-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 6 January 2014 at 2:24:10 AM, in
, Hauke Laging wrote:
> That is correct. I am not aware of a possibility to get
> the data and the signature from GnuPG. But that doesn't
> mean it's not possible.
I think the thread you linked to [
On 06/01/14 01:51, Hauke Laging wrote:
> Let me guess: Modifying the mail client so that it automatically removes
> the word "not" would be illegitimate because for some strange reason
> that would be "solving social problems by technical means"...
I guess it boils down to the point that I just
Am Mo 06.01.2014, 01:47:39 schrieb MFPA:
> Most "signed and encrypted" messages created with PGP or GnuPG have
> the two processes applied together - you do not normally decrypt a
> message and then see a signed message as the output.
That is correct. I am not aware of a possibility to get the da
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 3 January 2014 at 10:28:28 AM, in
, Hauke Laging wrote:
MFPA:
>> Again, this would be flagged up if the sender was in
>> the habit of signing outgoing messages (as you
>> stated).
> No, it wouldn't. The reason is that the signature
> Let me guess: Modifying the mail client so that it automatically removes
> the word "not" would be illegitimate because for some strange reason
> that would be "solving social problems by technical means"...
Hauke, at this point you've advocated your idea -- strongly -- and
you've received a g
Am So 05.01.2014, 16:41:11 schrieb Doug Barton:
> It can be both trivial and reliable, simply place the following in
> your .signature file:
>
> I will not encrypt this message before sending.
>
> On those occasions when you do encrypt, remove the word "not."
Let me guess: Modifying the mail cl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/05/2014 08:07 AM, Hauke Laging wrote:
| Am So 05.01.2014, 10:15:51 schrieb Robert J. Hansen:
|
|> >Your problem can be solved trivially by establishing a policy of,
|> >"Encrypted messages must contain a notification within the signed
|> >mess
On Sunday 05 January 2014 03:10:48 Leo Gaspard wrote:
> Well... I, personally, would attach more importance (no more validity, just
> importance, like in "listen to me very well" or whatever english people say
> to others to get them to listen carefully) to a message signed to an
> offline main key
On Sat, Jan 04, 2014 at 10:28:26PM +0100, Johannes Zarl wrote:
> On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> > On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > > In your example, the fact that a message was encrypted makes the
> > > recipient treat it as though
On Sunday 05 January 2014 14:04:49 Peter Lebbing wrote:
> [1] By the way, your statement might not even be true; how often have
> you written "See the attachment" and then forgetting to attach the
> file? I have done it countless times.
I bet Hauke never forgot to attach the file because he is usi
> That is neither trivial nor reliable nor the best approach to deliver
> this information.
It is a trivial fix; whether it is reliable depends on how committed
participants are towards enforcing policy.
> As I said in my first mail in this thread this isn't about changing
> GnuPG at all becaus
Am So 05.01.2014, 10:15:51 schrieb Robert J. Hansen:
> Your problem can be solved trivially by establishing a policy of,
> "Encrypted messages must contain a notification within the signed
> message body of who the message is encrypted for."
That is neither trivial nor reliable nor the best appro
> Don't write "I will encrypt this message"[1] in every mail hoping that the
> recipient deduces that you want to do secret stuff, and leaving them to deduce
> from the absence of that message that you want to do the regular stuff. Hoping
> that other people will infer meaning from things that are
> I agree with Robert, you're trying to solve a social problem with a technical
> solution.
More to the point, he's solving the wrong problem and conflating policy
with mechanism.
GnuPG does not provide policy. Policy is the responsibility of the
people using GnuPG. All GnuPG provides is mechan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/01/14 11:15, Hauke Laging wrote:
> Why should I write "I will encrypt this message to 0x12345678" in every
> mail which is boring, easily forgotten and error-prone if the problem can
> *easily* be solved technically with much better results?
Don
Am So 05.01.2014, 10:35:44 schrieb Peter Lebbing:
> On 05/01/14 04:38, Hauke Laging wrote:
> > You are aware that is doesn't make any sense to make this claim
> > without any argument after the opposite has been claimed with an
> > argument (a very strong one)?
>
> Eh? You yourself start this who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/01/14 04:38, Hauke Laging wrote:
> You are aware that is doesn't make any sense to make this claim without any
> argument after the opposite has been claimed with an argument (a very
> strong one)?
Eh? You yourself start this whole discussion by
Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl:
> Wouldn't one have to encrypt the signed-encrypted-signed message again
> to prevent an attacker from stripping away the outer signature? What
> would the recipient then do with the simple signed-encrypted message?
That would be possible for an a
On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > In your example, the fact that a message was encrypted makes the
> > recipient treat it as though the sender had indicated something specific
> > about the message beca
On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> On 01/03/2014 06:56 PM, Leo Gaspard wrote:
> > On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
> >> On 01/03/2014 08:12 AM, Leo Gaspard wrote:
> >>> So changing the encryption could break an opsec.
> >>
> >>
On 01/03/2014 01:28 AM, Robert J. Hansen wrote:
On 1/3/2014 3:33 AM, Doug Barton wrote:
This threat model doesn't make a lot of sense, except for very naive
users who cannot distinguish the importance of a message that is
encrypted vs. a message (encrypted or not) which is signed.
I'm going to
On 01/03/2014 06:56 PM, Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
>> On 01/03/2014 08:12 AM, Leo Gaspard wrote:
>>> So changing the encryption could break an opsec.
>>
>> If someone's opsec is based on the question of whether a message was
>> encrypte
On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote:
> On 01/03/2014 08:12 AM, Leo Gaspard wrote:
> > So changing the encryption could break an opsec.
>
> If someone's opsec is based on the question of whether a message was
> encrypted or not, then they've probably got their cart be
Il 03/01/2014 11:28, Hauke Laging ha scritto:
> But I do not suggest to make my configuration the default. I just want
> to be able to use it. Sometimes it's best to send a signed cleartext
> message, sometimes to send an unsingned encrypted message, sometimes a
> first signed then encrypted me
On 01/03/2014 12:35 AM, Hauke Laging wrote:
> From the RfC perspective (PGP/MIME) this should not be a problem; you just
> need another level of nesting. Maybe the mail clients are not even prepared
> for reading such messages. That would not surprise me but would not be an
> argument against on
On 01/03/2014 08:12 AM, Leo Gaspard wrote:
> So changing the encryption could break an opsec.
If someone's opsec is based on the question of whether a message was
encrypted or not, then they've probably got their cart before their
horse too.
opsec requirements should indicate whether you encrypt,
On Fri, Jan 03, 2014 at 06:21:05AM -0500, Robert J. Hansen wrote:
> On 1/3/2014 4:57 AM, Hauke Laging wrote:
> > Would you explain how that shall be avoided?
>
> I already did, in quite clear language.
>
> You are trying to solve a social problem ("people don't have the
> background to think form
On 03/01/14 10:57, Hauke Laging wrote:
> If I receive an email from you which is not encrypted and signed (as the
> outer layer) then I go on red alert. Like today I might if the message is
> not encrypted or not signed.
How do you know the sender doesn't have an unencrypted copy of the message i
On 1/3/2014 4:57 AM, Hauke Laging wrote:
> Would you explain how that shall be avoided?
I already did, in quite clear language.
You are trying to solve a social problem ("people don't have the
background to think formally about trust issues") via technological
means ("if we just change the way we
Am Fr 03.01.2014, 04:28:38 schrieb Robert J. Hansen:
> or that his proposed fix would work.
Would you explain how that shall be avoided?
You send an email to me. You encrypt it to the key which I want you to
encrypt it to. Then you sign the encrypted data.
If I receive an email from you which
Am Fr 03.01.2014, 10:02:28 schrieb MFPA:
> OpenPGP's mitigation against this is signing emails, and the web of
> trust to give assurance who signed.
That's exactly why I want signatures. But I do not only want a signature
which guarantees the data integrity, I want a(nother) signature which
gua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 3 January 2014 at 5:35:28 AM, in
, Hauke Laging wrote:
> I just noticed that you can easily be deluded about an
> email being encrypted: That you receive an encrypted
> mail does not mean that it was sent encrypted. An
> adversary ma
Am Fr 03.01.2014, 01:13:13 schrieb Doug Barton:
> On 01/03/2014 12:59 AM, Hauke Laging wrote:
> | Do you agree that it is (or, depending on the content, can be) an
> | important information whether a message was encrypted by the sender
> | (and for which key)?
>
> Not particularly, no. The messag
On 1/3/2014 3:33 AM, Doug Barton wrote:
> This threat model doesn't make a lot of sense, except for very naive
> users who cannot distinguish the importance of a message that is
> encrypted vs. a message (encrypted or not) which is signed.
I'm going to cautiously disagree. What we call "very naiv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/03/2014 01:13 AM, Doug Barton wrote:
| My argument is that the_only_ thing relevant to message validity
| is the signature on the message itself. Whether it was encrypted or
| not should play no role in the recipient's calculation of the
| va
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
FYI, your client has horrible line wrapping. If there is a setting,
please change it to 72 columns.
On 01/03/2014 12:59 AM, Hauke Laging wrote:
| Do you agree that it is (or, depending on the content, can be) an
| important information whether a m
Am Fr 03.01.2014, 00:33:51 schrieb Doug Barton:
> On 01/02/2014 09:35 PM, Hauke Laging wrote:
> | I just noticed that you can easily be deluded about an email being
> | encrypted: That you receive an encrypted mail does not mean that it
> | was sent encrypted. An adversary may encrypt a non-encrypt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/02/2014 09:35 PM, Hauke Laging wrote:
| I just noticed that you can easily be deluded about an email being
| encrypted: That you receive an encrypted mail does not mean that it
| was sent encrypted. An adversary may encrypt a non-encrypted mes
Hello,
this is not a GnuPG problem. GnuPG is capable of doing what I want. But I am
interested in your opinion.
I just noticed that you can easily be deluded about an email being encrypted:
That you receive an encrypted mail does not mean that it was sent encrypted.
An adversary may encrypt a
39 matches
Mail list logo
