m 2.50s
> user 0m 0.50s
> sys 0m 0.02s
>
> Decrypting and verifying, 20
On 27/09/10 16:21, Jameson Rollins wrote:
> On Mon, 27 Sep 2010 15:56:52 +0200, Vjaceslavs Klimovs
> wrote:
>> I did some quick tests on Nokia N900 (600 MHz ARM CPU), with gnupg
>> 1.4.6, here is what I got:
>>
>> Encrypting and signing, 2048 bit RSA keys:
>>
>> real0m 2.50s
>> user 0m 0.50s
On 09/27/2010 05:12 AM, David Smith wrote:
> Not truly "quantitative, but I notice a significant difference between
> encrypting emails to people with 1024-bit keys vs people with 4096-bit
> keys. I'd say that the difference is in the order 3-6 seconds.
ah, ok. i'll add encrypting messages to th
On Sep 24, 2010, at 4:29 PM, Daniel Kahn Gillmor wrote:
> Are there other interpretations of the above results? does anyone else
> want to post comparable data points on different hardware? How powerful
> is a typical smartphone anyway? What kind of a cutoff are people
> willing to accept in te
On 27/09/10 11:12, David Smith wrote:
> Daniel Kahn Gillmor wrote:
>> On 09/24/2010 09:54 AM, David Shaw wrote:
>>> It won't work with the current generation of OpenPGP smartcards. It also
>>> will be dreadfully slow if you (or someone you are communicating with) ever
>>> uses the key on a small
Hi,
On Mon, Sep 27, 2010 at 12:42:19PM +0200, Vjaceslavs Klimovs wrote:
> Thank you for all your replies. It seems that multiple separate keys is
> the way to go for me. Is it socially acceptable to ask someone to sign
> several keys, for example during key signing event? Is this a common
> occur
Hi,
Thank you for all your replies. It seems that multiple separate keys is
the way to go for me. Is it socially acceptable to ask someone to sign
several keys, for example during key signing event? Is this a common
occurrence?
___
Gnupg-users mailing li
Daniel Kahn Gillmor wrote:
> On 09/24/2010 09:54 AM, David Shaw wrote:
>> It won't work with the current generation of OpenPGP smartcards. It also
>> will be dreadfully slow if you (or someone you are communicating with) ever
>> uses the key on a small machine (think smart phone). If you are usu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 24 September 2010 at 9:21:10 PM, in
, Daniel Kahn Gillmor wrote:
>> I thought that gnupg and other openpgp implementations
>> calculated trust without regard to which user IDs had
>> been certified.
> "trust" is a different issue than
On 9/24/10 4:29 PM, Daniel Kahn Gillmor wrote:
>
> My conclusion from the above data points is that if we're concerned
> about computational inefficiencies, 4096-bit RSA keys are not
> particularly bad offenders.
>
> Are there other interpretations of the above results? does anyone else
> want t
On 09/24/2010 09:54 AM, David Shaw wrote:
> On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote:
>> Is it good idea to create 4096 bit keys when creating new key pair? I
>> read through archives on this mailing list, and it seems there is no
>> real disadvantages of doing so.
>
> It won't work w
On 09/24/2010 02:32 PM, MFPA wrote:
> On Friday 24 September 2010 at 3:00:40 PM, in
> , Daniel Kahn Gillmor wrote:
> Vjaceslavs Klimovs wrote:
>>> It'd be nice if there was a signature notation that
>>> specifies which UID(s) this signature would be valid
>>> for.
>
>> Unless i'm misunderstanding
On Fri, 24 Sep 2010, David Shaw wrote:
There is actually a defined field for this in OpenPGP (see section
5.2.3.22, Signer's User ID). I don't think anyone implements it though.
Is there any particular difficulty or reason for it not being implemented
by anyone? (It looks very similar to, fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 24 September 2010 at 3:00:40 PM, in
, Daniel Kahn Gillmor wrote:
Vjaceslavs Klimovs wrote:
>> It'd be nice if there was a signature notation that
>> specifies which UID(s) this signature would be valid
>> for.
> Unless i'm misunders
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 24 September 2010 at 1:15:24 PM, in
, Vjaceslavs Klimovs wrote:
> Hi, If I have multiple not related e-mail accounts, is
> it better to create one key pair with multiple
> identities or a separate key pair for every account?
If you
On 09/24/2010 12:57 PM, David Shaw wrote:
> Hmm. It's a v3 sig which can't carry a notation. Do you have force-v3-sigs
> set anywhere? Or any of the --pgpX options (which set force-v3-sigs) ?
yup, that was it. i don't recall putting that in my gpg.conf explicitly
-- it must have been there fr
On Sep 24, 2010, at 12:47 PM, Daniel Kahn Gillmor wrote:
> On 09/24/2010 11:53 AM, David Shaw wrote:
>> There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
>> Signer's User ID). I don't think anyone implements it though.
>
> Ah, so there is! Thanks, David.
>
>>> Howev
On 09/24/2010 11:53 AM, David Shaw wrote:
> There is actually a defined field for this in OpenPGP (see section 5.2.3.22,
> Signer's User ID). I don't think anyone implements it though.
Ah, so there is! Thanks, David.
>> However, testing right now, it doesn't seem to work with gpg for regular
>
On Sep 24, 2010, at 11:23 AM, Daniel Kahn Gillmor wrote:
> On 09/24/2010 10:30 AM, Simon Richter wrote:
>> Of course. I was talking about data signatures, i.e. "I'm signing this
>> with my work hat on".
>
> ah, gotcha. sorry for the misunderstanding.
>
>> The main use case I have is my Debian w
On 09/24/2010 10:30 AM, Simon Richter wrote:
> Of course. I was talking about data signatures, i.e. "I'm signing this
> with my work hat on".
ah, gotcha. sorry for the misunderstanding.
> The main use case I have is my Debian work -- when I sign a .changes
> file, the Debian archive will accept
Hi,
On Fri, Sep 24, 2010 at 10:00:40AM -0400, Daniel Kahn Gillmor wrote:
> > It'd be nice if there was a signature notation that specifies which
> > UID(s) this signature would be valid for.
> Unless i'm misunderstanding your suggestion, there is no need for such a
> notation -- OpenPGP certific
On 9/24/10 8:15 AM, Vjaceslavs Klimovs wrote:
> If I have multiple not related e-mail accounts, is it better to create
> one key pair with multiple identities or a separate key pair for every
> account?
Like most things in life, the answer is, "it depends." There are some
use cases where multiple
On 09/24/2010 09:36 AM, Simon Richter wrote:
> On Fri, Sep 24, 2010 at 02:15:24PM +0200, Vjaceslavs Klimovs wrote:
>> If I have multiple not related e-mail accounts, is it better to create
>> one key pair with multiple identities or a separate key pair for every
>> account?
note that if you want t
On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote:
> Hi,
> If I have multiple not related e-mail accounts, is it better to create
> one key pair with multiple identities or a separate key pair for every
> account?
It's really a matter of taste. Some people like using different keys for
diff
Hi,
On Fri, Sep 24, 2010 at 02:15:24PM +0200, Vjaceslavs Klimovs wrote:
> If I have multiple not related e-mail accounts, is it better to create
> one key pair with multiple identities or a separate key pair for every
> account?
That depends on your use case mostly. I use a single key with multi
Hi,
If I have multiple not related e-mail accounts, is it better to create
one key pair with multiple identities or a separate key pair for every
account?
Is it good idea to create 4096 bit keys when creating new key pair? I
read through archives on this mailing list, and it seems there is no
real
38 matches
Mail list logo
