how to handle "bad" signers?

2005-11-05 Thread Thomas Kuehne
I've started to analyze the trust relations between the keys of various keysigning parties. The data below is generalization of several keys signing parties. the setting: * more than 20 potential participants * more than 15 attendees * 1-3 keys that signed every single key of all announced partici

Re: how to handle "bad" signers?

2005-11-05 Thread Alphax
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas Kuehne wrote: > I've started to analyze the trust relations between the keys of various > keysigning parties. The data below is generalization of several keys > signing parties. > > the setting: > * more than 20 potential participants > * mor

Re: back signatures

2005-11-05 Thread David Shaw
On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote: > David Shaw wrote: > > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: > > > >>Salve! > >>Can somebody explain me what is "back signatures"? > >>Manual not very clear about this. > > > > > > It's a countermeasure against an a

Re: back signatures

2005-11-05 Thread Alphax
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: >>> >>> David Shaw wrote: >I should add that this is a new feature for 1.4.3. >>

Re: back signatures

2005-11-05 Thread David Shaw
On Sat, Nov 05, 2005 at 04:32:07PM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 01:47:08PM +1030, Alphax wrote: > > > >>David Shaw wrote: > >> > >>>On Fri, Nov 04, 2005 at 02:24:09PM -0500, David Shaw wrote: > >>> > >>> > On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel

Re: back signatures

2005-11-05 Thread David Shaw
On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > It's as official as any release that hasn't happened yet: that is to > > say, we're happy and thrilled if you test it out and report bugs (to > > gnupg-devel), but you'll have to compile it from the SVN repository, > > and it's not consid

Re: how to handle "bad" signers?

2005-11-05 Thread David Shaw
On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > 1) and 3) are defiantly not the reasons in the analyzed cases. > > I really hope 2) is the cause, but in at least one

Re: how to handle "bad" signers?

2005-11-05 Thread Alphax
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > >>How should 4) be dealt with? >> >>As far as I am aware the is no negative signature or any other way to >>mark those keys - except for local trust settings. >

Re: back signatures

2005-11-05 Thread Alphax
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > On Sun, Nov 06, 2005 at 12:04:27AM +1030, Alphax wrote: > > >>>It's as official as any release that hasn't happened yet: that is to >>>say, we're happy and thrilled if you test it out and report bugs (to >>>gnupg-devel), but you

Re: back signatures

2005-11-05 Thread John W. Moore III
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David Shaw wrote: > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not con

CVS or SVN [Was: back signatures]

2005-11-05 Thread Stewart V. Wright
G'day David, * David Shaw <[EMAIL PROTECTED]> [051105 07:45]: > > It's as official as any release that hasn't happened yet: that is to > say, we're happy and thrilled if you test it out and report bugs (to > gnupg-devel), but you'll have to compile it from the SVN repository, > and it's not consi

Re: Expiring UID

2005-11-05 Thread Nicholas Cole
--- David Shaw wrote: > On Fri, Nov 04, 2005 at 04:59:01PM +, Nicholas > Cole wrote: > > Am I right that there is no easy way to create an > > expiring UIUIDas opposed to an expiring key). > > > > --ask-cert-expire seems to be ignored when using > > adadduidn the edit menu. > > > > Is there

Re: how to handle "bad" signers?

2005-11-05 Thread David Shaw
On Sun, Nov 06, 2005 at 01:09:36AM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > > > > > >>How should 4) be dealt with? > >> > >>As far as I am aware the is no negative signature or any other way to > >>mark those keys - except fo

Re: ECC

2005-11-05 Thread markus reichelt
* Jean-David Beyer <[EMAIL PROTECTED]> wrote: > > I put the speculations aside and stick with the fact that the NSA > > recommends ECC for government use. That's enough for _me_. > > > I guess it depends on how your paranoia works, and about whom you > choose to be paranoid. Does the NSA recomme

Re: CVS or SVN [Was: back signatures]

2005-11-05 Thread John Clizbe
Stewart V. Wright wrote: > Can someone then please update the information on the web pages to be > relevant to SVN as opposed to CVS (I'm assuming that you're not > running both concurrently). The cvs servers are still operational, just no longer updated. README.WARNING-REPOSITORY-NOT-CURRENT say