On Tue, 06 Sep 2005 15:56:22 +0200, Zeljko Vrba said:
> 2. OpenPGP trust model isn't as 'strong' as X.509 (i.e. there aren't
> many trusted introducers)
OpenPGP does not define any trust model. Instead it provides the
mechanisms to implement any kind of trust modell on top of it.
Salam-Shalom,
> There is not point in writing a low level code in each application to
> support each card it is NxN situation, not wise.
The truth is that if cards were more ISO compliant this situation would not
be a big deal.
Also I'm sure a lot of this code could be shared among apps.
Anyway, I'm a gpg use
David Shaw wrote:
> On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
>
>>Kurt Fitzner wrote:
>>
>>gpg --edit-key clean
>>
>>And setting the clean-sigs and clean-uids options on import-options,
>>export-options, and keyserver-options are our only defense until then.
>>
>>Like you, I r
Alon Bar-Lev wrote:
> David Picon Alvarez wrote:
>
> I dropped all stuff regarding the differences using API and
> communication... I think you are wrong, there is exception for the
> rules... I try now to contact FSF for a formal position.
>
>>
>> The lawyer who wrote GPL wrote it with the expli
Werner Koch wrote:
> On Tue, 06 Sep 2005 19:35:34 +0200, Zeljko Vrba said:
>
>
>>As Alon did remark earlier, the general movement in the industry is
>>towards multi-purpose smart-cards. OpenPGP card currently doesn't fall
>>into this category.
>
>
> Not true. The OpenPGP card specification is
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Alphax wrote:
> You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
> which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
> X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
> the CryptoAP
David Picon Alvarez wrote:
> You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
> which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
> X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
> the CryptoAPI?
No! this is not the issue of cry
Alon Bar-Lev wrote:
>
> David Picon Alvarez wrote:
>
>
>
>>You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
>>which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
>>X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
>>the CryptoAPI?
>
On Wed, Sep 07, 2005 at 08:02:56PM +0930, Alphax wrote:
> > Not true. The OpenPGP card specification is a card application and
> > you may put as many other applications on a card as you like and the
> > EEPROM allows to. With 6k (and even less possible) it is actually a
> > pretty small applica
From: "Alon Bar-Lev" <[EMAIL PROTECTED]>
> David Picon Alvarez wrote:
> > You trust the Microsoft CryptoAPI? Well why don't you just run Windows,
> > which Microsoft Says is Perfectly Secure, and use Microsoft's inbuilt
> > X.509 instead of OpenPGP, since Microsoft Guarantees No Back Doors in
> > t
> The only place in the GPL where libraries are mentioned is in reference
> to the LGPL. Using the Microsoft CryptoAPI doesn't appear to be legal;
> AFAICT, this is similar to the reason why Enigmail insists on GPG
> instead of being able to interface with PGP on Windows systems.
Wrong.
>From GPL
Alphax wrote:
> The only place in the GPL where libraries are mentioned is in reference to
the LGPL. Using the Microsoft CryptoAPI doesn't appear to be legal;
> AFAICT, this is similar to the reason why Enigmail insists on GPG instead
of being able to interface with PGP on Windows systems.
So y
Peter Gutmann wrote:
> Alphax <[EMAIL PROTECTED]> writes:
>
>>Zeljko Vrba wrote:
>>
>>>Joe Smith wrote:
>>>
For example, your CA can revoke your key leaving you with one key that
is invalid X.509, but valid OpenPGP? Yuck!
>>>
>>>Using the X.509 cert and OpenPGP public key (having the
Alon Bar-Lev wrote:
> Alphax wrote:
>> The only place in the GPL where libraries are mentioned is in
>> reference to the LGPL. Using the Microsoft CryptoAPI doesn't appear
>> to be legal; AFAICT, this is similar to the reason why Enigmail
>> insists on GPG instead of being able to interface with PG
Alphax <[EMAIL PROTECTED]> writes:
>Zeljko Vrba wrote:
>> Joe Smith wrote:
>>> For example, your CA can revoke your key leaving you with one key that
>>> is invalid X.509, but valid OpenPGP? Yuck!
>>>
>> Using the X.509 cert and OpenPGP public key (having the same private
>> key) could be useful in
Alphax wrote:
1. What's the standard size of the EEPROM on a smartcard suitable for
OpenPGP?
YOu have cards ranging from 8k to 64k
>
2. What else could you fit on such a card?
debit/credit applications, X.509 PKI applications, data-containers, etc.
>
3. Is it possible to have multiple th
David Picon Alvarez wrote:
There is not point in writing a low level code in each application to
support each card it is NxN situation, not wise.
The truth is that if cards were more ISO compliant this situation would not
be a big deal.
Even if this were to happen, ISO still doesn't say anyt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>>To my knowledge, the PGP GD doesn't sync with anyone. It would be
>>interesting to know how/where these signatures are leaking into the
>>keyserver net.
>
> Probably some PGP users who are "automagically" synchronising their
> entire keyrings with
On Wed, Sep 07, 2005 at 07:47:12PM +0930, Alphax wrote:
> David Shaw wrote:
> > On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
> >
> >>Kurt Fitzner wrote:
> >>
>
> >>gpg --edit-key clean
> >>
> >>And setting the clean-sigs and clean-uids options on import-options,
> >>export-option
Hi!
I loaded a new key from a keyserver and cleaned it in the '--edit-
key' shell.
When I controlled the result with 'gpg --list-sigs 08B0A90B',
I found a lot of expired signatures. If you look at the output at
sigs from the key CA57AD7C, you see that there are 7 valid newer
signatures from this
Alon Bar-Lev wrote:
>
But the work needs to be moved into gpg-agent... :(
You were referring to my PKCS#11 patch.. After studying the GPG
architecture a bit, I think this needs to be moved into the scdaemon.
gpg-agent actually does nothing with smart-cards - it uses scdaemon to
do the work.
Wh
Zeljko Vrba wrote:
Alon Bar-Lev wrote:
>
But the work needs to be moved into gpg-agent... :(
You were referring to my PKCS#11 patch.. After studying the GPG
architecture a bit, I think this needs to be moved into the scdaemon.
gpg-agent actually does nothing with smart-cards - it uses scdaem
Alon Bar-Lev wrote:
Great! Super! Amazing!
If you can do it with a little effort I will glad to check and use it.
Not so little. I don't have any card or PKCS#11 driver. Mozilla NSS is a
pain to set up. I have no idea how to use its softtoken implementation.
Opencryptoki uses ^$@@#$$#&^!!ng au
On Wed, Sep 07, 2005 at 05:41:27PM +0200, Dirk Traulsen wrote:
> Hi!
>
> I loaded a new key from a keyserver and cleaned it in the '--edit-
> key' shell.
> When I controlled the result with 'gpg --list-sigs 08B0A90B',
> I found a lot of expired signatures. If you look at the output at
> sigs from
Hello all,
I use kubuntu with kmail and kgpg.
When I try to send a mail with signature and I use "inline openpgp" then the
sig is attached and not inline. I see this when I send a mail to winusers and
outlook.
Can someone tell me how I can send a signature inline? So PGP on outlook can
read it?
PLEASE PLEASE PLEASE stop cc'ing messages to me if they are also addressed
to the list
--
Benjamin
[EMAIL PROTECTED]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Wed, Sep 07, 2005 at 08:58:18PM +0200, Stefan Fuhrmann wrote:
> [...] I use kubuntu with kmail and kgpg.
> When I try to send a mail with signature and I use "inline openpgp" then the
> sig is attached and not inline. [...]
I have the same problem with Mutt 1.5.9i & Gnupg 1.4.1 on Debian 3.1.
On Wed, Sep 07, 2005 at 01:13:02PM +0200, Janusz A. Urbanowicz wrote:
> PS> The whole discussion made me curious; I worked with smartcards
> extensively few years ago and was grossly disappointed with the stuff from
> the development side, but times they are a'changin... Where can I purchase a
> c
This may be a very silly question, but I want to know what is involved
with running a key server?
A manager has asked about whether we can somehow use "electronic
signatures" on internal documents to reduce paper and printer costs as
well as the problem of occasionally losing a printed piece o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Berend Tober wrote:
> This may be a very silly question, but I want to know what is involved
> with running a key server?
>
> A manager has asked about whether we can somehow use "electronic
> signatures" on internal documents to reduce paper and prin
On Wed, Sep 07, 2005 at 05:29:18PM -0400, Berend Tober wrote:
> This may be a very silly question, but I want to know what is involved
> with running a key server?
>
> A manager has asked about whether we can somehow use "electronic
> signatures" on internal documents to reduce paper and printer
David Shaw wrote:
> Would be difficult to do in SKS. You need to be able to verify
> signatures (so cleaning doesn't remove the wrong signature), and right
> now SKS doesn't verify signatures.
The problem isn't widespread in that other keyservers are doing this
sort of thing. A simple explicit
On Wed, Sep 07, 2005 at 08:21:24PM -0600, Kurt Fitzner wrote:
> David Shaw wrote:
>
> > Would be difficult to do in SKS. You need to be able to verify
> > signatures (so cleaning doesn't remove the wrong signature), and right
> > now SKS doesn't verify signatures.
>
> The problem isn't widesprea
Maybe off topic.If so please point me in the right direction. OS is WIN XP
SP2
I have just installed the latest WinPT front-end 1.0rc2 from their web site.
I want to use my installed gpg 1.4.2 but it will not run. It produces an
error stating that it needs gpg 1.1 or higher. It runs OK with th
34 matches
Mail list logo
