SURFnet and DFN-CERT.
Another report about cross certificates and other methods
of linking PKIs was published a few weeks ago:
http://www.dfn-pca.de/bibliothek/reports/pki-linking/
Cheers,
Olaf
--
Dipl. Inform. Olaf Gellert (PKI Team), DFN-CERT Services GmbH
https://www.dfn-cert.de, +49 40
ed, just Microsoft's
> Error reporting.
> I can't copy Microsoft's report content.
But you could do a screenshot of the window, I guess!
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Ph
eases/libprelude-0.9.0-rc11.tar.gz.sig
and they were transferred correctly (otherwise gpg 1.4.2 should
fail to validate the signature, too). Could this be related to
the signature being a "textmode" signature (on a binary file)?
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert
t is able to
handle revocation lists and OCSP-queries.
This enables applications to use S/MIME without
re-inventing the wheel.
So please be fair: Both S/MIME and PGP have
their advantages and disadvantages. And GPG
seems to be on the way to be able to handle
both. This sounds like a good
dex.html and understand its
> role in cryptographic application and that gpg can benefit from it.
For sure, I have read much more about tokens
and PKCS11 than you think. And even if you
cannot believe it: It may well be that
some people have different experiences and
different opinions
f
you want to use X.509 certificates for login), you have
to establish your own CA (and end up with your certificates
being untrusted by default), so you have different
troubles in the X.509 world.
As always: The world is not black and white. :-)
Cheers,
Olaf
--
Dipl.Inform. Olaf Gellert
planned for the near future? What usage is expected
to depend on this capability?
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily
Thanks, Christoph and David for enlighting
me...
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet A
ilable.
> GPG can in some occasions still print warnings to the tty even though
> --batch is used as on option.
And even when "--no-tty" and "--batch" are given on the
commandline, GPG may ask questions, if I remember correctly.
For encrpytion it should work anyway, wit
Hi Werner,
Werner Koch wrote:
> On Fri, 10 Feb 2006 10:28:20 +0100, Olaf Gellert said:
>
>> And even when "--no-tty" and "--batch" are given on the
>> commandline, GPG may ask questions, if I remember correctly.
>
> No, there shall be no interactive
ipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net
eferences)
with my own PGP2-key, MD5 is the default hash algorithm
(which makes some sense because PGP2 will probably not
be able to validate signatures based on other algorithms).
When I sign a PGP2 key with a newer key (DSA), it
would be SHA1 (even though the recipient will probably
not be able to
? Sounds
like acting as a replacement for the ssh-agent?
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view
s true, than tell us the
> adress(es), please.
>
> best regards
> Stadtwerke Meerane GmbH
>
> Heiko Teichmeier
> http://www.sw-meerane.de
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Ph
m" date is actually reached.
So it's the usual trade off between convenience and
security...
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
ng
none at all). So my identification policy
depends on the key that's used. Schizophrenia!
Regards, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
ight be a good
default, but who am I to judge what is the
BEST solution?
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services[EMAIL PROTECTED]
___
IT-department at least when
someone else has to add a new subkey. So just sit
and wait and you will get better (or more) arguments...
;-)
No, to be honest: SKS keyservers work for all recent
key formats of PGP/GnuPG, so that's a solution...
Regards, Olaf
--
Dipl.Inform. Olaf Gellert
tely different than GnuPG, so the
crypto gurus take care for GPG and some other gurus
develop key servers. Maybe a key server that supports
cryptography would need a team of both. Any takers? ;-)
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Resear
m only occur when you send to mailing
lists? Or does it also occur when you send signed emails
to normal recipients? That would give a strong indication
on where the error actually happens...
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher,
algorithms? The key is
available on the keyservers. Thanks for help,
Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services[EMAIL PROTECTED
quot;sign only"
keys and to enable encryption, one would add an encryption
only subkey?
Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Service
22 matches
Mail list logo
