Re: Thoughts on GnuPG and automation

NSA or GCHQ taking in every single email that crossed their borders. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 pgpb9gmjiGWFb.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-u

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

key to not use SHA1 digests which it appears to be using, as well as listing SHA1 as my second favourite algorithm. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnup

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

've not heard of any issues with that setup, but your mileage may vary. Thanks, that was quite helpful. I've found I can just delete the self signatures on my UID and replace them with better ones but I can't see a way to change the subkey binding signature. -- Steve Jones K

Non email addresses in UID

um it would be useful to be able to verify this. I'm curious what other people on this list think of this. [1] http://tools.ietf.org/html/rfc4880#section-5.11 -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP

Re: his public key is 5 monitors high, and her same key is 1 ?

ilar key and that key is one half a monitor in > 'monitor' height You can use the pgpdump tool to see all the data in a public key file. A given key might contain lots of extra data beside the actual key, like signatures and photos. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 428

Re: Non email addresses in UID

So I'm led to the idea that associating keys with areas on the web where a person's work, writings, etc... are known is more important than some sort of confirmation of a person's name, which is not even a unique identifier. If, for example, you'd signed your commits to monkeysph

Re: Non email addresses in UID

ontrol of that private key and can publish to that blog. Which reminds me that I'd really like an email client that automatically signs keys at level 1 (persona) of anyone who replies with a signed email that quotes a significant portion of the text I sent, as this effectively counts as a challe

Re: Non email addresses in UID

On Tue, 28 Jan 2014 20:13:30 +0100 Leo Gaspard wrote: > On Fri, Jan 24, 2014 at 11:08:16PM +0000, Steve Jones wrote: > > [...] > > > > Finally there's the possibility of explicit verification, if someone > > sends me a challenge and I publish that challenge'

Re: MUA "automatically signs keys"?

On Wed, 29 Jan 2014 11:14:11 + "nb.linux" wrote: > Gregor Zattler: > > Hi Steve, gnupg users, > > * Steve Jones [24. Jan. 2014]: > > That's an interesting idea. But there is still the possibility > > of a man in the middle attac... The web of tru

Re: MUA "automatically signs keys"?

sily-noticed. Maybe, a lot of compromised actors have gotten away with it for a long time. But that's a different story, all the trust in a person's key and identity is useless if they're secretly working against you. - -- Steve Jones Key fingerprint: 3550 BFC8 D7B

Re: Non email addresses in UID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 30 Jan 2014 00:22:08 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > On Tuesday 28 January 2014 at 11:37:25 PM, in > , Steve Jones wrote: > > > > A more sophisticated approach > > would b

Re: MUA "automatically signs keys"?

On Thu, 30 Jan 2014 21:09:45 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > On Thursday 30 January 2014 at 12:58:44 AM, in > , Steve Jones wrote: > > The advantage you have here though is the web of trust. > > 1 level 1 signature would probably be not en

Re: MUA "automatically signs keys"?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 31 Jan 2014 01:15:07 + MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote: > On Thursday 30 January 2014 at 10:43:39 PM, in > , Steve Jones wrote: > > > Well therein lies my problem with the PGP system. It > &

Re: MUA "automatically signs keys"?

On Fri, 31 Jan 2014 15:02:14 +0100 NdK wrote: > Il 31/01/2014 10:24, Steve Jones ha scritto: > > > Well the conventions of use, for example the key signing party > > protocol, requires photographic id. If I publicly sign a key it has > > to be in line with how I expec

Re: MUA "automatically signs keys"?

from the first contact. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: email verification as casual checking?

ecurely? If the keyserver has certified the key with a challenge response protocol you've got your answer. Ideally you'd have an email address and a fingerprint, but often you don't. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.

Re: email verification as casual checking?

o email the person anyway you might as well have some confidence that you're using the right key. -- Steve Jones Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-us