On 10/11/2018 13:40, MFPA wrote:
Many people would not be prepared to do this because Google now
demands a phone number in their sign-up process. Nobody needs a phone
number in order to provide an email account, it is just an additional
piece of personal information for Google to abuse.
We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 5 November 2018 at 8:37:01 PM, in
, Viktor wrote:-
> You can register a Google account with any email
> address. Simply,
> instead of creating an account on our service
> (another password that
> needs to be saved), you create an
Hi Viktor.
Am 05-11-2018 15:21, schrieb Viktor:
Dear All,
we create a service for OpenPGP key verification:
https://cryptonomica.net
It's open sourced https://github.com/Cryptonomica/cryptonomica and it
has legal part ( see:
On 06/11/2018 20:33, Dirk Gottschalk wrote:
In the EU the use of "qualified" signature is mandatory if it comes to
legal issues. Between private companies it is okay to just use OpenPGP,
but, if it comes to legal issues, one party could deny the validity of
the signature because it is not
On 06/11/2018 0:42, ved...@nym.hush.com wrote:
But suppose I want to use my existing key that I made over 10 years ago,
and it is known and trusted by the people I deal with, but it happens to have
more than 1 e-mail ID
(not rare to switch an e-mail account in 10 years)
Does this mean that
Hi.
Am Montag, den 05.11.2018, 21:47 +0200 schrieb Viktor:
>
> And we actually not sign keys. From two reasons:
> a. If you automatically trust the signing key, compromising the
> signing key breaks the entire system. b. In many countries,
> generating or signing cryptographic keys requires a
On 11/5/2018 at 3:39 PM, "Viktor" wrote:
>You can register a Google account with any email address. Simply,
>instead of creating an account on our service (another password
>that
>needs to be saved), you create an account on Google, or use an
>existing one.
=
Ok,
But suppose I want to
On 05/11/18 17:56, Viktor wrote:
> If my counterparty had signed some contract or document, he/she should
> not be able to delete his/her public key certificate and data used for
> its verification.
IMVHO You're just (badly) reinventing X509.
> This is exactly the part that is difficult to
On Mon, Nov 05, 2018 at 09:30:48PM +0200, Viktor wrote:
> Because of Google or because of "only one user ID" ?
Both, even though the requirement of using only one user ID would
be more acceptable if the address did not have to be associated
with a Google account.
Damien
signature.asc
On 05.11.2018 21:37, Viktor wrote:
>> Sending an encrypted e-mail additionally verifies that the user controls
>> the key in question.
>
> But you can easily send email with any address in 'from' field.
> It does not mean you really control this email address.
Maybe there is a small
On 05/11/2018 21:50, Wiktor Kwapisiewicz wrote:
Have you considered an alternative approach to email verification? For
example just sending an e-mail (probably encrypted) with a one-time
verification link?
Yes, we considered this option. But we can not be sure that user uses
secure email
On 05.11.2018 20:28, Viktor wrote:
>
> We use the rule, that userID should contain user's fist and last name
> exactly as in passport, and only one email - the same as used for login.
> So we can verify it's really your email.
Have you considered an alternative approach to email verification?
On 05/11/2018 21:12, Juergen Bruckner wrote:
If I want an "independent" ID verification on my GPG key, I can also use
CAcert. There the signing of GPG keys is offered for a long time.
Signing is easy. The difficult part is 1) to create a system in which
you can prove that the key really
On 05/11/2018 19:03, Damien Goutte-Gattat via Gnupg-users wrote:
From what they say on the home page [1] this is expected: your key is
supposed to have only one user ID whose email component must match
the email address of your Google account...
... which, by the way, is a big "no" for me.
On 05/11/2018 18:13, Juergen Bruckner wrote:
I just tried to register with a key who has several user-ID's
(e-mail-adresses) and I always got the error that the user-ID is not the
same as in log-in/registered e-mail.
We use the rule, that userID should contain user's fist and last name
Hello all,
there is a lot of hassle about using Gmail, but this is not really the
topic here.
If I want an "independent" ID verification on my GPG key, I can also use
CAcert. There the signing of GPG keys is offered for a long time.
best regards
Juergen
Am 05.11.18 um 18:03 schrieb Damien
Hi,
On Mon, Nov 05, 2018 at 05:13:41PM +0100, Juergen Bruckner wrote:
> I just tried to register with a key who has several user-ID's
> (e-mail-adresses) and I always got the error that the user-ID is not the
> same as in log-in/registered e-mail.
From what they say on the home page [1] this is
On 05/11/2018 18:01, Wiktor Kwapisiewicz wrote:
user personal data provided for key verification stored for forever
and can not be deleted or removed by user's request.
Yes, that's the point.
If my counterparty had signed some contract or document, he/she should
not be able to delete
Hello All!
I just tried to register with a key who has several user-ID's
(e-mail-adresses) and I always got the error that the user-ID is not the
same as in log-in/registered e-mail.
And yes to see the list of Notaries before registration would be very good.
regards
Juergen
Am 05.11.18 um
On 05.11.2018 15:21, Viktor wrote:
> Dear All,
>
> (...)
>
> I would be very interested to hear feedback, criticism and suggestions
> on our project. And also to establish contacts with people interested in
> cooperation.
Looks interesting.
But the language on the registration dialog [0] seems a
20 matches
Mail list logo
