Re: [Tails-dev] GNOME Keysign 0.2 released
Tobias Mueller wrote (27 Jan 2015 13:25:40 GMT) : > On Sat, Jan 10, 2015 at 10:08:39AM +0100, intrigeri wrote: >> Frankly, I think I'll wait for this OPW round to be over, and then I'm >> happy to give GNOME Keysign a try and provide feedback. > cool. FTR, next steps are tracked on https://labs.riseup.net/code/issues/8400 -- any taker? >> * is working Avahi required to use GNOME Keysign? > Currently, yes. > This is to provide an out-of-the-box experience. > You fire up the program and you can connect those without having > to know the IP address of the other party. > Technically, it's possible to do without Avahi. > But then the user interface gets more complicated. Hmm, OK. I don't think we let Avahi go through in Tails, let alone mdns if it's needed as well. >> * what exact networking connection needs to be allowed for GNOME >> Keysign to work, especially on the LAN? any ports than need to be >> open in the firewall for incoming and/or outgoing traffic? > For now, the key is shared via HTTP on a dedicated port. OK, so if the port is fixed that's something we might consider opening (possibly dynamically, on-demand). Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] GNOME Keysign 0.2 released
Hi! :-) On Sat, Jan 10, 2015 at 10:08:39AM +0100, intrigeri wrote: > Frankly, I think I'll wait for this OPW round to be over, and then I'm > happy to give GNOME Keysign a try and provide feedback. cool. > > I've got a few initial questions, though: > > * is working Avahi required to use GNOME Keysign? Currently, yes. This is to provide an out-of-the-box experience. You fire up the program and you can connect those without having to know the IP address of the other party. Technically, it's possible to do without Avahi. But then the user interface gets more complicated. > * what exact networking connection needs to be allowed for GNOME > Keysign to work, especially on the LAN? any ports than need to be > open in the firewall for incoming and/or outgoing traffic? For now, the key is shared via HTTP on a dedicated port. The rationale for using a fully fledged TCP connection is that the full OpenPGP key can be quite large. Larger than a QR code can handle. Also: current key signing schemes require you to connect to the Internet in order to download the keys you are about to sign. So we're not worse than that. The upshot is: Most keys are not that big. So it would certainly be possible, and I think preferrable, to not use the network if not necessary. FWIW: I'll be at FOSDEM. I'll hang around the GNOME booth and I'll be in the security devroom for presenting GNOME Keysign: https://fosdem.org/2015/schedule/event/keysigning/ I'd be happy to meet any of you guys to have a beer, coffee, chat, or all of that. Happy Hacking, Tobi ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] GNOME Keysign 0.2 released
Hi Tobias, Tobias Mueller wrote (08 Jan 2015 14:49:27 GMT) : > As you might know, GNOME Keysign tries to make OpenPGP Keysigning > an easy task. Yay, it's been on our radar since there's been OPW projects about it :) We track this as https://labs.riseup.net/code/issues/8400. > I'm interested in opinions and feedback. Frankly, I think I'll wait for this OPW round to be over, and then I'm happy to give GNOME Keysign a try and provide feedback. I've got a few initial questions, though: * is working Avahi required to use GNOME Keysign? * what exact networking connection needs to be allowed for GNOME Keysign to work, especially on the LAN? any ports than need to be open in the firewall for incoming and/or outgoing traffic? (Rationale: we're seriously considering locking down access to the LAN in Tails.) Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] GNOME Keysign 0.2 released
On Thu, Jan 08, 2015 at 03:49:27PM +0100, Tobias Mueller wrote: As you might know, GNOME Keysign tries to make OpenPGP Keysigning an easy task. It attempts to be as "one-click" as possible, while following best practises. hey, that's interesting! In the same spirit, you could have a look at https://github.com/boyska/coffer/ which tries to solve only the "get every other key" part of the keysigning. It is not mature, not widely tested, not user friendly, etc. but you may find it useful anyway. look at https://github.com/boyska/coffer/blob/master/README.rst#many-to-many--a-command for how it can be useful for gpg keysigning! If you think it can be useful, then be assured that I will make it even easier to use it as a library. I'm interested in opinions and feedback. unfortunately I do not have the time to test&review it properly. But I am very interested in something like this, so I'll look it better, sooner or later. -- boyska ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] GNOME Keysign 0.2 released
Hi folks. As you might know, GNOME Keysign tries to make OpenPGP Keysigning an easy task. It attempts to be as "one-click" as possible, while following best practises. It's certainly not as mature as Monkeysign and the UX needs to be rethought a few times. But I think it's an interesting approach towards a more modern keysigning experience. For now, the code lives on Github: https://github.com/muelli/geysigning but I intend to rename the repository and then move it to GNOME infrastructure. I'm interested in opinions and feedback. Cheers, Tobi --- Begin Message --- GNOME Keysign is a tool to make signing OpenPGP keys as easy as possible. This is the v0.2 release and introduces, amongst other things, a new UI. Changes == * New, wizard-less, UI for the server side * Fullscreen QR Code window * Separate, hopefully easier reusable widgets * Bind to IPv4 and IPv6 sockets Resources = Download: https://github.com/muelli/geysigning/releases/download/0.2/gnome-keysign-0.2.tar.gz sha256sum: 49551ae5e7df8037b3de7e31c0f09899247c1fa1c1eb19aebbcfcf5c01e8df3f Web site: https://wiki.gnome.org/GnomeKeysign --- End Message --- ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.