On 03/11/13 20:13, Daniel Kahn Gillmor wrote:
As a Debian user, I rely on GnuPG to ensure that the software I install hasn't
been tampered with.
Excellent thanks Daniel!
Sam.
--
Sam Tuke
Campaign Manager
Gnu Privacy Guard
0044 78680 77871
signature.asc
Description: OpenPGP digital
Hi!
Taylor asked me to forward this background info:
On Sat, 5 Oct 2013 10:56, w...@gnupg.org said:
not yet been seen in the wild. Details of the attack will eventually
be published by its inventor.
The zlib compression language that OpenPGP uses is powerful enough to
express an OpenPGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 2 November 2013 at 6:48:39 PM, in
mid:87fvreprlk@mat.ucm.es, Uwe Brauer wrote:
Your point being?
I presume it goes like this: NSA is a government
based organisation doing, among other things,
violations of civil rights.
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hi list,
for a couple of years now I use an OpenPGP SmartCard for my daily mail.
Every message I sign gets signed by the card, every encrypted message I
receive gets decrypted by it. My v1 card failed one day without warning,
my v2 card works
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 3 November 2013 at 10:02:14 PM, in
mid:87habtnnyx@mat.ucm.es, Uwe Brauer wrote:
Ingo == Ingo Klöcker kloec...@kde.org writes:
So, your point/hope probably was that a government
based CA wouldn't have such a business
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 2 November 2013 at 4:22:29 PM, in
mid:20131102162229.gc7...@fritha.org, Heinz Diehl wrote:
GPG - keeps the XXX from your door! :-)
[Replace XXX with any three letter agency of your
choice]
Is that actually true, rather than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 3 November 2013 at 2:08:15 AM, in
mid:5275b00f.7030...@gmail.com, Paul R. Ramer wrote:
When you verify a key to sign you are verifying the following:
1) For each UID, that the name is correct and that the
purported owner has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 30/10/13 9:58 PM, Sam Tuke wrote:
Hi all,
I'm working with Werner to promote GnuPG and raise awareness. To
that end we're collecting quotes from users - endorsements from
people who know and trust GPG, people like you.
Feel free to use any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 4 November 2013 at 2:02:30 PM, in
mid:563460450.20131104140230@my_localhost, MFPA wrote:
Where actual identity is not required, just continuity
of communication, I see no value in obtaining any
certification at all.
Or, indeed,
On 11/04/2013 11:02 AM, MFPA wrote:
And as an aside, does it really make a difference to only sign some
UIDs and not others? Does GnuPG actually take account of which UIDs
are signed in its validity or trust calculations?
Yes, it does make a difference.
Let's say I make key X and attach to
On 30/10/13 9:58 PM, Sam Tuke wrote:
Hi all,
I'm working with Werner to promote GnuPG and raise awareness. To
that end we're collecting quotes from users - endorsements from
people who know and trust GPG, people like you.
If you want to help us, send your own statement about why GPG is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 4 November 2013 at 4:52:02 PM, in
mid:5277d0b2.9040...@fifthhorseman.net, Daniel Kahn Gillmor wrote:
Yes, it does make a difference.
[snipped]
If you had certified both User IDs on my
key, gpg would be happy to encrypt the
On 04.11.2013, MFPA wrote:
GPG - keeps the XXX from your door! :-)
[Replace XXX with any three letter agency of your
choice]
Is that actually true, rather than bringing you to their attention?
It depends.
My key is publically available, with my current email address in it.
Thus,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 4 November 2013 at 8:07:01 PM, in
mid:201311042007.ra4k71qh085...@fire.js.berklix.net, Julian H.
Stacey wrote:
Talking about an alien loathed three letter agency ...
See 4 top secret papers from it published by UK's
Guardian
information which could be of importance for a three letter agency. In
Talking about an alien loathed three letter agency ...
See 4 top secret papers from it published by UK's Guardian newspaper today :-)
at the bottom of this link
MFPA expires2...@ymail.com wrote:
Why do we need to establish they can also sign? Isn't it enough to
demonstrate they control the email address and can decrypt, by signing
one UID at a time and sending that signed copy of the key in an
encrypted email to the address in that UID?
You are right.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/04/2013 04:29 PM, MFPA wrote:
That's phenomenal: isn't everybody in the world separated by an
average of just six hops?
I tried to check that out, and I have never needed more than about
three hops.
Three hops to former president Richard
On Mon, Nov 04, 2013 at 01:44:51PM -0800, Paul R. Ramer wrote:
MFPA expires2...@ymail.com wrote:
Why do we need to establish they can also sign? Isn't it enough to
demonstrate they control the email address and can decrypt, by signing
one UID at a time and sending that signed copy of the key
On Monday 04 Nov 2013 21:07:01 Julian H. Stacey wrote:
http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa
-files-surveillance-revelations-decoded
And in other news...
http://slashdot.org/topic/datacenter/google-chief-eric-schmidt-slams-nsa-for-tapping-datacenters/
Google
That's phenomenal: isn't everybody in the world separated by an
average of just six hops?
That's more urban myth than reality. Reality is hard to model. An
isolated village in a remote area of Africa might have a very hard
time connecting to London in six hops, but the instant one
I tried to check that out, and I have never needed more than about
three hops.
Sure, but then again you're trying to hit people with *extremely*
large networks, and whose first-order networks are themselves
*extremely* well-connected. Even the exotic ones like Ronald Coase --
he
On Monday 04 Nov 2013 21:07:01 Julian H. Stacey wrote:
http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa
-files-surveillance-revelations-decoded
And in other news...
http://slashdot.org/topic/datacenter/google-chief-eric-schmidt-slams-nsa-for-tapping-datacenters/
Google
On 11/04/2013 05:40 PM, Robert J. Hansen wrote:
I tried to check that out, and I have never needed more than about
three hops.
Sure, but then again you're trying to hit people with *extremely* large
networks, and whose first-order networks are themselves *extremely*
well-connected. Even
23 matches
Mail list logo
