Are TOFU statistics used for key's validity calculations or TOFU
conflict resolution?
Some background: The TOFU system keeps statistics about key's use. I'll
quote some lines from the DETAILS document.
About --with-colons --witt-tofu-info --list-keys:
*** TFS - TOFU statistics
This
El día lunes, junio 12, 2017 a las 12:58:23p. m. +0200, Werner Koch escribió:
> On Mon, 12 Jun 2017 12:38, g...@unixarea.de said:
>
> > Do you know of any other CCID reader for ID-000 size cards?
>
> I have a sample of the Gemalto Shell Token here. It has been around for
> quite some time and t
On Wed, 21 Jun 2017 21:04:09 +0200, Peter Lebbing wrote:
> On 21/06/17 20:49, Peter Lebbing wrote:
> > which would still
> > be marginally safe until computers are much faster, and certainly
> > not a short ID which is utterly unsafe and has always been.
>
> Which *might* still be marginally saf
Daniel Kahn Gillmor [2017-06-21 14:03:00-04] wrote:
> in the abstract:
>
> * i learned via some channel i consider trustworthy that this key isn't
>appropriate for use with this User ID any more.
>
> more concretely:
>
> * "I had lunch with Sarah and she told me she'd lost access to her
>
On Wed, 21 Jun 2017 19:11, pe...@digitalbrains.com said:
> I think this is because of an expired certificate for versions.gnupg.org:
Sorry for this. Fixed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpLUBTrl8Z_C.pgp
Description: PGP signature
On 21/06/17 20:49, Peter Lebbing wrote:
> which would still
> be marginally safe until computers are much faster, and certainly not a
> short ID which is utterly unsafe and has always been.
Which *might* still be marginally safe. I haven't done any actual
calculations, and I want to seriously diss
On 21/06/17 20:30, Stefan Claas wrote:
> Technically spoken Enigmail showed all three messages as "Untrusted
> Good Signature from Ernst Mustermann etc. , because i have not signed
> the first key locally, to get for the first two messages a green bar
> in Enigmail.
Or either:
- Used --tofu-policy
On Wed, 21 Jun 2017 19:02:26 +0200, Peter Lebbing wrote:
> On 08/06/17 22:33, Stefan Claas wrote:
> > I did a test today with Enigmail and with TOFU in command line mode.
> > I posted 3 messages with a fantasy name to a Usenet test group where
> > the 3rd message was signed with a fake key and Enig
On Fri 2017-06-16 10:06:38 +0300, Teemu Likonen wrote:
> My question is simple (kind of): In what situations would you revoke a
> certificate that you have made on someone else's key? (Technically:
> --edit-key + revsig.)
That action would be me saying "i no longer believe that this key is
only co
On 18/06/17 03:48, Christopher Jones wrote:
> It's a task to setup gpg on new boxes: Import pub key, ultimately trust
> my key, and muck around with gpg and ssh agents.
If all you want to do is SSH, you don't need your key, so it reduces to
"muck around with gpg and ssh agents". As long as gpg-age
On 21/06/17 17:14, murphy wrote:
> download of swdb.lst failed.
I think this is because of an expired certificate for versions.gnupg.org:
$ wget -S https://versions.gnupg.org/swdb.lst
--2017-06-21 19:11:03-- https://versions.gnupg.org/swdb.lst
Resolving versions.gnupg.org (versions.gnupg.org)...
On 08/06/17 22:33, Stefan Claas wrote:
> I did a test today with Enigmail and with TOFU in command line mode.
> I posted 3 messages with a fantasy name to a Usenet test group where
> the 3rd message was signed with a fake key and Enigmail showed me this:
>
> UNTRUSTED Good signature from Ernst Mus
Hi all - during a routine build of gnupg-2.1.21 for Ubuntu 16.04 LTS a
speedo build from source that has consistently worked as recently as a
few days ago has now consistently hung up. This is true on a Raspberry
Pi 3 armhf environment as well as Ubuntu linux. The offending command
seems to be:
Hi Martin,
On Wed, 21 Jun 2017 at 11:03:40 +0200, martin f krafft wrote:
> And then check this out:
>
> % gpg --edit-key 0x55C9882D999BBCC4
> […]
>
> key 55C9882D999BBCC4:
> 24 duplicate signatures removed
>
> That's a bit weird. Where do these come from?
The OpenPGP packets were not ordered p
On 2017/06/20 14:34, martin f krafft wrote:
> 5. Has anyone come up with a smart way to keep pubring/trustdb
>synchronised between multiple workstations?
I have a quick and dirty tool here:
https://github.com/andrewgdotcom/synctrust
A
signature.asc
Description: OpenPGP digital signature
_
martin f krafft writes:
> And then check this out:
>
> % gpg --edit-key 0x55C9882D999BBCC4
> gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
martin f krafft writes:
> Hey,
>
> My key on the keyservers is 0x55C9882D999BBCC4. If I download this
> to a fresh keyring, I get some weird behaviours:
gpg --version please?
> % alias gpg='gpg --homedir=.'
I tend to do: $ export GNUPGHOME=$(mktemp -d)
> So far, so good. Do note the [SC] us
At Wed, 21 Jun 2017 13:55:52 +0200,
martin f krafft wrote:
>
> also sprach Neal H. Walfield [2017-06-21 11:53 +0200]:
> > > 3. Is there a way to run --check-trustdb or --update-trustdb not
> > >over the entire key graph, but only traversing to a certain depth
> > >starting from a specific
also sprach Neal H. Walfield [2017-06-21 11:53 +0200]:
> > 3. Is there a way to run --check-trustdb or --update-trustdb not
> >over the entire key graph, but only traversing to a certain depth
> >starting from a specific key? Then I could tell parcimonie to run
> >--check-trustdb for e
Hi,
At Tue, 20 Jun 2017 15:34:44 +0200,
martin f krafft wrote:
> I've spent some time trying to figure out how to make actual use of
> the web-of-trust (the "pgp" trust-model), and I am turning to this
> list for some advice, related to a couple of questions:
>
> 1. My public keyring has several
martin f. krafft [2017-06-21 11:03:40+02] wrote:
> 24 duplicate signatures removed
>
> That's a bit weird. Where do these come from?
I've seen the message with other keys too, just after --edit-key. The
number of duplicate signatures varies. Next --refresh-keys command
downloads the signatures
Hey,
My key on the keyservers is 0x55C9882D999BBCC4. If I download this
to a fresh keyring, I get some weird behaviours:
% alias gpg='gpg --homedir=.'
% gpg --recv-key 0x55C9882D999BBCC4
gpg: keybox '/home/ssd/madduck/.tmp/cdt.p0R8ly/pubring.kbx' created
gpg: /home/ssd/madduck/.tmp/cdt.p0
On Tue, Jun 20, 2017 at 01:56:57PM -0400, Daniel Kahn Gillmor wrote:
Hi Rex--
On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
root@debian-rig:/home/rexk# wget -qO -
https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP
23 matches
Mail list logo