Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Am 12.06.2017 um 23:50 schrieb Duane Whitty: Thanks for your input much appreciated! I would also add one word about USB sticks: It is very difficult to know if they've been compromised and there are no tell-tale signs when an attack is taking place. I never put a USB in my computer that has

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 17-06-12 05:45 PM, Stefan Claas wrote: > On 12.06.17 22:35, Robert J. Hansen wrote: >>> Is there something like a Standard Operating Procedure for GnuPG >>> available, which fulfills security experts demands, and which can >>> easily be adapted by an average GnuPG user, regardless of platform

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 22:35, Robert J. Hansen wrote: >> Is there something like a Standard Operating Procedure for GnuPG >> available, which fulfills security experts demands, and which can >> easily be adapted by an average GnuPG user, regardless of platform >> and client he/she uses? > No. More to the

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

> Is there something like a Standard Operating Procedure for GnuPG > available, which fulfills security experts demands, and which can > easily be adapted by an average GnuPG user, regardless of platform > and client he/she uses? No. More to the point, there can't be. Each user faces threats

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 22:10, Robert J. Hansen wrote: >> and transfer signed/encrypted messages from my online usage >> computer with a USB stick to my offline computer and verify >> decrypt the messages there. :-) > If you think your online computer may be compromised, then you have no > business sharing

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

> and transfer signed/encrypted messages from my online usage > computer with a USB stick to my offline computer and verify > decrypt the messages there. :-) If you think your online computer may be compromised, then you have no business sharing USB devices between it and your believed-safe

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 21:15, Peter Lebbing wrote: >> (Remember there are two types of companies. Those who know they got >> hacked and those who don't know yet that they got hacked.) >> >> I should put that as a signature in my email and Usenet client! :-) Regards Stefan

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 21:21, Ludwig Hügelschäfer wrote: > What you can do: Learn, learn by playing, learn by trying to > understand what others write and by asking questions and become a > reasonable critical user. That's the hard way, but you learn best. > Second possibility would be to have a good

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 21:15, Peter Lebbing wrote: > On 12/06/17 20:51, Stefan Claas wrote: >> Maybe as an additional security feature Enigmail should give >> a key with a set trust level of "Ultimate" a different color than >> green. > No, that's beside the point. Once somebody gets your user privileges, >

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12.06.17 20:51, Stefan Claas wrote: > On 12.06.17 20:18, Ludwig Hügelschäfer wrote: >> Hi, >> >> On 12.06.17 14:52, Stefan Claas wrote: >> >>> Hi Ludwig, >>> >>> I just checked again. On my Mac and on my Windows Notebook i >>> get a green bar

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12/06/17 20:51, Stefan Claas wrote: > Maybe as an additional security feature Enigmail should give > a key with a set trust level of "Ultimate" a different color than > green. No, that's beside the point. Once somebody gets your user privileges, there is no "additional security". It's game

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 20:18, Ludwig Hügelschäfer wrote: > Hi, > > On 12.06.17 14:52, Stefan Claas wrote: > >> Hi Ludwig, >> >> I just checked again. On my Mac and on my Windows Notebook i get a >> green bar , from a blue "Untrusted" key when i go into Enigmails >> Key Management and set the trust of that

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Hi, On 12.06.17 14:52, Stefan Claas wrote: > Hi Ludwig, > > I just checked again. On my Mac and on my Windows Notebook i get a > green bar , from a blue "Untrusted" key when i go into Enigmails > Key Management and set the trust of that key to Ultimate... Well, ultimate ownertrust is the wrong

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

> If Mallory would get somehow access to my Computer and replace one > pub key from my communication partners with a fake one and sets the > trust level to Ultimate. How can i detect this, if i'm not always > looking at the complete Fingerprint and compare it with a separate > list? If Mallory

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

I hadn't gotten round to answer your earlier questions yet, since I noticed a point I should first spend some effort and thinking on. On 12/06/17 16:14, Stefan Claas wrote: > And a question for this... If Mallory would get > somehow access to my Computer and replace one pub key from my >

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12.06.17 16:06, Peter Lebbing wrote: > On 12/06/17 14:52, Stefan Claas wrote: >> I just checked again. On my Mac and on my Windows Notebook >> i get a green bar , from a blue "Untrusted" key when i go into >> Enigmails Key Management and set the trust of that key to >> Ultimate... > Don't do

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 12/06/17 14:52, Stefan Claas wrote: > I just checked again. On my Mac and on my Windows Notebook > i get a green bar , from a blue "Untrusted" key when i go into > Enigmails Key Management and set the trust of that key to > Ultimate... Don't do this! Or did you do it just for testing?

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 07.06.17 22:23, Ludwig Hügelschäfer wrote: > Hi Stefan, > > On 06.06.17 22:19, Stefan Claas wrote: >> On 06.06.17 20:46, Charlie Jonas wrote: >>> On 2017-06-06 19:12, Stefan Claas wrote: I tried also with Enigmail under OS X but when checking the signatures here from the list

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 07.06.17 22:23, Ludwig Hügelschäfer wrote: > Hi Stefan, > > On 06.06.17 22:19, Stefan Claas wrote: >> On 06.06.17 20:46, Charlie Jonas wrote: >>> On 2017-06-06 19:12, Stefan Claas wrote: I tried also with Enigmail under OS X but when checking the signatures here from the list members

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Hi Stefan, On 06.06.17 22:19, Stefan Claas wrote: > On 06.06.17 20:46, Charlie Jonas wrote: >> On 2017-06-06 19:12, Stefan Claas wrote: >>> I tried also with Enigmail under OS X but when checking the >>> signatures here from the list members i always get the blue >>> "Untrusted Good Signature".

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Am 07.06.2017 um 10:57 schrieb Peter Lebbing: On 07/06/17 07:55, Stefan Claas wrote: The procedure went like this: I inserted my id-card in a certified card reader, which i purchased, startet the german certified id-card software "AusweisApp2" to connect to the CA Server and the server checked

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 07/06/17 07:55, Stefan Claas wrote: > The procedure went like this: I inserted my id-card in a certified > card reader, which i purchased, startet the german certified id-card > software "AusweisApp2" to connect to the CA Server and the server > checked my id-card online and after verification

Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 07.06.17 00:04, MFPA wrote: > > > On Tuesday 6 June 2017 at 5:07:18 PM, in > , Stefan Claas > wrote:- > > > > Therefore qualified CA's > > in my opinion are mandatory where each user in each > > country [may] register > > with his/her id-card

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 06.06.17 20:46, Charlie Jonas wrote: > On 2017-06-06 19:12, Stefan Claas wrote: >> I tried also with Enigmail under OS X but when checking the signatures here >> from the list members i always get the blue "Untrusted Good Signature". > Yes I get this as well. Interestingly whatever trust level

Re: Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 2017-06-06 19:12, Stefan Claas wrote: > I tried also with Enigmail under OS X but when checking the signatures here > from the list members i always get the blue "Untrusted Good Signature". Yes I get this as well. Interestingly whatever trust level I give keys, Enigmail on OSX seems to want to

Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

On 06.06.17 12:46, Peter Lebbing wrote: > On 06/06/17 05:30, Duane Whitty wrote: >> As I understand the concept of TOFU (Trust On First Use), when you >> receive a signed email gpg tests that signature against the key >> retrieved from the public key servers associated with the email. > TOFU is