On Wed, Jan 20, 2021 at 12:41 AM Ángel wrote:
> A list of all (well, most) openpgpkey subdomains can be easily created.
Yes and I believe that what Neal and you (in your new posting) have explained
makes it only worthwhile for Mallory to start his work, because he has such an
openpgpkey list
Hello all
First, I agree with Neal in considering there is a privacy leak in
using WKD (with no analysis/mitigations).
dkg has already provided an excelent explanation about this, and seems
material directly usable into the Security Considerations section.
As noted, the openpgpkey server
On 2021-01-19 at 17:24 +0100, Erich Eckner via Gnupg-users wrote:
> What can cause a "Connection closed in DNS" error? (Maybe the error
> message can be improved: Doesn't dns use udp by default, which is
> connectionless?)
I think it means dns.c returned DNS_ECONNFIN [1], which gets converted
On 2021-01-19 at 19:29 +0100, Stefan Claas wrote:
> Example: Mallory sitting in the United States likes to prepare
> a list (without my consent) and published on a U.S. site,
> so that like SKS key server dumps the whole world can
> obtain a list of all openpgpkey subdomains. So far so good.
>
>
On Tue, Jan 19, 2021 at 11:01 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> I checked the manual, and there is even a non-permanent solution:
>
> - --export-filter keep-uid="mbox = ..."
>
> lets you filter the exported uids :-)
Cool :-) , I did
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 19 Jan 2021, Stefan Claas wrote:
On Tue, Jan 19, 2021 at 6:28 PM Stefan Claas
wrote:
On Tue, Jan 19, 2021 at 6:26 PM Erich Eckner via Gnupg-users
wrote:
Advanced method is set up, direct method is not. The key has multiple UIDs
(one
On Tue, Jan 19, 2021 at 7:06 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 1:14 PM Werner Koch via Gnupg-users
> wrote:
> >
> > On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
> >
> > > When you look up the openpgpkey.example.org domain, you are revealing
> > > to anyone snooping DNS
On Tue, Jan 19, 2021 at 1:14 PM Werner Koch via Gnupg-users
wrote:
>
> On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
>
> > When you look up the openpgpkey.example.org domain, you are revealing
> > to anyone snooping DNS traffic that you are using OpenPGP and are
> > looking for a key related
On Tue, Jan 19, 2021 at 5:16 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 5:05 PM Stefan Claas
> wrote:
>
> > A policy file could look like this, with remark lines at the
> > beginning:
> >
> > # WKD policy for sac001.github.io (WRONG)
> # WKD policy file for https://sac001.github.io
> > #
On Tue, Jan 19, 2021 at 6:28 PM Stefan Claas
wrote:
>
> On Tue, Jan 19, 2021 at 6:26 PM Erich Eckner via Gnupg-users
> wrote:
>
> > Advanced method is set up, direct method is not. The key has multiple UIDs
> > (one for each of my email addresses). Or did I do something wrong when
> > exporting
On Tue, Jan 19, 2021 at 6:26 PM Erich Eckner via Gnupg-users
wrote:
> Advanced method is set up, direct method is not. The key has multiple UIDs
> (one for each of my email addresses). Or did I do something wrong when
> exporting the key to the WKD? Should I have removed the other UIDs there?
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Stefan,
thanks for your answer.
On Tue, 19 Jan 2021, Stefan Claas wrote:
On Tue, Jan 19, 2021 at 5:24 PM Erich Eckner via Gnupg-users
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I'm playing around with my WKD setup
On Tue, Jan 19, 2021 at 5:24 PM Erich Eckner via Gnupg-users
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
>
> I'm playing around with my WKD setup (guess, why) and encountered the
> error in the subject when doing `gpg - --locate-external-keys
> er...@eckner.net`.
On Tue, Jan 19, 2021 at 9:51 AM Neal H. Walfield wrote:
>
> On Mon, 18 Jan 2021 17:12:56 +0100,
> Stefan Claas wrote:
> > I repeat here once again GitHub has a *valid* SSL cert.
>
> You're right. github has a valid TLS certificate. But that valid TLS
> certificate is not valid for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I'm playing around with my WKD setup (guess, why) and encountered the
error in the subject when doing `gpg - --locate-external-keys
er...@eckner.net`. Retrieving via curl and the manually-constructed url
works fine, also I cannot find
On Tue, Jan 19, 2021 at 5:05 PM Stefan Claas
wrote:
> A policy file could look like this, with remark lines at the
> beginning:
>
> # WKD policy for sac001.github.io (WRONG)
# WKD policy file for https://sac001.github.io
> # Maintainer: Stefan Claas, ste...@sac001.github.io
> # Updated: current
Hello!
We are pleased to announce the availability of Libgcrypt version 1.9.0.
This release starts a new stable branch of Libgcrypt with full API and
ABI compatibility to the 1.8 series. Over the last 3 or 4 years Jussi
Kivilinna put a lot of work into speeding up the algorithms for the most
On Tue, Jan 19, 2021 at 2:36 AM Ángel wrote:
>
> On 2021-01-17 at 23:43 +, Stefan Claas via Gnupg-users wrote:
> > I encountered only one MITM attack a couple of years ago so far, from an
> > SKS user. He was a retired police officer from Austria, who contacted me.
> > But what you say I was
On Tue, Jan 19, 2021 at 11:15 AM Werner Koch wrote:
>
> Stefan,
>
> It has been mentioned several time here that the use of the openpgpkey
> sub-domain is required to allow implementation of the Web Key Directory
> in browsers. This is a real world use case and pretty important for web
> mailers
On Tue, 19 Jan 2021 09:28, Neal H. Walfield said:
> When you look up the openpgpkey.example.org domain, you are revealing
> to anyone snooping DNS traffic that you are using OpenPGP and are
> looking for a key related to example.org. That's a privacy issue.
No, it isn't. The next thing you do
On Mon, 18 Jan 2021 16:29, Lars Noodén said:
> Yes, but that did not stop the bank's payment web interface from
> requiring the name and address for payments to other countries. For
Okay, I added our address to the SEPA page.
Thanks.
Salam-Shalom,
Werner
--
Die Gedanken sind frei.
Stefan,
It has been mentioned several time here that the use of the openpgpkey
sub-domain is required to allow implementation of the Web Key Directory
in browsers. This is a real world use case and pretty important for web
mailers like protonmail.
I would suggest that you put your energy on a
On Mon, 18 Jan 2021 17:12:56 +0100,
Stefan Claas wrote:
> I repeat here once again GitHub has a *valid* SSL cert.
You're right. github has a valid TLS certificate. But that valid TLS
certificate is not valid for openpgpkey.sac001.github.io. That's just
the way it is, sorry.
:) Neal
On Mon, 18 Jan 2021 16:47:38 +0100,
Ángel wrote:
> So, while in the first case a bad certificate would be a critical
> failure, in the second the right thing would be to fetch the key
> *even if the certificate was invalid*, as it is used purely for
> discovery.
When you look up the
On Tue, 19 Jan 2021 10:11, raf said:
> And it's discovery that begins with an email address. I
> still can't work out what functionality WKD provides in
> a situation that isn't email-related.
The Web Key Directory maps mail addresses to a key. Mail addresses are
universal identifiers and thus
25 matches
Mail list logo