-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 7 March 2012 at 11:52:39 PM, in
, Hauke Laging
wrote:
> The statement "Only your private key can generate the
> revocation certificate" is not wrong, at least not in a
> useful understanding which is: "It is impossible to
> revok
On Wed, 7 Mar 2012 21:45, d...@fifthhorseman.net said:
> As i understand it, this is true for gpg-agent for gpgsm (S/MIME) in
> general, and for all operations (including OpenPGP) using the
> as-yet-unreleased gpg 2.1. But for those of us using gpg-agent for
That is correct.
> OpenPGP operatio
On 3/7/12 9:41 PM, John Clizbe wrote:
> This is due to two reasons:
Let's not forget:
3) This would introduce legal headaches. So long as SKS has no
crypto code, it doesn't need to conform to crypto export laws.
___
Gnupg-users mailing list
Gnupg-
Faramir wrote:
> El 06-03-2012 16:58, Peter Lebbing escribió:
> ...
>> The keyservers don't do any validation on revocation certificates;
>> anyone who feels like it can add /invalid/ revocation certificates
>> to your key to annoy you. But as soon as OpenPGP software imports
>> the key from the ke
Am Donnerstag, 8. März 2012, 00:39:11 schrieb Faramir:
> El 07-03-2012 18:24, MFPA escribió:
> ...
>
> >> Only your private key can generate the revocation certificate,
> >
> > Can't you add another key as a designated revoker, and then
> > generate the revocation certificate with that other priv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 07-03-2012 18:24, MFPA escribió:
...
>> Only your private key can generate the revocation certificate,
>
>
> Can't you add another key as a designated revoker, and then
> generate the revocation certificate with that other private key?
You ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 7 March 2012 at 12:31:11 AM, in
, Faramir wrote:
> Only your private key can generate the revocation
> certificate,
Can't you add another key as a designated revoker, and then generate
the revocation certificate with that oth
On 03/07/2012 03:31 PM, Ingo Klöcker wrote:
> Hmm. I guess you are right. Just a minor remark: To my knowledge it is
> not possible to get the passphrase out of gpg-agent. The whole point of
> gpg-agent is that it encapsulates all operations involving the secret
> key and the passphrase in order
On Tuesday 06 March 2012, Daniel Kahn Gillmor wrote:
> On 03/05/2012 04:36 PM, Ingo Klöcker wrote:
> > 4. He has left his laptop unlocked and unattended for a very short
> > period of time and he is using gpg-agent with a cache-ttl > 0.
> >
> > I have verified that one can generate a revocation ce
On 06/03/12 19:59, auto15963...@hushmail.com wrote:
>> 4. He has left his laptop unlocked and unattended for a very
> short period
>> of time and he is using gpg-agent with a cache-ttl > 0.
>
> I do in fact use gpg-agent and a cache >0, but this machine is not
> in a workplace or public location
On Mon, 05 Mar 2012 13:40:09 -0500, David Shaw wrote:
> You can examine the revocation certificate with:
>
> gpg --export (your key id) | gpg --list-packets
> The piece you are interested in will look like this. It's usually the
> second packet in an exported key:
>
> :signature packet: algo 1,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 06-03-2012 16:58, Peter Lebbing escribió:
...
> The keyservers don't do any validation on revocation certificates;
> anyone who feels like it can add /invalid/ revocation certificates
> to your key to annoy you. But as soon as OpenPGP software imp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 06-03-2012 15:59, auto15963...@hushmail.com escribió:
...
> I do in fact use gpg-agent and a cache >0, but this machine is not
> in a workplace or public location. It is in my home, in a place
> where visitors have no access, and my family woul
On 06/03/12 22:31, Hauke Laging wrote:
> AFAIK there is nearly no skill level required in order to get into an average
> user account. There is software which creates malware. You don't have to
> write it yourself. Just wait for the next exploit in a widely used (or known
> to be used) software.
Am Dienstag, 6. März 2012, 22:00:05 schrieb Peter Lebbing:
> On 06/03/12 21:14, Hauke Laging wrote:
> > You probably don't even use a seperate user account for key handling.
>
> I don't even do that either.
So don't I.
> Sounds to me like mainly snake oil with an
> insignificantly reduced actua
On 06/03/12 21:14, Hauke Laging wrote:
> You probably don't even use a seperate user account for key handling.
I don't even do that either. Sounds to me like mainly snake oil with an
insignificantly reduced actual hacking risk.
To clarify, an attacker is able to get into your personal user accoun
On 03/06/2012 01:36 PM, auto15963...@hushmail.com wrote:
> Looking at this instruction, I think you assume that I have
> imported the revoked key onto my keyring. I have not done so. On
> my keyring is the valid key, which is not revoked. The revoked key
> appears to be on a keyserver. When I
Am Dienstag, 6. März 2012, 19:36:07 schrieb auto15963...@hushmail.com:
> I agree that user error is a possibility, but I am not certain how
> to prove it. I can reproduce another public key just like the one
> that was revoked except using a different name.
I do not see any possible user error du
On 06/03/12 19:36, auto15963...@hushmail.com wrote:
> The revoked key appears to be on a keyserver. When I do a search and view
> the result online, I can see my key ID number and user ID plainly identifying
> this key as having now been revoked. I have not imported it.
The keyservers don't do a
> -Original Message-
> From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-
boun...@gnupg.org]
> On Behalf Of Ingo Klöcker
> Sent: Monday, March 05, 2012 3:37 PM
> To: gnupg-users@gnupg.org
> Subject: Re: invalid gpg key revocation
>
> On Sunday 04 March 2012
pg.org [mailto:gnupg-users-
boun...@gnupg.org]
> On Behalf Of Robert J. Hansen
> Sent: Monday, March 05, 2012 11:27 AM
> To: gnupg-users@gnupg.org
> Subject: Re: invalid gpg key revocation
> On 3/5/12 12:12 PM, auto15963...@hushmail.com wrote:
> > I am 99.9% sure no one has gotten acces
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 03/05/2012 04:36 PM, Ingo Klöcker wrote:
> 4. He has left his laptop unlocked and unattended for a very short
> period of time and he is using gpg-agent with a cache-ttl > 0.
>
> I have verified that one can generate a revocation certificate without
> entering a passphrase if one has previou
Am Montag, 5. März 2012, 22:36:42 schrieb Ingo Klöcker:
> I have verified that one can generate a revocation certificate without
> entering a passphrase if one has previously signed something (e.g. an
> email). So, it was probably just a very nasty prank.
I assume that ist possible only if the ma
On Sunday 04 March 2012, Robert J. Hansen wrote:
> On 3/4/2012 4:13 PM, auto15963...@hushmail.com wrote:
> > Hello. Supposing I create a key with an arbitrary user ID...
>
> This seems to me to be a simple question wrapped up in a lot of
> unnecessarily specific details: "How is it possible for a
Am Montag, 5. März 2012, 18:12:24 schrieb auto15963...@hushmail.com:
> I am 99.9% sure no one has gotten access to my machine or my keys.
IMHO that requires at least that
1) you have generated the key in a secure environment, i.e.
a) booted from a safe medium
b (really) validated
On Mar 5, 2012, at 12:12 PM, auto15963...@hushmail.com wrote:
> I am 99.9% sure no one has gotten access to my machine or my keys.
> If they had, I have to believe that there would have been more
> damage done than this, and that does not appear to have happened. I
> mention the details, which
On 03/05/2012 12:12 PM, auto15963...@hushmail.com wrote:
> I am 99.9% sure no one has gotten access to my machine or my keys.
> If they had, I have to believe that there would have been more
> damage done than this, and that does not appear to have happened. I
> mention the details, which may se
On 3/5/12 12:12 PM, auto15963...@hushmail.com wrote:
> I am 99.9% sure no one has gotten access to my machine or my keys.
Whenever anyone ascribes 99.9% certainty to a belief, my knee-jerk
reaction is to think the only 99.9% certainty is they've got the wrong
confidence interval. :)
There are re
I am 99.9% sure no one has gotten access to my machine or my keys.
If they had, I have to believe that there would have been more
damage done than this, and that does not appear to have happened. I
mention the details, which may seem irrelevant, only because
sometimes the devil is in the detail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 04-03-2012 19:29, Hauke Laging escribió:
...
> The interesting question about that is not about you publishing the
> public key but about how the person could get access to your
> private key. It is not possible to revoke a key without the private
On 3/4/2012 4:13 PM, auto15963...@hushmail.com wrote:
> Hello. Supposing I create a key with an arbitrary user ID...
This seems to me to be a simple question wrapped up in a lot of
unnecessarily specific details: "How is it possible for a non-authorized
person to revoke a user ID?"
1. Ma
Am Sonntag, 4. März 2012, 22:13:58 schrieb auto15963...@hushmail.com:
> how is it then possible that someone
> else would be able to get the key revoked even while I had not
> published it to a key server at all? I mean, suppose someone wanted
> to "mess around" with me and have my key revoked. H
Hello. Supposing I create a key with an arbitrary user ID, and it
contains an email address that is not real but exists only for sake
of having a key to use for signing and encrypting with a pseudonym,
and supposing I make the public key available by putting a copy of
it on an anonymous website
34 matches
Mail list logo