Re: Help needed - for a binary to words encoder/decoder for GnuPG

Ajax wrote: > Are there enough five letter words in the word lists available at > eff.org/dice? Thanks a lot! The short list has 782 five letter words, perfect! So I will then select 256 of them which are easy (for me) to read ... :-) Best regards Stefan -- box: 4a64758de9e8ceded2c481ee526440

Help needed - for a binary to words encoder/decoder for GnuPG

Hi all, I was wondering if native English speakers can help me out in finding 'the right' 5 letter words which can be used in an binary to words encoder/decoder, which then can be used with GnuPG encrypted binary files, so that these (preferably small binary blobs) messages can then be send over t

Re: FAQ: seeking consensus

Vincent Breitmoser wrote: > > It would be nice if you can add to the keyserver list also the > > mailvelope.com keyserver, > > I concur keys.mailvelope.com is a fine keyserver today. However, you might > want to consider: > > > because it requires users to authenticate their keys against the key

Re: FAQ: seeking consensus

Robert J. Hansen wrote: > 1. How should we handle the SKS keyserver attacks? I would list in the FAQ the kind of attacks possible, to educate users, before they choose one for uploading their key. > One school of thought says "SKS is tremendously diminished as a > resource, because using it can

Re: Future OpenPGP Support in Thunderbird

Patrick Brunschwig wrote: > The Thunderbird developers have announced that they will implement > OpenPGP support in Thunderbird 78 [1]. Support for Thunderbird in > Enigmail will therefore be discontinued. [snip] > The Thunderbird developers and I have therefore agreed that it's much > better to

Re: We have GOT TO make things simpler

Robert J. Hansen wrote: > > Not to rain your parade, but I follow the topic encryption since the mid > > '80s and can say nowadays that GnuPG has failed to become an email > > encryption product for the masses, which IIRC was the initial goal of Mr > > Zimmermann's PGP back in the early ninetees.

Re: We have GOT TO make things simpler

Jeff Allen via Gnupg-users wrote: > I agree that there are easier-to-learn encryption solutions than GnuPG. > Mailvelope, FlowCrypt, ProtonMail, Mailfence and Tutanota come > immediately to mind. Any is adequate for the privacy needs of the > masses. Unfortunately, the masses haven't swarmed to

Re: We have GOT TO make things simpler

Werner Koch wrote: > On Sat, 5 Oct 2019 12:15, Stefan Claas said: > > > installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as > > learning resource and then show them as modern alternative Mailvelope > > And don't forget to point them to all the HOWTOS and RFCs required to to

Re: We have GOT TO make things simpler

Tony Lane via Gnupg-users wrote: > But go ahead, please rationalize why "ease-of-use" is more important than > actual security for power-users such as myself and those who absolutely won't > compromise on true E2EE. Not to rain your parade, but I follow the topic encryption since the mid '80s and

Re: We have GOT TO make things simpler

Stefan Claas via Gnupg-users wrote: > Tony Lane wrote: > > > Digital signatures are, in general, legally binding. > > In the EU qualified digital signatures (QES) are legally binding > and I strongly doubt that in the U.S. with it's ESIGN Act the same > holds true

Re: We have GOT TO make things simpler

Tony Lane wrote: > Digital signatures are, in general, legally binding. In the EU qualified digital signatures (QES) are legally binding and I strongly doubt that in the U.S. with it's ESIGN Act the same holds true for GnuPG home installations. I guess a proper Google search will show it us. :-)

Re: We have GOT TO make things simpler

Tony Lane via Gnupg-users wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 10/3/19 5:53 PM, Stefan Claas via Gnupg-users wrote: > > And this is probably the reason why digital signatures from GnuPG were never > > been adopted (for business related things

Re: We have GOT TO make things simpler

Dennis Clarke wrote: > On 10/2/19 4:15 PM, Chris Narkiewicz via Gnupg-users wrote: > > On 02/10/2019 00:55, Tony Lane via Gnupg-users wrote: > >> This is not an issue with GnuPG. GnuPG is a back-end utility that > >> front-end applications (like GUIs) interface to. Go to your vendor of > >> choice

Re: We have GOT TO make things simpler

Stefan Claas via Gnupg-users wrote: > Roland Siemons wrote: > > > Dear GNUPG developers, > > > > We have GOT TO make things simpler. > > > > 1/ I do have some years of experience with GnuPG. Especially with > > convincing people to use it. It is not

Re: We have GOT TO make things simpler

Roland Siemons wrote: > Dear GNUPG developers, > > We have GOT TO make things simpler. > > 1/ I do have some years of experience with GnuPG. Especially with > convincing people to use it. It is not easy. But I do it because it is > in my interest to be able to communicate privately. > 2/ My la

Re: keys.openpgp.org not sending confirmation email

Binarus wrote: > IMHO, this system lacks a mandatory unique token in the key ID. The > natural choice for such a token would be the email address, because in > the first place it is the only thing you know for sure when writing a > private message to somebody else who you haven't become acquainted

Re: keys.openpgp.org not sending confirmation email

Binarus wrote: > You have stated that my real name must be in the key ID if I would like > to have the key certified by Governikus. Does the key ID need to have > other personal data in it? After all, as an example, there for sure are > at least 1000 people in Germany whose name is "Peter Meier" (

Re: keys.openpgp.org not sending confirmation email

Binarus wrote: > Actually, I currently don't know anybody who I could ask to sign my > keys, and furthermore, the problem is bigger the other way around. Can I > trust the key which I found on the key server for the intended > recipient's email address? Can I at least be sure that the key server >

Re: Which version of GnuPG to use?

Brian Minton wrote: > On 9/17/19 12:59 PM, Stefan Claas via Gnupg-users wrote: > > Unfortunately I am no programmer but I was thinking about the following: > > I assume that in order to decrypt a message the secret key data must be > > unlocked and loaded for a very short ti

Re: Which version of GnuPG to use?

Damien Goutte-Gattat wrote: > On Tue, Sep 17, 2019 at 06:59:34PM +0200, Stefan Claas via Gnupg-users wrote: > >I assume that in order to decrypt a message the secret key data must be > >unlocked and loaded for a very short time into the computers RAM, in order > >to perform t

Re: Which version of GnuPG to use?

Werner Koch wrote: > On Mon, 16 Sep 2019 23:49, gnupg-users@gnupg.org said: > > > speak, with a specially crafted software, when using an online computer > > with a SmardCard? I have read that the secret key can not been copied from > > the card, but what about the 'bits and pieces' in memory whe

Re: Which version of GnuPG to use?

Daniel Bossert wrote: > Hi all > > Some years ago I used GnuPG, but somewhen stopped with it. > > Now I want to start again. However there are many rumors that it is > unsecure meanwhile. Can you tell us what rumors you have heared? I would say the encryption in GnuPG is secure, but sadly peop

Re: Info for GnuPG users which have a keybase account

john doe wrote: > On 9/10/2019 6:00 PM, Stefan Claas via Gnupg-users wrote: > > Hi all, > > > > slightly OT, but since some of you are on keybase I would > > like to inform you about a current promo from Stellar Network > > running on keybase. > &g

Info for GnuPG users which have a keybase account

Hi all, slightly OT, but since some of you are on keybase I would like to inform you about a current promo from Stellar Network running on keybase. https://keybase.io/a/i/r/d/r/o/p/spacedrop2019 I received yesterday my free Lumens, currently worth $21.29 USD :-) Regards Stefan -- box: 4a6475

Re: add-photo continued ...

raf via Gnupg-users wrote: > Stefan Claas via Gnupg-users wrote: > > > Hi all, > > > > some of you may remember the add-photo thread we had a while ago > > and I wondered why the max image size for a UAT packet is 16 MB. > > > > Recently I saw a

Re: add-photo continued ...

On 2019-09-05 01:16, Stefan Claas via Gnupg-users wrote: > Stefan Claas via Gnupg-users wrote: > >> Recently I saw a Twitter post explaining that a .jpeg image header >> can contain 16 MB of data. I do not have the link currently handy, >> sorry! > > I think I tal

Re: add-photo continued ...

Stefan Claas via Gnupg-users wrote: > Recently I saw a Twitter post explaining that a .jpeg image header > can contain 16 MB of data. I do not have the link currently handy, > sorry! I think I talked nonsense here about the 16 MB header size! Hopefully I can find the authors techni

add-photo continued ...

Hi all, some of you may remember the add-photo thread we had a while ago and I wondered why the max image size for a UAT packet is 16 MB. Recently I saw a Twitter post explaining that a .jpeg image header can contain 16 MB of data. I do not have the link currently handy, sorry! So here is a litt

Re: ProtonMail and Anonymity

On 2019-09-01 15:18, Peter Lebbing wrote: Hi Peter, > Hello Stefan, > > On 01/09/2019 14:14, Stefan Claas via Gnupg-users wrote: >> Also interesting. >> >> https://eprint.iacr.org/2018/1121.pdf > > If you post URL's to this mailing list, could you please

Re: ProtonMail and Anonymity

Stefan Claas wrote: > Am Mon, 6 May 2019 08:53:14 -0400 > schrieb Jeff Allen : > > > > People who don't trust ProtonMail shouldn't use it. > > Absolutely! But I think it does not hurt to post > such things to educate PGP users how different > services or software applications etc. handle such

Re: Slightly OT - mobile OpenPGP usage

Andrew Gallagher wrote: > > > On 31 Aug 2019, at 11:45, Stefan Claas via Gnupg-users > > wrote: > > > > Can you please tell me what web mailer you have installed in > > order to run Mailvelope on an own domain? > > I recently migrated from squirrelm

Re: Slightly OT - mobile OpenPGP usage

Daniel Clery wrote: Hi, > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 [snip] > -BEGIN PGP SIGNATURE- > Version: Mailvelope v4.1.0 > Comment: https://www.mailvelope.com I just noticed that you use Mailvelope on your site, awesome! Can you please tell me what web mailer you have i

Re: Slightly OT - mobile OpenPGP usage

On 2019-08-28 00:44, Chris Narkiewicz via Gnupg-users wrote: > On 27/08/2019 20:50, Stefan Claas via Gnupg-users wrote: >> But what would be, when using computers at work or public places, then >> the best strategy for using OpenPGP, without carrying a Notebook or >> smartph

Re: Slightly OT - mobile OpenPGP usage

Andrew Gallagher wrote: > On 27/08/2019 17:01, Stefan Claas via Gnupg-users wrote: > > Would you consider these both methods secure enough for entering > > passphrases in Mailvelope, like outlined in article [1] while using Oxynger > > KeyShield [2]? > > If you think

Re: Slightly OT - mobile OpenPGP usage

Stefan Claas via Gnupg-users wrote: > Due to some tests I found Mailvelope an OpenPGP extension for > Firefox and Chrome and installed it on my Kanguru Defender 3000 > USB stick. Besides the new Mailvelope keyserver I added also Hagrid. > Key management is quite comfortable and mess

Re: Slightly OT - mobile OpenPGP usage

Wiktor Kwapisiewicz via Gnupg-users wrote: > W.r.t. NFC there is this minor detail: > https://lists.gnupg.org/pipermail/gnupg-users/2018-December/061375.html Interesting. Well, for important and very short messages one could additionally use the modern ElsieFour handcypher, by Prof. Kaminsky.,

Re: Slightly OT - mobile OpenPGP usage

On 2019-08-25 21:22, Chris Narkiewicz via Gnupg-users wrote: > On 25/08/2019 19:40, Stefan Claas via Gnupg-users wrote: >> Hi all, >> >> I am curious what apps you are using when not at home, to send >> OpenPGP compatible email messages? Do you carry a Notebook wit

Slightly OT - mobile OpenPGP usage

Hi all, I am curious what apps you are using when not at home, to send OpenPGP compatible email messages? Do you carry a Notebook with GnuPG or do you use an OpenPGP smartphone app? Because I do not have a smartphone and I do not want to carry a Notebook with me I came up with the following solut

Re: BSI withdraws approval of GnuPG for confidential documents

Peter Lebbing wrote: > On 21/08/2019 22:05, Stefan Claas via Gnupg-users wrote: > > Thanks for pointing that out. In case you mean me asking the BSI I think > > it is much better that Werner, as author of GnuPG, asks them. > > If I were you, I'd just ask, and note tha

Re: BSI withdraws approval of GnuPG for confidential documents

Dirk-Willem van Gulik wrote: > FWIIW - in the past I've found the BSI a highly professional & responsible > organisation - with key staff answering (every very detailed technical > questions) very quickly, comprehensively and in great technical detail. > > So I would just ask. Thanks for point

Re: BSI withdraws approval of GnuPG for confidential documents

Werner Koch via Gnupg-users wrote: > On Thu, 8 Aug 2019 17:22, gnupg-users@gnupg.org said: > > > maybe interesting for some community members, living in Germany. > > We learned about that last week and are trying to figure out what is > going on. It is likely an internal coordination or conten

Re: Difficulty of fixing reconciliation

Robert J. Hansen wrote: > > Good write-up. Now I have a question, in hope that SKS operators are > > reading this too. I have learned from Robert's gist that the max. is > > 150.000 sigs per key the servers can handle, if I am not mistaken. > > I didn't say this. > > I said they handle up to abo

Re: PGP Key Poisoner

Peter Lebbing wrote: > > I wonder why those SKS key servers are so important to be still in > > service as of today since we have WKD, Hagrid, keybase, Mailvelope Key > > Server and Facebook? > > Only people using the SKS keyserver network are affected by this issue. > You say you don't see a rea

Re: Difficulty of fixing reconciliation

Peter Lebbing wrote: [snip] > Furthermore, the end goal is for all hosts to have the same dataset, so > let's define progress as that the hosts become more and more alike: when > the number of differences between the hosts has reduced, we have made > progress. Once completed, it has progressed to

Re: Repo with test cases for covert content attacks

Sebastian Schinzel wrote: > Those are two different papers. > > 1. The 'Jonny, you are fired' paper solely dealt with signature spoofing > and the repo is here: > > https://github.com/RUB-NDS/Johnny-You-Are-Fired > > 2. The paper mentioned in the thread above is 'Re: What's Up Johnny? -- > Cove

Re: PGP Key Poisoner

Peter Lebbing wrote: > On 12/08/2019 18:39, Stefan Claas via Gnupg-users wrote: > > Why was is then not fixed a decade ago, like it was done with 2.2.17? > > There is no fix for the SKS keyserver network, which explains why it > wasn't fixed in 2.2.17 either. In fact, f

Re: PGP Key Poisoner

Ryan McGinnis via Gnupg-users wrote: > Yes, ironically, this proof of concept is the responsible way to demonstrate > the issue (after a sufficient waiting period following a private disclosure > to the developers), rather than, say, demonstrating the issue by spitefully > poisoning the keys of a

Re: PGP Key Poisoner

Ryan McGinnis via Gnupg-users wrote: [snip] Not to be off-topic but I wonder why your message, when reading it in my MUA, displays this in the message body: Never seen this before on the ML. c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="publicKey - r...@digican

Re: Repo with test cases for covert content attacks

Sebastian Schinzel wrote: > Dear all, > > Jens Müller just gave a talk at DEFCON about Covert Content Attacks > against S/MIME and OpenPGP encryption and digital signatures in the > email context. He just published the PoC emails that he used in the talk > and they might be useful for further tes

BSI withdraws approval of GnuPG for confidential documents

Hi, maybe interesting for some community members, living in Germany. (Article is in German language.) Regards Stefan -- box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813

Zero Knowledge Proofs to detect possible MITM attacks

Hi all, I recently read about ZKPs and was wondering if some of you have used them in the past. I ask because I think (once met in person) it would be a good method when using ZKPs addionally (maybe for the paranoid among us) with encrypted communications, where the involved parties may not be s

Re: --lsign --add-me or the invisible WoT

Friedhelm Waitzmann wrote: > Stefan Claas: > > >I lsign Bob's key so third parties do not know (normally) that I did > >this. But how could my friend Alice trust Bob's key she has without > >my non-exportable lsign sig? > > >What I tried to propose is an additional parameter, like --add-me > >wh

Re: --lsign --add-me or the invisible WoT

Andrew Gallagher wrote: > On 31/07/2019 14:58, Stefan Claas via Gnupg-users wrote: > > an exportable 'blob' for the lsign > > command, which can be then exchanged and would not be compatible with > > key servers, in case someone would try to upload such a blob &g

Re: --lsign --add-me or the invisible WoT

Werner Koch wrote: > On Sat, 20 Jul 2019 11:57, gnupg-users@gnupg.org said: > > > additional paramemter like --add-me for --lsign would make sense, for > >--quick-sign-key fpr [names] >--quick-lsign-key fpr [names] > > Directly sign a key from the passphrase

Re: Enigmail

David wrote: Hi David, > I have three email accounts with their own keys - Enigmail does not > support this - you have to have one key and that's it. Ah, o.k. I never tried it, but it should be possible, with different accounts and keys (hopefully). > Am downloading and installing claws mail n

Re: Enigmail

David wrote: > Stefan Claas via Gnupg-users: > > David wrote: > > > >> Hello Everyone, > >> > >> I am looking for an alternative to Enigmail - which fails to work. > >> Any ideas as to a suitable replacement?? > > > > You may ch

Re: Enigmail

David wrote: > Hello Everyone, > > I am looking for an alternative to Enigmail - which fails to work. > Any ideas as to a suitable replacement?? You may check out another MUA, like Claws-Mail, which I used with GPG plug-ins in the past. It worked fine! Regards Stefan -- box: 4a64758de9e8ceded

Re: new to GPG: "gpg: Fatal: zlib inflate problem: invalid code lengths set"

Lentes, Bernd wrote: > That's exactly what i did. > I sent my Public key to ad...@gnupp.de, which is a german project for GPG, > and the server and adele are for practicing. > Adele took my public key and sent me an e-Mail with some text and her public > key, so i should be able to decrypt that wi

Re: Essay on PGP as it is used today

Jerry wrote: > On Mon, 22 Jul 2019 07:07:32 -0400, Robert J. Hansen stated: > >> I went to an EFF (Electronic Frontier Foundation) meeting and a big > >> and tall guy came to me and told me that he had a way of Breaking PGP > >> and told me he had been working on a database program that made this

Re: Essay on PGP as it is used today

Stefan Claas via Gnupg-users wrote: > raf via Gnupg-users wrote: > > > Stefan Claas via Gnupg-users wrote: > > > > > Andrew Gallagher wrote: > > > > > > > * And finally: “don’t encrypt email”? Yes, well. Email is not going > > > > aw

Re: --lsign --add-me or the invisible WoT

Stefan Claas via Gnupg-users wrote: > Hi all, > > now since we have Hagrid and WKD I was wondering if in the future an > additional paramemter like --add-me for --lsign would make sense, for > people still in need of a WoT? > > The idea would be that people --lsign each

--lsign --add-me or the invisible WoT

Hi all, now since we have Hagrid and WKD I was wondering if in the future an additional paramemter like --add-me for --lsign would make sense, for people still in need of a WoT? The idea would be that people --lsign each others keys and GnuPG, or other public key crypto software, would then save

Re: Essay on PGP as it is used today

raf via Gnupg-users wrote: > Stefan Claas via Gnupg-users wrote: > > > Andrew Gallagher wrote: > > > > > * And finally: “don’t encrypt email”? Yes, well. Email is not going away. > > > Just like passwords, its death has been long anticipated, yet never &g

Re: Essay on PGP as it is used today

Andrew Gallagher wrote: > * And finally: “don’t encrypt email”? Yes, well. Email is not going away. > Just like passwords, its death has been long anticipated, yet never arrives. > So what do we do in the meantime? I think the biggest problems is how can PGP or GnuPG users tell other users, not f

Re: WKD auto-key-retrieve method

Teemu Likonen wrote: > Stefan Claas via Gnupg-users [2019-07-14T14:17:55+03] wrote: > > > Teemu Likonen wrote: > >> I think you should add "--sender email@address" option so that your > >> signatures have information for WKD auto-key-retrieve m

Re: WKD auto-key-retrieve method

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Teemu Likonen wrote: > Stefan Claas via Gnupg-users [2019-07-14T06:55:53+02] wrote: > > > My key is available via WKD or Hagrid. > > I think you should add "--sender email@address" option so that your > signature

Re: test

David wrote: > I have imported your key, :-) Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: test

David wrote: > Hello Stefan, > > I mean to say - no keys were found :) Maybe you have to adjust you settings. My key is available via WKD or Hagrid. (P.S. I forgot to insert a Message-ID, so now threading is not correct.) Regards Stefn ___ Gnupg-us

Re: test

Stefan Claas via Gnupg-users wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > David wrote: > > > Just testing my e-,ails are getting through :) > > > > But not signed :) no public key > > > > David > > And a little reply, to

Re: test

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David wrote: > Just testing my e-,ails are getting through :) > > But not signed :) no public key > > David And a little reply, to see if my signature verifies properly. Step 1. Creating the reply in Notepad++ (offline). Step 2. Signing the mess

Re: test

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David wrote: > Just testing my e-,ails are getting through :) > > But not signed :) no public key > > David And a little reply, to see if my signature verifies properly. Step 1. Creating the reply in Notepad++ (offline). Step 2. Signing the mess

Re: SKS and GnuPG related issues and possible workarounds

Wiktor Kwapisiewicz wrote: > On 03.07.2019 17:33, Stefan Claas via Gnupg-users wrote: > > Regarding my keybase presence, I can immediately close down my account > > and my data and the data from my followers is removed, cool eh? > > I did a small experiment and it se

Re: Your Thoughts

Alyssa Ross wrote: Apologies for my late reply, I have overlooked your reply, sorry! > For example, why isn't ask-cert-level a default? I'm guessing it's just > because at some point it didn't exist, and the developers didn't want to > make a backwards incompatible change. But it means that, out

Re: SKS and GnuPG related issues and possible workarounds

Peter Lebbing wrote: > On 03/07/2019 17:33, Stefan Claas via Gnupg-users wrote: > > Mmmhhh...Peter, if I should do this it should serve as help guideline > > for users wishing to do the same. > > > > Why? > > Pfah. Stop rationalising. If this is your concern, cr

Re: SKS and GnuPG related issues and possible workarounds

Stefan Claas via Gnupg-users wrote: > Regarding my keybase presence, I can immediately close down my account > and my data and the data from my followers is removed, cool eh? One more thing... You uploaded your keys with friends signatures to an SKS server and you are activists in on

Re: SKS and GnuPG related issues and possible workarounds

Peter Lebbing wrote: > On 03/07/2019 16:00, Stefan Claas via Gnupg-users wrote: > > If I had time and money I would hire a lawyer, would formulate a letter > > for SKS operators stating that I request the removal of my pub key data > > and would as EU citizen refer in th

Re: SKS and GnuPG related issues and possible workarounds

Stefan Claas via Gnupg-users wrote: > O.k. but as understood it is in active development and I thought, > even if it is the protocol, that it would be easier to fix issues > in hockeypuck than in SKS, due to the fact that Golang is more > modern and has a bigger programmers communit

Re: SKS and GnuPG related issues and possible workarounds

Andrew Gallagher wrote: > On 03/07/2019 15:27, Stefan Claas via Gnupg-users wrote: > > Sure, of course. Meanwhile SKS operators may check out hockeypuck (written > > in Golang :-)), if that helps. > > It's the protocol that's broken, not the software. Migrating f

Re: SKS and GnuPG related issues and possible workarounds

Andrew Gallagher wrote: > On 03/07/2019 15:00, Stefan Claas via Gnupg-users wrote: > > If I had time and money I would hire a lawyer, would formulate a letter > > for SKS operators stating that I request the removal of my pub key data > > and would as EU citizen refer in th

Re: SKS and GnuPG related issues and possible workarounds

Vincent Breitmoser via Gnupg-users wrote: > > Friendly reminder: There are no developers working on SKS right now. Zero. No > actual work has been done on SKS in years. > > - V Correct. If I would be an SKS operator I would switch to your Hadgrid, to support the PGP / GnuPG community. If I ha

Re: Some thoughts on the future of OpenPGP and GnuPG

Werner Koch via Gnupg-users wrote: [snip] > [1] https://gnupg.org/blog/20170904-financial-results-2016.html > [2] https://gnupg.org/blog/data/g10code-bilanz-2017-pub.pdf Thanks a lot for the detailed reply, much appreciated! Also *much* success in the future! Regards Stefan _

Re: Some thoughts on the future of OpenPGP and GnuPG

Robert J. Hansen wrote: > > Seriously, ... . I'm going to exercise some restraint here and not write > > anything else, because I can't find words to do it politely. > > I could not agree more. > > Stefan, that was out of bounds, inaccurate, and easy to refute. If > you'd just done a Google sea

Re: Your Thoughts

Ryan McGinnis via Gnupg-users wrote: > > Null modem transfer of your messages? Yikes. To me that’s the issue with > PGP in general as it relates to secure communications - the nerds and the > criminals and the spies know how to work it, but your average end user > doesn’t need their step one to

Re: Some thoughts on the future of OpenPGP and GnuPG

karel-v_g--- via Gnupg-users wrote: > Hello! [snip] Hi Karel, I think *flame on* Werner does not need to change anything, because he is in the lucky position do get financed by the big boys, so I see no need for him to start doing something new like many others (with no financial support) do. P

Re: Your Thoughts

Andrew Gallagher wrote: > On 2019/07/01 16:26, Stefan Claas via Gnupg-users wrote: > > I use encryption tools *offline* > > on my Notebook and then copy/paste the encrypted messages > > into CoolTerm to transfer them then via my USB to USB Nullmodem > > cable to my onl

Re: Your Thoughts

Michał Górny via Gnupg-users wrote: > On Mon, 2019-07-01 at 15:38 +0100, Andrew Gallagher wrote: > > On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote: > > > I agree with Professor Green. Maybe he and his students can > > > program a POC something more simpl

Re: Your Thoughts

Andrew Gallagher wrote: > On 2019/07/01 15:13, Stefan Claas via Gnupg-users wrote: > > I agree with Professor Green. Maybe he and his students can > > program a POC something more simple, preferably in Golang and > > while using the NaCl* library. > > Golang? Not Rus

Re: Your Thoughts

David wrote: > Your Thoughts :) > > https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/ > I agree with Professor Green. Maybe he and his students can program a POC something more simple, preferably in Golang and while using the NaCl* library. I think also (sorry to say t

Re: SKS Keyserver Network Under Attack

Robert J. Hansen wrote: > > Can someone please explain to me why the GnuPG flag for key servers > > --no-modify is in GnuPG and why the authors of key server software > > did not implemented this feature? > > It's pretty unreasonable to think a piece of software from 2003, meant > as a drop-in re

Re: SKS Keyserver Network Under Attack

Andrew Gallagher wrote: > > > On 30 Jun 2019, at 09:19, Robert J. Hansen wrote: > > > > The next version of Enigmail will no longer use the SKS network by > > default. Great! But what about existing Enigmail users? They'll see a > > signature, click "Import Key", and ... bam. They're likely

Re: SKS Keyserver Network Under Attack

Ryan McGinnis via Gnupg-users wrote: > https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f > > -Ryan McGinnis > http://bigstormpicture.com > PGP: 486ED7AD > Sent with ProtonMail Secure Email No problen, we now have super modern GDPR compliant hagrid, WKD, keybase and good old pgp.c

Re: New keyserver at keys.openpgp.org - what's your take?

Stefan Claas via Gnupg-users wrote: > Werner Koch via Gnupg-users wrote: > > > On Tue, 25 Jun 2019 17:54, gnupg-users@gnupg.org said: > > > > >> Theres simply one point: "If you do not want your email to be public, > > >> don't upload your key

Re: New keyserver at keys.openpgp.org - what's your take?

Werner Koch via Gnupg-users wrote: > On Tue, 25 Jun 2019 17:54, gnupg-users@gnupg.org said: > > >> Theres simply one point: "If you do not want your email to be public, don't > >> upload your key to a server." > > > > What if I upload your key to a server though? Keep in mind this is not just > >

Re: New keyserver at keys.openpgp.org - what's your take?

Werner Koch via Gnupg-users wrote: > That new thing now is the n-th repetition of the same game: Replacing > PGP by a centralized approach, or well many centralized approaches, in > an attempt to repeat the story of S/MIME. PGP has its strengths in the > idea of not having the one-and-only-distri

<    1   2   3