On Thu, Sep 19, 2013 at 4:55 AM, Doug Barton wrote:
> I don't recall if anyone has mentioned http://pgp.cs.uu.nl/ yet. Tragically
> not available over https, but nowadays that isn't as much of an assurance as
> once thought, depending on your threat model of course. :)
I did mention it once:
On
In my humble opinion, this has been an enormous limitation on this
standard. But there are other curves with OIDs (check for the "Brainpool
standard Curves". The rfc4492, similar to what you mention but for TLS,
allows any arbitrary curve (prime & char2) but rfc 6637 doesn't allow us to
go that far
On 09/18/2013 10:35 PM, Doug Barton wrote:
> The issue for me is the "cleanliness" and accuracy of my local key ring
> (as I pointed out in a previous message in this thread). I don't like
> what either CAFF or Pius do; leave signatures that I consider "bogus" on
> my local copy of the key, or rely
On Thu, 19 Sep 2013 13:29, se...@calcurco.cat said:
> allows any arbitrary curve (prime & char2) but rfc 6637 doesn't allow us to
> go that far.
Sorry, I can't see that. The only problem I see with 6637 is that the
standard uncompressed encoding is required and that we have no way to
change that
On Thu, Sep 19, 2013 at 6:44 PM, Werner Koch wrote:
>> to create the key (if that is possible) so that people can make a
>> judgement about that kind of thing when they certify keys -- assuming
>
> If Bobs decides to use NIST curve, why don't you want to send a mail to
> him. It his his decision
On Wed, 18 Sep 2013 15:28, j...@enigmail.net said:
> Times are stored as a number of seconds. Sorting numbers in order is a
> sensible thing
Let me add a this from doc/DETAILS:
Note that the date is usally printed in seconds since epoch, however,
we are migrating to an ISO 8601 format (e.g. "1
On Wed, 18 Sep 2013 10:54, nicholas.c...@gmail.com said:
> If I understand correctly, the curve is used to create the
> Public/Private Keypair. So GPG probably needs to display clearly (in
The curve is part of the key. We have a similar thing in Elgamal and
DSA algorithms, over there we call it
On Thu, Sep 19, 2013 at 7:44 PM, Werner Koch wrote:
> If Bobs decides to use NIST curve, why don't you want to send a mail to
> him. It his his decision whether he want to keep stuff confidential.
Yes, but it isn't only HIS stuff!
I want to know if the information I send out is secure enough or
On Wed, Sep 18, 2013 at 07:55:45PM -0700, Doug Barton wrote:
> When I was a FreeBSD developer I tried to get the PTB interested in
> adding standard (albeit opt-in) support for PGP signatures in our
> ports/packages system. For the source side (ports) I wanted to include
> the PGP signatures fr
