Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-21 Thread Dan Mahoney, System Admin
On Wed, 21 Oct 2009, David Shaw wrote: On Oct 20, 2009, at 10:55 PM, Dan Mahoney, System Admin wrote: On Thu, 15 Oct 2009, David Shaw wrote: On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote: I'm running: echo foo | gpg -v -v --auto-key-locate cert --recipient gu...@gushi.org

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-21 Thread Dan Mahoney, System Admin
On Wed, 21 Oct 2009, David Shaw wrote: You didn't give an actual version number (run gpg2 --version), so I can only make an educated guess, but I do think I see your problem. You don't have one key in your CERT - you have two (309C17C5 and 624BB249) combined into one DNS record. That

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-20 Thread Dan Mahoney, System Admin
On Thu, 15 Oct 2009, David Shaw wrote: On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote: I'm running: echo foo | gpg -v -v --auto-key-locate cert --recipient gu...@gushi.org --encrypt -a And get gpg: error retrieving `gu...@gushi.org' via DNS CERT: No fingerprint I exported

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-20 Thread David Shaw
On Oct 20, 2009, at 10:55 PM, Dan Mahoney, System Admin wrote: On Thu, 15 Oct 2009, David Shaw wrote: On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote: I'm running: echo foo | gpg -v -v --auto-key-locate cert --recipient gu...@gushi.org --encrypt -a And get gpg: error

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-16 Thread Werner Koch
On Fri, 16 Oct 2009 05:27, ds...@jabberwocky.com said: Even if the documentation was better (and I agree, it is poorly documented), I don't think CERT or PKA would be a very widely used FWIW: At least for PKA that is my fault. I once wrote a paper for it in German and presented it at the GUUG

A lot of questions about CERT, PKA and make-dns-cert

2009-10-15 Thread Dan Mahoney, System Admin
All, I'm in the process of writing a blog entry about the PKA and CERT methods. A couple people have written them a long time ago, and I'd like to bring some of the info up to date. (If this is better asked on gnupg-dev, let me know). For starters: 1) Currently the only tool that can

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-15 Thread David Shaw
On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote: 1) Currently the only tool that can generate a CERT record, make-dns- cert, is not built or packaged by default under any os I've found (I've tried FreeBSD and ubuntu). It has no documentation, no examples, and only a terse

Re: A lot of questions about CERT, PKA and make-dns-cert

2009-10-15 Thread Dan Mahoney, System Admin
On Thu, 15 Oct 2009, David Shaw wrote: David, For starters let me thank you on both the fullness and the expedience of your answer. Far too many open source projects just go crickets when I send out a laundry list, and I need to recognize your time. Let me also apologize in advance for my