-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 6:23 PM, MFPA wrote:
Suggestions like this tend to get lambasted because they do not
enhance security, and privacy appears to be seen as unimportant.
Not in the slightest. The idea is certainly worthwhile. It's just
that there's no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/12 5:52 PM, MFPA wrote:
If they want to mess with you, they don't need your permission.
As is, you've explicitly asked them, would you please sign
certificate 0xDEADBEEF, fingerprint so-and-so, here's my
credentials.
True.
Then
On 1/24/2012 11:10 PM, John Clizbe wrote:
However, testing I did a few years ago found the amount of SPAM attributable
to
a key on a keyserver was not significantly different from that received as
just
random SPAM noise from an unused ISP account.
My own experience may be worth mentioning.
On 1/26/12 11:22 AM, Peter Lebbing wrote:
If I'm not going to give it verbally, why not just give the key
fingerprint?
Yes.
I've not hidden my opinion that I think this is an exercise in quixotry,
but still, never let it be said I wasn't willing to make some
contribution to an idea. Let's not
On 1/26/2012 6:41 PM, MFPA wrote:
The use of the word harvesting in this context suggests to me a
concern about spamming rather than about privacy.
The use is correct. Spamming is what someone does once they have your
private information: harvesting is the act of collecting.
And I would
On 1/27/2012 8:52 PM, John Clizbe wrote:
Having keyservers support no-modify requires that they first support crypto.
That's a really big step.
(John undoubtedly knows this, but I suspect a lot of people didn't catch
the implications -- so let me elaborate.)
SKS is a surprisingly lightweight
On 1/28/2012 2:24 AM, John Clizbe wrote:
I don't see a way that a rolling-upgrade to a no-modify supporting version
could
be accomplished without breaking things in the process. The only way I can
envision doing this to to form a completely new network and let servers
migrate
into it as
On 1/28/2012 12:48 AM, Jerome Baum wrote:
It isn't just that no one's written the code: it's there's no
community consensus to deploy such code, even if it were written.
It would be a pretty major flag day. After all, if one keyserver
enforces it and others don't, then that's going to create
On 1/28/2012 7:25 AM, MFPA wrote:
I also want people who already have an email address for me (or
potentially a name, if not too common) to be able to use that as a
search string to find my key from a server.
And, as we've said several times, we run into the key enumeration problem.
To
On 1/30/12 12:07 PM, Werner Koch wrote:
Outlook has PGP/MIME support via a plugin.
Out of the box, Outlook doesn't support PGP/MIME and won't even render
the plain text portions -- or, at least, such was the case the last time
I checked Outlook, which was some time ago: I try to avoid dealing
On 1/30/12 6:09 PM, John Clizbe wrote:
I always get a chuckle every time I read someone writing that inline signing
is
somehow deprecated. Strangely enough, the only place I can find the
origination of such an idea is in the PGP/MIME RFC 3156 itself which strikes
me
as somewhat
On 01/31/2012 11:23 AM, Steve wrote:
Sometimes if the right parties decide to no longer support an old
standard the software that does not support the new (better)
standard will die or get improved...
This works if and only if the right parties are a large enough market
to push
One, albeit rather unimportant, use is to help people with whom you
would like to regularly communicate access and check your key a bit
more easily, especially for people with multiple keys.
Putting a kludge in email headers or a OpenPGP Key ID: 0xD6B98E10 in
the sigblock seems to be a more
Warning: do not take *any* of the numbers here seriously. They may be
completely divorced from reality. These numbers are like Monopoly money
-- completely fake, but still useful to illuminate important lessons
about the real thing.
This email is also quite long, and I apologize for that. I
On 1/31/2012 6:18 PM, Daniel Farina wrote:
Okay, the harshness of language here has baited me to reply:
First, thank you for keeping your response civil. I appreciate it a lot.
There's a simple reason people do this, and it's because it is a
common choice for large lists, including the Linux
On 2/1/12 9:43 AM, Chris Poole wrote:
Are you able to recommend any particular resources or books that
cover ECC in a more complete and up to date fashion?
Many. The real question is what level of depth you want.
Googling for nsa suite b qould be a pretty good starting place,
probably. The
On 2/1/12 10:47 AM, Hauke Laging wrote:
Of course not. I just don't believe that there are many examples of
this type out there. To me a serious user is one who actively signs,
encrypts, and/or verifies data and knows what he is doing. He has
created a key and verified at least one. Everything
On 2/1/12 11:40 AM, gn...@lists.grepular.com wrote:
Has there been a concerted effort to make Enigmail an integral part
of Thunderbird, distributed with it?
I don't know what you mean by a concerted effort. Maybe five Enigmail
users count under your definition, maybe fifty: maybe two people
On 2/1/12 2:23 PM, Jerry wrote:
Does your bank actually verify those signed documents?
I can't vouch for financial institutions. I can tell you that when I
was working in electronic voting, whenever I asked questions about do
you verify signatures? I was always assured that yes, yes they did.
On 2/1/12 3:34 PM, Christopher J. Walters wrote:
On the issue of signing: I do sign my messages, and have uploaded my
public keys to key servers, so they are available to check that no
one has changed my message.
Except that it doesn't. What's to prevent me from creating a
certificate with
On 2/1/12 4:29 PM, Christopher J. Walters wrote:
However, I disagree with your statement that there is no way to
check: one can check the headers of each message to see from where
they originated.
Easily forged, and machines are too easy to compromise. This idea that
an IP address is clear
On 2/1/12 4:14 PM, Hauke Laging wrote:
I just don't understand why someone who has understood the
concept and is capable of validating keys of others, encrypting, decrypting
and signing should not use that technology for his email.
I have referred to this paper probably five times or more on
On 2/1/12 5:02 PM, Christopher J. Walters wrote:
I have read the abstract, and admit that I only skimmed the rest of
that paper. I find that it is only really talking about the use of
public key encryption of messages, and the human factors that lead
to the decision of whether or not to
On 2/1/12 5:53 PM, Hauke Laging wrote:
I apologize if anyone had the impression that I used your quote
wrongly (but why should I?). The point is that you said nothing about
Windows which due to its market share cannot be ignored. And that has
no relation to the context of your quote.
Yes,
On 2/1/12 6:08 PM, Hauke Laging wrote:
My question was NOT Why do so few people use email cryptography?
But that is the question this paper wants to answer.
Your statement was, I just don't understand why someone who has
understood the concept[s] and is capable of [using the software] should
On 2/1/2012 7:30 PM, Hauke Laging wrote:
Your statement was, I just don't understand why someone who has
understood the concept[s] and is capable of [using the software] should
not use that technology for his email. That's a statement, not a
question:
You are so right. You like quotation
On 2/2/12 2:03 PM, Avi wrote:
OK, I'm sorry, but when someone drops Wittgenstein—on topic—on a
list about cryptography, there needs to be some recognition of
that.
Oh, Wittgenstein's wonderful. I have a quote from him on a Post-It on
my monitor:
What makes a subject difficult to
On 2/20/12 2:24 PM, Steve wrote:
Mozilla is founded by Google.
Mozilla receives funds from Google and others. The and others bit is
important.
Without Google they would be gone.
Without Google Mozilla would have to find other partners. I'm willing
to bet cash money on the barrelhead they
On 2/20/12 7:55 PM, Steve wrote:
Hm, that was also bothering me with the other mails you wrote on
this topic earlier. It's already very late here, so bare with me I'm
taking this from remembrance. You said due to the fact that the world
is very big and web of trust not used much, it can't
The United States 11th Circuit Court of Appeals, which is one small step
away from the United States Supreme Court, has issued a decision in
connection to a grand jury's subpoena requiring the appellant to produce
unencrypted copies of six hard drives.
The appellant attempted to invoke his rights
On 2/25/2012 3:25 AM, Heinz Diehl wrote:
As far as I can see, this article totally lacks any evidence of proof
for its statements...
Matt Blaze is a fairly credible blogger, and a reputable cryptographer
who's done some very good work. He also references the United States
Judiciary's 2010
On 3/4/2012 4:13 PM, auto15963...@hushmail.com wrote:
Hello. Supposing I create a key with an arbitrary user ID...
This seems to me to be a simple question wrapped up in a lot of
unnecessarily specific details: How is it possible for a non-authorized
person to revoke a user ID?
1.
On 3/5/2012 2:21 AM, Jon Molesa wrote:
Does master signing key length have any effect on the length of
sub-keys?
Yes, no and maybe.
Yes: if a 1024-bit master signing key can be compromised, there's
nothing to prevent the attacker from revoking your 4k subkeys and adding
new 4k subkeys the
On 3/5/12 12:12 PM, auto15963...@hushmail.com wrote:
I am 99.9% sure no one has gotten access to my machine or my keys.
Whenever anyone ascribes 99.9% certainty to a belief, my knee-jerk
reaction is to think the only 99.9% certainty is they've got the wrong
confidence interval. :)
There are
On 3/6/12 8:03 PM, Alastair Langwell wrote:
I wonder if any of you can help with this problem on Enigmail?
Contrary to your statement on the forum post, it is almost definitely
*not* an Enigmail issue. This is a straightforward permissions issue.
Somehow you managed to chown everything in
On 3/7/12 9:41 PM, John Clizbe wrote:
This is due to two reasons:
Let's not forget:
3) This would introduce legal headaches. So long as SKS has no
crypto code, it doesn't need to conform to crypto export laws.
___
Gnupg-users mailing list
On 3/13/2012 7:09 AM, Eric Christensen wrote:
Because this is symmetric encryption. You would need to sign the data
to get integrity protection.
This isn't quite right. He's getting warned about the lack of an MDC,
which is related to the symmetric algorithm choice.
On 3/13/2012 8:36 AM, Hauke Laging wrote:
Would you explain that? Do symmetric algorithms never have an MDC or does
just
CAST5 not (why is it the default then)?
Back when PGP5 was first released, PRZ needed a symmetric cipher to
replace the patent-encumbered IDEA. He could've used 3DES but
So its not really safe, is it?
I have answered this question so many times that I'm just going to refer
you to what I wrote on it several years ago:
http://sixdemonbag.org/cryptofaq.xhtml#entropy
(You will need to use Firefox or Chrome; IE doesn't support XHTML. The
math looks best in
RSA is not an encryption algorithm. RSA is a means of exchanging
keys.
You may be thinking of the Diffie-Hellman Key Exchange Algorithm
(DHKEA). You're not thinking of RSA, though: RSA unquestionably is an
encryption algorithm.
___
Gnupg-users
On 3/14/2012 12:44 AM, brian m. carlson wrote:
From looking at the source, I don't believe so. Note that the only case
in which you have more than one option is Windows/DOS.
GnuPG compiles just fine under the Intel C/C++ compilers, under the GNU
Compiler Collection, under Sun Studio, under
On 3/28/12 2:09 PM, Roberts, David M [ITSYS] wrote:
Any help or insight is appreciated.
Switch to GnuPG 1.4.12. This is not a downgrade; both GnuPG 1.4 and
GnuPG 2 are fully-supported, stable code. Your script will (likely!)
work just fine with GnuPG 1.4.12.
On 3/29/2012 9:45 AM, Roberts, David M [ITSYS] wrote:
Thanks.
Sure thing. Just remember that it was a Hawkeye who had to come to
y'all's rescue. ;)
(For the non-Iowans: I'm a graduate of the University of Iowa, whereas
Mr. Roberts is an employee of Iowa State University. Describing the two
On 4/5/12 6:34 PM, عمرو محمود wrote:
Hi ,every one I am a new user to using gnupg software and I tried to
build it but it failed several times , can you please help me about the
steps that I need to take in order to build this version on a windows
xp SP3 as it failed building please help
On 04/07/2012 11:28 PM, عمرو محمود wrote:
Execuse me where can I find the binaries of this new version on a
windows platform
http://files.gpg4win.org/gpg4win-2.1.0.exe
Enjoy.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
On 4/10/12 10:09 AM, John Gill wrote:
You wrongly assume that signatures are valid. --list-packets does not
tell you this.
Could you help me understand what you are referring to?
I am, of course, not Werner, but let's see if I can't take a stab at it.
All --list-packets does is take the
I inadvertently sent an email to these lists a bit ago from my work
email account rather than my home one. My apologies to all who were
confused by the new email address. I was writing in a personal
capacity, not a professional one.
Since some of these lists reject and/or hold-for-moderation
A few weeks ago I posted a link to a report from Kyrus which called into
question the effectiveness of virtually all antivirus products. SANS
has done their own analysis, starting from a completely different
methodology, and has reached much the same results.
The takeaway for GnuPG users is
On 04/12/2012 02:38 PM, Malte Gell wrote:
Any new key servers recommended to use?
No.
pool.sks-keyservers.net isn't really very much of a keyserver. It
doesn't service your requests itself. Instead, it picks a random
known-good keyserver from the global keyserver network and proxies your
On 04/12/2012 06:21 PM, michael crane wrote:
what is the mechanism to ensure it came from who I think it did ?
Turn it around.
The public and the private key are inverses. Each can decrypt what the
other one encrypts. When someone encrypts a message with your public
key, only your private key
On 4/16/2012 12:12 AM, Michael Talbot-Wilson wrote:
Found nothing in the FAQ on this.
First, it's an entirely expected thing. It's not a problem, it's just a
thing.
Until you have personally vouched for the fact a certificate belongs to
a certain person, GnuPG will warn you about trusting
On 4/16/12 11:10 AM, Werner Koch wrote:
However, I strongly discourage the use of IDEA because it is an old
64 bit blocksize cipher with no advantages compared to modern
algorithms. The only plausible reason to use IDEA is to allow
decryption of old PGP encrypted data.
There are substantial
On 04/16/2012 06:02 PM, elgri...@gmx.net wrote:
I am looking for an application the surveys a folder, and once I drop
a file there it is being encrypted with my GPG key. The background
is, that I want to use folder to be synced with a remote location
(dropbox). And I just want to be shure the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/19/2012 09:21 AM, Mika Suomalainen wrote:
PS. Your question would be more belieable if your email client
wasn't telling that you use Windows.
list moderator hat on
We'll have none of this, please. Many people use more than one
operating
On 05/03/2012 01:14 PM, Ali Lown wrote:
Does anyone know why the limit is set at 4096 bits
The consensus of the cryptographic community is that beyond 3K keys you
really need to be switching to elliptical-curve cryptography. A 3K RSA
or Elgamal key is roughly as difficult to break by
On 05/04/2012 06:07 AM, Hubert Kario wrote:
It still doesn't change the overall picture:
1. migrating to ECC is hard and complicated
2. using 8k RSA is easy
Nor does it change
3. using 8K RSA gives a modest increase to an already formidable
margin of security
Breaking a 128-bit keyspace
On 05/04/2012 10:17 AM, Milo wrote:
Well, many expect rise of the quantum computing during lives of most
of us. This can trash most (if not all) asymmetric algorithms
(Shor's algorithm)
No. It can trash *some* asymmetric algorithms. There are a good number
of asymmetric algorithms whose
On 05/04/2012 04:35 PM, Milo wrote:
Yes - niche, proof-of-concept, poorly analyzed ciphers. Let's talk
about those widely used and considered mainstream. Those are our
biggest concern.
McEliece is almost as old as RSA. Generations of graduate students have
tackled it in cryptanalysis courses.
On 5/5/12 4:37 AM, Milo wrote:
This is futile. I'm reminding you that you are giving one example of
rarely used algo (so _niche_ and _out_of_mainsteam_) to back your
statement that there is good amount of them.
Rarely used is not the same as proof of concept. Your statement did
not mention
On 5/5/12 8:57 AM, Milo wrote:
Derivatives of Shor's algorithm are widely conjectured to be effective
against all mainstream public-key algorithms including RSA,
Diffie-Hellman and elliptic curve cryptography. I'm not considering all
of them. I used more general expression.
In that case,
On 5/5/12 10:17 AM, Milo wrote:
(...) This improves the strength of the algorithm when using keying
option 2, and _provides_ _backward_compatibility_ with DES with keying
option 3.
One-key 3DES *is* DES. It's a DES encryption, decryption with that same
key, then re-encryption with that same
On 05/05/2012 10:42 AM, Milo wrote:
Obviously it's not. It's for example inappropriate to call single run
of DES 3DES...
At this point I genuinely can't tell if I'm being trolled. I'm going to
assume that I am not, and this will be my last statement on this entire
thread.
Two functions may
On 05/07/2012 04:13 AM, Werner Koch wrote:
It is marketing again. PGP started to use AES-256 for marketing reasons
and thus we more or less forced to do include support for AES-256.
Minor correction: PGP first started using Twofish-256 for marketing
reasons. The AES competition was in full
On 05/07/2012 04:52 PM, Secure-Mail User wrote:
How can I encrypt data with multiple symmetric keys?(If gpg2 does not
work, I would be happy to hear alternatives)
This is not possible.
Symmetric encryption uses one key and only one key.
___
On 5/22/12 8:12 AM, Jerry wrote:
Seriously, have you forgotten to take your meds today?
Let's not be mean.
I will be the absolute first person demanding the right to criticize
ideas as harshly as I want. I'll happily call an idea stupid,
ill-informed, wrong, or anything else. I do this with a
On 5/22/12 4:58 AM, tim.kac...@gmail.com wrote:
I am involved in a local Occupy (bet you thought occupy was kaput eh?
well as it were known it is but that's another story) and frankly we
aren't just up against one intelligence agency, but all intel
agencies put together.
You might want to
On 5/22/12 11:50 AM, Werner Koch wrote:
There are a lot of ways to compromise a system, hidden backdoors in
other systems have already been revealed in the past.
It's worth bringing out Vint Cerf's estimate that between a sixth and a
quarter of all desktop PCs have been completely compromised
On 5/22/12 12:28 PM, Robert J. Hansen wrote:
under the control of botnet operators [1].
Whoops.
[1] http://news.bbc.co.uk/2/hi/business/6298641.stm
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I apologize in advance if any of this sounds snarky. It's not intended
as such. Everything I've written here is sincere.
I am involved in a local Occupy (bet you thought occupy was kaput eh? well
as it were known it is but that's another story) and frankly we aren't
just up against one
On 5/22/12 2:26 PM, Hauke Laging wrote:
Given the frequency of this discussion and the amount of effort takes by the
participants: Wouldn't it make sense to make this a FAQ entry?
I think so, yes. The question is who's going to write it? I suspect
Werner doesn't have the time. If he wants,
On 5/22/12 3:10 PM, Avi wrote:
Didn't you already write a pretty good one one, Robert?
http://sixdemonbag.org/cryptofaq.xhtml
It's hubris for an author to refer to his own work. :) Also, that FAQ
is in desperate need of a rewrite. Nothing in it is wrong, per se, but
it needs a rewrite.
On 5/22/12 2:06 PM, Robin Kipp wrote:
Now, I'd really like to test out EMail encryption so that I can verify
this works properly, but for that, of course, I need one other party
also using GPG.
(Responded to on-list so that people can know your request has been
answered, otherwise you'll get
On 5/22/12 9:41 PM, Faramir wrote:
[F]actoring your public key to obtain a working copy of your secret
key is certainly something that may be done before the end of time,
and won't require dyson spheres to power the machine.
I'm not so optimistic. Factoring is a hard problem. We may never
On 5/23/12 2:50 AM, Steve wrote:
I absolutely agree. At GPGTools we thought about an automatic testing
system. Checking if the mail was encrypted and / or signed and then
sending out the according reply.
You may want to move this discussion over to the Enigmail list. We have
a system set up
On 5/23/12 11:29 AM, Werner Koch wrote:
Is that a different one than the Adele from Gnu_PP_, which is a closed
source web service?
I don't know. We have the source and permission to use it -- my
impression is that it's Free Software, but it's been years since I've
taken a look at our Adele
I have a draft version of nine frequently asked questions ready for
community review:
http://keyservers.org/gnupgfaq.xhtml
Note that this draft is in nicely-typeset XHTML5. This is to make it
easier to proofread. The final version that I'm going to submit to
Werner will be in plain
On 5/23/12 11:38 AM, Mika Suomalainen wrote:
Why to move it to Enigmail list?
According to American legend, a journalist once asked the infamous bank
robber John Dillinger why he robbed banks for a living. Because that's
where the money is, he said.
Why should a discussion about Adele move
On 5/23/12 3:07 PM, da...@gbenet.com wrote:
Now I have 3 Linux Laptops. I started testing Linux distros with gpg2
- enigmail with Thunderbird - all 100 per cent Openpgp failed to
initialise with pgp2 and in fact Openpgp always signed to my private
key not my public key when using percipient
On 5/23/12 4:12 PM, David Shaw wrote:
#1 explains why we default to 2048-bit keys, but not why RSA.
Fixed, thank you.
The answer you have for #4 is not exactly wrong, but it is not
complete. GnuPG doesn't support 4096-bit keys just because PGP (the
product) does. It also supports a range
On 5/23/12 6:50 PM, reynt0 wrote:
Also, just to mention, best to avoid smart apostrophes/quotes
in the final version, naturally, right?
Not a whelk’s chance in a supernova. Those aren’t smart quotes, they’re
perfectly valid UTF-8 typographic marks.
Straight quotes and 'straight apostrophes'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/24/12 3:09 AM, Mika Suomalainen wrote:
At least Enigmail fails to recognize PGP/MIME signatures on some
mailman mailing lists.
Every time this has been reported to us, it has turned out to be a bug
in Mailman and not Enigmail. If you can
On 5/24/12 7:56 PM, reynt0 wrote:
I was just guessing what they might be. They showed as
garbage character groups in some browser rendering.
They may render as 'no such glyph', depending on which font you use.
I'd suggest using a better font. :)
Also, if your browser is set to render
Looking over the PGP product offerings after their acquisition by
Symantec, it seems they have dropped support for 2048- and 3072-bit DSA.
This decision makes no sense to me, and is sufficiently weird that I
wonder if the marketing copy is horribly in error. However, the
marketing copy is clear
On 5/25/12 6:41 AM, Nicholas Cole wrote:
***In terms of current scientific understandings, the symmetric
ciphers used in GnuPG are utterly***
The symmetric ciphers used in GnuPG are utterly immune to
brute forcing. The Second Law of Thermodynamics places strict
I'm comfortable with things as
On 5/25/12 8:35 AM, Robert J. Hansen wrote:
Dan Boneh showed breaking RSA without factoring anything was
probably possible, but it was a nonconstructive demonstration -- we have
no idea where to begin.
Just realized the phrase nonconstructive may need to be explained.
The best way to do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/25/12 1:47 PM, da...@gbenet.com wrote:
For example opensuse - all versions tested:
(1) When you open the address book in TB select an address right
mouse click you get an option to create a per-recipient rule for
that person.
On 05/25/2012 06:43 PM, da...@gbenet.com wrote:
I gave you an example which was Seahorse - clearly you failed to
read.
You did not specify which distro was refusing to give the source for
Seahorse. I've found it in the repositories for Ubuntu, Debian and Fedora.
I have set out quite clearly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/27/12 6:21 PM, MFPA wrote:
Planted informers numbering 1 in 6 of the protesters would still
be a statistically negligible percentage of the population at
large.
That's actually not the problem. The problem is that if 1 in 6 people
is a
On 5/29/12 9:15 AM, anots...@fastmail.fm wrote:
I want to post a public key in a blog and sign the blog entry. The
problem is, that - gets converted to - -. The reader can't copy
and paste the public key, he has to remove the - first.
The best solution here is to use the keyserver
On 5/29/12 9:45 AM, Steven Lefevre wrote:
gpg: encrypted with 2048-bit ELG-E key, ID F1940956, created 2002-04-25
Different Public Key another_key@another_company.com
gpg: decryption failed: secret key not available
Oh, cute. A short ID collision. :) Quaero Corporation's, apparently.
On 5/29/12 11:17 AM, Hauke Laging wrote:
What can you see that from?
Can't, but it seems to be the most likely option.
The most likely cause of this seems to be --
1. His correspondent said use certificate 0xF1940956.
2. He did a gpg --recv-key 0xF1940956.
3. Quaero
On 5/29/12 11:51 AM, Daniel Kahn Gillmor wrote:
Perhaps GnuPG should change the default of --keyid-format from short
to long?
Hurts interoperability. Once someone learns the process on PGP or
BouncyCastle or [insert OpenPGP implementation here], they're going to
want to take those same skills
On 5/29/12 11:16 AM, Tanguy Herrmann wrote:
This is a flaw in the OpenPGP protocol (If I remember right).
The protocol is fine, but it seems that the people involved did not
properly validate certificates. (Note that I'm not certain about this,
hence my seems. Maybe I should qualify it as
On 5/29/12 1:18 PM, Werner Koch wrote:
Frontends should handle this problem.
The problem is that most people developing front ends are making them
pretty darn user-hostile.
A few years ago while taking some HCI courses, I did a usability study
on the most common certificate interface -- the
On 5/29/12 1:54 PM, Steven Lefevre wrote:
This is, not surprisingly, the case. There was bad logic in my script
and somehow, somewhere, it's using the wrong key for this particular
host.
The good news is it's an easy problem to fix. :)
Get in touch with your contact over there (preferably
On 5/29/12 3:23 PM, Werner Koch wrote:
However, changing such a common UI might result in a
lot of negative comments - people love what they once learned.
Absolutely. The good news, though, is that (at least in the Free
Software world) the 'market' is fragmented. No one particular key
manager
On 5/29/12 9:57 PM, reynt0 wrote:
In general, being able to examine variation of content within
uniformity of structure is also a way to legitimate the
specific content of interest.
As I said, it's useful when data must be contextualized. For a
spreadsheet, the information in one row must be
On 05/30/2012 02:37 AM, Guillaume Lanquepin-Chesnais wrote:
It seems that the version of gnome shipped with F17 includes a
gnome-keyring that supports smartcard (cf
http://nlnet.nl/project/seahorse-sc/). You should look into seahorse/key
manager if your smartcard is listed in it
If GnuPG
On 05/30/2012 04:32 AM, Robert J. Hansen wrote:
If GnuPG can't access it from the command line, Seahorse isn't going to
have any better luck.
With gnome-keyring-daemon running:
And, after restarting gnome-keyring-daemon:
[rjh@isaiah Downloads]$ gpg2 --card-status
gpg: selecting openpgp
Thanks very much for being willing to help with this. I appreciate it.
After making the debugging changes to scdaemon.conf and gpg-agent.conf,
I ps ax|grepped for gpg-agent and killed all running instances. I then
logged out of my GNOME 3 session, in order to bring the state to as
close to
501 - 600 of 2573 matches
Mail list logo