On 06/04/2016 01:26 AM, Gunnar Wolf wrote:
> Do you have an example of keys coming from evil32?
0xA6B2BBAD94C09C7F
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP certificate at
Kristian Fiskerstrand dijo [Sat, Jun 04, 2016 at 01:16:16AM +0200]:
> > For the full version, please read my post:
> >
> > http://gwolf.org/node/4070
>
> This doesn't seem to reference the [evil32] keyring that seems to have
> been [included in the public network], btw. Nothing new there and
On 06/04/2016 12:43 AM, Gunnar Wolf wrote:
> Hi all,
>
> For the full version, please read my post:
>
> http://gwolf.org/node/4070
This doesn't seem to reference the [evil32] keyring that seems to have
been [included in the public network], btw. Nothing new there and
irrelevant from a
Hi!
Gunnar Wolf writes:
> There are several tools relying on this (now very) weak 32-bit scheme;
> the first such tool we found was precisely the «PGP pathfinder & key
> statistics» service, which fails badly: Even specifying the full
> fingerprints, I do get three (absolutely
On 06/04/2016 12:43 AM, Gunnar Wolf wrote:
> Hi all,
..
>
> And the main reason I am writing this mail: SKS listings all show this
> 32-bit ID only. It does differentiate when keys collide on their short
> keyids, but it promotes users using a weak representation; IMO we
> should change SKS to
On Fri 2016-06-03 10:49:57 -0400, Christoph Egger wrote:
> William Hay writes:
>> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
>>> Hi,
>>>
>>> I enforce HTTPS on all my domains by sending the HSTS header to my
>>> visitors. HSTS forces the browser to use
On Fri, Jun 03, 2016 at 04:49:57PM +0200, Christoph Egger wrote:
> Well.
>
> http://pool.sks-keyservers.net(:11371)? --redirect-->
> https://keyserver.siccegge.de
>
> And if keyserver.siccegge.de present a valid certificate + HSTS would be
> a problem no? (and potentially undetected if the
William Hay writes:
> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
>> Hi,
>>
>> I enforce HTTPS on all my domains by sending the HSTS header to my
>> visitors. HSTS forces the browser to use in future only secure
>> connections to this domain. More info