On Wed, 6 Jun 2012 21:54, pe...@digitalbrains.com said:
> But it's a bit unclear to me on what basis you decided it looked correct? Your
> mail suggests to me that you decided that based on the fact that the UID on
> that key is "Werner Koch (dist sig)". But that would be the very first thing a
On 07/06/12 06:23, da...@gbenet.com wrote:
> Clearly you failed to follow my link and clearly you failed to check the
> public key for gnupg. Now being a little confused try and get a clear
> question in your mind - is it Verner's key that you have such a passion to
> verify or gnupg?
I'm sorry, b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07.06.2012 02:15, Sam Smith wrote:
> yes, impersonation of the UID [Werner Koch (dist sig)] is what I'm
> trying to guard against.
>
> My efforts to verify the fingerprint are the best way to do this,
> correct?
>
>
>
>
>> Date: Wed, 6 Jun 201
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/06/12 14:17, Peter Lebbing wrote:
> On 07/06/12 06:23, da...@gbenet.com wrote:
>> Clearly you failed to follow my link and clearly you failed to check the
>> public key for gnupg. Now being a little confused try and get a clear
>> question in you
On 6/7/12 11:18 AM, da...@gbenet.com wrote:
> To put matters simply, (1) Verner's key is not the same as gnupg's
> key (2) You can confirm the validity of Verner's key by meeting him
> (3) you can confirm that gnupg is running on your computer gpg/2
> --version..
As an FYI, you are consistently mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/06/12 17:14, Robert J. Hansen wrote:
> On 6/7/12 11:18 AM, da...@gbenet.com wrote:
>> To put matters simply, (1) Verner's key is not the same as gnupg's key (2)
>> You can
>> confirm the validity of Verner's key by meeting him (3) you can confir
On Thu, 7 Jun 2012 17:59, mika.henrik.mai...@hotmail.com said:
> % gpg --list-sigs D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
> pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
> uid Werner Koch (dist sig)
> sig 58DFC608 2011-06-11 Andrey ...
> sig 30B94B5C
On 6/7/12 12:32 PM, Werner Koch wrote:
> That is actually a bit funny: I never asked anyone to sign that key.
> Probably they deduced the correctness from my regular key which I
> used to sign the above key. That is not a surprise; I have seen
> many signatures on my keys from people I never met.
On Thu, Jun 7, 2012 at 12:52 PM, Robert J. Hansen wrote:
> Perhaps it would be worthwhile to add a question to the signing process:
> "Have you met this person face-to-face and verified his/her identity?
> (y/N)" If the user answers no, display a warning that the user probably
> wants to lsign, n
On 6/7/12 1:05 PM, Sam Whited wrote:
> It would also just be an unwanted extra step for a lot of people.
Yes. And there are doubtless a large number of people who really don't
want to have to type in their new passphrase twice, too. We make them
do it anyway.
Objecting to it on the grounds of "
On Thu, Jun 7, 2012 at 1:22 PM, Robert J. Hansen wrote:
> Yes. And there are doubtless a large number of people who really don't
> want to have to type in their new passphrase twice, too. We make them
> do it anyway.
>
Yes, but that actually serves a purpose, it prevents people from
losing thei
On 6/7/12 2:10 PM, Sam Whited wrote:
> ...yes, it's hardly onerous, but it's still one extra step that does
> nothing for more advanced users (except perhaps when they haven't
> had enough coffee early in the morning :) ).
Friend of mine, a former law-enforcement officer, is a big believer in
che
On Thu, June 7, 2012 11:27 am, Werner Koch wrote:
> If you look at my OpenPGP mail header you will be pointed to a
> âfingerâ
> address - enter it into your web browser (in case you don't know what
> finger is) and you will see
I see that it would be handy to have this stuff in the header wh
13 matches
Mail list logo
