Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Martin Gollowitzer
* Robert Holtzman [111018 21:43, mID <20111018185035.gb4...@cox.net>]: > The greatest hindrance to widespread adoption is the phrase I often > hear..."I've got nothing to hide" It drives me up a wall. +1 Martin smime.p7s Description: S/MIME cryptographic signature _

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Robert Holtzman
On Mon, Oct 17, 2011 at 05:50:42PM -0600, Aaron Toponce wrote: .snip.. > > At any rate, I would love to see more client-to-client encryption in email. > I've always wondered if there could be an "OTR" approach to mail, somehow, > so people don't need to generate and manag

Re: use key, not passphrase, in symmetric encryption

2011-10-18 Thread sweepslate
On 10/17/2011 4:49 PM, David Tomaschik wrote: I like GnuPG as much as the next guy around here, but is there a reason you want to use GPG instead of a tool designed for disk encryption? TrueCrypt is cross-platform and works well... if you're Windows-only, there's BitLocker, and for Linux there's

Re: use key, not passphrase, in symmetric encryption

2011-10-18 Thread sweepslate
This works, thank you :) On 10/17/2011 4:09 PM, Hauke Laging wrote: Am Montag, 17. Oktober 2011, 13:51:03 schrieb sweepslate: The end goal is to encrypt a volume of around 100GB of personal files that I'll be carrying arround with me in a portable drive. The key point is doing the encryption

Re: private key protection

2011-10-18 Thread Derick Centeno
On 10/17/11 5:18 PM, takethe...@gmx.de wrote: > Hi everybody, > > what is the best way to protect > your private key from getting stolen? Page 29 (http://www.gnupg.org/gph/en/manual.html#AEN513) of the Gnu Privacy Handbook (http://www.gnupg.org/gph/en/manual.html)recommends a strong passphrase t

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 16:35, jer...@jeromebaum.com said: > operations will be the most important part to making that work, and the > ISPs don't have to help out there (modulo webmail which isn't even > end-point). Even webmail. It is easy to write a browser extension to do the crypto stuff. Insta

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Robert J. Hansen
On 10/18/2011 11:58 AM, Werner Koch wrote: > We did this for about 15 years - without any success. If you look > at some of the studies you will see that you can't teach that stuff > to non-techies - sometimes not even to engineers. As a data point from 2005: I was teaching computer literacy at

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Jerome Baum
> Even webmail. It is easy to write a browser extension to do the crypto > stuff. Installing browser extensions is even easier than installing > most other software. I'd make it a point of discussion whether it's still webmail proper then. But you could also use Javascript, Java or Flash, so ye

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 15:42, mw...@iupui.edu said: > To be secure without being involved in the process is an unreasonable > expectation which can never be met. We need to teach our kids to > expect to protect themselves online the same way we teach them to look We did this for about 15 years - wi

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 16:30, pe...@digitalbrains.com said: > Because it is the e-mail address of the recipient you look up; that's all the > data you have in this scenario. Thus, for me you would look up a key > corresponding to user peter at the domain digitalbrains.com. The only logical Right. T

Re: private key protection

2011-10-18 Thread Jerome Baum
> I was pleased to see room for different classes of users in the STEED > paper. When I encounter software that tries to be helpful, my own > first thought is: how do I turn that off? But I recognized long ago > that I was never a "typical" user and my own inclinations are no guide > to populari

Re: private key protection

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 15:19, r...@sixdemonbag.org said: > Arguably we should be using 'certificate' to describe keys, but We tried that in the Gpg4win manuals. However it turned out that this term as other problems when used with OpenPGP keys (ah well, keyblocks). > honestly, that's a losing batt

Re: private key protection

2011-10-18 Thread Mark H. Wood
On Tue, Oct 18, 2011 at 04:23:42PM +0200, Jerome Baum wrote: [snip] > While we're discussing the STEED proposal in the other thread, do you > think it's better to educate your users and risk loosing them or do you > think it's better to provide "sensible" defaults for the "average" > threat model a

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Jerome Baum
> I don't see why the ISP has to be the entity providing DNS lookup. > The one I use won't even allocate me a static address, let alone > accept RRs from me to serve out to others. I'm not sure I'd trust > them to get it right and *keep* it right anyway. I should clarify. An email provider is als

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Jerome Baum
> ... We can remove *needless* complexity, but security could be said > to be the art of *introducing* specific complexity that's a lot worse > for the attacker than it is for you. It can't be automagical. > > Anyway, key generation is already automated. All you have to do is > (1) choose to em

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 15:30, jer...@jeromebaum.com said: > In fact to my knowledge outside of webmail and inside "private email" > (so drop companies, universities, schools) it's usual to configure your > own MUA, with the help of instructions from your ISP. Well, so we need to convince them to cha

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Jerome Baum
>> In fact to my knowledge outside of webmail and inside "private email" >> (so drop companies, universities, schools) it's usual to configure your >> own MUA, with the help of instructions from your ISP. > > Well, so we need to convince them to change those instructions. Yes and this is what I s

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Peter Lebbing
On 18/10/11 16:00, Mark H. Wood wrote: > I don't see why the ISP has to be the entity providing DNS lookup. Because it is the e-mail address of the recipient you look up; that's all the data you have in this scenario. Thus, for me you would look up a key corresponding to user peter at the domain d

Re: private key protection

2011-10-18 Thread Werner Koch
On Tue, 18 Oct 2011 15:05, r...@sixdemonbag.org said: > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. It still is for the public keys. 2.1 changes the format of the secring (well, dropp

Re: signing party: webserver software for key submission?

2011-10-18 Thread Jerome Baum
> Just wondering if anyone knows of any scripts for collecting keys into > a keyring prior to a key signing party (i.e., for people who intend to > participate to submit their keys)? Can't give software names but look at what the open-source conferences use. Debian should have some tools to show a

Re: private key protection

2011-10-18 Thread Robert J. Hansen
On 10/18/2011 8:53 AM, takethe...@gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? PIN: Personal Identification Number. The idea is the secret key material is stored on the card, not on the PC. The secret key material is located in write-only memory: f

Re: private key protection

2011-10-18 Thread Jerome Baum
> Right, that's a good point I think we all considered "trivial" when > maybe we shouldn't have. In your threat model you should determine for > how long your data should be safe (per attacker type) before you go > ahead and make decisions about key protection. To clarify, this is what we should t

Re: private key protection

2011-10-18 Thread Jerome Baum
> Well, not quite. Eventually you would get it. The task of security > systems is to make "eventually" be longer than: > > o the payoff is worth; or > o the time it takes to be discovered; or > o the time it takes for the secured object to lose its value. > > Statistically, that is. You cou

signing party: webserver software for key submission?

2011-10-18 Thread Fraser Tweedale
Hullo, Just wondering if anyone knows of any scripts for collecting keys into a keyring prior to a key signing party (i.e., for people who intend to participate to submit their keys)? Regards, Fraser ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: private key protection

2011-10-18 Thread Peter Lebbing
> (a) is true, but it doesn't lead anywhere useful. That makes it > trivial. Seems like you keep asserting Jerome posed (a) as something insightful. I don't remember someone other than you posing (a) at all. I really see no point in keeping on telling people they said something different than wh

Re: private key protection

2011-10-18 Thread Jerome Baum
On 2011-10-18 16:06, takethe...@gmx.de wrote: > Thanks to everyone for the helpful answers. Maybe I'll buy a > smartcard, it seems more convinient than rebooting for every email. What country are you in? For Germany, kernelconcepts sells the OpenPGP card v2 and cryptoshop sells a very basic USB ca

Re: private key protection

2011-10-18 Thread Mark H. Wood
On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > >> I'm going to lean very far out the window and assume he meant the actual > >> private key, not the private key-ring/-file/... > > > > I'm not sure I understand the distinction you're making there. > > One is protected with a passph

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Mark H. Wood
On Mon, Oct 17, 2011 at 05:50:42PM -0600, Aaron Toponce wrote: [snip] > At any rate, I would love to see more client-to-client encryption in email. > I've always wondered if there could be an "OTR" approach to mail, somehow, > so people don't need to generate and manage their own sets of keys, as t

Re: private key protection

2011-10-18 Thread takethebus
Thanks to everyone for the helpful answers. Maybe I'll buy a smartcard, it seems more convinient than rebooting for every email. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Mark H. Wood
I don't see why the ISP has to be the entity providing DNS lookup. The one I use won't even allocate me a static address, let alone accept RRs from me to serve out to others. I'm not sure I'd trust them to get it right and *keep* it right anyway. If the ISPs won't cooperate, maybe the antivirus v

Re: private key protection

2011-10-18 Thread Robert J. Hansen
I'm going to keep this as short as possible, because we've already hit the point at which we're casting far more heat than light. > Oddly, I don't recall Jerome ever making a statement remotely like > "If I steal your decrypted key, ...". I only remember him stating > that he thought, as did I, th

Re: private key protection

2011-10-18 Thread Jerome Baum
> It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. I should mention that the current OpenPGP card spec doesn't let the card know wheth

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 15:23, Jerome Baum wrote: > It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. The signature problem can still be solved by

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Jerome Baum
>> Skimmed over this. You say that you need ISP support to get the >> system adopted (for the DNS-based distribution). Wouldn't that >> hinder adoption? > > Please look at how most people use mail: They get a mail address from > their ISP, a preinstalled MUA and so on. Mail works for them > in

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 15:08, Jerome Baum wrote: > It's one thing to be picky when it adds to the discussion proper. That > would be the case when we're distinguishing between the key as it is > stored on disk (encrypted, inside a key-file/-ring/...) and the key as > it is stored in memory (unencrypted). That

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 15:05, Robert J. Hansen wrote: >> IIRC "nowadays" is store a separate file per key? > > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. ls ~/.gnupg/private-keys-v1.d/ Peter.

Re: private key protection

2011-10-18 Thread Jerome Baum
> If someone sniffs your PIN, and has trojaned or rooted your computer, he could > use your smartcard while it is still plugged in to your computer, just like > you > are using your smartcard. If you're worried about this you should be able to find a smartcard reader with PIN entry that GnuPG sup

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> Have you looked at my original statement? > > Yes. Oddly, I don't recall Jerome ever making a statement remotely like "If I steal your decrypted key, ...". I only remember him stating that he thought, as did

Re: private key protection

2011-10-18 Thread Jerome Baum
On 2011-10-18 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> I recall making the distinction between a key* and a key-ring/-file, >> not between a key-ring and a key-file. > > A distinction that has been lost on apparently everyone here. Please > use accepted termin

Re: private key protection

2011-10-18 Thread Robert J. Hansen
On 10/18/2011 9:08 AM, Jerome Baum wrote: > Makes sense if there's no context. But there's context here -- > "cryptography". In that context, key means something specific. This ain't EUROCRYPT or FINANCIAL CRYPTOGRAPHY. If you're reading professional journals that are talking about crypto in pure

Re: private key protection

2011-10-18 Thread Jerome Baum
On 2011-10-18 14:48, Peter Lebbing wrote: > On 18/10/11 14:36, Jerome Baum wrote: >> * I'm going to take the word to mean what it says: "key", not what I can >> flexibly interpret it as: "encrypted key". > > One of those metal things in my pocket? What good are they for encryption? > Even > if yo

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 14:53, takethe...@gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? Say I'm using it on a PC with a trojan in the background > that logs my keystrokes (my password) and can send data (my key) > via internet to an attacker. How is access restr

Re: private key protection

2011-10-18 Thread Robert J. Hansen
On 10/18/2011 8:36 AM, Jerome Baum wrote: > Have you looked at my original statement? Yes. > I recall making the distinction between a key* and a key-ring/-file, > not between a key-ring and a key-file. A distinction that has been lost on apparently everyone here. Please use accepted terminolog

Re: private key protection

2011-10-18 Thread takethebus
Monday, October 17, 2011, 11:30:48 PM, Robert wrote: > Smartcard and a good PIN. That's pretty much the gold standard. It's > not the best way (there is no 'best way'), but it's generally an > excellent place to start from. I read a smartcard is simply a chip card. Why is it save, what's a PI

Re: private key protection

2011-10-18 Thread Peter Lebbing
On 18/10/11 14:36, Jerome Baum wrote: > * I'm going to take the word to mean what it says: "key", not what I can > flexibly interpret it as: "encrypted key". One of those metal things in my pocket? What good are they for encryption? Even if you manage to read it in, it still has way too little ent

Re: private key protection

2011-10-18 Thread Jerome Baum
On 2011-10-18 14:22, Robert J. Hansen wrote: > On 10/18/2011 8:10 AM, Jerome Baum wrote: >> If I manage to steal your private keyring, then yes the very strong >> passphrase should grind my attempts to steal your key to a halt. If I >> manage to steal your private _key_ OTOH, I don't need to get pa

Re: private key protection

2011-10-18 Thread Robert J. Hansen
On 10/18/2011 8:10 AM, Jerome Baum wrote: > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. If I > manage to steal your private _key_ OTOH, I don't need to get past your > passphrase as that doesn't come into pla

Re: private key protection

2011-10-18 Thread Jerome Baum
>> I'm going to lean very far out the window and assume he meant the actual >> private key, not the private key-ring/-file/... > > I'm not sure I understand the distinction you're making there. One is protected with a passphrase (i.e. it's encrypted), the other is in the clear. If I manage to st

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Melvin Carvalho
On 17 October 2011 20:11, Werner Koch wrote: > Hi! > > Over the last year Marcus and me discussed ideas on how to make > encryption easier for non-crypto geeks.  We explained our plans to > several people and finally decided to start a project to develop such a > system.  Obviously it is based on

Re: STEED - Usable end-to-end encryption

2011-10-18 Thread Simon Josefsson
Aaron Toponce writes: > I've added it with "my_hdr OpenPGP id=${pgp_sign_as}\;url=...". The only > question remaining, for me, is whether or not it should be "X-OpenPGP" or > "OpenPGP" as the header field name. I've heard various positions on this, > but nothing definitive. No X-OpenPGP please.