Re: Thoughts on GnuPG and automation

2015-03-04 Thread Steve Jones
or GCHQ taking in every single email that crossed their borders. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 pgpb9gmjiGWFb.pgp Description: OpenPGP digital signature ___ Gnupg-users

Re: email verification as casual checking?

2014-08-28 Thread Steve Jones
anyway you might as well have some confidence that you're using the right key. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing

Re: email verification as casual checking?

2014-08-27 Thread Steve Jones
securely? If the keyserver has certified the key with a challenge response protocol you've got your answer. Ideally you'd have an email address and a fingerprint, but often you don't. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896

Re: MUA automatically signs keys?

2014-01-31 Thread Steve Jones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 31 Jan 2014 01:15:07 + MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: On Thursday 30 January 2014 at 10:43:39 PM, in mid:20140130224339.5fcb0d27@steves-laptop, Steve Jones wrote: Well therein lies my problem with the PGP

Re: MUA automatically signs keys?

2014-01-31 Thread Steve Jones
On Fri, 31 Jan 2014 15:02:14 +0100 NdK ndk.cla...@gmail.com wrote: Il 31/01/2014 10:24, Steve Jones ha scritto: Well the conventions of use, for example the key signing party protocol, requires photographic id. If I publicly sign a key it has to be in line with how I expect others

Re: MUA automatically signs keys?

2014-01-31 Thread Steve Jones
contact. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo

Re: MUA automatically signs keys?

2014-01-30 Thread Steve Jones
On Thu, 30 Jan 2014 21:09:45 + MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: On Thursday 30 January 2014 at 12:58:44 AM, in mid:20140130005844.1f0f5b54@steves-laptop, Steve Jones wrote: The advantage you have here though is the web of trust. 1 level 1 signature would probably

Re: MUA automatically signs keys?

2014-01-29 Thread Steve Jones
On Wed, 29 Jan 2014 11:14:11 + nb.linux nb.li...@xandea.de wrote: Gregor Zattler: Hi Steve, gnupg users, * Steve Jones st...@secretvolcanobase.org [24. Jan. 2014]: That's an interesting idea. But there is still the possibility of a man in the middle attac... The web of trust

Re: MUA automatically signs keys?

2014-01-29 Thread Steve Jones
is useless if they're secretly working against you. - -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJS6aPEAAoJEEgVHtdrBwIA3cMIAOR684K06OPgZP30NeK7qu3u

Re: Non email addresses in UID

2014-01-29 Thread Steve Jones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 30 Jan 2014 00:22:08 + MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: On Tuesday 28 January 2014 at 11:37:25 PM, in mid:20140128233725.6b12b3d0@steves-laptop, Steve Jones wrote: A more sophisticated approach would

Re: Non email addresses in UID

2014-01-28 Thread Steve Jones
On Tue, 28 Jan 2014 20:13:30 +0100 Leo Gaspard ekl...@gmail.com wrote: On Fri, Jan 24, 2014 at 11:08:16PM +, Steve Jones wrote: [...] Finally there's the possibility of explicit verification, if someone sends me a challenge and I publish that challenge's signature on my blog

Re: his public key is 5 monitors high, and her same key is 1 ?

2014-01-24 Thread Steve Jones
is one half a monitor in 'monitor' height You can use the pgpdump tool to see all the data in a public key file. A given key might contain lots of extra data beside the actual key, like signatures and photos. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272

Re: Non email addresses in UID

2014-01-24 Thread Steve Jones
... are known is more important than some sort of confirmation of a person's name, which is not even a unique identifier. If, for example, you'd signed your commits to monkeysphere I'd be able to verify your claim that you are a contributor to it (not that I doubt, or have any reason to doubt that). -- Steve

Re: Non email addresses in UID

2014-01-24 Thread Steve Jones
client that automatically signs keys at level 1 (persona) of anyone who replies with a signed email that quotes a significant portion of the text I sent, as this effectively counts as a challenge response protocol in my book. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA

Non email addresses in UID

2014-01-23 Thread Steve Jones
it would be useful to be able to verify this. I'm curious what other people on this list think of this. [1] http://tools.ietf.org/html/rfc4880#section-5.11 -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

2014-01-21 Thread Steve Jones
to not use SHA1 digests which it appears to be using, as well as listing SHA1 as my second favourite algorithm. -- Steve Jones st...@secretvolcanobase.org Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896 signature.asc Description: PGP signature

Re: Any way for two correspondents to set up gnupg within a few moments without having to become expert?

2014-01-21 Thread Steve Jones
not heard of any issues with that setup, but your mileage may vary. Thanks, that was quite helpful. I've found I can just delete the self signatures on my UID and replace them with better ones but I can't see a way to change the subkey binding signature. -- Steve Jones st...@secretvolcanobase.org