pted communication as a matter
of personal policy or principle, in conjunction with teaching the
use of a complex software system necessary to do it is, IMHO,
a big mistake.
Listo Factor
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gn
of the message. Without solving that primary problem,
the motivation for the adoption of any new scheme is either low
or non-existent.
Listo Factor
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 08/27/2015 06:41 PM, Robert J. Hansen wrote:
My rationale for this is simple: we don't want to encourage new users to
use 1.4. We want to encourage new users to use 2.0 and/or 2.1.
...
I, personally, don't think it's a big deal to drop mention of 1.4 except
to talk about "it's for system adm
On 09/28/2015 09:53 AM, Sudhir Khanger wrote:
Hi,
Should I continue to use gpg command
everywhere?
Unless you have specific reasons for transitioning to gpg2, stick
with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
to use.
___
Gnupg-u
On 09/28/2015 05:40 PM, Werner Koch - w...@gnupg.org wrote:
> On Mon, 28 Sep 2015 13:23, listofac...@mail.ru said:
>
>> Unless you have specific reasons for transitioning to gpg2, stick
>> with gpg (GnuPG) 1.4.16. It is just as secure, and much easier
> ^^
On 09/28/2015 08:26 PM, Robert J. Hansen wrote:
Most od 2.x "improvements" have little to do with security.
Per NIST, RSA-2048 is believed safe until 2030. That means that if you
need to keep secrets longer than fifteen years, you need to move away
from RSA completely. RSA-3072 is not all tha
On 09/28/2015 09:36 PM, Robert J. Hansen wrote:
To paraphrase the movie _A Few Good Men_, it doesn't matter what you
know, it only matters what you can prove.
I'm not here to prove anything.
An Internet mailing list is not about proving things. It lacks
both the procedural rigour and an impart
On 10/12/2015 03:32 PM, Mark H. Wood - mw...@iupui.edu wrote:
Dare I suggest that people who need private and/or integrity-protected
email for professional use should hire a professional to interview
them, set up the software according to the client's standards for
professional practice, and exp
On 10/12/2015 09:29 PM, Don Saklad wrote:
For cognoscenti ?... not for greater users that the too steep learning
curve holds back distributing more widely?
http://english.stackexchange.com/questions/6209/what-is-meant-by-steep-learning-curve
The assignment of the units on abscissa and the ordinat
On 10/06/2015 02:07 PM, Robert J. Hansen - r...@sixdemonbag.org wrote:
Australian researchers have figured out how to make a quantum gate on a
silicon chip. [...] there's absolutely nothing to panic over.
Yup, instead of panicking, we should simply acknowledge the fact
that secret communication
On 10/24/2015 08:52 AM, Robert J. Hansen wrote:
I know it's popular to say the sky is falling, but it isn't, and this
kind of scaremongering doesn't help anyone.
I agree that the sky is not falling, at least not for everybody.
I do however believe that we must face the future without the
hocus
On 10/27/2015 03:55 AM, Robert J. Hansen wrote:
You start from tautology and conclude at paradox. This doesn't appear
to be something to be taken seriously.
Allow me to try again:
*There is no secure communication over an insecure channel
without out-of-channel bootstrap*.
I believe the abov
On 02/06/2016 12:08 PM, Robert J. Hansen - r...@sixdemonbag.org wrote:
Since I seem to have become the doyen of documentation, I figure I
should ask: what markup language and/or output formats should we be
pursuing for future documentation work?
Whatever you decide to use, I suggest to consider
On 03/22/2016 09:21 PM, Peter Lebbing wrote:
... writing good documentation is hard, very hard. In
fact, it turned out to be easier to write academical papers on why it is so
difficult to make crypto easy to use than to write documentation that makes
crypto easy to use.
It ~is~ hard, but only
On 03/26/2016 03:55 AM, Dashamir Hoxha wrote:
On Fri, Mar 25, 2016 at 9:50 PM, listo factor wrote:
>> ... The efforts which concentrate on making it easy might
>> indeed increase the number of people that use it, but at the
>> expense...
So, maybe they will be safer if the
I do not use this device, so I am wondering if those that are
familiar with it may be kind enough to confirm my understanding
of its security architecture:
The device uses a protected hardware module, which does several
things:
1) It uses it's own secret, etched in silicone, in combination
with
On 03/30/2016 12:16 PM, listo factor - listofac...@mail.ru wrote:
> I do not use this device, so I am wondering...
There was a quite a few posts following my question, but
unfortunately those quickly drifted off to the aspects of this
case (good/bad government(s), compelling rich/poor vendo
On 03/31/2016 07:53 AM, Johan Wevers - joh...@vulcan.xs4all.nl wrote:
...
1) Is it correct...
Both apply here:
Yes they did design such a device. No, they didn't use...
No they didn't use that in this particular model (iPhone 5c).
2) Is it possible for the user to circumvent
Yes.
Thank y
It would help if in similar discussions participants first find
out what are the ethical fundamentals that they agree on. May I
suggest the following:
1) Torture is absolutely unacceptable. It includes not only
physical harm to the individual's body, bit also actions that
instill pain or fear wit
On 08/24/2016 02:23 PM, Robert J. Hansen wrote:
If I ask "how should we permit privacy tools to be circumvented?" and
someone's answer is "Pressure them. A wrench comes to mind," well...
I've received an answer to how the person believes governments should be
permitted to obtain secrets. It's
...Can I send an encrypted e-mail so that it decodes itself automatically once
it reaches the recipient?
An e-mail message is just a piece of data; it is always a
computer program (i.e., a piece of software, not data) that
performs either encryption or decryption. It is therefore
not possible t
On 11/07/2016 09:32 PM, Anthony Papillion wrote:
...
Is there any evidence that GnuPG password entry is not part of the
keystroke data sent to Microsoft? Does GnuPG take any steps to avoid
this? Can it?
It can not.
Even if it was possible to obtain conclusive evidence that
currently installed
On 04/10/2017 03:25 AM, Robert J. Hansen - r...@sixdemonbag.org wrote:
Preserve the security of your endpoint system. Nothing else will do.
The year is 2017 and this is simply no longer a practical strategy:
"...Our position is that the general purpose operating system is
fundamentally ina
On 04/22/2017 11:12 AM, Peter Lebbing wrote:
It feels like you are saying "if you have a real need for
communication security, a smartcard will make you more secure";
No, this is not what I'm saying...
When asked, I simply repeat that I completely agree with the above
quoted "Laurie/Singer pr
On 04/24/2017 12:42 AM, Robert J. Hansen wrote:
-- but [smartcards] do not rise to the level listo is
> ascribing to them...
The central argument I've been making in this thread is not the
promotion of smartcards, it is something best summarized by
the quote from the Laurie-Singer paper: "...th
This I find surprising: if one does not want receiving
encrypted messages from those that he does not have
existing relationship with, why does he publish his
public key on public keyservers?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lis
On 05/29/2017 11:52 PM, Konstantin Gribov - gros...@gmail.com wrote:
Primary reason to publish a key is to make it available for fetching. It
isn't a permission for anyone to annoy a person anyhow.
Keservers have every characteristic of a public directory.
What possible reason there could be f
On 06/13/2017 01:02 PM, Peter Lebbing wrote:
An expired key will definitely not be able to issue valid signatures
after the expiration date.
There is nothing ~in the key itself~ that prevents any key
from being used to create signatures, it is only a feature of
the software used to create the
Use a USB floppy disk reader/writer and shred the floppies with
cleartext after the use. Writing sensitive cleartext to USB flash
"drives" that could potentially fall into the adversary's hands should
be avoided.
___
Gnupg-users mailing list
Gnupg-us
Firstly, I think it's really easy to get carried away here with
security measures one probably doesn't really need. If you do have a
need for air-gapped computers then you also have a need for a lot of
other security measures.
1) How good are the locks on the doors to your house?
2) What about y
On 10/15/2017 08:35 PM, Jamie H. via Gnupg-users wrote:
> ...I'd like to actually access GPG*as* a library, but all the tools
I see seem to invoke GPG as a program and then operate on its standard
output...
What you need is GPG as a pure crypto-engine; completely divorced from
all key manage
On 11/06/2017 10:26 PM, ved...@nym.hush.com wrote:
On 11/6/2017 at 4:55 PM, "Tim Steiner" wrote:
With this solution you can keep the key offline, carry it with you and it >
works even on a computer where you can't install software...
>
We are interested to hear feedback on this approach fr
On 11/08/2017 03:45 PM, Peter Lebbing wrote:
On 08/11/17 16:27, ved...@nym.hush.com wrote:
or, more practically, just post anonymously to a blog or website,
using --throw-keyid, with a pre-arranged understanding that the
sender and receiver post to and check certain websites
I did not phrase i
On 01/15/2018 06:53 PM, Andrew Gallagher wrote:
On 15 Jan 2018, at 16:39, Stefan Claas wrote:
Maybe we need (a court) case were a PGP user requests the removal
of his / her keys until the operators and code maintainers wake up?
You also need to prove that removal is technically possible. Ot
On 01/15/2018 10:45 PM, Robert J. Hansen - r...@sixdemonbag.org wrote:
Which would be step in the right direction when compared
with the current situation.
..> First, people in bad places like Syria and Iran lose the ability to...
I would never allow my opinion of what are the "good places" a
On 01/16/2018 01:17 AM, Robert J. Hansen - r...@sixdemonbag.org wrote:
The SKS community has been discussing a considerably worse nightmare
scenario for the past seven years.
Considering the possibility that this particular system will
be forced to conform to a more contemporary (and I would a
On 01/16/2018 06:05 PM, Andrew Gallagher - andr...@andrewg.com wrote:
Ultimately, the PGP ecosystem prioritises security over privacy. They
are not the same thing, and in some cases they are in conflict.
Somewhat of a generalization, but essentially correct. More
precisely - if I may - it's p
On 7/5/19 10:13 AM, Wiktor Kwapisiewicz via Gnupg-users -
gnupg-users@gnupg.org wrote:
As for robots.txt not all archiving sites respect it:
https://www.archiveteam.org/index.php?title=Robots.txt
Thanks for posting the link. To quote from the text there:
> What this situation does, in fact, i
1. GDPR, as any other bloated, convoluted, written in inhuman juridical
language law, mostly benefits two kinds of people: lawyers and
government-related officials. It incurs a lot of ado and expenses, gives
vast grounds for power abuse and so on and so forth.
It also benefits third kind of peop
39 matches
Mail list logo
