Re: Android
YubiKeys are supported. You can use NFC key to perform crypto gimmicks or plug USB one. OpenKeychain does support quite large palette of hardware tokens. Paired with K-9 it actually provides relatively good UX.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ October 2019 update
On 15/10/2019 21:59, Robert J. Hansen wrote: > Should they update? Yes. Is the problem mitigated by an update? Yes. > But will they? Probably not before wedging their keyring. Given that > high-profile people in the community have had our certificates defaced, > it's possible someone will say "I want to ask dkg a question," pull down > his cert, get wedged, and... etc. I can confirm that this happens and users are being b0rked because of trolls. Street level rumour is that GnuPG key exchange is broken and you should not use it. It doesn't matter what the truth is - it is the public perception that recent SKS events made it unusable, this was advertised across the media all over the place and the image stuck. Additionally, poor handling of SKS fiasco by GnuPG community hurt it's credibility a lot, so a clear signal that this issue was treated seriously would be beneficial. Should it be advertised as a new go-to standard or as transitional standard, beta/alpha/whatever - I don't know, it's debatable. Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
On 12/10/2019 12:14, Werner Koch via Gnupg-users wrote: > After 20 years of strong resistance against implementing OpenPGP [1], they > finally seem to do it. That is a good move. Do you know why they resited OpenPGP adoption it so much? Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
On 09/10/2019 08:06, Tony Lane via Gnupg-users wrote:> It doesn't do that? Why would they choose to tightly couple TB with > OpenPGP? If I have to maintain two key databases, that's a dealbreaker for me. Dealing with GnuPG complexity is a deal breaker for ordinary users, preventing adoption. You need to look at it from product/business development perspective and it makes perfect sense that they want to ship their own UX. Also, they mention that the key management workflow is something they plan to address. Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
On 11/10/2019 19:15, Phillip Susi wrote: > Why the heck don't they just run gpg the way enigmail did? They don't want to bundle GnuPG because of GnuPG licence: https://wiki.mozilla.org/Thunderbird:OpenPGP:2020#OpenPGP_engine Requiring user to set up GnuPG separately is out of question if they want to achieve any sensible level of adoption. There is another matter of key distribution and I guess they plan on taking control over it to provide acceptable level of UX. Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler
On 05/10/2019 15:06, Robert J. Hansen wrote: > OpenPGP was never meant to be about email. https://www.openpgp.org/ tells a different story. It would benefit the community if you guys stop bending over backwards, explaining potential users that their needs are invalid. Over and out. I really don't want to continue this fruitless conversation. Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler
> On 10/4/19 3:35 AM, Stefan Claas wrote: >> And do those 20 companies business with their customers were GnuPG >> signatures are legally binding, like real signatures on letters? > > _At least_ 20 fortune 500 businesses _that I know of_. Mind you, I'm not even counting governments. 20? Wow. There are 8 billion people on this planet, most of them don't work at 20 companies from Fortune 500. WhatsApp build crypto system that is successfully adopted by billions of users without technical knowledge. Our views on what can be considered a successful adoption are strongly misaligned. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler
On 02/10/2019 00:55, Tony Lane via Gnupg-users wrote: > This is not an issue with GnuPG. GnuPG is a back-end utility that front-end > applications (like GUIs) interface to. Go to your vendor of choice that > interfaces with GPG and complain (...) And this is precisely why GnuPG failed. Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - mobile OpenPGP usage
On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote: > But what would be, when using computers at work or public places, then > the best strategy for using OpenPGP, without carrying a Notebook or > smartphone? The strategy I advice would be to not use GnuPG and look for alternatives. I wouldn't look for some golden practice because I believe there is none. Bluntly speaking, GnuPG is not fit for purpose of securing everyday communication and shall not be advertised as such. Generally your keys should never leave secure environment. Secure environment can be either dedicated machine that you control or (better) SmartCard/HSM. If your keys cannot be contained in secure environment, your comms channel should be re-keyed after use. Modern communicators perform re-keying after every message. GnuPG makes re-keying very cumbersome. > There should be good solution available IMHO. :-) Sadly, GnuPG never delivered friendly user experience. It found it's niche in some specialized use-cases, such as infrastructure - package signing, backup encryption, commands by e-mail, etc - but it never gained significant adoption among wider population. If you expected more - I' m sorry that you will be disappointed. Cheers, Chris Narkiewicz ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - mobile OpenPGP usage
On 27/08/2019 22:41, Peter Lebbing wrote: > If a computer is compromised, this is game over for cryptography. Full > stop. This is not true. Many crypto systems are designed to perform damage control and recovery in such cases. If the compromise is game over for the user - it depends on threat profile. Cheers, Chris Narkiewicz ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - mobile OpenPGP usage
On 26/08/2019 19:47, Wiktor Kwapisiewicz via Gnupg-users wrote: > If one sets URL field on the > token then just plugging the token when OpenKeychain is opened is enough > to get the key ready-to-use. Can you explain what kind of workflow do you mean here? signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT - mobile OpenPGP usage
On 25/08/2019 19:40, Stefan Claas via Gnupg-users wrote: > Hi all, > > I am curious what apps you are using when not at home, to send > OpenPGP compatible email messages? Do you carry a Notebook with > GnuPG or do you use an OpenPGP smartphone app? Shortly, I know only one combination that provides reasonable use experience on mobile. Android + K-9 Mail + OpenKeychain + YubiKey with NFC. Cheers, Chris Narkiewicz signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SKS Keyserver Network Under Attack
> I must have missed the memo > describing the exact nature of the problem. https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What to do with public key signature
So I received a public key from a party. I verified it and I'm ready to sign it. What's next step? What should I ideally do with that signature? 1) send back to the key owner hoping that he will publish it to the keyserver? 2) should I just push it to keyserver myself? 3) what if the key owner did not publish his key? Best regards, Chris signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users