Re: PGP Key Poisoner
On 12 August 2019 18:27:49 BST, Peter Lebbing wrote: >On 12/08/2019 18:39, Stefan Claas via Gnupg-users wrote: >> Why was is then not fixed a decade ago, like it was done with 2.2.17? > >There is no fix for the SKS keyserver network, which explains why it >wasn't fixed in 2.2.17 either. In fact, fixes have been deployed over >the last several years. DANE, WKD, Autocrypt, work on >keys.openpgp.org... I still contend that a large subset of the most harmful factors in all of this are those awful GnuPG beginners tutorials that encourage the inexperienced new user to upload their new keys to keyservers. I would love to fix this problem from this perspective. Before too long I would like to determine if I can schedule time to work on it. It's an important thing for an important project that I just happen to be particularly interested in. >I thought this (there is no fix) was pretty solidly established by now >on this mailing list and elsewhere? The things I missed are: - how to check and clean a user's local keyring - how to update the user's local configuration in ~/.gnupg Andrew ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP Key Poisoner
On 12/08/2019 16:44, Ryan McGinnis via Gnupg-users wrote: Yes, ironically, this proof of concept is the responsible way to demonstrate the issue (after a sufficient waiting period following a private disclosure to the developers) I don't understand how this is irony. I must have missed something. Are you suggesting that because the entire community have known about this for a long time and did nothing, then the problem has effectively been disclosed already? Therefore something should have been done long ago and because it wasn't exploiting the defect like this should not be something to complain about? Andrew -- OpenPGP key: EB28 0338 28B7 19DA DAB0 B193 D21D 996E 883B E5B9 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today
On 18/07/2019 05:40, Mirimir via Gnupg-users wrote: When I need to share stuff among GUI-less VPS, with no Javascript capable browser, I sometimes use pastebins. I encrypt with GnuPG, and then base64 encode. I love pastebins. I think they are an excellent "first serious web app" type of application. In fact, I've been collecting a list of all (mostly open source) paste bins that I can find, and their implementations. If anybody knows any pastebins of the tops of their heads, please could you send them to me, off-list if you prefer. When the list goes online I will credit anybody who contributed (unless they don't want me to). Andrew -- OpenPGP key: EB28 0338 28B7 19DA DAB0 B193 D21D 996E 883B E5B9 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SKS Keyserver Network Under Attack
On 30/06/2019 09:19, Robert J. Hansen wrote: > Right now only three certificates are known to be affected: mine, dkg's, > and Kristian's. I must have missed the memo describing the exact nature of the problem. Could you please provide a link to something (email message, web page) that explains what is going on? Thanks! Kind regards, Andrew -- OpenPGP key: EB28 0338 28B7 19DA DAB0 B193 D21D 996E 883B E5B9 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
