Re: TOFU for GnuPG

2015-11-03 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 30 October 2015 at 12:09:51 PM, in , Neal H. Walfield wrote: > The user ids are used. These are authorative. If > there are N user ids, then N bindings are maintained. Presumably if no

Re: TOFU for GnuPG

2015-11-03 Thread Andre Heinecke
Hi Neal, On Tuesday 03 November 2015 15:57:05 Neal H. Walfield wrote: > > I don't fully understand why you need formalized transition statements. > > Couldn't you just treat Key / UIDs that are signed by each other as "two > > valid keys for this UID"? > > > > So when I transition to another key

Re: TOFU for GnuPG

2015-11-03 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 3 November 2015 at 2:38:04 PM, in , Neal H. Walfield wrote: > In this case, we store the whole user id (lower cased). > Only if the user id is the empty string do we not store > a binding. How

Re: TOFU for GnuPG

2015-11-03 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 3 November 2015 at 3:29:02 PM, in , Neal H. Walfield wrote: > The bindings are between user id and key. So, a new > binding will be created. Will it flag up to the user that it is creating a

Re: TOFU for GnuPG

2015-11-03 Thread Neal H. Walfield
At Tue, 3 Nov 2015 15:37:06 +, MFPA wrote: > On Tuesday 3 November 2015 at 3:29:02 PM, in > , Neal H. Walfield wrote: > > > > The bindings are between user id and key. So, a new > > binding will be created. > > Will it flag up to the user that it is

Re: TOFU for GnuPG

2015-11-03 Thread Neal H. Walfield
At Tue, 3 Nov 2015 15:18:57 +, MFPA wrote: > On Tuesday 3 November 2015 at 2:38:04 PM, in > , Neal H. Walfield wrote: > > > > In this case, we store the whole user id (lower cased). > > Only if the user id is the empty string do we not store > > a

Re: TOFU for GnuPG

2015-11-03 Thread Neal H. Walfield
At Tue, 03 Nov 2015 16:10:24 +0100, Andre Heinecke wrote: > Don't we need to lookup the new key anyway to make validity decisions? Until > then we assume "Unknown" trust. In the verify case, yes. But what about the sign case? We just see that the old key has been revoked, but we don't know

Re: TOFU for GnuPG

2015-11-03 Thread Neal H. Walfield
Hi, At Tue, 03 Nov 2015 16:56:27 +0100, Andre Heinecke wrote: > On Tuesday 03 November 2015 16:34:39 you wrote: > > At Tue, 03 Nov 2015 16:10:24 +0100, > > > > Andre Heinecke wrote: > > > Don't we need to lookup the new key anyway to make validity decisions? > > > Until then we assume "Unknown"

Re: Generating 4096 bit key fails – why?

2015-11-03 Thread NIIBE Yutaka
On 11/02/2015 06:40 PM, Felix E. Klee wrote: > On Mon, Nov 2, 2015 at 3:04 AM, NIIBE Yutaka wrote: >> It failed when gpg frontend tried to change the key attribute for >> RSA-4096. >> >>> […] >> >> Do you happened to have (and run) old scdaemon of 2.0? > > Unfortunately that

Re: TOFU for GnuPG

2015-11-03 Thread Neal H. Walfield
Hi Andre, At Fri, 30 Oct 2015 13:23:14 +0100, Andre Heinecke wrote: > On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote: > > At Thu, 29 Oct 2015 18:48:43 +0100, > > > > Johannes Zarl-Zierl wrote: > > > Out of curiosity: Does the TOFU implementation for gpg already allow for > > > key

Re: TOFU for GnuPG

2015-11-03 Thread Andre Heinecke
Hi, On Tuesday 03 November 2015 16:34:39 you wrote: > At Tue, 03 Nov 2015 16:10:24 +0100, > > Andre Heinecke wrote: > > Don't we need to lookup the new key anyway to make validity decisions? > > Until then we assume "Unknown" trust. > > In the verify case, yes. But what about the sign case?