Martin Schulze [EMAIL PROTECTED] writes:
And an updated version is at
http://www.infodrom.north.de/~joey/GnuPG-Mini-HOWTO
I've asked bma to submit this as a bug developers-reference for
inclusion in that document? Do you agree that it should be adapted to
the Developer's Reference so it can
Adam Di Carlo wrote:
Martin Schulze [EMAIL PROTECTED] writes:
And an updated version is at
http://www.infodrom.north.de/~joey/GnuPG-Mini-HOWTO
I've asked bma to submit this as a bug developers-reference for
inclusion in that document? Do you agree that it should be adapted to
the
On Tue, Sep 14, 1999 at 03:13:19PM +0200, Wichert Akkerman wrote:
To help give another example of settings, here's what I have in my
~/.gnupg/options:
# Screw PGP, let's be RFC compatible =
openpgp
[.. snip snip ..]
## Other fun options
On Tue, Sep 14, 1999 at 12:14:42AM -0600, Jason Gunthorpe wrote:
8) Participants of 'signing parties' are encouraged to use OpenPGP keys
(remember that a PGP 2.x key cannot be signed by an OpenPGP key
[AFIAK])
I've got PGP keys with GPG sigs on them... Granted PGP can't even see
That higher level of confidence would be misplaced if I'd simply
mailed my key to all my old PGP signers, and they'd signed it.
Sorry, I don't get this. Why is it a problem if one of my old signers signs
my new key if I send it to them in a mail signed by my old key?
Lots of others have
On Tue, Sep 14, 1999 at 03:38:34PM +0200, Marco d'Itri wrote:
I signed my DSS key with the old RSA key and then asked people who
signed the old key to sign the new one with their DSS key.
This is easy and secure.
Not if you didn't ask in person...
--
Joseph Carter [EMAIL PROTECTED]
At 10:55 -0400 1999-09-15, Chris Fearnley wrote:
How does one generate an RSA key using the gpg-rsaref package?
Why on earth would you want to do that?
--
Joel Klecker (aka Espy)Debian GNU/Linux Developer
URL:mailto:[EMAIL PROTECTED] URL:mailto:[EMAIL PROTECTED]
James Troup wrote:
Eh, calm down, Joey. I not only can, but should and have decided that
GnuPG keys must be verified before they enter the keyring, i.e. I'm
not going to add a random key from a random developer without proof it
comes from that developer. I'll hope you'll be so kind as to
Jason Gunthorpe wrote:
All it means is that GPG should be used in a mode where it will not
interoperate with PGP 2.x. This is what Joey's HOWTO recommended more or
less.
So correct it.
You seem to want to give it away rather strongly, so I'd be happy to pick
it up and add a few
Michael Meskes [EMAIL PROTECTED] writes:
On Tue, Sep 14, 1999 at 09:21:22AM +0100, Philip Hands wrote:
Are you saying that people should sign keys received via e-mail,
rather than face to face ?
If so, I'm strongly against this.
Why?
I'd have hoped that that was clear by now, but
On Tue 14 Sep 1999, Michael Stone wrote:
On Tue, Sep 14, 1999 at 11:55:39PM +0200, Martin Schulze wrote:
Michael Stone wrote:
Not really. What if the pgp key is compromised? The original owner can
release a revocation certificate for the pgp key, but if someone creates
a new gpg key
On Wed, Sep 15, 1999 at 01:01:18PM +0200, Paul Slootman wrote:
I think his point is that if you can't trust a pgp signature to
sign a gpg key, why should trust a pgp signature to do anything
at all, e.g. accept an uploaded package. Seems like a reasonable
argument.
Because the real user can
On Tue 14 Sep 1999, Jason Gunthorpe wrote:
On 14 Sep 1999, Ben Pfaff wrote:
Michael Stone [EMAIL PROTECTED] writes:
Again, no it isn't. How do they know that someone didn't steal your pgp
key?=20
How is this different from the question ``How does dinstall (or other
On Wed 15 Sep 1999, Philip Hands wrote:
I know there is some pathetic kudos about how many signatures you have
Is the pathetic part the reason why you don't have any? :-)
Paul Slootman
--
home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/
work: [EMAIL PROTECTED]
On 14 Sep 1999, Philip Hands wrote:
Obviously, if we're life-long friends, and I send you a new key signed
with my old key, and then you phone me up and establish that I really
did send it to you, and that your pretty certain that it is me on that
answered the phone, then a face to face
On Sep 14, Michael Stone [EMAIL PROTECTED] wrote:
I signed my DSS key with the old RSA key and then asked people who
signed the old key to sign the new one with their DSS key.
This is easy and secure.
Again, no it isn't. How do they know that someone didn't steal your pgp
key?
I'm using
On Wed, 15 Sep 1999, Paul Slootman wrote:
I'm sure that most people don't check with the central key servers
every time they check a signature.
How should I do this? Is it automated? Can pine/mutt do it while I'm
online?
Flocsy
URL: http://flocsy.spedia.net MAIL:[EMAIL PROTECTED]
On Sun, Sep 12, 1999 at 05:43:21PM -0400, Brian Almeida wrote:
How to switch to GnuPG for developers..a very brief mini-HOWTO
--
Very nice mini-HOWTO. But I still have several questions:
How does one generate an RSA key using the
On Wed, Sep 15, 1999 at 01:19:34PM +0200, Paul Slootman wrote:
[...]
With dinstall a compromise is short lived and can be undone by erasing the
effected package. Creating a new key and getting people to sign it cannot
really be undone.
How do you prove to whoever is able to erase the
Paul Slootman [EMAIL PROTECTED] writes:
How do you prove to whoever is able to erase the package that you
are who you say you are? I.e. how do you convince them that they
should in fact erase the package?
You do that by sending them a message signed with a new key, that you
have had signed
Paul Slootman [EMAIL PROTECTED] writes:
On Wed 15 Sep 1999, Philip Hands wrote:
I know there is some pathetic kudos about how many signatures you have
Is the pathetic part the reason why you don't have any? :-)
Ah, I'd not updated my key in the keyring since I joined. Well not
until
On Wed, 15 Sep 1999, Chris Fearnley wrote:
How does one generate an RSA key using the gpg-rsaref package?
It isn't possible. The gpg-rsaref does not have key generation code
included. Also, AFAIK gpg does not have an option to generate a PGP 2.x
key - it only creates OpenPGP keys.
How does
22 matches
Mail list logo