Re: Mail-Followup-To (was Re: IDEA License)

[Julian H. Stacey]

Peter Lebbing wrote:
> On 27/03/13 14:40, Julian H. Stacey wrote:
> > I created it, as far as I recall, from my copy direct from Ulrich, 
> > which had no Mail-Followup-To
> 
> Correct, the problem originated when you replied[1] to Werner's mail[2].
> Werner's mail had the following header:
> 
> Mail-Followup-To: "Julian H. Stacey" , gnupg-users@gnupg.org
> 
> The difference between that line and a simple Reply-to-All is that Werner 
> would
> be in the recipient list with the Reply-to-All, and not with the
> Mail-Followup-To. Your reply should have only had gnupg-users@gnupg.org and 
> your
> manually added CC to Ulrich as recipients, since your MUA would conclude that
> you don't need to CC yourself :).
> 
> > I'm familiar with Reply-to:  Not familar with Mail-Followup-To:
> > What's the difference ?
> 
> Because Reply-To didn't really work out in practice for mailing lists, DJB 
> came
> up with two "non-canon" mail headers to remove ambiguity from the meaning of 
> the
> Reply-To header. He describes it in [3]. Not everybody agrees with his
> view/solution, though.

The quoted [3] contains:
News: The following list is obsolete. Daniel Faber has
collected a newer list of Mail-Followup-To implementations
at http://www.leptonite.org/mft/software.html.
which contains refs to claws mail etc ...
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=1441
"Status:RESOLVED WONTFIX" ... 2007 2008 ... 
Colin Leroy 2008-07-05 15:52:44 CEST 
I'm marking this WONTFIX.
So
Claws-mail project have no interest to implement Mail-Followup-To ..
& Claws-mail is a modern mailer (a friend who used to use
EXMH reckons claws-mail is slicker/ better/ more modern than
exmh he used & I still use)


http://larve.net/people/hugo/2000/07/ml-mutt
"It is not a standard .. a hack that can potentially do
more harm than good"

http://www.ietf.org/rfc/rfc2822.txt
Includes reply-to
Does NOT include Followup-To

http://www.ietf.org/proceedings/43/I-D/draft-ietf-drums-mail-followup-to-00.txt
The ''Mail-Followup-To'' header
November 1997 ... Internet-Draft

http://tools.ietf.org/html/rfc2076
3.5 Response control
...  "ambiguous, since" ... controversial ...  RFC 822 RFC 1036
author

Reply-to:
Works fine on lists I run with majordomo on berklix.org
seems to help lots of people running a variety of MUAs on 
Microsoft & Unix etc do better than they did before.

Peter off list sent me a PS:
> Oh, and BTW, I couldn't easily find whether EXMH supports
> Mail-Followup-To (which makes me lean towards: no, it
> doesn't, because you'd expect documentation to show up if
> it did).

I looked (after doing a'make patch' to extract
source trees on latest FreeBS current ports)

cd /pri/FreeBSD/branches/-current/ports/mail/exmh2
find . -type f -exec grep -l -i Followup-To {} \;

find . -type f -exec grep -l -i Reply-To {} \;
./work/exmh-2.8.0/exmh.CHANGES
./work/exmh-2.8.0/exmh.README
./work/exmh-2.8.0/exmh.TODO
./work/exmh-2.8.0/lib/html/exmh-faq.html
./work/exmh-2.8.0/lib/html/exmh.CHANGES.txt
./work/exmh-2.8.0/lib/html/reference.html
./work/exmh-2.8.0/lib/thread.tcl
./work/exmh-2.8.0/misc/mhthread
./work/exmh-2.8.0/misc/mhthread-manpage.html

cd /pri/FreeBSD/branches/-current/ports/mail/nmh
find . -type f -exec grep -l -i Followup-To {} \;
./work/nmh-1.5/docs/DIFFERENCES
./work/nmh-1.5/docs/FAQ
./work/nmh-1.5/docs/TODO
./work/nmh-1.5/etc/replgroupcomps

find . -type f -exec grep -l -i Reply-To {} \;
./work/nmh-1.5/ChangeLog
./work/nmh-1.5/docs/ChangeLog_MH-3_to_MH-6.6
./work/nmh-1.5/docs/ChangeLog_MH-6.7.0_to_MH-6.8.4.html
./work/nmh-1.5/docs/DIFFERENCES
./work/nmh-1.5/docs/FAQ
./work/nmh-1.5/docs/MAIL.FILTERING
./work/nmh-1.5/docs/TODO
./work/nmh-1.5/etc/digestcomps
./work/nmh-1.5/etc/replcomps
./work/nmh-1.5/etc/replgroupcomps
./work/nmh-1.5/man/mh-format.man
./work/nmh-1.5/test/forw/test-forw-digest
./work/nmh-1.5/test/repl/test-multicomp
./work/nmh-1.5/test/repl/test-trailing-newline
./work/nmh-1.5/uip/forwsbr.c
./work/nmh-1.5/uip/mhlsbr.c
./work/nmh-1.5/uip/post.c
./work/nmh-1.5/uip/rcvdist.c
./work/nmh-1.5/uip/replsbr.c
./work/nmh-1.5/uip/slocal.c
./work/nmh-1.5/uip/spost.c

Conclusion: I will ignore/ forget Followup-To & stick to Reply-To.


Werner wrote:

> To: Peter Lebbing 
> Cc: "Julian H. Stacey" , gnupg-users@gnupg.org
> 
> On Wed, 27 Mar 2013 19:27, pe...@digitalbrains.com said:
> 
> > Whether you like the headers 

Re: gpg for anonymous users - Alternative to the web of trust?

[Forlasanto]

On 3/29/2013 3:21 PM, Paul R. Ramer wrote:
> A scandal is unlikely unless the people have wildly unrealistic
> expectations in the performance of the victim. The only way I could
> see you having a scandal on your hands if your identity was revealed
> would be if you made claims that it couldn't be discovered or your
> "followers" looked up to you in some religious way and saw you as a
> kind of God-like figure incapable of failure. This is the kind of
> stuff that brings scandal in the minds of people who look up to
> certain figures. I doubt this applies to you. Cheers, --Paul -- PGP
> ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6
> 6ADF 3DB6 D884
Ok, I retract the word "scandal."  I suppose the distro would have to
garner a very large amount of attention and some wild assertions made
before a "scandal" would be possible. It was just a thought that popped
into my head. :)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG Crashing on Windows 8

[Johan Wevers]

On 28-03-2013 12:13, Kristine Concha wrote:

> Dear Support,

This mailinglist is not an official supportline.

> GnuPG is crashing on my Windows 8 machine:

I recommend upgrade to windows 7 or XP. You are getting an error in some
GUI components, not in GnuPG itself. You can't expect all GUI developers
to support tileOS (aka windows 8).

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[Paul R. Ramer]

On 03/29/2013 11:17 AM, adrelanos wrote:
>> Using your real identity would be the alternative. The trade-off is
>> easier key signatures vs. identity obscurity.
> 
>> It would only be safer in
>> the sense that there won't be a scandal when/if your identity is
>> uncovered.
> 
> Why would that be a scandal? I've never claimed to be superior, perfect
> or acted otherwise arrogant about being super secure. Neither I claimed
> Whonix to be an unbreakable system. The claims the system makes are
> modest. Discovering me as high profile target (if I become that) would
> only demonstrate the limits of the system, show mistakes one can make
> and/or and show which improvements are waiting to get implemented.
> 
> If one system fails, another one may get born and I am glad if I can be
> a part of this process of innovation.
> 
> I think things like NSAKEY [1] ought more to be a scandal, not many
> people did care, did they?

A scandal is unlikely unless the people have wildly unrealistic
expectations in the performance of the victim.  The only way I could see
you having a scandal on your hands if your identity was revealed would
be if you made claims that it couldn't be discovered or your "followers"
looked up to you in some religious way and saw you as a kind of God-like
figure incapable of failure.

This is the kind of stuff that brings scandal in the minds of people who
look up to certain figures.  I doubt this applies to you.

Cheers,


--Paul

--
PGP ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[adrelanos]

Peter Lebbing:
> On 27/03/13 22:15, Leo Gaspard wrote:
>> until a lot of people verify and sign your public key.
> 
> People might be more inclined to sign the key when it says something like
> 
> adrelanos (Whonix signing key) 

Yes, that a good suggestion worth to try and simple to do for my next
gpg key (update).

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[adrelanos]

Markus Reichelt:
> * adrelanos  wrote:
> 
>> How can I establish a pseudonym that no one can easily fake while
>> remaining anonymous?
> 
> a) you can't
> define 'easily' - these days nobody reads/checks anything anymore
> (there's some XKCD about this issue)

Well, I recognize that ratio of image downloads vs signature downloads
is quite bad...


> But I think the matter you are really concerned about is this:
> How can your audience be sure it's you when they in fact don't want
> to make any real effort to check up on that fact.  see a)

There are at least a very few users who care and who read (almost) all
the stuff I publish.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[adrelanos]

Johnicholas Hines:
> The question is how to distinguish yourself from a nation-state's covert
> agency purporting to be an individual interested in anonymity; you need to
> do something that the agency would find difficult to do.

I don't think that's possible at all.

> Getting your name and key into difficult-to-corrupt archives will start a
> timer - eventually you can point to the archives as evidence that you are
> not a newcomer. Even an agency would find it difficult to change history.

What are difficult-to-corrupt archives?



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[adrelanos]

Forlasanto:
> On 3/29/2013 9:38 AM, adrelanos wrote:
>>> Forgive me for saying so, but for something as high-profile as a linux
>>> distro, using a pseudonym for signing the distro for the sake of
>>> anonymity doesn't sound like a great plan.
>> What's the alternative? Using my real identity? Does it make it any safer?
> Using your real identity would be the alternative. The trade-off is
> easier key signatures vs. identity obscurity.

> It would only be safer in
> the sense that there won't be a scandal when/if your identity is
> uncovered.

Why would that be a scandal? I've never claimed to be superior, perfect
or acted otherwise arrogant about being super secure. Neither I claimed
Whonix to be an unbreakable system. The claims the system makes are
modest. Discovering me as high profile target (if I become that) would
only demonstrate the limits of the system, show mistakes one can make
and/or and show which improvements are waiting to get implemented.

If one system fails, another one may get born and I am glad if I can be
a part of this process of innovation.

I think things like NSAKEY [1] ought more to be a scandal, not many
people did care, did they?

> Odds are, it won't be a big deal to many people,
> realistically--but you never know what the future holds, right?

Yes.

> As long
> as you are comfortable with any possible future implications, then go
> for it.
> 
>>
>> I am more interested in development and documentation rather than
>> building binaries, testing and uploading. Having deterministic builds
>> and/or some creditable individual or organization (such as eff) creating
>> binaries, signing an distributing more than welcome, but at the moment
>> there is no implication that someone will step forward.
>>
> 
> The web of trust is simply a conventional way for people to judge how
> trustworthy your key is. Nothing more, nothing less. If you can
> establish that trust some other way, then don't worry so much about the
> web of trust. That's my opinion. No one is going to beat down your door
> to sign your key, you'll have to ask them to do so. You can go to
> key-signing parties and explain that your only purpose for the key is
> signing the distro, and you'll probably get a few takers. The
> alternative is, have an online keysigning party with all of the
> developers of your distro, and everybody signs everyone else's key.
> 
> Or alternately you, as the distro manager, sign the keys of all your
> lieutenants, and then they sign yours, plus all of their subordinates.
> Then your key signatures would match your chain of command, and it would
> actually work the way a web of trust is supposed to work. (that is, even
> though you might not know their subordinates, you trust your
> lieutenant's signatures, and therefore can consider their subordinates'
> keys to be valid.) At that point, as far as  the outside world is
> concerned, you are deeply connected to the project, and it is reasonable
> to trust that your key is valid, within it's context. And /within/ the
> distro's community, your key would be pretty solidly trusted, I'd say.

Thanks for the suggestions. At the moment this won't work for my case,
there is just one maintainer (me) and users. The other creators remained
anonymous as well and lack time.

[1] https://en.wikipedia.org/wiki/NSAKEY

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg for pseudonymous users [was: Re: gpg for anonymous users - Alternative to the web of trust?]

[Daniel Kahn Gillmor]

I've changed the subject line to indicate that this thread is about
establishing a pseudonym, *not* about anonymous users.  This is a subtle
but important difference.

On 03/29/2013 12:41 PM, Forlasanto wrote:

> The web of trust is simply a conventional way for people to judge how
> trustworthy your key is. Nothing more, nothing less.

I'm afraid that the term "web of trust" tends to lead people into
misunderstandings about what this network of public identity
certifications does.

These certifications do *not* imply trustworthiness of the people who
hold the keys, and it doesn't make much sense to speak of a given key
being "trustworthy" on its own -- what would you trust it to do?

Rather, the system provides a way to determine the publicly-stated
identities associated with each key.



For a pseudonymous author who wants to establish a credible claim to a
given identity, one way would be to encourage the people who have been
following the work of that author to certify the key.  In that case, how
would they know it's the right one?  This is a shade different from
other scenarios, but if, for example, if i had been using tool X for 5
years, and had been corresponding with the author (e.g. bug reports,
thank you notes, feedback, etc) over that time and all the
communications and versions of the tool that i received consistently
demonstrated that the person on the other end had control of the key in
question, i would have no problem certifying that identity.

However, the original poster can't quite ask all her long-standing users
to sign her key publicly, because her users by definition are interested
in retaining their own anonymity, and signing the key of a pseudonymous
author of anonymity-providing tools can draw unwelcome attention to the
signer.

So i think the original poster's best bet is to contact well-known
anonymity and privacy advocates (who are not themselves anonymous or
pseudonymous) and encourage them to follow and engage with her work.
This can be done by participating in relevant online communities (like
this one), providing constructive feedback to other projects, making
sure your work is useful, etc.  When these relationships are
well-established, the original poster could approach her non-anonymous
peers, and ask them to publicly certify her OpenPGP key.

I'm an example of a non-anonymous advocate for private and anonymous
communication; there are probably others on this mailing list.  However,
i have never heard of the original poster or her project before this
thread, and i don't have the time right now to review or follow the
project, so i'm not the best candidate for this particular engagement.

Regards,

--dkg



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[Forlasanto]

On 3/29/2013 9:38 AM, adrelanos wrote:
>> Forgive me for saying so, but for something as high-profile as a linux
>> distro, using a pseudonym for signing the distro for the sake of
>> anonymity doesn't sound like a great plan.
> What's the alternative? Using my real identity? Does it make it any safer?
Using your real identity would be the alternative. The trade-off is
easier key signatures vs. identity obscurity. It would only be safer in
the sense that there won't be a scandal when/if your identity is
uncovered. Odds are, it won't be a big deal to many people,
realistically--but you never know what the future holds, right? As long
as you are comfortable with any possible future implications, then go
for it.

>
> I am more interested in development and documentation rather than
> building binaries, testing and uploading. Having deterministic builds
> and/or some creditable individual or organization (such as eff) creating
> binaries, signing an distributing more than welcome, but at the moment
> there is no implication that someone will step forward.
>

The web of trust is simply a conventional way for people to judge how
trustworthy your key is. Nothing more, nothing less. If you can
establish that trust some other way, then don't worry so much about the
web of trust. That's my opinion. No one is going to beat down your door
to sign your key, you'll have to ask them to do so. You can go to
key-signing parties and explain that your only purpose for the key is
signing the distro, and you'll probably get a few takers. The
alternative is, have an online keysigning party with all of the
developers of your distro, and everybody signs everyone else's key.

Or alternately you, as the distro manager, sign the keys of all your
lieutenants, and then they sign yours, plus all of their subordinates.
Then your key signatures would match your chain of command, and it would
actually work the way a web of trust is supposed to work. (that is, even
though you might not know their subordinates, you trust your
lieutenant's signatures, and therefore can consider their subordinates'
keys to be valid.) At that point, as far as  the outside world is
concerned, you are deeply connected to the project, and it is reasonable
to trust that your key is valid, within it's context. And /within/ the
distro's community, your key would be pretty solidly trusted, I'd say.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg for anonymous users - Alternative to the web of trust?

[adrelanos]

Forlasanto:
> Pseudonyms are fine by me. I don't have a problem signing a pseudonym
> key. The pseudonym just has to have context that I can verify. For
> instance, if the claim is "Whonix signing key," then that tells me the
> way to verify the key is by checking the signature of various releases
> of Whonix. If there is a verifiable history of Whonix releases that are
> signed by the same key, then I can say "Yes, this key is owned by the
> entity that is signing Whonix releases." I'd have to verify this over an
> extended period of time, so that if the official website were hacked,
> the maintainer had time respond and raise a question about the
> legitimacy of the signing key.  But beyond that, I'm getting what I need
> to verify a pseudonym. He's not claiming that he's independent from all
> government agencies; he's claiming that he is the signer of the distro
> releases, period. I can live with that, assuming I took those simple few
> verification steps.
>
> I do the same with the key associated with this email address (and
> reddit user id). It is what it is: you can know without any real doubt
> that that key is truly associated with those accounts by doing a little
> research, and since I've made no further claims about the pseudonym,
> that's truly good enough.
>
> Claiming that a key is associated with an actual identity is a different
> story. In that case, I would be stating that the name on my key is my
> legal identity, which is quite a different claim with vastly different
> implications. Therefore, I expect such a key to be verified by, at the
> very least, picture identification. I have a friend who requires a
> notarized document stating that the key in question belongs to the
> person holding that identification. Not a bad plan, really; it uses a
> Notary Public to act as a sort of CA, and allows for signing keys that
> you may not have personally verifed. You just need to verify the
> signature of the Notary Public.

Agreed.

> Having said that, I don't believe a pseudonym can be truly anonymous.
> Humans leak information. It's in our nature. It takes insane measures
> that go directly against human nature simply to/minimize/ information
> leakage during communication, and it is impossible to prevent that
> information leakage /entirely./  A pseudonym is like a lock on a door.
> It only accomplishes keeping out people who don't know enough or care
> enough to pick the lock. They can be useful, but I can't recommend one
> for the purpose of anonymity. It goes back to that whole "security
> through obscurity" concept. It just doesn't work.

> All it takes is one
> person to "blow your cover."

There is no person who knows who is behind this identity/activity.

> The only real exceptions I can think of to
> that are impersonating someone else, and throwaway identities that you
> only use once.

> Ironically, forlasanto literally means, "one that is thrown away." It
> was originally intended to be a one-off, throwaway identity. But that
> just goes to prove my point: the fact that I chose an Esperanto
> pseudonym leaks a lot of information about me, and narrows the possible
> real identities for me down from 7 billion to about 5-7 million. That's
> a huge leak! The fact that my posts are in American English narrow it
> down even further--to maybe a few ten thousands. That's before a single
> post was read for it's content. See what I mean? We leak information
> like sieves.

> Another huge leak for keys is signatures. Who signed your key, and when?

Until now, no one, never.

> This alone can leak your true identity, and it's something you don't
> have effective control over.

> Forgive me for saying so, but for something as high-profile as a linux
> distro, using a pseudonym for signing the distro for the sake of
> anonymity doesn't sound like a great plan.

What's the alternative? Using my real identity? Does it make it any safer?

I am more interested in development and documentation rather than
building binaries, testing and uploading. Having deterministic builds
and/or some creditable individual or organization (such as eff) creating
binaries, signing an distributing more than welcome, but at the moment
there is no implication that someone will step forward.

>If^H^H^Hwhen someone cracks
> your identity, it will somewhat discredit you and your distro as far as
> being capable of maintaining anyone's anonymity.

It only proves I made a mistake and hopefully others can learn from it.

> Sorry for the text wall.

Thanks for the text.

> On 3/28/2013 5:56 AM, Peter Lebbing wrote:
>> On 27/03/13 22:15, Leo Gaspard wrote:
>>> until a lot of people verify and sign your public key.
>> People might be more inclined to sign the key when it says something like
>>
>> adrelanos (Whonix signing key) 
>>
>> rather than without the comment.
>>
>> That way, their signature might mean: Yes, this is that key that
signs that
>> Linux distribution called Whonix. The UID conveys a bit more
information abo