> Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> address to be pulled from the key on a keyserver, in fact, I'm
> convinced harvesting probably takes place.
As am I. However, it should be pointed out that this is no reason to
avoid using the keyservers.
One of the best way
Hi,
I created a pre-release of an GnuPG 1.4.12 installer for Windows:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.12-git51c1e84.exe
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-w32cli-1.4.12-git51c1e84.exe.sig
Sources are in the same directory. This version is built using a newer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Reference:
Subject: Re: Using root CAs as a trusted 3rd party
Date: Sat, 21 Jan 2012 13:49:20 -0800
From: Ken Hagler
To: Aaron Toponce
CC: gnupg-users@gnupg.org
> On Jan 21, 2012, at 10:12 AM, Aaron T
2012-01-22T23:33:38-06:00, John Clizbe:
> Holger wrote:
> > 2012-01-22T16:11:14-08:00, Doug Barton:
> > > On 01/22/2012 10:05, Holger wrote:
> > > > I intend to use gpg only for receiving encrypted e-mail, not signing
> > > > my outgoing e-mail. Because I don't want my name or e-mail address
> > >
On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
> On Jan 21, 2012, at 10:12 AM, Aaron Toponce wrote:
>
> > What are your thoughts on using root CAs as a trusted 3rd party for
> > trusting that a key is owned by whom it claims? Of course, this is merely
> > for casual checking, but it s
On Sun, Jan 22, 2012 at 4:02 AM, Robert J. Hansen wrote:
> A 1024-bit key has about an 80-bit keyspace, which is a factor of 16 million
> larger. Given the advances in supercomputing in the last decade it is
> reasonable to believe 1024-bit keys are either breakable now or will be in the
> near
2012-01-23T03:09:55-05:00, Robert J. Hansen:
> > Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> > address to be pulled from the key on a keyserver, in fact, I'm
> > convinced harvesting probably takes place.
>
> As am I. However, it should be pointed out that this is no rea
On 01/23/2012 03:24 PM, Mark H. Wood wrote:
> On Sat, Jan 21, 2012 at 01:49:20PM -0800, Ken Hagler wrote:
>
> (...)
>
> I guess that the lesson is: don't assume. Find out for yourself
> whether a CA is worthy of your trust, before trusting.
Well, that could be a big challenge. In addition consi
On 01/23/2012 10:35 AM, Holger wrote:
> I'm not a fan of comparisons at all
All argument from analogy is intellectual fraud, but they can be useful
to illuminate arguments. :)
> but I'd say my e-mail address feels more like my postal address, thus
> I tend to handle them similarly.
So, you keep
On Monday 23 of January 2012 16:35:45 Holger wrote:
> 2012-01-23T03:09:55-05:00, Robert J. Hansen:
> > > Keyserver SPAM is a straw-man argument. Yes, it's possible for an
> > > address to be pulled from the key on a keyserver, in fact, I'm
> > > convinced harvesting probably takes place.
> >
> > As
On 1/23/12 11:34 AM, Hubert Kario wrote:
> And there's a very good reson why you shouldn't be a fan of such
> comparisions: Unlike physical security, properly implemented
> cryptography is unbreakable at this time.
This, of course, handwaves the fact that cryptography more or less
*can't* be imple
On Mon, Jan 23, 2012 at 02:18:54PM +, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys, why not simply make it
> stupidly
> large? Equivalent to 256 bits with a symmetric cipher, or 512 bits?
Bec
On Monday 23 of January 2012 18:18:35 Robert J. Hansen wrote:
> On 1/23/12 11:34 AM, Hubert Kario wrote:
> > And there's a very good reson why you shouldn't be a fan of such
> > comparisions: Unlike physical security, properly implemented
> > cryptography is unbreakable at this time.
>
> This, of c
On 1/23/12 9:18 AM, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys
How do you enforce that? If it is technically possible to sign a
document with your primary key, then good luck telling a judge "n
On 1/23/12 12:52 PM, Hubert Kario wrote:
>>> And there's a very good reson why you shouldn't be a fan of such
>>> comparisions: Unlike physical security, properly implemented
>>> cryptography is unbreakable at this time.
>
> I didn't claim that any crypto is properly implemented.
This is not wh
On Mon, Jan 23, 2012 at 6:16 PM, Robert J. Hansen wrote:
> You may say the only purpose of the primary key is to sign the subkeys,
> but if it's technically possible for the primary key to sign documents
> then the purpose of the primary key is to sign documents.
>
> This is why I think it's kind
On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
wrote:
> Because it's also used to sign other people's keys. Using a very large
> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
> be unusable. You have to not only verify signatures on other keys but
> also the signatu
Chris Poole wrote:
> On Mon, Jan 23, 2012 at 4:52 PM, brian m. carlson
> wrote:
>
>> Because it's also used to sign other people's keys. Using a very large
>> key (for 256-bit equivalence, ~15kbits) makes verification so slow as to
>> be unusable. You have to not only verify signatures on other
On 1/23/12 4:08 PM, John Clizbe wrote:
> Depending on the source, a consensus seems to be forming that beyond
> a 2048 or 3072 bit modulus for DSA2 or RSA, folks need to switch to
> ECC.
Emphatic agreement -- this is clarification, not dispute:
A lot of people like to refer to _Applied Cryptograp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 23 January 2012 at 3:04:45 PM, in
, Holger wrote:
> Please simply accept that it's an issue for me as well
> as many others. Harvesting is supereasy: full keydumps
> are readily available.
It sounds like you value the flavour of pri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 21 January 2012 at 10:01:51 PM, in
, Robert J. Hansen wrote:
> If they want to mess with you, they don't need your
> permission. As is, you've explicitly asked them,
> "would you please sign certificate 0xDEADBEEF,
> fingerprint s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 6:23 PM, MFPA wrote:
> Suggestions like this tend to get lambasted because they do not
> enhance security, and privacy appears to be seen as unimportant.
Not in the slightest. The idea is certainly worthwhile. It's just
that there's no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 5:52 PM, MFPA wrote:
>> If they want to mess with you, they don't need your permission.
>> As is, you've explicitly asked them, "would you please sign
>> certificate 0xDEADBEEF, fingerprint so-and-so, here's my
>> credentials."
>
> True
23 matches
Mail list logo