-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On this whole point of Gnupg (gpg) and some of the issues with using it (and transitions etc), may I (well, I just will) recommend this, from sources I've compiled in a way that people seem to like and have found helpful:
Crazy Strong: @gnupg "learn or die" in 2015 #31c3 All systems https://securityinabox.org/thunderbird_main See also http://futureboy.us/pgp.html#GettingStarted http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ on twitter as: https://twitter.com/AnonyOdinn/status/550826144014934016 which has caused Gnupg / thunderbird / etc. awareness to reach 14,685 accounts that might otherwise not have seen it. based on an analysis from http://tweetreach.com/reports/12801475 Learn or die folks. but you may ask, what about the transitions? new machine? older key issues? proper use? getting stronger new key? etc. valid questions! which is what I am asking myself right now (since I have some old key issues that I am trying to work through and I didn't have good answers). fortunately, rysiek came to the rescue in a very timely way, and gave me permission to republish (rysiek's) statement which appears below: rysiek explains: GPG Key Transition: http://rys.io/en/147 Zmieniam klucz GPG: http://rys.io/pl/147 twitter: https://twitter.com/AnonyOdinn/status/552630836747456512 The instructions are very clear and helpful. (Thank you rysiek!) I'll be developing my own transition statement at some point soon using rysiek's page as a guide. Not sure of when, but rysiek's page will be my guide. Cathal Garvey: >> So far, as far as I can see, you're not even inflicting PGP on >> us here, let alone your friends. > > I did for a while, but then I moved hardware and didn't see any > reason to set up PGP again. At best, it was a signal to people that > I cared about security/privacy, at worst it was making everything I > posted non-repudiable for no useful reason. > > The fact that miniLock is authenticated but repudiable makes it a > better bet for PGP-usecase purposes *anyway*, and my minilock ID is > in my signature (again, had lapsed by accident) for people who want > to use miniLock outside of peerio. > > But, miniLock isn't (opportunistic pun) "turn-key", it requires > launching, authenticating, dropping a file to encrypt, typing in a > miniLock ID to encrypt to (encrypting to yourself probably makes > it non-repudiable if someone acquires your private key, beware!), > downloading the encrypted file, and then transmitting the encrypted > file out-of-band. > > Now, implementing Peerio server is something I endorse. If I > weren't too busy, I'd investigate doing it myself, it looks like > fun. If anyone does feel like it, they have miniLock for JS-based > servers, and deadLock for Python-based servers (needs some > work/bugfixes). > > On 15/01/15 16:44, rysiek wrote: >> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze: >>> If the server code were open, how would you know the server was >>> actually running that code anyway? >> >> Not much. But it would allow others to run the server code and >> offer similar service, at the very least. >> >>> Having the protocol documented so thoroughly makes the task of >>> writing an alternative server trivial if time-consuming. I'd >>> obviously prefer the server were AGPL, and I hope someone will >>> write an AGPL'd server and federation. >> >> Of course. The "time-consuming" part is what bothers me. I >> *could* throw in an hour or two to set-up a peerio server had the >> code been available; I have absolutely *no way in hell* of >> throwing in days or weeks of work to implement their protocol. >> >>> For now though, the client is open source, the crypto doesn't >>> suck, the UX is excellent, and the threat model is pretty >>> transparent. I'm *never* going to inflict PGP on friends, but >>> I'll happily inflict this on them. >> >> So far, as far as I can see, you're not even inflicting PGP on >> us here, let alone your friends. >> > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUuNWoAAoJEGxwq/inSG8Cww8H/1EwN1FZ9ghrvsNlf+BcfoO4 EGVz2zuT7fkz6zNUahf6VPHIWeYJszspEv3e6a9Kn7m9Hbt6YPPBc22o/aeadaFi jQjgj7dSfx5eYJbhw+fNANh4VLgpgxhqTn6rmkj+VuFveebYoFkAivGok7hX8B7r nO4jgAy9xq4jyw6ovWSpCkBfC7YemmZeYQbFtuxlTBHe4/RBbwG0xNukYvxfWZbM SA0a7RQTFXWN3r0YhPSbKGlsToyhdYK+f6wCqbzQQUpCmG7mZ+mk/VatV3dYsM84 OzIjrLzSHYM+0Ds9SG2X+PVsSkPjYlTQ3qWbRFgVrc3ypTDOjfUx+yXVngUN24Q= =6gAV -----END PGP SIGNATURE-----
