Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached

2016-06-03 Thread Kristian Fiskerstrand
On 06/04/2016 01:26 AM, Gunnar Wolf wrote: > Do you have an example of keys coming from evil32? 0xA6B2BBAD94C09C7F -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP certificate at

Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached

2016-06-03 Thread Gunnar Wolf
Kristian Fiskerstrand dijo [Sat, Jun 04, 2016 at 01:16:16AM +0200]: > > For the full version, please read my post: > > > > http://gwolf.org/node/4070 > > This doesn't seem to reference the [evil32] keyring that seems to have > been [included in the public network], btw. Nothing new there and

Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached

2016-06-03 Thread Kristian Fiskerstrand
On 06/04/2016 12:43 AM, Gunnar Wolf wrote: > Hi all, > > For the full version, please read my post: > > http://gwolf.org/node/4070 This doesn't seem to reference the [evil32] keyring that seems to have been [included in the public network], btw. Nothing new there and irrelevant from a

Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached

2016-06-03 Thread Christoph Egger
Hi! Gunnar Wolf writes: > There are several tools relying on this (now very) weak 32-bit scheme; > the first such tool we found was precisely the «PGP pathfinder & key > statistics» service, which fails badly: Even specifying the full > fingerprints, I do get three (absolutely

Re: [Sks-devel] 32-bit (short ID) collisions: New milestone(?) reached

2016-06-03 Thread Kristian Fiskerstrand
On 06/04/2016 12:43 AM, Gunnar Wolf wrote: > Hi all, .. > > And the main reason I am writing this mail: SKS listings all show this > 32-bit ID only. It does differentiate when keys collide on their short > keyids, but it promotes users using a weak representation; IMO we > should change SKS to

Re: [Sks-devel] Pools & HSTS header

2016-06-03 Thread Daniel Kahn Gillmor
On Fri 2016-06-03 10:49:57 -0400, Christoph Egger wrote: > William Hay writes: >> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote: >>> Hi, >>> >>> I enforce HTTPS on all my domains by sending the HSTS header to my >>> visitors. HSTS forces the browser to use

Re: [Sks-devel] Pools & HSTS header

2016-06-03 Thread William Hay
On Fri, Jun 03, 2016 at 04:49:57PM +0200, Christoph Egger wrote: > Well. > > http://pool.sks-keyservers.net(:11371)? --redirect--> > https://keyserver.siccegge.de > > And if keyserver.siccegge.de present a valid certificate + HSTS would be > a problem no? (and potentially undetected if the

Re: [Sks-devel] Pools & HSTS header

2016-06-03 Thread Christoph Egger
William Hay writes: > On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote: >> Hi, >> >> I enforce HTTPS on all my domains by sending the HSTS header to my >> visitors. HSTS forces the browser to use in future only secure >> connections to this domain. More info