Hi everyone!
> Am 27.02.2015 um 13:11 schrieb Kristian Fiskerstrand
> :
>
> People need to understand that operational security is critical for
> any security of a system and validate the key through secondary
> channel (fingerprint, algorithm type, key length etc verifiable
> directly or throug
Hi Kristian,
> Am 27.02.2015 um 17:31 schrieb Kristian Fiskerstrand
> :
>
> On 02/27/2015 05:26 PM, Patrick Brunschwig wrote:
> > On 27.02.15 13:11, Kristian Fiskerstrand wrote:
> >> On 02/27/2015 12:43 PM, Hauke Laging wrote:
> >>> Am Fr 27.02.2015, 12:27:40 schrieb gnupgpacker:
> >>
> May
Hi Chris,
> Am 27.02.2015 um 19:16 schrieb Christoph Anton Mitterer
> :
>
> This is basically what they want: Anonymous cryptography, whose complete
> security is based on some good luck whether you've communicated with the
> right peer the first time.
>
> But instead of just advertising that c
Hi Werner et al,
> Am 27.02.2015 um 20:56 schrieb Werner Koch :
>
> There is no trust in keyservers by design. As soon as you start
> changing this you are turning PGP into a centralized system.
OK, then I have a very practical question: Even though this is my fourth or
fifth attempt at establ
Hi Andreas,
> Am 27.02.2015 um 21:12 schrieb Andreas Schwier
> :
> The keyserver would make sense, if my mail client would automatically
> fetch the public key from a server, based on the e-mail address of the
> sender and some identity data (e.g. fingerprint) in the mail signature.
FWIW, that’s
Hi Doug,
> Am 28.02.2015 um 21:36 schrieb Doug Barton :
>
> It's overwhelmingly likely that you are overthinking this. :)
Yes, I have been known to have that tendency sometimes. :)
Thanks! Will do as you suggest, then.
Marco
signature.asc
Description: Message signed with OpenPGP using GPGMa
Hi Patrick,
> Am 01.03.2015 um 15:41 schrieb Patrick Brunschwig :
>
> The idea I have in mind is roughly as follows: if you upload a key to
> a keyserver, the keyserver would send an encrypted email to every UID
> in the key. Each encrypted mail contains a unique link to confirm the
> email addre
Hi Kristian,
> Am 01.03.2015 um 16:38 schrieb Kristian Fiskerstrand
> :
>
> You wouldn't need the keyservers to be involved in this at all. Anyone
> could set up such a mail verification CA outside of the keyserver network.
In theory, yes. And keybase.io goes in that direction, although they do
Hi Kristian,
> Am 01.03.2015 um 17:36 schrieb Kristian Fiskerstrand
> :
>
> Seriously? Please look at
> https://bugzilla.mozilla.org/show_bug.cgi?id=790487regarding that
> implementation, which opens up another can of worms (encrypts to {S,C}
> key, not encryption key, dual usage of same key mat
Hi Kristian,
> Am 01.03.2015 um 17:54 schrieb Kristian Fiskerstrand
> :
>
> Since the author's first reaction was closing it WONTFIX I didn't
> bother, with that kind of behavior they can't possibly take security
> seriously.
Error in judgement that has since been corrected. These things someti
10 matches
Mail list logo
