BitMail.sf.net v 0.6 - Secure Encrypting Email Client

2013-11-05 Thread rwest
Hello, can BitMail.sf.net as a p2p email tool for encrypted Email (and hybrid with IMAP-Email) be regarded as a reference model for research to create a secure Email Client? as it uses both, gnupg and openssl! http://bitmail.sourceforge.net/ https://sourceforge.net/projects/bitmail/files/BitMa

BitMail.sf.net v 0.6 - Secure Encrypting Email Client

2013-11-05 Thread rwest
Hello, can BitMail.sf.net as a p2p email tool for encrypted Email (and hybrid with IMAP-Email) be regarded as a reference model for research to create a secure Email Client? as it uses both, gnupg and openssl! http://bitmail.sourceforge.net/ https://sourceforge.net/projects/bitmail/files/BitMa

Re: trust your corporation for keyowner identification?

2013-11-05 Thread Paul R. Ramer
Leo Gaspard wrote: >> You are right. Decryption is sufficient to demonstrate control of >the private key, because if he can decrypt, he can also sign. What I >said, "decrypt and sign," was redundant. > >Well... I still do not understand why decryption is sufficient to >demonstrate >control of th

Re: gpgsm and expired certificates

2013-11-05 Thread Uwe Brauer
>> "MFPA" == MFPA writes: Hello > There are already several private sector CAs who provide free S/MIME > certificates in the hope that punters may take one of their paid > products instead or in addition. Potential sales is their incentive to > provide some products free. What wou

Sharing a card reader between pkcs11 and gnupg card?

2013-11-05 Thread Tapio Sokura
Hello, I'm having some troubles using both a PKCS #11 accessed card (national electronic ID card) and an OpenPGP card in the same computer. I haven't really looked deep into this yet, but it looks like the smart card reader is claimed by the driver that is first started (scdaemon or the natio

Re: Quotes from GPG users

2013-11-05 Thread Sam Tuke
> Feel free to use any of my public comments on the topic, either on my > blog or on Twitter. Those are great resources I hadn't seen before, thanks for the links! What do you think about these two? I had a hard time finding quotes from your articles that fit into 130 chars, so I reworded them:

Re: trust your corporation for keyowner identification?

2013-11-05 Thread Leo Gaspard
On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote: > I don't know how I can explain it any better than I have. I think you are > confusing assertion with verification. Unless you can differentiate between > the two in this case, I don't think you will see what I am talking about. >

bug-like: strange behaviour of addrevoker

2013-11-05 Thread Hauke Laging
Hello, I have created another key for me (higher security level) so its user ID has obviously the same name like the ones of my old key. I did this with Knoppix 7.2 (i.e. gpg 1.4.x). After key creation I wanted to add the keys to each other as designated revokers. But that didn't work as expec

Re: gpgsm and expired certificates

2013-11-05 Thread MFPA
Hi On Monday 4 November 2013 at 10:43:43 PM, in , Uwe Brauer wrote: > - NSA (among others) has abused its resource to > read emailworldwide at a very large scale. Indeed. > - so if a lot of people, say 30 % of all users > would encrypt theiremail, then NSA statisti

Re: trust your corporation for keyowner identification?

2013-11-05 Thread Paul R. Ramer
On 11/05/2013 09:26 AM, Leo Gaspard wrote: > On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote: >> I don't know how I can explain it any better than I have. I think you are >> confusing assertion with verification. Unless you can differentiate between >> the two in this case, I don't

Re: trust your corporation for keyowner identification?

2013-11-05 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 5 November 2013 at 11:03:19 PM, in , Paul R. Ramer wrote: > But if you sign it with an exportable > signature, you are saying to others that you have > verified the key. In the absence of a published keysigning policy, isn't that an

Re: Quotes from GPG users

2013-11-05 Thread Ben McGinnes
On 6/11/13 2:40 AM, Sam Tuke wrote: >> Feel free to use any of my public comments on the topic, either on my >> blog or on Twitter. > > Those are great resources I hadn't seen before, thanks for the links! > > What do you think about these two? I had a hard time finding quotes > from your article

Newbie question on GPG and PHP running from a webpage

2013-11-05 Thread Griffin Cheng [CLIB]
Hello, I am new to GPG, especially writing programs to decrypt stuff. Is this the right mailing list to ask? Regards, Griffin CHENG. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: trust your corporation for keyowner identification?

2013-11-05 Thread Paul R. Ramer
>On Tuesday 5 November 2013 at 11:03:19 PM, in >, Paul R. Ramer wrote: > >> But if you sign it with an exportable >> signature, you are saying to others that you have >> verified the key. > >In the absence of a published keysigning policy, isn't that an >assumption? Signing is to be an attestation

Re: Newbie question on GPG and PHP running from a webpage

2013-11-05 Thread Paul R. Ramer
"Griffin Cheng [CLIB]" wrote: >Hello, > >I am new to GPG, especially writing programs to decrypt stuff. Is this >the right mailing list to ask? gnupg-users is for most discussions and gnupg-devel is for programming/development specific questions. HTH. Cheers, --Paul -- PGP: 3DB6D884 __

unsubscribe

2013-11-05 Thread Griffin Cheng [CLIB]
___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users