Em 27-01-2014 01:33, Nicolai escreveu:
All the TLD and other massive outages say otherwise. I can think of
one project that uses DNSSEC to verify files via TXT lookups. Their
last DNSSEC outage? 3 days ago. Ed25519 in signify provides a 128-bit
security level and is decentralized. DNSSEC
On Thu, Jan 23, 2014 at 02:33:56PM -0200, Giancarlo Razzolini wrote:
DNSSEC would make things a little simpler
All the TLD and other massive outages say otherwise.
I can think of one project that uses DNSSEC to verify files via TXT
lookups. Their last DNSSEC outage? 3 days ago.
Ed25519 in
previously on this list Giancarlo Razzolini contributed:
I believe that with the interdiction
programs that NSA has, and maybe also other governments, CD's can not be
entitled with the same trust as before.
Why would you have so much trust in the ether unless you have met
someone with say a
A huge swath of clean-up has just hit the trees.
Most specifically, now that it works, the signing-only code has been
moved into a separate pkg_sign command.
This is partly for documentation purpose: it's much simpler to document
the parameters to that command separately, instead of as additions
Em 23-01-2014 09:33, Kevin Chadwick escreveu:
Why would you have so much trust in the ether unless you have met
someone with say a DNSSEC key or have a web of trust with someone you
have met and that you trust and has met and swapped keys further up
the line. The first key for DNSSEC is almost
On Fri, Jan 17, 2014 at 3:26 PM, Marc Espie es...@nerim.net wrote:
It's probably time to talk about it.
Yes, we are now distributing signed packages. A lot of people have probably
noticed because there was a key mismatch on at least one batch of signed
packages.
Obviously, we haven't
On Wed, Jan 22, 2014 at 01:46:33PM +0400, Loganaden Velvindron wrote:
The signing framework in pkg_add/pkg_create is much older than that, if
was written for x509 a few years ago, but signify(1) will probably be more
robust and ways simpler. In particular, there's no chain-of-trust, so
On 2014/01/22 13:46, Loganaden Velvindron wrote:
On Fri, Jan 17, 2014 at 3:26 PM, Marc Espie es...@nerim.net wrote:
It's probably time to talk about it.
Yes, we are now distributing signed packages. A lot of people have probably
noticed because there was a key mismatch on at least one
On Wed, Jan 22, 2014 at 11:28:50AM +, Stuart Henderson wrote:
The model is: only the specific keys placed in /etc/signify are trusted.
The plan is to include the public keys used for signing release n+1 in
release n. So once you trust a particular key, by verifying signatures
on sets
Yeah. Ok mister chicken before egg.. We should validate this thing
shipped in a release using dnssec with a root of trust depending on root
certs shipped with the release...Love that idea.. But maybe I'll just
buy a CD.
On 22 Jan 2014 05:13, Jiri B ji...@devio.us wrote:
On Wed, Jan 22,
Our lists are so full of helpful smart people who think chains of
trust are magical pixie dust coming from root-provider-fairylands
where the root cert faires live in castles of uncompromising fortitude
that are never full of government plants and are whose certificates
are magically transported
I think I'll make sure to advertise the next OpenBSD Foundation
funding campaign by suggesting that you're not actually not real
people, but a helpful-suggestions-posting-bot sponsored by the NSA..
Or maybe it's that they've infiltrated our educational systems...
Please get our your tinfoil
Em 22-01-2014 11:00, Bob Beck escreveu:
Our lists are so full of helpful smart people who think chains of
trust are magical pixie dust coming from root-provider-fairylands
where the root cert faires live in castles of uncompromising fortitude
that are never full of government plants and are
On Wed, Jan 22, 2014 at 11:28, Stuart Henderson wrote:
(IIRC somebody suggested printing keys on the tshirts, not sure if print
resolution on fabric is really up to that without making the text so
big as to be horribly ugly, posters may work though.)
It's only 56 letters. 3 rows of 19 should
We did print the whole blowfish implementation on the back of a t-shirt,
and I can still read mine. So a key should not be a problem. :-)
. Ken
On 23 January 2014 09:13, Ted Unangst t...@tedunangst.com wrote:
On Wed, Jan 22, 2014 at 11:28, Stuart Henderson wrote:
(IIRC somebody
On 23/01/2014 12:52 AM, Bob Beck wrote:
I think I'll make sure to advertise the next OpenBSD Foundation
funding campaign by suggesting that you're not actually not real
people, but a helpful-suggestions-posting-bot sponsored by the NSA..
Or maybe it's that they've infiltrated our educational
On Fri, Jan 17, 2014 at 12:39:49PM -0500, sven falempin wrote:
i read the manuals , and well , i am still unsure,
if i put SIGNER=bob in the package configuration
then it will be signed with
/etc/signify/bob.sec
having to read 4 different manual page to get this is strange :p
No,
Awesome.
To keep OUR control, one shall create a FTP, resign all packet and update
the key,
or generate packet and sign with is own key, moreover update the one on his
openBSD client ,
where are those keys ?
* the public one on the client openBSD
* the private one on the builder
is there a
On Fri, Jan 17, 2014 at 12:09:31PM -0500, sven falempin wrote:
Awesome.
 * the public one on the client openBSD
 * the private one on the builder
is there a new make command in ports to sign ? like make sign ? make
resign ?
See signify(1), pkg_add(1), pkg_create(1),
On Fri, Jan 17, 2014 at 06:23:53PM +0100, Marc Espie wrote:
On Fri, Jan 17, 2014 at 12:09:31PM -0500, sven falempin wrote:
Awesome.
 * the public one on the client openBSD
 * the private one on the builder
is there a new make command in ports to sign ? like make sign ?
On Fri, Jan 17, 2014 at 12:28 PM, Marc Espie es...@nerim.net wrote:
On Fri, Jan 17, 2014 at 06:23:53PM +0100, Marc Espie wrote:
On Fri, Jan 17, 2014 at 12:09:31PM -0500, sven falempin wrote:
Awesome.
 * the public one on the client openBSD
 * the private one on the
21 matches
Mail list logo