From marco+gnupg at websource.ch  Tue Mar  1 00:17:43 2011
From: marco+gnupg at websource.ch (Marco Steinacher)
Date: Tue, 01 Mar 2011 00:17:43 +0100
Subject: Restarting gnupg-agent inside X session
Message-ID: <4D6C2D17.80107@websource.ch>

Hi,

I use a OpenPGP smartcard with gnupg 2.0.14 and Ubuntu for different
tasks. From time to time I face the following problem: The gpg-agent
crashes for some reason after entering the PIN, 'ps' reports the daemon
process as a zombie

STAT START   TIME COMMAND
Zs   Feb26   0:01 [gpg-agent] <defunct>

and 'gpgconf --reload scdaemon' gives the following error:

gpgconf: error running `/usr/bin/gpg-connect-agent': exit status 1
gpgconf: error running `/usr/bin/gpg-connect-agent scd killscd': General
error

One problem is the fact that the agent crashes but I'm more after a
solution how to recover after it crashed for any reason. I can restart
the gpg-agent inside a terminal but then it is not available for
applications such as Thunderbird with Enigmail. So far, the only
solution that I know of is restarting the X session, i.e. log out and
log in again. But to do this I have to close all running applications
which sometimes is not an option.

Therefore I wonder if anybody knows of a solution to restart gpg-agent
on the level of the gnome-session without restarting the session itself.
Perhaps one way would be to somehow change the GPG_AGENT_INFO
environment variable for the running session, but I don't know if that's
possible. Any ideas?

Many thanks,
Marco


From dshaw at jabberwocky.com  Tue Mar  1 00:38:31 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 28 Feb 2011 18:38:31 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <178555886.20110228224027@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
Message-ID: <D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>

On Feb 28, 2011, at 5:40 PM, MFPA wrote:

> On Monday 28 February 2011 at 3:47:16 PM, in
> <mid:AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne at mail.gmail.com>,
> Guy Halford-Thompson wrote:
> 
> 
>> Thanks for the help, didnt really occur to me how much
>> info is available in the public keyring, guess you cant
>> do much about it tho.
> 
> 
> I think key UIDs generally reveal more information than I am
> comfortable with. For example, why does your UID need to contain your
> email address in plain text rather than as a hash? Searching for that
> email address would need to return any keys that matched on the hashed
> version in addition to any keys that matched on the plaintext version.
> Somebody knowing the email address (or name or hostname) could find
> the key but mere inspection of the key UIDs would not reveal all its
> owner's names, email addresses, etc.
> 
> I'm usually told such an option does not exist because it would serve
> no purpose and/or there would be no demand for it.

I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature.  To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc.  You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too.

It's a pretty big bite, and while it is an interesting idea, I suspect that there aren't enough people who want it for it to happen.

David



From david at systemoverlord.com  Tue Mar  1 00:42:22 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 28 Feb 2011 18:42:22 -0500
Subject: Question regarding shared keys
In-Reply-To: <20110228223821.164570@gmx.net>
References: <20110228012525.33010@gmx.net>	<162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com>	<20110228070703.164560@gmx.net>
	<4D6BDCA1.2080205@grant-olson.net> <20110228223821.164570@gmx.net>
Message-ID: <4D6C32DE.3010207@systemoverlord.com>

On 02/28/2011 05:38 PM, Denise Schmid wrote:
> Thanks all for your help.
> 
> Now, the story gets even more funny: They claim to have used PGP split-key, then encrypted the files with a randomized key, then encrypted the key with individual keys.
> 
> So far so bad. But now comes the best: They claim that, because one of the managers wasn't able to remember his mantra, they decided to _delete_ all encrypted data.
> 
> It sounds as if the whole thing is really nothing else but a bogus... Now as Vedaal wrote: Best thing that can happen is that they encrypted something later... 
> 
> But I see support for my opinion that the thing smells :-)
> 
> Thanks again
> 
> Denise


IANAL, and am also not a certified forensics expert, but this feels very
suspicious to me.  Normally, with split-key, you have a system where you
need, say, 3 out of 4, 5 out of 7, or something like that, pieces to
reconstruct the key.  There are a couple of different techniques for
this, but that's tool-dependent.  So if they did that (a best practice)
they should still be able to reconstruct it without that one manager.
Otherwise, what would happen to important data if one manager "departs"
suddenly (quits, fired, medical emergency, etc.)?

As a hint, IF they had the data written to disk in the plain
(unencrypted) before encrypting it, and haven't written a whole lot to
that disk since (i.e., no wiping programs) then a forensic investigator
might be able to recover some/all of the unencrypted data.

David


From dkg at fifthhorseman.net  Tue Mar  1 01:09:34 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 28 Feb 2011 19:09:34 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
Message-ID: <4D6C393E.80407@fifthhorseman.net>

On 02/28/2011 06:38 PM, David Shaw wrote:
> I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature.  To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc.  You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too.

the folks in the monkeysphere project have put some thought and work
into trying specify how this sort of thing should be approached.

however, i'm not convinced that hashed user IDs saves much against even
a moderately dedicated attacker, for the same reason that dan bernstein
rightly points out the failure of NSEC3 to avoid zone enumeration:

 http://dnscurve.org/nsec3walker.html

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/f561e71d/attachment.pgp>

From david at systemoverlord.com  Tue Mar  1 00:49:24 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 28 Feb 2011 18:49:24 -0500
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C2D17.80107@websource.ch>
References: <4D6C2D17.80107@websource.ch>
Message-ID: <4D6C3484.2090700@systemoverlord.com>

On 02/28/2011 06:17 PM, Marco Steinacher wrote:
> Hi,
> 
> I use a OpenPGP smartcard with gnupg 2.0.14 and Ubuntu for different
> tasks. From time to time I face the following problem: The gpg-agent
> crashes for some reason after entering the PIN, 'ps' reports the daemon
> process as a zombie
> 
> STAT START   TIME COMMAND
> Zs   Feb26   0:01 [gpg-agent] <defunct>
> 
> and 'gpgconf --reload scdaemon' gives the following error:
> 
> gpgconf: error running `/usr/bin/gpg-connect-agent': exit status 1
> gpgconf: error running `/usr/bin/gpg-connect-agent scd killscd': General
> error
> 
> One problem is the fact that the agent crashes but I'm more after a
> solution how to recover after it crashed for any reason. I can restart
> the gpg-agent inside a terminal but then it is not available for
> applications such as Thunderbird with Enigmail. So far, the only
> solution that I know of is restarting the X session, i.e. log out and
> log in again. But to do this I have to close all running applications
> which sometimes is not an option.
> 
> Therefore I wonder if anybody knows of a solution to restart gpg-agent
> on the level of the gnome-session without restarting the session itself.
> Perhaps one way would be to somehow change the GPG_AGENT_INFO
> environment variable for the running session, but I don't know if that's
> possible. Any ideas?
> 
> Many thanks,
> Marco

Each process has its own copy of the environment inherited from its
parent, so it's not possible to change the GPG_AGENT_INFO variable for
all processes.  You could start gpg-agent with --use-standard-socket,
and programs should fall back to that.

       --use-standard-socket
       --no-use-standard-socket
      By enabling this option gpg-agent  will  listen  on  the 	socket
      named ?S.gpg-agent?, located in the home directory, and not cre?
      ate a random socket below a temporary directory.  Tools connect?
      ing to gpg-agent should first try to connect to the socket given
      in environment variable GPG_AGENT_INFO and  then  fall  back  to
      this  socket.  This option may not be used if the home directory
      is mounted as a remote file system.  Note, that  --use-standard-
      socket is the default on Windows systems.

David


From david at systemoverlord.com  Tue Mar  1 01:09:12 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 28 Feb 2011 19:09:12 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <178555886.20110228224027@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
Message-ID: <4D6C3928.8090604@systemoverlord.com>

On 02/28/2011 05:40 PM, MFPA wrote:
> Hi
> 
> 
> On Monday 28 February 2011 at 3:47:16 PM, in
> <mid:AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne at mail.gmail.com>,
> Guy Halford-Thompson wrote:
> 
> 
>> Thanks for the help, didnt really occur to me how much
>> info is available in the public keyring, guess you cant
>> do much about it tho.
> 
> 
> I think key UIDs generally reveal more information than I am
> comfortable with. For example, why does your UID need to contain your
> email address in plain text rather than as a hash? Searching for that
> email address would need to return any keys that matched on the hashed
> version in addition to any keys that matched on the plaintext version.
> Somebody knowing the email address (or name or hostname) could find
> the key but mere inspection of the key UIDs would not reveal all its
> owner's names, email addresses, etc.
> 
> I'm usually told such an option does not exist because it would serve
> no purpose and/or there would be no demand for it.
> 
> 

While I understand your concerns, I think it would just be nice if the
owner of a key could set a flag on it indicating that they did not want
their key published to keyservers.  Then privacy could be preserved with
MUCH smaller changes to infrastructure.  (Though, admittedly, it might
require a change in the OpenPGP spec, which would actually be much larger.)

David


From Chinatinte at gmx.ch  Tue Mar  1 01:24:04 2011
From: Chinatinte at gmx.ch (Denise Schmid)
Date: Tue, 01 Mar 2011 01:24:04 +0100
Subject: Question regarding shared keys
In-Reply-To: <AANLkTimJUtMQ_ouszk34RC71nJHkepMfQf6iuj1aA460@mail.gmail.com>
References: <20110228012525.33010@gmx.net>
	<162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com>
	<20110228070703.164560@gmx.net>	<4D6BDCA1.2080205@grant-olson.net>
	<20110228223821.164570@gmx.net>
	<AANLkTimJUtMQ_ouszk34RC71nJHkepMfQf6iuj1aA460@mail.gmail.com>
Message-ID: <20110301002404.164590@gmx.net>


> Is this a movie?


lol... worse: it is reality. I hope I'll be able to post the docs one day soon...
-- 
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit 
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl


From kgo at grant-olson.net  Tue Mar  1 01:32:05 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 28 Feb 2011 19:32:05 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C3928.8090604@systemoverlord.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>
	<4D6C3928.8090604@systemoverlord.com>
Message-ID: <4D6C3E85.4040206@grant-olson.net>

On 2/28/11 7:09 PM, David Tomaschik wrote:
> On 02/28/2011 05:40 PM, MFPA wrote:
>>
>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to return any keys that matched on the hashed
>> version in addition to any keys that matched on the plaintext version.
>> Somebody knowing the email address (or name or hostname) could find
>> the key but mere inspection of the key UIDs would not reveal all its
>> owner's names, email addresses, etc.
>>
>> I'm usually told such an option does not exist because it would serve
>> no purpose and/or there would be no demand for it.
>>
>>
> 
> While I understand your concerns, I think it would just be nice if the
> owner of a key could set a flag on it indicating that they did not want
> their key published to keyservers.  Then privacy could be preserved with
> MUCH smaller changes to infrastructure.  (Though, admittedly, it might
> require a change in the OpenPGP spec, which would actually be much larger.)
> 
> David

There actually is a 'keyserver no-modify' setting in the spec, and by
default just about every key has it turned on.

But to honor it the keyservers would have to do crypto.  And after that
it creates an issue with syncing.  If I upload a key to
pool1.sks-keyservers.net, and it tries to sync with
pool2.sks-keyservers.net, how do you maintain the custody chain?

Both problems are, as they say in engineering-speak, non-trivial.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/0f6b8ac4/attachment.pgp>

From lopaki at gmail.com  Tue Mar  1 00:46:18 2011
From: lopaki at gmail.com (Scott Lambdin)
Date: Mon, 28 Feb 2011 18:46:18 -0500
Subject: Question regarding shared keys
In-Reply-To: <20110228223821.164570@gmx.net>
References: <20110228012525.33010@gmx.net>
	<162DFC33-15A5-4A0D-BA1A-7A933D7B9129@jabberwocky.com>
	<20110228070703.164560@gmx.net> <4D6BDCA1.2080205@grant-olson.net>
	<20110228223821.164570@gmx.net>
Message-ID: <AANLkTimJUtMQ_ouszk34RC71nJHkepMfQf6iuj1aA460@mail.gmail.com>

On Mon, Feb 28, 2011 at 5:38 PM, Denise Schmid <Chinatinte at gmx.ch> wrote:

> Thanks all for your help.
>
> Now, the story gets even more funny: They claim to have used PGP split-key,
> then encrypted the files with a randomized key, then encrypted the key with
> individual keys.
>
> So far so bad. But now comes the best: They claim that, because one of the
> managers wasn't able to remember his mantra, they decided to _delete_ all
> encrypted data.
>
> It sounds as if the whole thing is really nothing else but a bogus... Now
> as Vedaal wrote: Best thing that can happen is that they encrypted something
> later...
>
> But I see support for my opinion that the thing smells :-)
>
> Thanks again
>
> Denise
>
>
>
Is this a movie?

-- 
There's a box?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110228/b90bdef2/attachment.htm>

From dshaw at jabberwocky.com  Tue Mar  1 01:40:55 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 28 Feb 2011 19:40:55 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C3928.8090604@systemoverlord.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<4D6C3928.8090604@systemoverlord.com>
Message-ID: <6B9019C5-BFEE-485A-8EB4-CAFE0712A7B5@jabberwocky.com>

On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote:

>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to return any keys that matched on the hashed
>> version in addition to any keys that matched on the plaintext version.
>> Somebody knowing the email address (or name or hostname) could find
>> the key but mere inspection of the key UIDs would not reveal all its
>> owner's names, email addresses, etc.
>> 
>> I'm usually told such an option does not exist because it would serve
>> no purpose and/or there would be no demand for it.
>> 
>> 
> 
> While I understand your concerns, I think it would just be nice if the
> owner of a key could set a flag on it indicating that they did not want
> their key published to keyservers.  Then privacy could be preserved with
> MUCH smaller changes to infrastructure.  (Though, admittedly, it might
> require a change in the OpenPGP spec, which would actually be much larger.)

This flag actually exists in OpenPGP already (and what's more, GnuPG even sets it by default).  The catch is that none of the other infrastructure (keyservers, mainly) checks it, and given the current design of the keyservers and how they sync key data between them, they can't easily check it.  It would be a very large (I'd say even larger than the hashed user ID example above) task to make this flag truly useful.

David



From kgo at grant-olson.net  Tue Mar  1 01:44:22 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 28 Feb 2011 19:44:22 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C393E.80407@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
Message-ID: <4D6C4166.9070703@grant-olson.net>

On 2/28/11 7:09 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 06:38 PM, David Shaw wrote:
>> I think the problem here is the large size of the deployed infrastructure that expects user IDs to have email addresses in them combined with the relatively few people who are asking for this feature.  To make this change, you'd have to have a keyserver that could search in that manner, plus client support to make the hashes when talking to the keyserver, etc.  You'd have to handle the very-small-but-non-zero chance of a hash collision in the user ID, too.
> 
> the folks in the monkeysphere project have put some thought and work
> into trying specify how this sort of thing should be approached.
> 
> however, i'm not convinced that hashed user IDs saves much against even
> a moderately dedicated attacker, for the same reason that dan bernstein
> rightly points out the failure of NSEC3 to avoid zone enumeration:
> 
>  http://dnscurve.org/nsec3walker.html
> 
> 	--dkg
> 

I was actually just thinking about monkeysphere with regards to this
topic.  You guys basically came up with a loose pretty-obvious standard
for key names and wrote the tools from there.  Ultimately, the
keyservers don't care or need to know what a UID is at all.

I think something similar could be done with hashed emails.  Just some
(non)standard like:

hashed_uid://$SHA1_OF_EMAIL/$RIPEMD_OF_EMAIL

But using something better than my obviously naive hash-collision
prevention algorithm.

If that could be agreed on, you could probably get a few mailing list
regulars to add that ID in addition to their normal UIDs.  From there
start with a shell script that writes out a correct 'gpg --search-keys'
request.  Then on to more advanced things, like adding hashed_uid search
to the default sks-keyserver pages, enigmail integration, etc.

Really the only problem is that MFPA is stuck doing all the work until
(if ever) the (non)standard starts to take off.  And it's a lot of work.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/2dea5cba/attachment.pgp>

From expires2011 at ymail.com  Tue Mar  1 01:57:20 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 1 Mar 2011 00:57:20 +0000
Subject: Security of the gpg private keyring?
In-Reply-To: <D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
Message-ID: <457197163.20110301005720@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 28 February 2011 at 11:38:31 PM, in
<mid:D8186941-6E29-4358-9F0F-4A9C900CDA8B at jabberwocky.com>, David Shaw
wrote:

> I think the problem here is the large size of the
> deployed infrastructure that expects user IDs to have
> email addresses in them

Apart from email clients, what infrastructure expects email addresses
in UIDs?



> To make
> this change, you'd have to have a keyserver that could
> search in that manner,

Any keyserver could handle searching for both the plain text and the
hash: the client could query for one string, then for the other, then
combine the results.



> plus client support to make the
> hashes when talking to the keyserver, etc.

Hashes would need to be generated when selecting keys on the local
keyring too, not just when talking to keyservers.



> You'd have
> to handle the very-small-but-non-zero chance of a hash
> collision in the user ID, too.

A plaintext "collision" where two people have the same name in their
UID is nothing to write home about. Why would it be an issue if the
colliding string happened to be a hash?




- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Wise men learn many things from their enemies.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbER+nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pIHMD/j0r
/OnnXV4zB1Ig9KBi+ZsTLlEPXR6Jmfdnvryjjh+AjWMvYvXJr16+IMaURirH4AYu
3sL4s+td2mfkwnoAMQxswM/3OcMgKPHWrdbWTYQ6sMFoHyUFXZ7zE+LtytHwyknc
7eNVWsGvLUE3GDZrUbMXR2yy+63fe3KOFCQCcWuG
=fxJu
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Tue Mar  1 02:08:11 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 28 Feb 2011 20:08:11 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C3E85.4040206@grant-olson.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<4D6C3928.8090604@systemoverlord.com>
	<4D6C3E85.4040206@grant-olson.net>
Message-ID: <4D6C46FB.7040605@sixdemonbag.org>

On 2/28/11 7:32 PM, Grant Olson wrote:
> Both problems are, as they say in engineering-speak, non-trivial.

And this isn't even getting into the ways such a feature could/would be
abused.  Once you create an enforceable mechanism to say "this key
cannot be propagated by anyone but the owner," someone will find ways to
leverage that into an attack.  I don't know how it would be done: I
haven't done much thought on the subject.  But my suspicion is that
people much cleverer than I am are already thinking on it.

Also, from a political perspective, it's kind of interesting to see the
debate.  This is fundamentally an argument about DRM: certificate owners
claim certain exclusive rights and want technology to facilitate their
exercise of those rights, much as motion picture copyright owners claim
certain rights and want technology to facilitate their exercise of those
rights.  I'm not drawing any moral parallels between the two groups: I'm
just saying I find the dichotomy fascinating.  :)



From mailinglisten at hauke-laging.de  Tue Mar  1 02:15:32 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Tue, 1 Mar 2011 02:15:32 +0100
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C3E85.4040206@grant-olson.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D6C3928.8090604@systemoverlord.com>
	<4D6C3E85.4040206@grant-olson.net>
Message-ID: <201103010215.40029.mailinglisten@hauke-laging.de>

Am Dienstag 01 M?rz 2011 01:32:05 schrieb Grant Olson:

> If I upload a key to
> pool1.sks-keyservers.net, and it tries to sync with
> pool2.sks-keyservers.net, how do you maintain the custody chain?

Can you explain what custody chain means in this context?

My simple thought about that is that one of the keys has a newer time stamp 
and that this one in synchronized and overwrites the older ones.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110301/e98989d2/attachment.pgp>

From dkg at fifthhorseman.net  Tue Mar  1 02:20:46 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 28 Feb 2011 20:20:46 -0500
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C3484.2090700@systemoverlord.com>
References: <4D6C2D17.80107@websource.ch> <4D6C3484.2090700@systemoverlord.com>
Message-ID: <4D6C49EE.1040105@fifthhorseman.net>

On 02/28/2011 06:49 PM, David Tomaschik wrote:
> Each process has its own copy of the environment inherited from its
> parent, so it's not possible to change the GPG_AGENT_INFO variable for
> all processes.  You could start gpg-agent with --use-standard-socket,
> and programs should fall back to that.

Alternately, since you probably already know the current setting of
GPG_AGENT_INFO, you could just start the agent and link its new socket
to the place where the old one used to be.  Something like (untested):

 old_socket=$(printf "%s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
 mkdir -m 0700 -p $(dirname "$old_socket")
 eval $(gpg-agent --daemon)
 new_socket=$(printf "$s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
 ln "$new_socket" "$old_socket"


hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/17dd50e8/attachment.pgp>

From david at systemoverlord.com  Tue Mar  1 02:41:04 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 28 Feb 2011 20:41:04 -0500
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C49EE.1040105@fifthhorseman.net>
References: <4D6C2D17.80107@websource.ch> <4D6C3484.2090700@systemoverlord.com>
	<4D6C49EE.1040105@fifthhorseman.net>
Message-ID: <4D6C4EB0.8020704@systemoverlord.com>

On 02/28/2011 08:20 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 06:49 PM, David Tomaschik wrote:
>> Each process has its own copy of the environment inherited from its
>> parent, so it's not possible to change the GPG_AGENT_INFO variable for
>> all processes.  You could start gpg-agent with --use-standard-socket,
>> and programs should fall back to that.
> 
> Alternately, since you probably already know the current setting of
> GPG_AGENT_INFO, you could just start the agent and link its new socket
> to the place where the old one used to be.  Something like (untested):
> 
>  old_socket=$(printf "%s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
>  mkdir -m 0700 -p $(dirname "$old_socket")
>  eval $(gpg-agent --daemon)
>  new_socket=$(printf "$s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
>  ln "$new_socket" "$old_socket"
> 
> 
> hth,
> 
> 	--dkg

Other than on systems where $HOME is on a filesystem that does not
support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with
the use of --use-standard-socket?  Seems like it would make restarting
GPG an easier task.

David


From dkg at fifthhorseman.net  Tue Mar  1 02:54:25 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 28 Feb 2011 20:54:25 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6C4166.9070703@grant-olson.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
Message-ID: <4D6C51D1.6030908@fifthhorseman.net>

On 02/28/2011 07:44 PM, Grant Olson wrote:
> I think something similar could be done with hashed emails.  Just some
> (non)standard like:
> 
> hashed_uid://$SHA1_OF_EMAIL/$RIPEMD_OF_EMAIL
> 
> But using something better than my obviously naive hash-collision
> prevention algorithm.

this is (very roughly) what we came up with too (our approach to
avoiding hash collisions was to use a stronger hash instead of 2 weak
hashes).

You can pull a copy of a stalled/never-submitted Internet-Draft from here:

  git://lair.fifthhorseman.net/~dkg/openpgp-hashed-userids

If anyone wants to push this further, please let me know.

However, i'm quite serious about the flaws paralleling the failures of
NSEC3 to prevent DNS zone enumeration.  the problem space is slightly
different, but i think the math comes out about the same in terms of the
cost of trying to brute force these things.

Ultimately, i think Hashed User IDs provide only weak benefit against
the equivalent of zone enumeration through the keyservers (which is
presumably the goal), so understanding these arguments and providing a
convincing refutation of them (or outlining an entirely different
benefit) is probably the first task someone would need to take on.

I'm not convinced that the tradeoff is worth it myself, but if someone
wanted to make the argument, i'd be happy to listen.

> If that could be agreed on, you could probably get a few mailing list
> regulars to add that ID in addition to their normal UIDs.

Having a hashed User ID alongside your non-hashed User ID provides no
benefit at all (unless you consider confusing people trying to
understand and/or certify your OpenPGP certificate a benefit).

This would only be helpful to people who use nothing but hashed user IDs
on their keys.

> From there
> start with a shell script that writes out a correct 'gpg --search-keys'
> request.  Then on to more advanced things, like adding hashed_uid search
> to the default sks-keyserver pages, enigmail integration, etc.

yes, this is the implementation work that would need to be done.
Whoever wants to pick it up needs to also pay particular attention to
the user experience.  OpenPGP tools are pretty confusing already, so
thinking through how to hide the gibberish (hashed userids) in the
background and present the user with something intelligible would be a
critical step toward making this something anyone might want to adopt.

I wish i had a better solution to offer to this concern.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/4ba1dad0/attachment.pgp>

From dkg at fifthhorseman.net  Tue Mar  1 02:59:45 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 28 Feb 2011 20:59:45 -0500
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C4EB0.8020704@systemoverlord.com>
References: <4D6C2D17.80107@websource.ch>
	<4D6C3484.2090700@systemoverlord.com>	<4D6C49EE.1040105@fifthhorseman.net>
	<4D6C4EB0.8020704@systemoverlord.com>
Message-ID: <4D6C5311.6090708@fifthhorseman.net>

On 02/28/2011 08:41 PM, David Tomaschik wrote:
> Other than on systems where $HOME is on a filesystem that does not
> support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with
> the use of --use-standard-socket?  Seems like it would make restarting
> GPG an easier task.

I occasionally like to have multiple agents running, each with different
keys loaded, talking to different processes.  standard-socket wouldn't
let me do that.

i currently play this sort of game more often with ssh-agent than i do
with gpg-agent, but the principle is the same.  It'd be a shame to lose
the flexibility to do this.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/74c9bdda/attachment.pgp>

From kgo at grant-olson.net  Tue Mar  1 03:02:09 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 28 Feb 2011 21:02:09 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <201103010215.40029.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D6C3928.8090604@systemoverlord.com>	<4D6C3E85.4040206@grant-olson.net>
	<201103010215.40029.mailinglisten@hauke-laging.de>
Message-ID: <4D6C53A1.9060109@grant-olson.net>

On 02/28/2011 08:15 PM, Hauke Laging wrote:
> Am Dienstag 01 M?rz 2011 01:32:05 schrieb Grant Olson:
> 
>> If I upload a key to
>> pool1.sks-keyservers.net, and it tries to sync with
>> pool2.sks-keyservers.net, how do you maintain the custody chain?
> 
> Can you explain what custody chain means in this context?
> 
> My simple thought about that is that one of the keys has a newer time stamp 
> and that this one in synchronized and overwrites the older ones.
> 
> 

So if I'm only going to accept keys authorized by the owner, I need to
validate the owner.  Instead just receiving the key:

KEY => KEYSERVER-1

I now need to receive a signed copy of they key

SIGNED(KEY) => KERSERVER-1

The keyserver would then to something like:

1. Temporarily import the KEY as a TEMPKEY.

2. Verify that TEMPKEY and SIGNATURE are the same user.

3. Verify TEMPKEY with SIGNATURE.

4. Upload verified TEMPKEY into the real database.

So far not too bad, even if the current keyservers don't do any of this.

But when it tries to sync with KEYSERVER-2, I no longer have
SIGNED(KEY).  So KEYSERVER-2 won't be able to perform the above
algorithm.  It cannot verify that KEYSERVER-1 obtained the key from the
owner in the first place.

You could store SIGNED(KEY) in your database, but then you end up
performing the above algorithm millions of times when syncing, which
will eat up a bunch of time.  10 seconds per key adds up quickly.

You could say that you know KEYSERVER-1 did an initial verification, so
you don't need to, but then a malicious or misconfigured peer could get
bad data into your database.  If you decide to stop peering with
KEYSERVER-1, then how do you know which entries in your db are possibly
compromised or invalid?

Arguably a key owner could say they only wanted their key on
gingerbear.net, not the whole sks-keyserver pool.  Or more reasonably,
that sks-keyservers shouldn't sync with PGP Corp, or gnupg.org, or
hushmail, or whoever, since they didn't explicitly authorize it.  The
correct behavior here hasn't been specified anywhere.

There are probably many more issues like that tucked away once you start
to think seriously about implementing the feature properly.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/151be71e/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar  1 03:08:48 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 28 Feb 2011 21:08:48 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <4D6C53A1.9060109@grant-olson.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D6C3928.8090604@systemoverlord.com>	<4D6C3E85.4040206@grant-olson.net>
	<201103010215.40029.mailinglisten@hauke-laging.de>
	<4D6C53A1.9060109@grant-olson.net>
Message-ID: <D1FE4840-782F-4BE0-ACD8-19E6F418EDC7@sixdemonbag.org>

> There are probably many more issues like that tucked away once you start
> to think seriously about implementing the feature properly.

There's a lot of stuff in the literature on this subject.  This sort of behavior is usually called ORCON, for "ORiginator CONtrolled" -- referring usually to intelligence so sensitive the source controls who sees the intel and how it is used.

The first paper I can find on this subject belongs to Graubert, "On the Need for a Third Form of Access Control," _Proceedings of the 12th National Computer Security Conference_.  It's worth reading.



From kgo at grant-olson.net  Tue Mar  1 03:20:12 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 28 Feb 2011 21:20:12 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6C51D1.6030908@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
Message-ID: <4D6C57DC.5020908@grant-olson.net>

On 02/28/2011 08:54 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 07:44 PM, Grant Olson wrote:
> 
> You can pull a copy of a stalled/never-submitted Internet-Draft from here:
> 
>   git://lair.fifthhorseman.net/~dkg/openpgp-hashed-userids
> 
> If anyone wants to push this further, please let me know.
> 

I'll take a look when I get some more time.

To be honest though, I'm not particularly interested in the feature either.

I was just trying to illustrate that MFPA could get something going
without needing a new OpenPGP RFC, or without spending years of effort
until he got tangible results.  And if the (non)standard got got popular
enough, tools, whether they be keyservers or mail clients or gnupg,
would start to handle hashed userid lookups.

Even just two simple script that wrap around gnupg,
'generate-hashed-userid' and 'retrieve-hashed-userid', would be a huge
start.

> 
>> If that could be agreed on, you could probably get a few mailing list
>> regulars to add that ID in addition to their normal UIDs.
> 
> Having a hashed User ID alongside your non-hashed User ID provides no
> benefit at all (unless you consider confusing people trying to
> understand and/or certify your OpenPGP certificate a benefit).
> 

Yes, of course.  I was just thinking of the initial implementation and
testing phase.  It'd be nice if MFPA could see that the tools work
correctly, by seeing the 'before' and 'after' versions of UIDs, and
without people having to maintain a separate secret key.  I wouldn't
mind testing to help out, but I'm not throwing away my current key
anytime soon.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/d67e4328/attachment.pgp>

From kgo at grant-olson.net  Tue Mar  1 03:22:33 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 28 Feb 2011 21:22:33 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <D1FE4840-782F-4BE0-ACD8-19E6F418EDC7@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D6C3928.8090604@systemoverlord.com>	<4D6C3E85.4040206@grant-olson.net>
	<201103010215.40029.mailinglisten@hauke-laging.de>
	<4D6C53A1.9060109@grant-olson.net>
	<D1FE4840-782F-4BE0-ACD8-19E6F418EDC7@sixdemonbag.org>
Message-ID: <4D6C5869.7000808@grant-olson.net>

On 02/28/2011 09:08 PM, Robert J. Hansen wrote:
>> There are probably many more issues like that tucked away once you start
>> to think seriously about implementing the feature properly.
> 
> There's a lot of stuff in the literature on this subject.  This sort of behavior is usually called ORCON, for "ORiginator CONtrolled" -- referring usually to intelligence so sensitive the source controls who sees the intel and how it is used.
> 
> The first paper I can find on this subject belongs to Graubert, "On the Need for a Third Form of Access Control," _Proceedings of the 12th National Computer Security Conference_.  It's worth reading.
> 

Thanks for the heads up.  Looks interesting.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/1ab38ac3/attachment.pgp>

From david at systemoverlord.com  Tue Mar  1 04:52:34 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 28 Feb 2011 22:52:34 -0500
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C5311.6090708@fifthhorseman.net>
References: <4D6C2D17.80107@websource.ch>	<4D6C3484.2090700@systemoverlord.com>	<4D6C49EE.1040105@fifthhorseman.net>	<4D6C4EB0.8020704@systemoverlord.com>
	<4D6C5311.6090708@fifthhorseman.net>
Message-ID: <4D6C6D82.1080900@systemoverlord.com>

On 02/28/2011 08:59 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 08:41 PM, David Tomaschik wrote:
>> Other than on systems where $HOME is on a filesystem that does not
>> support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with
>> the use of --use-standard-socket?  Seems like it would make restarting
>> GPG an easier task.
> 
> I occasionally like to have multiple agents running, each with different
> keys loaded, talking to different processes.  standard-socket wouldn't
> let me do that.
> 
> i currently play this sort of game more often with ssh-agent than i do
> with gpg-agent, but the principle is the same.  It'd be a shame to lose
> the flexibility to do this.
> 
> 	--dkg

Fair enough.  I can't think of the case myself (keeping them all
straight would give me a migraine) but it's a good case to know.

David


From wk at gnupg.org  Tue Mar  1 10:05:04 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 01 Mar 2011 10:05:04 +0100
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C4EB0.8020704@systemoverlord.com> (David Tomaschik's message
	of "Mon, 28 Feb 2011 20:41:04 -0500")
References: <4D6C2D17.80107@websource.ch> <4D6C3484.2090700@systemoverlord.com>
	<4D6C49EE.1040105@fifthhorseman.net>
	<4D6C4EB0.8020704@systemoverlord.com>
Message-ID: <871v2rtdmn.fsf@vigenere.g10code.de>

On Tue,  1 Mar 2011 02:41, david at systemoverlord.com said:

> Other than on systems where $HOME is on a filesystem that does not
> support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with
> the use of --use-standard-socket?  Seems like it would make restarting

GnuPG 2.1 will use --use-standard-socket by default.  The windows port
does this for years.  If you want to run a second gpg-agent, you need to
use a different homedir, though.  I use

    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

in the startup script for interactive shells.  The only software which
does not work correctly is Easypg because it uses GPG_AGENT_INFO to
decide whether it shall ask for a passphrase; given that this is Emacs,
I can easily fix it.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From marco+gnupg at websource.ch  Tue Mar  1 11:15:58 2011
From: marco+gnupg at websource.ch (Marco Steinacher)
Date: Tue, 01 Mar 2011 11:15:58 +0100
Subject: Restarting gnupg-agent inside X session
In-Reply-To: <4D6C49EE.1040105@fifthhorseman.net>
References: <4D6C2D17.80107@websource.ch> <4D6C3484.2090700@systemoverlord.com>
	<4D6C49EE.1040105@fifthhorseman.net>
Message-ID: <4D6CC75E.7040707@websource.ch>

Daniel Kahn Gillmor wrote:
> On 02/28/2011 06:49 PM, David Tomaschik wrote:
>> Each process has its own copy of the environment inherited from its
>> parent, so it's not possible to change the GPG_AGENT_INFO variable for
>> all processes.  You could start gpg-agent with --use-standard-socket,
>> and programs should fall back to that.
> 
> Alternately, since you probably already know the current setting of
> GPG_AGENT_INFO, you could just start the agent and link its new socket
> to the place where the old one used to be.  Something like (untested):
> 
>  old_socket=$(printf "%s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
>  mkdir -m 0700 -p $(dirname "$old_socket")
>  eval $(gpg-agent --daemon)
>  new_socket=$(printf "$s" "$GPG_AGENT_INFO" | sed 's/:.*$//')
>  ln "$new_socket" "$old_socket"

David and Daniel, many thanks for your suggestions! I was not aware of
the --use-standard-socket option. I think this will do it for me.
Linking the new socket to the old one is also a nice way I didn't think
of and maybe it will be useful someday.

Marco
-- 
OpenPGP Key ID: 0x62937F7F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110301/dc3840db/attachment.pgp>

From wk at gnupg.org  Tue Mar  1 14:18:46 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 01 Mar 2011 14:18:46 +0100
Subject: GnuPG Card with ssh authentication problems
In-Reply-To: <4D6AA2FE.8050401@grant-olson.net> (Grant Olson's message of
	"Sun, 27 Feb 2011 14:16:14 -0500")
References: <86hbbqnpks.fsf@frogandbear.net> <8639nankq2.fsf@frogandbear.net>
	<4D69DE0D.8010709@grant-olson.net> <86pqqeav79.fsf@frogandbear.net>
	<87ipw5xwft.fsf@vigenere.g10code.de>
	<4D6AA2FE.8050401@grant-olson.net>
Message-ID: <87wrkjrnbd.fsf@vigenere.g10code.de>

On Sun, 27 Feb 2011 20:16, kgo at grant-olson.net said:

> If you want someone to cleanup and update the howto, I volunteer.  I
> just need to know the name of the cvs project.  'card-howto' didn't seem
> to work.

It is the module "card-howto" in the gpgweb repository.  However, I
recently started to convert it from Docbook to org-mode.  This is not
finished, though.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From johanw at xs4all.nl  Tue Mar  1 09:09:07 2011
From: johanw at xs4all.nl (Johan Wevers)
Date: Tue, 01 Mar 2011 09:09:07 +0100
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <4D6C2060.102@sixdemonbag.org>
References: <AANLkTinhjxXSK1qthS=MTgbOaBBVme8d+PmvQtRL840X@mail.gmail.com>	<87ei6uciyt.fsf@servo.finestructure.net>	<4D6A881F.3030601@sixdemonbag.org>	<4D6A9446.70705@systemoverlord.com>	<4D6AA58F.6030803@sixdemonbag.org>	<20110227193731.GA14868@wingback.gollo.at>	<4D6AAA91.3090901@sixdemonbag.org>	<C32B0CFA-2396-413D-B652-04A02DADCFFF@jabberwocky.com>	<45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org>	<010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com>	<421859072.20110228215908@my_localhost>
	<4D6C2060.102@sixdemonbag.org>
Message-ID: <4D6CA9A3.6070705@xs4all.nl>

Op 28-2-2011 23:23, Robert J. Hansen schreef:

> He then learned that his users thought the banner across the top was
> "just another one of those annoying Flash ads," and they tuned it out.

Their senses were dulled by overadvertising. He had better also
distributed Adblock Plus to try to counter the sensory overload.

-- 
Met vriendelijke groet,

Johan Wevers


From mario at tocario.com  Tue Mar  1 10:04:19 2011
From: mario at tocario.com (Mario Lombardo)
Date: Tue, 1 Mar 2011 10:04:19 +0100
Subject: CA Certificate on GPF Cryptostick
Message-ID: <E30FD944-B435-4678-8970-D380DBDCA679@tocario.com>

Hi,

I?m trying to move a private Key (RSA, PEM format) made by a Microsoft CA to the GPF Crypto Stick.

gpgsm tells me while importing:
> pgsm: no issuer found in certificate
> gpgsm: basic certificate checks failed - not imported
>  ERROR: object length field 1 octects too large
>  ERROR: object length field 1 octects too large
> gpgsm: total number processed: 1
> gpgsm:           not imported: 1

Any idea? Is it possible to do the import?

Thanks,
Mario

From guy at cach.me  Tue Mar  1 14:13:16 2011
From: guy at cach.me (Guy Halford-Thompson)
Date: Tue, 1 Mar 2011 13:13:16 +0000
Subject: Why do we use a different key to sign than to encrypt
Message-ID: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>

Not GPG specific, but I was wondering if someone could point me in the
direction of some resources that explain why we use different keys to
sign and encrypt (for cases where the same key _could_ do both e.g.
RSA).  I cant seem to pick anything up on google.

Thanks

-- 
Guy Halford-Thompson - http://www.cach.me/blog


From Lists.gnupg at mephisto.fastmail.net  Tue Mar  1 15:06:11 2011
From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net)
Date: Tue, 1 Mar 2011 09:06:11 -0500
Subject: Smart Card Physical Best Practices?
In-Reply-To: <4D69B987.9010400@systemoverlord.com>
References: <4D69B987.9010400@systemoverlord.com>
Message-ID: <20110301140611.GA12156@imac-6g2p.mgh.harvard.edu>

On Sat, Feb 26, 2011 at 09:40:07PM -0500 Also sprach David Tomaschik:
>
>I've recently received my smart card, but was wondering what the "best
>practices" are, mainly from a physical standpoint.  When I use it in
>my laptop reader, it sticks about 2" out of the side, and I have some
>concern about this (i.e., getting damaged by being pushed into
>something, etc.).  I am using the Authentication key on it for SSH,
>and the normal signing & encryption operations, so I suppose I need it
>when sending signed email and signing into a system.  Do most people
>leave it in the computer most of the time, or just insert it as
>needed?  This brings to mind: how many insertion cycles can these
>cards handle?  Looking online, various smart cards are rated anywhere
>from 10,000 to 250,000 insertions.  (At 10,000, as few as 10
>insertions per day would net a 3 year lifetime.)
>

If you are concerned with the insertion-limited lifetime, and with other
possible kinds of damage to the smart card itself, perhaps you should
consider getting one of the versions with the SIM removal option.

Pop the chip out of the card and put it inside one of those USB tokens
that take them. Then the SIM itself is always (at least partially)
protected inside a casing, and the insertion problem is offloaded onto
the USB mechanism (which is more expendable). If the USB token fails
eventually, take the SIM out and put it in a new one; you may have been
using it for years by then, but your effective insertion count is 2.

As an added bonus, you may use your OpenPGP card on any computer with a
USB port, without needing a separate card reader available.

-- 
"Le hasard favorise l'esprit pr?par?."
                       --Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 670 bytes
Desc: not available
URL: </pipermail/attachments/20110301/c2a3e5c1/attachment.pgp>

From wk at gnupg.org  Tue Mar  1 15:02:32 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 01 Mar 2011 15:02:32 +0100
Subject: [Announce] Libksba 1.2.0 released
Message-ID: <87r5arrlaf.fsf@vigenere.g10code.de>

Hello!

We are pleased to announce version 1.2.0 of Libksba.

Libksba is an X.509 and CMS (PKCS#7) library.  It is for example
required to build the S/MIME part of GnuPG-2 (gpgsm).  The only build
requirement for Libksba itself is the libgpg-error package.  There are
no other dependencies; actual cryptographic operations need to be done
by the user.  Libksba is distributed under the GPLv3+.  There are no
user tools accompanying this software, thus it is mostly relevant to
developers.

This release adds features required by the GnuPG 2.1 development
version.

You may download the library and its OpenPGP signature from:

  ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.2.0.tar.bz2 (575k)
  ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.2.0.tar.bz2.sig


Noteworthy changes in version 1.2.0 (2011-03-01)
------------------------------------------------

 * New functions to allow the creation of X.509 certificates.

 * Interface changes relative to the 1.1.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ksba_certreq_set_serial          NEW.
 ksba_certreq_set_issuer          NEW.
 ksba_certreq_set_validity        NEW.
 ksba_certreq_set_siginfo         NEW.


Commercial support contracts for Libksba are available, and they help
finance continued maintenance.  g10 Code, a Duesseldorf based company
owned and headed by Libksba's principal author, is currently funding
its development.  We are always looking for interesting development
projects.  See also http://www.gnupg.org/service.html .


Happy hacking,

  Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce



From mailravi02 at yahoo.co.in  Tue Mar  1 13:39:37 2011
From: mailravi02 at yahoo.co.in (ravi shankar)
Date: Tue, 1 Mar 2011 18:09:37 +0530 (IST)
Subject: need help on non-interactive gnuPG binary
Message-ID: <88766.71688.qm@web137413.mail.in.yahoo.com>

Hi,

?? I am planning to use gnuPG (v1.4.10) binary in netbsd 5 for encryption. The key generation is supported as interactive session, but I want to use non interactive session. I could not find any binary with non interactive session. Does anyone know where to get such a binary??

Regards,
Ravi



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110301/585402e9/attachment.htm>

From guy at cach.me  Tue Mar  1 15:30:37 2011
From: guy at cach.me (Guy Halford-Thompson)
Date: Tue, 1 Mar 2011 14:30:37 +0000
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <4D6CFA98.7060909@gbenet.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
	<4D6CFA98.7060909@gbenet.com>
Message-ID: <AANLkTimadKggO2dOiGMtKWs7mEDH5boF3kXCFa418vJs@mail.gmail.com>

But doesnt GPG generate 2 private keys (as well as public keys) when
you create a new keypair?

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only

I can understand if you use DSA and Elgamal (DSA can only sign) but
what about RSA and RSA?

On 1 March 2011 13:54, david at gbenet.com <david at gbenet.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> People encrypt to your public key - you de-crypt with your private key. You sign with your
> private key. It's that simple
>
> David
>
> Guy Halford-Thompson wrote:
>> Not GPG specific, but I was wondering if someone could point me in the
>> direction of some resources that explain why we use different keys to
>> sign and encrypt (for cases where the same key _could_ do both e.g.
>> RSA). ?I cant seem to pick anything up on google.
>>
>> Thanks
>>
>
> - --
> ?See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
> Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBCAAGBQJNbPqEAAoJEOJpqm7flRExLo0IALyNI0IGDXLa2Wd/SgAiZH6/
> Sq4Ef9BOk/L0g1JczyVIcRrs7aeSdo7K935wcRCDgFw8pH3jsd8xBU+jdQyjEsL4
> lrA+GFo0BE5p/Ksa10cNGWzw3n2dJsrGgAYGv+jkdVjlGFI7RsOo4MWv5orYATZ3
> B/Oyc/rUM5q5BoZbdihn5nysCScmGACyQbpwOOG1rQZ7U7IiqtxwoBrJwFaMNzHX
> lFs5GjWqtxfbCRl2GfyZN8ghRK6mZR+6WmDDmZRQ3sw1li7bw9M/2z1DNnHuGwr8
> fNhifuvqMUlVe/KdEiW1I2mcKwyMSc0oUuwT1Neqk8nIUkIarSBeNWys0sWT1Bw=
> =5AWK
> -----END PGP SIGNATURE-----
>



-- 
Guy Halford-Thompson - http://www.cach.me/blog


From dshaw at jabberwocky.com  Tue Mar  1 15:34:18 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 1 Mar 2011 09:34:18 -0500
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
Message-ID: <719B1063-A45A-49E9-A8CF-95D93A1B63A2@jabberwocky.com>

On Mar 1, 2011, at 8:13 AM, Guy Halford-Thompson wrote:

> Not GPG specific, but I was wondering if someone could point me in the
> direction of some resources that explain why we use different keys to
> sign and encrypt (for cases where the same key _could_ do both e.g.
> RSA).  I cant seem to pick anything up on google.

There is no one reason, but a few reasons that, taken together, makes this useful.

One reason is that it enables the use of sign-only or encryption-only algorithms, which if one key had to do it all, would not be usable.   Another reason is that it helps prevent a complete compromise - if only a subkey is compromised, the whole key is not compromised.  It allows for the best-algorithm-for-the-job decision to be made (for example, many people like signing with DSA because the signatures are physically smaller and thus not so obvious in email). It allows easier key changes without changing the main "identity" key by expiring or revoking just a subkey and making a new one.  And so on.  Some of these reasons overlap as well.

OpenPGP supports both the single-key and multiple-key models, so you're not forced to do it one way or the other.  The default in GnuPG is multiple key.

David



From Lists.gnupg at mephisto.fastmail.net  Tue Mar  1 15:34:52 2011
From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net)
Date: Tue, 1 Mar 2011 09:34:52 -0500
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
Message-ID: <20110301143452.GA13249@imac-6g2p.mgh.harvard.edu>

On Tue, Mar 01, 2011 at 01:13:16PM +0000 Also sprach Guy Halford-Thompson:
>Not GPG specific, but I was wondering if someone could point me in the
>direction of some resources that explain why we use different keys to
>sign and encrypt (for cases where the same key _could_ do both e.g.
>RSA).  

This may not be the whole story, but I did manage to find this:

http://www.di-mgt.com.au/rsa_alg.html#weaknesses

-- 
"Le hasard favorise l'esprit pr?par?."
                       --Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 670 bytes
Desc: not available
URL: </pipermail/attachments/20110301/8fa7dde3/attachment.pgp>

From dshaw at jabberwocky.com  Tue Mar  1 15:35:48 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 1 Mar 2011 09:35:48 -0500
Subject: need help on non-interactive gnuPG binary
In-Reply-To: <88766.71688.qm@web137413.mail.in.yahoo.com>
References: <88766.71688.qm@web137413.mail.in.yahoo.com>
Message-ID: <4C92C659-4038-462F-8042-E511679AEF3B@jabberwocky.com>

On Mar 1, 2011, at 7:39 AM, ravi shankar wrote:

> Hi,
> 
>    I am planning to use gnuPG (v1.4.10) binary in netbsd 5 for encryption. The key generation is supported as interactive session, but I want to use non interactive session. I could not find any binary with non interactive session. Does anyone know where to get such a binary??

The regular 1.4.10 binary supports non-interactive key generation.  See the file 'doc/DETAILS' in the GnuPG distribution, and specifically the section "Unattended key generation".

David



From noloader at gmail.com  Tue Mar  1 15:41:50 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Tue, 1 Mar 2011 09:41:50 -0500
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
Message-ID: <AANLkTimGHhFKD0tPoeMVBJb=h4zZUS4PhKZ0Cz5JRUpu@mail.gmail.com>

On Tue, Mar 1, 2011 at 8:13 AM, Guy Halford-Thompson <guy at cach.me> wrote:
> Not GPG specific, but I was wondering if someone could point me in the
> direction of some resources that explain why we use different keys to
> sign and encrypt (for cases where the same key _could_ do both e.g.
> RSA). ?I cant seem to pick anything up on google.
Key separation and management. See Handbook of Applied Cryptography,
Chapter 13 (http://www.cacr.math.uwaterloo.ca/hac/).

Jeff


From guy at cach.me  Tue Mar  1 16:31:47 2011
From: guy at cach.me (Guy Halford-Thompson)
Date: Tue, 1 Mar 2011 15:31:47 +0000
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTimGHhFKD0tPoeMVBJb=h4zZUS4PhKZ0Cz5JRUpu@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
	<AANLkTimGHhFKD0tPoeMVBJb=h4zZUS4PhKZ0Cz5JRUpu@mail.gmail.com>
Message-ID: <AANLkTi=VpE=Jfa78yHxej_tMnXDYqDqCQ7vfqXL=5jZ=@mail.gmail.com>

Thanks for the list of resources

G

On 1 March 2011 14:41, Jeffrey Walton <noloader at gmail.com> wrote:
> On Tue, Mar 1, 2011 at 8:13 AM, Guy Halford-Thompson <guy at cach.me> wrote:
>> Not GPG specific, but I was wondering if someone could point me in the
>> direction of some resources that explain why we use different keys to
>> sign and encrypt (for cases where the same key _could_ do both e.g.
>> RSA). ?I cant seem to pick anything up on google.
> Key separation and management. See Handbook of Applied Cryptography,
> Chapter 13 (http://www.cacr.math.uwaterloo.ca/hac/).
>
> Jeff
>



-- 
Guy Halford-Thompson - http://www.cach.me/blog


From david at systemoverlord.com  Tue Mar  1 15:47:06 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Tue, 1 Mar 2011 09:47:06 -0500
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <20110301143452.GA13249@imac-6g2p.mgh.harvard.edu>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
	<20110301143452.GA13249@imac-6g2p.mgh.harvard.edu>
Message-ID: <AANLkTimCqyOF5P26Dp-k3BkC0Lne4_ZowFS=2+Hdq65e@mail.gmail.com>

On Tue, Mar 1, 2011 at 9:34 AM,  <Lists.gnupg at mephisto.fastmail.net> wrote:
> On Tue, Mar 01, 2011 at 01:13:16PM +0000 Also sprach Guy Halford-Thompson:
>>
>> Not GPG specific, but I was wondering if someone could point me in the
>> direction of some resources that explain why we use different keys to
>> sign and encrypt (for cases where the same key _could_ do both e.g.
>> RSA).
>
> This may not be the whole story, but I did manage to find this:
>
> http://www.di-mgt.com.au/rsa_alg.html#weaknesses
>

The weaknesses documented there do not seem to apply to OpenPGP (and
hence GnuPG).  One, messages are not actually encrypted with RSA; a
symmetric algorithm is used to encrypt messages and the key to that
encryption is encrypted with RSA.  I believe that GnuPG uses a larger
encryption exponent, reducing the threat posed by the Chinese
Remainder Theorem.  The threat of the "same key" on that page only
applies where the RSA encryption was done to the plain text directly.
Likewise, OpenPGP signing is done on a hash of the plain text.
(Again, not on the plain text directly.)

David


-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


From jrollins at finestructure.net  Tue Mar  1 20:12:15 2011
From: jrollins at finestructure.net (Jameson Rollins)
Date: Tue, 01 Mar 2011 11:12:15 -0800
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTimadKggO2dOiGMtKWs7mEDH5boF3kXCFa418vJs@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
	<4D6CFA98.7060909@gbenet.com>
	<AANLkTimadKggO2dOiGMtKWs7mEDH5boF3kXCFa418vJs@mail.gmail.com>
Message-ID: <87hbbm4pv4.fsf@servo.finestructure.net>

On Tue, 1 Mar 2011 14:30:37 +0000, Guy Halford-Thompson <guy at cach.me> wrote:
> But doesnt GPG generate 2 private keys (as well as public keys) when
> you create a new keypair?
> 
> Please select what kind of key you want:
>    (1) RSA and RSA (default)
>    (2) DSA and Elgamal
>    (3) DSA (sign only)
>    (4) RSA (sign only
> 
> I can understand if you use DSA and Elgamal (DSA can only sign) but
> what about RSA and RSA?

Hi, Guy.  This prompt is definitely confusing, but yes, options (1) and
(2) create two key pairs, one primary key used for signing and
certifying, and a second subkey used for encryption.  Options (3) and
(4) only create a single primary key used for signing and certifying.

You can create an arbitrary number of subkeys if you'd like.  It's
common to create one for authentication, for instance.

jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20110301/f595611d/attachment.pgp>

From kloecker at kde.org  Tue Mar  1 21:56:56 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Tue, 01 Mar 2011 21:56:56 +0100
Subject: Security of the gpg private keyring?
In-Reply-To: <6B9019C5-BFEE-485A-8EB4-CAFE0712A7B5@jabberwocky.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D6C3928.8090604@systemoverlord.com>
	<6B9019C5-BFEE-485A-8EB4-CAFE0712A7B5@jabberwocky.com>
Message-ID: <201103012156.57096@thufir.ingo-kloecker.de>

On Tuesday 01 March 2011, David Shaw wrote:
> On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote:
> >> I think key UIDs generally reveal more information than I am
> >> comfortable with. For example, why does your UID need to contain
> >> your email address in plain text rather than as a hash? Searching
> >> for that email address would need to return any keys that matched
> >> on the hashed version in addition to any keys that matched on the
> >> plaintext version. Somebody knowing the email address (or name or
> >> hostname) could find the key but mere inspection of the key UIDs
> >> would not reveal all its owner's names, email addresses, etc.
> >> 
> >> I'm usually told such an option does not exist because it would
> >> serve no purpose and/or there would be no demand for it.
> > 
> > While I understand your concerns, I think it would just be nice if
> > the owner of a key could set a flag on it indicating that they did
> > not want their key published to keyservers.  Then privacy could be
> > preserved with MUCH smaller changes to infrastructure.  (Though,
> > admittedly, it might require a change in the OpenPGP spec, which
> > would actually be much larger.)
> 
> This flag actually exists in OpenPGP already (and what's more, GnuPG
> even sets it by default).  The catch is that none of the other
> infrastructure (keyservers, mainly) checks it, and given the current
> design of the keyservers and how they sync key data between them,
> they can't easily check it.  It would be a very large (I'd say even
> larger than the hashed user ID example above) task to make this flag
> truly useful.

Hmm. Why do the keyservers need to support it at all? IMO the clients 
that want to upload a key should check for this flag and warn the user 
if a key has this flag. Of course, this won't stop people from uploading 
keys with clients that do not support this flag, but at least those 
people that use a flag-enabled client will be made aware of the key 
owner's wish not to upload the key.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110301/57eeafb3/attachment.pgp>

From kloecker at kde.org  Tue Mar  1 22:20:52 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Tue, 01 Mar 2011 22:20:52 +0100
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <4D6AD5C8.7040000@dougbarton.us>
References: <4D67043B.9050501@sixdemonbag.org>
	<201102271105.04715@thufir.ingo-kloecker.de>
	<4D6AD5C8.7040000@dougbarton.us>
Message-ID: <201103012220.52948@thufir.ingo-kloecker.de>

On Sunday 27 February 2011, Doug Barton wrote:
> On 02/27/2011 02:04, Ingo Kl?cker wrote:
> > On Saturday, February 26, 2011, MFPA wrote:
> >> Hi
> >> 
> >> 
> >> On Friday 25 February 2011 at 1:45:03 AM, in
> >> 
> >> <mid:87lj14x4yo.fsf at servo.finestructure.net>, Jameson Rollins 
wrote:
> >>> Yikes!  I thought we were almost done killing inline
> >>> signatures!  Don't revive it now!
> >>> 
> >>> If PGP/MIME is broken on android, we need to get them
> >>> to fix it, not go backwards to inline pgp.
> >> 
> >> Using inline PGP signatures means using the simpler and more
> >> reliable of the two solutions. The fact that its specification
> >> was defined earlier does not mean using inline signatures is a
> >> step backwards; PGP/MIME is a complement to pgp inline, not a
> >> replacement.
> > 
> > The major problem I see with using cleartext signatures in email is
> > the lack for support of non-ASCII text (or, more precisely,
> > character encoding).
> 
> Can you provide examples that do not work when both the mail
> client(s) and gnupg are properly configured to use UTF-8?

No, sorry. I haven't been using inline PGP signatures for ages and 
neither do most of the people I exchange emails with. Therefore I cannot 
provide real world examples.

Back when I was still using inline PGP signatures I regularly got 
replies with a full quote of my inline-signed message where the 
signature on the quoted message was broken. You might say that it's not 
relevant because it's just a quote. But I say it is very relevant if 
such a reply is forwarded to a third party. And also if it isn't 
forwarded a bad signature is still highly irritating (at least to me).

Of course, my experience is from a time when UTF-8 wasn't used in email. 
But do the standard mail clients (Outlook, GMail, Thunderbird) really 
default to UTF-8 nowadays? Expecting people to properly configure their 
mail clients is an unrealistic dream.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110301/db66f52f/attachment.pgp>

From izghitu at gmail.com  Tue Mar  1 21:21:13 2011
From: izghitu at gmail.com (George)
Date: Tue, 1 Mar 2011 22:21:13 +0200
Subject: key generation problems
Message-ID: <AANLkTi=hj_-oormPuwq4duisHc6yDnXzJv7HLKHcAedO@mail.gmail.com>

Hi,

I have CentOS 5.5 with gnupg 1.4.5.

I am using the following command to generate the keys:
echo LinuxMasters | /usr/bin/gpg --homedir /home/USER/.gnupg -e -a -r
email at domain.com > /somefile

The problem I am facing is that until today all the keys generated
using this command had the same size of 1261 bytes and were working
properly.

Now when I do it the keys have the size of 912 bytes and no longer work.

Absolutely nothing changed config related on the server.

If I need to send you more info regarding my configs please tell me
what and I will send.

So my question is, why is this happening?

Please help
Thanks


From expires2011 at ymail.com  Wed Mar  2 00:29:19 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 1 Mar 2011 23:29:19 +0000
Subject: Security of the gpg private keyring?
In-Reply-To: <201103012156.57096@thufir.ingo-kloecker.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D6C3928.8090604@systemoverlord.com>
	<6B9019C5-BFEE-485A-8EB4-CAFE0712A7B5@jabberwocky.com>
	<201103012156.57096@thufir.ingo-kloecker.de>
Message-ID: <884341373.20110301232919@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 1 March 2011 at 8:56:56 PM, in
<mid:201103012156.57096 at thufir.ingo-kloecker.de>, Ingo Kl?cker wrote:


> Hmm. Why do the keyservers need to support it at all?
> IMO the clients  that want to upload a key should check
> for this flag and warn the user if a key has this flag.

I think the warning would be a good idea because it should serve to
reduce accidental uploading of keys (except by those who view such
warnings as "noise" and just click through without really reading
them).

Since the keyserver-no-modify flag is set by default in GnuPG and this
warning would be triggered for a large percentage of keys, why bother
checking for the flag? "Do you really want to publish this key to a
keyserver?" could be asked every time the user told the client to
upload any key, perhaps also displaying some info about the key and
the server.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

If it aint broke, fix it till it is broke!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbYFUnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pFKAEAIXA
JlNpZtG1aUk4j+t25EVUMh/Wwx02fSLwsRfmjgb8W46B6ZWUJz3qkU0oum+HdKQn
U/ADiI1jQsS33jcKtqHQd6okI72r5w4dEWfFc7E8Y0c42g4x/1n1kJd5ofSjivZV
DxQf3NC4rwtYNebSThraOasVkTmr2V+CQHnfw04v
=/QiR
-----END PGP SIGNATURE-----



From dshaw at jabberwocky.com  Wed Mar  2 00:46:39 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 1 Mar 2011 18:46:39 -0500
Subject: Security of the gpg private keyring?
In-Reply-To: <884341373.20110301232919@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D6C3928.8090604@systemoverlord.com>
	<6B9019C5-BFEE-485A-8EB4-CAFE0712A7B5@jabberwocky.com>
	<201103012156.57096@thufir.ingo-kloecker.de>
	<884341373.20110301232919@my_localhost>
Message-ID: <FE56085F-6A20-4941-BC87-8980F3BA9790@jabberwocky.com>

On Mar 1, 2011, at 6:29 PM, MFPA wrote:

> On Tuesday 1 March 2011 at 8:56:56 PM, in
> <mid:201103012156.57096 at thufir.ingo-kloecker.de>, Ingo Kl?cker wrote:
> 
> 
>> Hmm. Why do the keyservers need to support it at all?
>> IMO the clients  that want to upload a key should check
>> for this flag and warn the user if a key has this flag.
> 
> I think the warning would be a good idea because it should serve to
> reduce accidental uploading of keys (except by those who view such
> warnings as "noise" and just click through without really reading
> them).
> 
> Since the keyserver-no-modify flag is set by default in GnuPG and this
> warning would be triggered for a large percentage of keys, why bother
> checking for the flag? "Do you really want to publish this key to a
> keyserver?" could be asked every time the user told the client to
> upload any key, perhaps also displaying some info about the key and
> the server.

For that matter, you could just emit the warning for any key that you don't also have the secret part for.  That is, keys that have a higher chance of not being yours.

I would worry about the warning being invisible after a while though.

David



From expires2011 at ymail.com  Wed Mar  2 02:05:10 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 2 Mar 2011 01:05:10 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6C51D1.6030908@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
Message-ID: <1444818915.20110302010510@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 1 March 2011 at 1:54:25 AM, in
<mid:4D6C51D1.6030908 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> However, i'm quite serious about the flaws paralleling
> the failures of NSEC3 to prevent DNS zone enumeration.
> the problem space is slightly different, but i think
> the math comes out about the same in terms of the cost
> of trying to brute force these things.

> Ultimately, i think Hashed User IDs provide only weak
> benefit against the equivalent of zone enumeration
> through the keyservers (which is presumably the goal),
> so understanding these arguments and providing a
> convincing refutation of them (or outlining an entirely
> different benefit) is probably the first task someone
> would need to take on.

My analogy, admittedly not a direct comparison, would be having a
phone number that is ex-directory. It is no defence against random
dialling, nor against your number being recorded from outgoing calls
if you don't take steps such as withholding the CLI, nor against
somebody who has your number passing it on without your permission.
Despite these failings there is still benefit in being ex-directory.



> Having a hashed User ID alongside your non-hashed User
> ID provides no benefit at all

Those of us who use different email addresses with different contacts
(and/or periodically change email addresses) might generate a hashed
user ID for each email address, maybe with a non-hashed user-id for
our name. Similarly with role-based user IDs, a user might have their
name in a non-hashed UID but use hashed UIDs for their roles.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Is it possible to be a closet claustrophobic?
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbZfYnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pw4wD/1R0
qopVlkQLWTmidAyoAZeFOqgVmGTh40Ppu2nN49qq19+VZUFllAf/QcZw8+x3sWjh
TRdvLlMbvHRCtw6pqbWayW4aRN3NnMpWtUZnqnyEaErtGic8XgrD9O963dIcMvHd
kmNIf28PN774kNydUgF1hKyhBq6m/JAJ4BbCdQKV
=l3Bc
-----END PGP SIGNATURE-----



From dkg at fifthhorseman.net  Wed Mar  2 02:43:45 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 01 Mar 2011 20:43:45 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1444818915.20110302010510@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
Message-ID: <4D6DA0D1.20900@fifthhorseman.net>

On 03/01/2011 08:05 PM, MFPA wrote:
> My analogy, admittedly not a direct comparison, would be having a
> phone number that is ex-directory. It is no defence against random
> dialling, nor against your number being recorded from outgoing calls
> if you don't take steps such as withholding the CLI, nor against
> somebody who has your number passing it on without your permission.
> Despite these failings there is still benefit in being ex-directory.

What are those benefits?  Are they worth the tradeoff of having a large
number of non-human-readable User IDs?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110301/4a87fbfa/attachment.pgp>

From expires2011 at ymail.com  Wed Mar  2 04:21:25 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 2 Mar 2011 03:21:25 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6DA0D1.20900@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
Message-ID: <1121665374.20110302032125@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 2 March 2011 at 1:43:45 AM, in
<mid:4D6DA0D1.20900 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> On 03/01/2011 08:05 PM, MFPA wrote:
>> My analogy, admittedly not a direct comparison, would be having a
>> phone number that is ex-directory. It is no defence against random
>> dialling, nor against your number being recorded from outgoing calls
>> if you don't take steps such as withholding the CLI, nor against
>> somebody who has your number passing it on without your permission.
>> Despite these failings there is still benefit in being ex-directory.

> What are those benefits?

The benefits of your phone number being ex-directory are the benefits
that derive from it being harder for people to obtain your phone
number without your permission, harder to link the number to your
name/address, and impossible to find your address or phone number by
looking in the phone book.

A key that had only hashed UIDs would have analogous benefits relating
to email address instead of phone number and to keyserver instead of
phone book.

A key with some hashed and some human-readable UIDs would perhaps be
like having two phone numbers, one listed and the other ex-directory.



> Are they worth the tradeoff
> of having a large number of non-human-readable User
> IDs?

Depends who evaluates the worth, how they evaluate it, and if you
accept that is really the trade-off.

I use different email addresses with different contacts and change
some email addresses regularly. Hashed UIDs would allow hiding my
email addresses from the people they are not used with, as well as
preventing a human-readable set of defunct email addresses. If I
included my email addresses in hashed UIDs, they are not
human-readable but could still be used to find/identify my key and
maybe even facilitate opportunistic encryption. At the moment I cannot
usefully include them hashed, so I don't include them at all. For my
own key, to me the trade-off is if hashed but still useful I will
include, if human-readable I will not. For somebody else encountering
my key, the trade-off is the email address they want to match is
either in a hashed user ID or it's in no user ID at all.

What is the disadvantage of a large number of non-human-readable User
IDs on a key? The User ID that I am using at the time (eg to select a
key) is useful, all others are irrelevant noise and may as well not be
human-readable.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Lotto: A tax on people who are bad at statistics!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbbfVnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pxM8D/0mi
vUZEjULh30eTkuM26YhxdwuxC27qeRUtMWcDP/gYiiEgittoLvq2IVLfrZac1sj7
0vsaaR27PFMSErYjBMJfk6T54Fg2Jel5GfodbRfbxaDpzrTZG0iNqee/m1ea3+cA
z4yXpu/o0vZkdmxA9sJx0XXwOK3h5WVu9YhVNady
=4umI
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Wed Mar  2 05:07:19 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 1 Mar 2011 23:07:19 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1121665374.20110302032125@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
Message-ID: <A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>

> The benefits of your phone number being ex-directory are the benefits
> that derive from it being harder for people to obtain your phone
> number without your permission, harder to link the number to your
> name/address, and impossible to find your address or phone number by
> looking in the phone book.

Here the analogy breaks down.  Generally speaking there is only one telephone directory for a given geographic area, which makes it possible for you to keep your phone number private by keeping it out of that one directory.

Email doesn't work the same way.  There is no centralized directory.  To keep your email private requires that you fastidiously keep it out of thousands, tens of thousands of directories.  This doesn't strike me as very practical.

The benefits of keeping a telephone number out of the directory do not seem analogous to keeping an email address off the certificate servers.



From shammah_mg at yahoo.com  Wed Mar  2 15:56:42 2011
From: shammah_mg at yahoo.com (Mizana ;))
Date: Wed, 2 Mar 2011 06:56:42 -0800 (PST)
Subject: Enquiries about GnuPG
In-Reply-To: <F1D4679C4584C149B96DA05319730C9B0B08B7A4@TUS1XCHCLUPIN21.enterprise.veritas.com>
Message-ID: <583231.16544.qm@web30708.mail.mud.yahoo.com>




?




Dear?Sir / Madame 
?
?
Good-day. I am enquiring further about the GnuGP Encryption Software. 
I hope you are can assist.
?
I am interested to learn about:
1.??????? the functionality of the software 
2.??????? the licensing structure(s) of the software and associated prices for licensing 
3.??????? the hardware, software and other requirements for implementation of the software
4.??????? the implementation procedure of the software
5.??????? The cost for the software, and any other additional cost(s) including support maintenance and upgrade fees.
?
?
Thank you for assistance.
?
?
With kind regards
?
Mizana Gonsalves?



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110302/e0e34872/attachment.htm>

From dougb at dougbarton.us  Wed Mar  2 19:38:48 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 02 Mar 2011 10:38:48 -0800
Subject: Enquiries about GnuPG
In-Reply-To: <583231.16544.qm@web30708.mail.mud.yahoo.com>
References: <583231.16544.qm@web30708.mail.mud.yahoo.com>
Message-ID: <4D6E8EB8.7060200@dougbarton.us>

You can find most (if not all) of the answers you're looking for at 
http://gnupg.org/

After reading the material there if you still have questions, fire away.


Doug

On 03/02/2011 06:56, Mizana ;) wrote:
> /*Dear Sir / Madame */
>
> /*Good-day. I am enquiring further about the GnuGP Encryption Software. */
>
> /*I hope you are can assist.*/
>
> /*I am interested to learn about:*/
>
> /*1.*//*the functionality of the software */
>
> /*2.*//*the licensing structure(s) of the software and associated prices
> for licensing */
>
> /*3.*//*the hardware, software and other requirements for implementation
> of the software*/
>
> /*4.*//*the implementation procedure of the software*/
>
> /*5.*//*The cost for the software, and any other additional cost(s)
> including support maintenance and upgrade fees.*/
>
> /*Thank you for assistance.*/
>
> /*With kind regards*/
>
> /*Mizana Gonsalves*/
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From expires2011 at ymail.com  Wed Mar  2 20:25:17 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 2 Mar 2011 19:25:17 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
Message-ID: <1048993523.20110302192517@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 2 March 2011 at 4:07:19 AM, in
<mid:A27B6155-D269-47F2-923D-873E0C3F76FF at sixdemonbag.org>, Robert J.
Hansen wrote:


>> The benefits of your phone number being ex-directory
>> are the benefits that derive from it being harder for
>> people to obtain your phone number without your
>> permission, harder to link the number to your
>> name/address, and impossible to find your address or
>> phone number by looking in the phone book.

> Here the analogy breaks down.  Generally speaking there
> is only one telephone directory for a given geographic
> area, which makes it possible for you to keep your
> phone number private by keeping it out of that one
> directory.

Once, maybe. But for quite a few years (in the UK at least) there have
been many competing directory enquiries services, and more recently
the online versions as well. Choosing to be ex-directory is a
binding instruction to your telephone company not to release your
number to any such services.



> Email doesn't work the same way.  There is no
> centralized directory.

It is also much easier to create new email addresses than it is to
change phone numbers. And more practical to have multiple or
short-life email addresses than is the case with phone numbers.



> To keep your email private
> requires that you fastidiously keep it out of
> thousands, tens of thousands of directories.  This
> doesn't strike me as very practical.

For somebody who uses the same email address to communicate with many
contacts and keeps the same email address for a long time, that is
true. For somebody like me who uses various different email addresses
and replaces some of them on a regular basis it is plenty practical
enough.



> The benefits of keeping a telephone number out of the
> directory do not seem analogous to keeping an email
> address off the certificate servers.

Not exactly analogous (hence my "admittedly not a direct comparison"
when I introduced it) but I have drawn enough parallels for it to be a
relevant comparison. Of course there are differences.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Vegetarian: Indian word for lousy hunter!!!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbpmnnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pOmsD/1/V
0tg8BJz1uLyfHWfcQq3l/1eaIxBfa3+z3d68LYQ5ZcsoBNlJxAd/80FKmBb0a83r
8h7EuQsJZcHTLfPTUjB6dS1D8ffqp/e3K/lCQSzy4yccgiw1QwTPzf3C1L3THePa
LDAqa2PSctUip578m/yRehrcR2E2CYt1NOlpfWEM
=1E41
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Wed Mar  2 21:06:04 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 02 Mar 2011 15:06:04 -0500
Subject: Enquiries about GnuPG
In-Reply-To: <583231.16544.qm@web30708.mail.mud.yahoo.com>
References: <583231.16544.qm@web30708.mail.mud.yahoo.com>
Message-ID: <4D6EA32C.20205@sixdemonbag.org>

> 1. the functionality of the software

It implements RFC4880.  All MUST functions, as well as the overwhelming
majority of SHOULDs (perhaps all!), are supported.

> 2. the licensing structure(s) of the software and
> associated prices for licensing

GNU GPL v3.  How much it costs depends on from whom you buy it.  You can
get it for free from many sources.

> 3. the hardware, software and other requirements for
> implementation of the software

Most UNIXes and Win32.  If it follows POSIX, GnuPG can probably be
compiled there.

> 4. the implementation procedure of the software

I don't understand the question.

> 5. The cost for the software, and any other additional
> cost(s) including support maintenance and upgrade fees.

Depends on from whom you buy it, and/or from whom you buy support.  As
mentioned above, you can get it for free from many sources.


From dkg at fifthhorseman.net  Wed Mar  2 21:14:08 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 02 Mar 2011 15:14:08 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1048993523.20110302192517@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
Message-ID: <4D6EA510.7080408@fifthhorseman.net>

On 03/02/2011 02:25 PM, MFPA wrote:
> For somebody who uses the same email address to communicate with many
> contacts and keeps the same email address for a long time, that is
> true. For somebody like me who uses various different email addresses
> and replaces some of them on a regular basis it is plenty practical
> enough.

it sounds to me like you've simply made it difficult for people to
correspond with you over long periods of time because your e-mail
address isn't likely to continue working.

If your only concern is that you don't want your e-mail address publicly
visible on the keyservers, just make a User ID with no e-mail address at
all, and leave it at that.

You'd still need to do the work of changing, say, MUAs to re-think their
key-selection criteria to include keys without e-mail addresses (maybe
just based on the human-readable part of the To: header?)

But you wouldn't have to do any of the following:

 * specify and try to reach consensus on the syntax of a "standard"
Hashed User ID

 * modify underlying OpenPGP implementations to try digested searches

 * convince third-parties that it is worth their while to certify
digested user IDs

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110302/69c863dc/attachment.pgp>

From rjh at sixdemonbag.org  Wed Mar  2 21:27:50 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 02 Mar 2011 15:27:50 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1048993523.20110302192517@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
Message-ID: <4D6EA846.4080402@sixdemonbag.org>

On 3/2/11 2:25 PM, MFPA wrote:
> Once, maybe. But for quite a few years (in the UK at least) there have
> been many competing directory enquiries services, and more recently
> the online versions as well. Choosing to be ex-directory is a
> binding instruction to your telephone company not to release your
> number to any such services.

The analogy continues to break down.  "Binding," in the context of the
analogy, means "if someone breaks this instruction, they will be hurt."
 Maybe the government will start a criminal prosecution, maybe you have
recourse in a civil lawsuit, but ... ultimately, "if someone breaks this
instruction, they will be hurt."

Okay, fine: who are you electing to be the hurt-inflicter for the
OpenPGP community?  And in the absence of a designated hurt-inflicter,
how can there be a "binding instruction"?

The analogy you're drawing is appealing at first glance, but the more I
look at it the more it breaks down.

> It is also much easier to create new email addresses than it is to
> change phone numbers.

I would *far* rather change my phone number than change my email
address.  Probably a total of 50 people have my phone number: if I
change it, big deal.  If I change my email address, I'd probably need to
inform upwards of a thousand people of the change.

It may be true that *for you* it is easier to create new email addresses
than to change phone numbers.  It does not hold true for everyone, and
just how broadly it holds true is unknown.


From expires2011 at ymail.com  Thu Mar  3 00:34:37 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 2 Mar 2011 23:34:37 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6EA846.4080402@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA846.4080402@sixdemonbag.org>
Message-ID: <18210146283.20110302233437@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 2 March 2011 at 8:27:50 PM, in
<mid:4D6EA846.4080402 at sixdemonbag.org>, Robert J. Hansen wrote:



> The analogy continues to break down.  "Binding," in the
> context of the analogy, means "if someone breaks this
> instruction, they will be hurt."  Maybe the government
> will start a criminal prosecution, maybe you have
> recourse in a civil lawsuit, but ... ultimately, "if
> someone breaks this instruction, they will be hurt."

> Okay, fine: who are you electing to be the
> hurt-inflicter for the OpenPGP community?  And in the
> absence of a designated hurt-inflicter, how can there
> be a "binding instruction"?

You are going off at a tangent. The mechanism for preventing the phone
number being obtainable from a query of the phone book or directory
enquiry services is not relevant; just the fact that it can easily be
done.

Consider these scenarios:-

1.      I have a phone number that you don't know.
        This phone number is listed in the phone book and at directory
        enquiries.
        It is trivial for you to obtain the number.

2.      I have a phone number that you don't know.
        This phone number is not listed in the phone book or at
        directory enquiries.
        It is harder for you to obtain the number.


A parallel exists with:-

3.      I have email addresses that you don't know.
        These email addresses are readable from my key's user IDs.
        It is trivial for you to obtain these email addresses.

4.      I have email addresses that you don't know.
        These email addresses are not readable from my key's user IDs.
        It is harder for you to obtain these email addresses.


"This phone number is not listed in the phone book or at directory
enquiries" is easily achieved by being ex-directory; this does not
affect the usefulness of my telephone service. It is only easy because
the appropriate mechanism has been put in place to achieve it.

"These email addresses are not readable from my key's user IDs" is
easily achieved by simply not including them in the user IDs. This is
easy because the user ID field is free-text and doesn't have to be
Name (Comment) <email address>. This adversely affects the usefulness
of my key, since MUAs commonly rely on the email address in the user
ID for key selection.

Hashed user IDs are a possible alternative mechanism to achieve "these
email addresses are not readable from my key's user IDs" that could
have less of an adverse affect on key usefulness.


> The analogy you're drawing is appealing at first
> glance, but the more I look at it the more it breaks
> down.

I said "in this respect the two are similar."
You appear to be saying "they are not similar because in these
other respects they are different."



>> It is also much easier to create new email addresses
>> than it is to change phone numbers.

> I would *far* rather change my phone number than change
> my email address.  Probably a total of 50 people have
> my phone number: if I change it, big deal.  If I change
> my email address, I'd probably need to inform upwards
> of a thousand people of the change.

A good point well made.

I was comparing the effort involved in actually creating a new email
address (a few seconds to a couple of minutes at the keyboard) to the
effort involved in actually getting the phone company to change a
phone number (ringing the phone company, navigating their stupid menu
system, eventually getting through to a customer service agent in
foreign parts who barely speaks English, trying to make them
understand, discussing the reasons why they should provide the number
change - such as nuisance phone calls you have been receiving, wait
for the change to happen, chase up the billing errors, etc.).


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Never lean forward to push an invisible object.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbtQRnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pARsD/1iG
sr2ROg6NOqTJDhasftiQwXYZ9YiEFK4TacuT1TIl8MRYynMJU35EgqioWvh3B3LJ
Mfqaqvff9OlK8wyrmbQ585USxmXYf7aDtsfI3tqzrvgoYIMpl/iLRxpN4JGwSpv1
D2r2jlIHUq1LehNUYjbl0DGR+1kishfWhAHkxiSO
=euzF
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Thu Mar  3 01:21:11 2011
From: expires2011 at ymail.com (MFPA)
Date: Thu, 3 Mar 2011 00:21:11 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6EA510.7080408@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
Message-ID: <333125614.20110303002111@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 2 March 2011 at 8:14:08 PM, in
<mid:4D6EA510.7080408 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> it sounds to me like you've simply made it difficult
> for people to correspond with you over long periods of
> time because your e-mail address isn't likely to
> continue working.

Not especially so. The ones I use for mailing lists etc. change
periodically. This makes no difference to people contacting me, since
they should be doing it via the list. Ones I use with specific
individuals or groups of people, some are quite fleeting while others
persist for years.



> If your only concern is that you don't want your e-mail
> address publicly visible on the keyservers, just make a
> User ID with no e-mail address at all, and leave it at
> that.

> You'd still need to do the work of changing, say, MUAs
> to re-think their key-selection criteria to include
> keys without e-mail addresses

Something that would not be necessary if the underlying openPGP
implementations could handle hashed user IDs.




> But you wouldn't have to do any of the following:

>  * specify and try to reach consensus on the syntax of
> a "standard" Hashed User ID

Isn't that best handled *after* a proof-of-concept?



>  * modify underlying OpenPGP implementations to try
>  digested searches

Could these be handled by a local proxy? The openPGP implementation
(which is configured to use the local proxy as keyserver, and not to
check the local keyring) queries the proxy using the plaintext search
string. The proxy checks the local keyring for both the plaintext
search string and the hash, and returns the combined results to the
openPGP implementation. The proxy (simultaneously?) queries a
keyserver for both the plaintext search string and the hash. If there
were matches in the local keyring, the keyserver results are discarded
(or cached?). If there were no matches in the local keyring, the
combined results from the keyserver are returned to the openPGP
implementation and keys may be imported as normal.



>  * convince third-parties that it is worth their while
> to certify digested user IDs

That is not necessarily harder than convincing them to sign user IDs
wit no email address.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Zorba the Greek - before he zorbas you
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbt7/nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pYmsEAL9V
ZcywGGE/10DWc2Lqv8G/r+ugt0Wju9dObr+Ll3BNjkANu+bTWRJpFMVsTF4Y/PHZ
VEuYZh2dRFPF8FCK7MjwSy0lQ6EsR6yxGlMWjrx5ECvfV8V/r/1pC+GWyBl+aSD8
myYbz+uMd1d7YOsebNn7Z3SohyZhu3cwUuCKidTT
=LmYB
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Thu Mar  3 01:33:27 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 02 Mar 2011 19:33:27 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <18210146283.20110302233437@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA846.4080402@sixdemonbag.org>
	<18210146283.20110302233437@my_localhost>
Message-ID: <4D6EE1D7.2050707@sixdemonbag.org>

On 3/2/11 6:34 PM, MFPA wrote:
> You are going off at a tangent. The mechanism for preventing the phone
> number being obtainable from a query of the phone book or directory
> enquiry services is not relevant; just the fact that it can easily be
> done.

It's not a tangent at all, and for almost the exact reason you cite.
You would say "it can easily be done."  I would say, "it can easily be
enforced."  I'm not seeing an effective enforcement mechanism here.
Without that, I don't see how it can easily be done.

Basically what you're saying is, "I don't want other people to be able
to publicly share data that I feel personally identifies me."  That's a
perfectly understandable want, but you can't make data uncopyable.
Digital information may be easily and near costlessly copied and shared:
that's just its essential nature.

> 3.      I have email addresses that you don't know.
>         These email addresses are readable from my key's user IDs.
>         It is trivial for you to obtain these email addresses.
> 
> 4.      I have email addresses that you don't know.
>         These email addresses are not readable from my key's user IDs.
>         It is harder for you to obtain these email addresses.

I don't believe 4 is the case at all.  In this era of Facebook, Twitter,
social media and people profligately sharing information, well... this
seems a lot like locking up the barn after the cattle have run off.

> "This phone number is not listed in the phone book or at directory
> enquiries" is easily achieved by being ex-directory; this does not
> affect the usefulness of my telephone service.

You're begging the question: how does it get made ex-directory?  In the
case of a telephone, it's because you have a single point of authority
who will enforce your wishes.  In the case of the certificate servers,
how does it get done?

I'm not saying it shouldn't get done or that I wouldn't like it if it
were done.  I'm only saying that, at present, it doesn't appear it *can*
be done.


From ben at adversary.org  Thu Mar  3 01:37:01 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 03 Mar 2011 11:37:01 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6C57DC.5020908@grant-olson.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>
	<4D6C57DC.5020908@grant-olson.net>
Message-ID: <4D6EE2AD.1000706@adversary.org>

On 1/03/11 1:20 PM, Grant Olson wrote:
> 
> I wouldn't mind testing to help out, but I'm not throwing away my
> current key anytime soon.

Ah ha!  Another hint about the scav hunt.  ;)

More seriously, I've been through this discussion with MFPA before and
I can see some circumstances where his idea might have merit, so I'd
be willing to help test too.


Regards,
Ben


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110303/7428f9e9/attachment.pgp>

From rjh at sixdemonbag.org  Thu Mar  3 01:59:48 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 02 Mar 2011 19:59:48 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6EE2AD.1000706@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<4D6C57DC.5020908@grant-olson.net>
	<4D6EE2AD.1000706@adversary.org>
Message-ID: <4D6EE804.8040806@sixdemonbag.org>

On 3/2/11 7:37 PM, Ben McGinnes wrote:
> More seriously, I've been through this discussion with MFPA before and
> I can see some circumstances where his idea might have merit, so I'd
> be willing to help test too.

Same here.  I am deeply skeptical, but not unwilling to be proven wrong.

IMPOSSIBLE: means (1) I wouldn't like it and when it happens I won't
approve; (2) I can't be bothered; (3) God can't be bothered.  Meaning #3
may perhaps be valid but the others are 101% whaledreck.

	-- John Brunner, _Stand on Zanzibar_


From ben at adversary.org  Thu Mar  3 04:04:43 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 03 Mar 2011 14:04:43 +1100
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <DB639017-5B6A-4231-8E82-B6F0CD8A94C7@jabberwocky.com>
References: <AANLkTinhjxXSK1qthS=MTgbOaBBVme8d+PmvQtRL840X@mail.gmail.com>	<87ei6uciyt.fsf@servo.finestructure.net>	<4D6A881F.3030601@sixdemonbag.org>	<4D6A9446.70705@systemoverlord.com>	<4D6AA58F.6030803@sixdemonbag.org>	<20110227193731.GA14868@wingback.gollo.at>	<4D6AAA91.3090901@sixdemonbag.org>	<C32B0CFA-2396-413D-B652-04A02DADCFFF@jabberwocky.com>	<45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org>	<010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com>	<421859072.20110228215908@my_localhost>
	<DB639017-5B6A-4231-8E82-B6F0CD8A94C7@jabberwocky.com>
Message-ID: <4D6F054B.4080308@adversary.org>

On 1/03/11 9:33 AM, David Shaw wrote:
> 
> That experiment, while interesting, is not relevant to the "real
> Martin" / "fake Martin" situation we've been talking about.  If both
> Real Martin and Fake Martin have the same secret key, then there is
> no way to tell them apart using signatures.

Hang on, maybe I got lost in this thread, but I thought they had
different keys, but "fake Martin" had managed to generate one with the
same key ID (possibly the same fingerprint) as "real Martin"
... right?


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110303/89e00d6b/attachment.pgp>

From ben at adversary.org  Thu Mar  3 04:18:38 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 03 Mar 2011 14:18:38 +1100
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <201103012220.52948@thufir.ingo-kloecker.de>
References: <4D67043B.9050501@sixdemonbag.org>	<201102271105.04715@thufir.ingo-kloecker.de>	<4D6AD5C8.7040000@dougbarton.us>
	<201103012220.52948@thufir.ingo-kloecker.de>
Message-ID: <4D6F088E.909@adversary.org>

On 2/03/11 8:20 AM, Ingo Kl?cker wrote:
> 
> Of course, my experience is from a time when UTF-8 wasn't used in email. 
> But do the standard mail clients (Outlook, GMail, Thunderbird) really 
> default to UTF-8 nowadays? Expecting people to properly configure their 
> mail clients is an unrealistic dream.

No, but some have been saying they will at some nebulous point in the
future.  So far I still have to change Thunderbird, Firefox and Emacs
to use UTF-8 by default.

It comes from too many years of people failing to get even my simple
surname correct (no, there really *isn't* supposed to be a "u" in it).
I figure people with umlauts, accents and other characters feel the
same way.  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110303/835c0529/attachment.pgp>

From dshaw at jabberwocky.com  Thu Mar  3 05:17:06 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 2 Mar 2011 23:17:06 -0500
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <4D6F054B.4080308@adversary.org>
References: <AANLkTinhjxXSK1qthS=MTgbOaBBVme8d+PmvQtRL840X@mail.gmail.com>	<87ei6uciyt.fsf@servo.finestructure.net>	<4D6A881F.3030601@sixdemonbag.org>	<4D6A9446.70705@systemoverlord.com>	<4D6AA58F.6030803@sixdemonbag.org>	<20110227193731.GA14868@wingback.gollo.at>	<4D6AAA91.3090901@sixdemonbag.org>	<C32B0CFA-2396-413D-B652-04A02DADCFFF@jabberwocky.com>	<45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org>	<010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com>	<421859072.20110228215908@my_localhost>
	<DB639017-5B6A-4231-8E82-B6F0CD8A94C7@jabberwocky.com>
	<4D6F054B.4080308@adversary.org>
Message-ID: <9F7C6A4B-4C07-4DEA-90CD-6031E48A872F@jabberwocky.com>

On Mar 2, 2011, at 10:04 PM, Ben McGinnes wrote:

> On 1/03/11 9:33 AM, David Shaw wrote:
>> 
>> That experiment, while interesting, is not relevant to the "real
>> Martin" / "fake Martin" situation we've been talking about.  If both
>> Real Martin and Fake Martin have the same secret key, then there is
>> no way to tell them apart using signatures.
> 
> Hang on, maybe I got lost in this thread, but I thought they had
> different keys, but "fake Martin" had managed to generate one with the
> same key ID (possibly the same fingerprint) as "real Martin"
> ... right?

The premise (more or less) was that a guy named Martin (RM) was on a mailing list and signed all his mail.  After some time, a new guy (FM) shows up and claims that he is, in fact, Martin.  FM may have his own key or may not have a key at all.  It doesn't matter, because the members of the mailing list can see, by means of RM's signatures, a continuity of communication.  They can tell RM apart from FM, simply because only RM can issue the signatures they've been seeing on his messages.

Now, there are limits to this technique.  They can't tell who is really "Martin" (i.e. they can't bind the name to a real-world person) without some other information, but in the context of Internet communication that frequently doesn't matter.  They can tell which one is the guy they've been talking with for all this time.  Which one is *their* Martin, if you like.

Despite all the noise in the thread, it's nothing terribly odd.  It's just the way nym keys work.

David



From ben at adversary.org  Thu Mar  3 06:22:29 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 03 Mar 2011 16:22:29 +1100
Subject: PGP/MIME considered harmful for mobile
In-Reply-To: <9F7C6A4B-4C07-4DEA-90CD-6031E48A872F@jabberwocky.com>
References: <AANLkTinhjxXSK1qthS=MTgbOaBBVme8d+PmvQtRL840X@mail.gmail.com>	<87ei6uciyt.fsf@servo.finestructure.net>	<4D6A881F.3030601@sixdemonbag.org>	<4D6A9446.70705@systemoverlord.com>	<4D6AA58F.6030803@sixdemonbag.org>	<20110227193731.GA14868@wingback.gollo.at>	<4D6AAA91.3090901@sixdemonbag.org>	<C32B0CFA-2396-413D-B652-04A02DADCFFF@jabberwocky.com>	<45E19A0B-3584-4064-B9FA-77CCA68E06D4@sixdemonbag.org>	<010B72F5-DCB7-4877-A955-92CA0998B706@jabberwocky.com>	<421859072.20110228215908@my_localhost>	<DB639017-5B6A-4231-8E82-B6F0CD8A94C7@jabberwocky.com>	<4D6F054B.4080308@adversary.org>
	<9F7C6A4B-4C07-4DEA-90CD-6031E48A872F@jabberwocky.com>
Message-ID: <4D6F2595.80804@adversary.org>

On 3/03/11 3:17 PM, David Shaw wrote:
> 
> The premise (more or less) was that a guy named Martin (RM) was on a
> mailing list and signed all his mail.  After some time, a new guy
> (FM) shows up and claims that he is, in fact, Martin.  FM may have
> his own key or may not have a key at all.  It doesn't matter,
> because the members of the mailing list can see, by means of RM's
> signatures, a continuity of communication.  They can tell RM apart
> from FM, simply because only RM can issue the signatures they've
> been seeing on his messages.

Right, so FM's only spoofing ability via a key would be to create one
in the same name as Martin and hope that people collecting keys would
just add it and not double-check the key ID/fingerprint.  I'd misread
that as FM doing something sneaky to generate a key that had a
matching key ID (though probably not a matching fingerprint).

> Now, there are limits to this technique.  They can't tell who is
> really "Martin" (i.e. they can't bind the name to a real-world
> person) without some other information, but in the context of
> Internet communication that frequently doesn't matter. 

That's probably the case for a lot of GPG usage.

> They can tell which one is the guy they've been talking with for all
> this time.  Which one is *their* Martin, if you like.

Which is one of the valuable sides to signing all or most messages.
It helps prove when spoofing has occurred.

> Despite all the noise in the thread, it's nothing terribly odd.
> It's just the way nym keys work.

Yeah, I played with that years ago, but for the most part it was just
too irritating for most things I wanted to do.  Anonymity and
pseudonymity can be useful, but for my part that's only for certain
specific projects.  I did once create one to play with a journalist
researching the Echelon program in the 1990s, that was fun, even got
him to use one of those international releases of PGP.


Regards,
Ben


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110303/1cde0c71/attachment.pgp>

From johanw at vulcan.xs4all.nl  Thu Mar  3 09:30:13 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu, 03 Mar 2011 09:30:13 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1048993523.20110302192517@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
Message-ID: <4D6F5195.2090903@vulcan.xs4all.nl>

Op 2-3-2011 20:25, MFPA schreef:

> It is also much easier to create new email addresses than it is to
> change phone numbers. And more practical to have multiple or
> short-life email addresses than is the case with phone numbers.

Not really, here I can get a new (mobile) phone number by buying a
prepaid simcard for about 10 Euro (including 10 Euro credit). The
cheapest prepaid packages with phone are about 15 Euro (old model phone
that is being dumped). For some contacts that is precisely what I do:
give them a second number, if I get too many calls on it I don't want I
replace the simcard.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


From johanw at xs4all.nl  Thu Mar  3 09:32:00 2011
From: johanw at xs4all.nl (Johan Wevers)
Date: Thu, 03 Mar 2011 09:32:00 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6EA510.7080408@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
Message-ID: <4D6F5200.5020405@xs4all.nl>

Op 2-3-2011 21:14, Daniel Kahn Gillmor schreef:

> You'd still need to do the work of changing, say, MUAs to re-think their
> key-selection criteria to include keys without e-mail addresses (maybe
> just based on the human-readable part of the To: header?)

That can be done much easier: upload a version without the email address
to the keyservers, and store locally a version with your (current)
email. Then don't sync that with the keyservers of course.

-- 
Met vriendelijke groet,

Johan Wevers


From johanw at xs4all.nl  Thu Mar  3 09:36:36 2011
From: johanw at xs4all.nl (Johan Wevers)
Date: Thu, 03 Mar 2011 09:36:36 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <333125614.20110303002111@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
Message-ID: <4D6F5314.1070904@xs4all.nl>

Op 3-3-2011 1:21, MFPA schreef:

> Something that would not be necessary if the underlying openPGP
> implementations could handle hashed user IDs.

Isn't it much easier to use the key ID / signature for that? You already
have that.

-- 
Met vriendelijke groet,

Johan Wevers

-- 
Met vriendelijke groet,

Johan Wevers


From Lists.gnupg at mephisto.fastmail.net  Thu Mar  3 16:28:09 2011
From: Lists.gnupg at mephisto.fastmail.net (Kevin Kammer)
Date: Thu, 3 Mar 2011 10:28:09 -0500
Subject: OpenPGP Card source
Message-ID: <20110303152809.GA33269@imac-6g2p.mgh.harvard.edu>

Is the source code that lives in the OpenPGP card, v2.0, as implemented
in the Kernel Concepts/Zeitcontrol version, available anywhere for
review?

I have looked on their respective websites, as well as g10 code and the
gnupg ftp server, but have not seen any obvious path to it (and I am
assuming it would be obvious, since it is presumably in BASIC where
almost everything else is in C).

Thanks for pointing me in the right direction.

-Kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 719 bytes
Desc: not available
URL: </pipermail/attachments/20110303/6a8daa97/attachment.pgp>

From wk at gnupg.org  Thu Mar  3 19:40:04 2011
From: wk at gnupg.org (Werner Koch)
Date: Thu, 03 Mar 2011 19:40:04 +0100
Subject: OpenPGP Card source
In-Reply-To: <20110303152809.GA33269@imac-6g2p.mgh.harvard.edu> (Kevin
	Kammer's message of "Thu, 3 Mar 2011 10:28:09 -0500")
References: <20110303152809.GA33269@imac-6g2p.mgh.harvard.edu>
Message-ID: <8762s0qc8r.fsf@vigenere.g10code.de>

On Thu,  3 Mar 2011 16:28, Lists.gnupg at mephisto.fastmail.net said:
> Is the source code that lives in the OpenPGP card, v2.0, as implemented
> in the Kernel Concepts/Zeitcontrol version, available anywhere for
> review?

No, it is not available.  The smart card OS is - as usual - proprietary.

Achim Pietig wrote the implementation for the commonly used card using a
chips featuring the Zeitcontrol smartcard OS.  There are a few other
vendors using the specification to write their own card.  This is
proprietary.

Only recently Gniibe came up with a free implementation for a micro
controller; the Gnuk token.  I heard that the Crypto Stick 2.0 will have
a free implementation for a real smartcard chip.

> I have looked on their respective websites, as well as g10 code and the

Let me clarify the involvement of my company g10 Code in the OpenPGP
card stuff: I worked with Achim (who never worked for g10 Code) on the
specification for the card.  My goal was to have an easily available
specification for a card we could support in GPG.  Eventually we
implemented that specification.  And of course this host part is free
software.  Having the logo of g10 Code on the card does only mean that
we take care of the host part and helping with the specs - and well some
free advertising.  We would be glad if we could help with a free
implementation.  However, that would take up a lot of time - time we can
only spend as part of a paid project.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From C6618.Bairi at KGOC.com  Thu Mar  3 11:52:03 2011
From: C6618.Bairi at KGOC.com (Bairi, Chandra Shekar)
Date: Thu, 3 Mar 2011 13:52:03 +0300
Subject: Exporting a private Key
Message-ID: <5BA3A6023062584FAA095B3F13065D8901278A00@kgocmx.kgoc.com>

Hi

I have generated the key pair using the command line on Unix machine. I
have a couple of questions here

 

1>     How can I back up the secret key while generating the key pair
from the command line

2>     If I miss taking the back up of the secret key is there a way to
export the secret key. Kindly please give the command.

 

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110303/5d25f1a1/attachment.htm>

From hanno at gentoo.org  Thu Mar  3 18:20:07 2011
From: hanno at gentoo.org (Hanno =?ISO-8859-1?B?QvZjaw==?=)
Date: Thu, 3 Mar 2011 18:20:07 +0100
Subject: Why do we use a different key to sign than to encrypt
In-Reply-To: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
References: <AANLkTim9dr08F+KWXdnsAOyBUaSuSj1NEvD=2a18D3Mh@mail.gmail.com>
Message-ID: <20110303182007.04acb373@laverne>

Am Tue, 1 Mar 2011 13:13:16 +0000
schrieb Guy Halford-Thompson <guy at cach.me>:

> Not GPG specific, but I was wondering if someone could point me in the
> direction of some resources that explain why we use different keys to
> sign and encrypt (for cases where the same key _could_ do both e.g.
> RSA).  I cant seem to pick anything up on google.

This gives a fairly good overview:
http://www.schneier.com/paper-chosen-protocol.html

-- 
Hanno B?ck		mail/jabber: hanno at hboeck.de
GPG: BBB51E42		http://www.hboeck.de/


From mailinglisten at hauke-laging.de  Thu Mar  3 21:24:25 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 3 Mar 2011 21:24:25 +0100
Subject: Exporting a private Key
In-Reply-To: <5BA3A6023062584FAA095B3F13065D8901278A00@kgocmx.kgoc.com>
References: <5BA3A6023062584FAA095B3F13065D8901278A00@kgocmx.kgoc.com>
Message-ID: <201103032124.32970.mailinglisten@hauke-laging.de>

Am Donnerstag 03 M?rz 2011 11:52:03 schrieb Bairi, Chandra Shekar:

> 1>     How can I back up the secret key while generating the key pair
> from the command line

You cannot. Exception: You generate the key on a smartcard. In that case you 
are asked whether you want to make a backup (IIRC). 


> 2>     If I miss taking the back up of the secret key is there a way to
> export the secret key. Kindly please give the command.

For secret keys stored in a keyring:

--export-secret-keys / --export-secret-subkeys

See the documentation.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110303/6a5b67a9/attachment.pgp>

From david at systemoverlord.com  Thu Mar  3 20:44:35 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Thu, 3 Mar 2011 14:44:35 -0500
Subject: OpenPGP Card source
In-Reply-To: <8762s0qc8r.fsf@vigenere.g10code.de>
References: <20110303152809.GA33269@imac-6g2p.mgh.harvard.edu>
	<8762s0qc8r.fsf@vigenere.g10code.de>
Message-ID: <AANLkTimuxTL9zVXhJ+_54ZA34Scf0H9OtaDpqHMZ+ZSj@mail.gmail.com>

I suppose this begs the question -- since the card has access to raw
keys, how confident can we be that no back doors exist in the card?
(I don't think there are, this is more of an academic question.)

David


On Thu, Mar 3, 2011 at 1:40 PM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, ?3 Mar 2011 16:28, Lists.gnupg at mephisto.fastmail.net said:
>> Is the source code that lives in the OpenPGP card, v2.0, as implemented
>> in the Kernel Concepts/Zeitcontrol version, available anywhere for
>> review?
>
> No, it is not available. ?The smart card OS is - as usual - proprietary.
>
> Achim Pietig wrote the implementation for the commonly used card using a
> chips featuring the Zeitcontrol smartcard OS. ?There are a few other
> vendors using the specification to write their own card. ?This is
> proprietary.
>
> Only recently Gniibe came up with a free implementation for a micro
> controller; the Gnuk token. ?I heard that the Crypto Stick 2.0 will have
> a free implementation for a real smartcard chip.
>
>> I have looked on their respective websites, as well as g10 code and the
>
> Let me clarify the involvement of my company g10 Code in the OpenPGP
> card stuff: I worked with Achim (who never worked for g10 Code) on the
> specification for the card. ?My goal was to have an easily available
> specification for a card we could support in GPG. ?Eventually we
> implemented that specification. ?And of course this host part is free
> software. ?Having the logo of g10 Code on the card does only mean that
> we take care of the host part and helping with the specs - and well some
> free advertising. ?We would be glad if we could help with a free
> implementation. ?However, that would take up a lot of time - time we can
> only spend as part of a paid project.
>
>
> Shalom-Salam,
>
> ? Werner
>
> --
> Die Gedanken sind frei. ?Ausnahmen regelt ein Bundesgesetz.




-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


From MichaelQuigley at TheWay.Org  Fri Mar  4 01:52:28 2011
From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org)
Date: Thu, 3 Mar 2011 19:52:28 -0500
Subject: Non-interactive use of gen-key
Message-ID: <OF5DBB0FD9.F5385419-ON85257848.00788696-85257849.0004CE51@TheWay.ORG>

I'm looking to automate key generation for gpg.  I found this link in the 
list archive: 
http://lists.gnupg.org/pipermail/gnupg-users/2007-February/030330.html The 
message suggests using the --batch option and either feeding parameters 
form stdin or from a file.  It also states, "Check out the file DETAILS. 
It should explain everything."  However, I can't find a DETAILS file in 
either the documentation or the uncompressed directory tree.

Does anyone know where to feed parameters from a file is documented or can 
someone explain it to this newbee?

Here's the pertinent part of the old thread:

          .          .          .
>Check out the the file DETAILS.  It should explain everything.  I have
>copied the section below.
>
>
>Shalom-Salam,
>
>   Werner
>
>
>Unattended key generation
>=========================
>This feature allows unattended generation of keys controlled by a
>parameter file.  To use this feature, you use --gen-key together with
>--batch and feed the parameters either from stdin or from a file given
>on the commandline.
>
>The format of this file is as follows:
          .          .          .
          .          .          .

It documents what goes in the file, but not how to specify the file on the 
command line.

Thanks,
Michael Quigley
Computer Services
The Way International
www.TheWay.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110303/e685c8ec/attachment.htm>

From MichaelQuigley at TheWay.Org  Fri Mar  4 02:23:00 2011
From: MichaelQuigley at TheWay.Org (MichaelQuigley at TheWay.Org)
Date: Thu, 3 Mar 2011 20:23:00 -0500
Subject: Non-interactive use of gen-key
Message-ID: <OFDF0B187F.AD4380F4-ON85257849.00075497-85257849.000799F4@TheWay.ORG>

Okay--I was dumb.  When I printed the message below, it printed duplex. 
Between my new glasses, new computer, and trying to learn GPG, I didn't 
see the text at the bottom of the message until after I sent the message 
below.  It simply requires specifying the file after the --gen-key 
command.  Never mind . . . . 

----- Forwarded by Michael Quigley/TheWay on 03/03/2011 08:20 PM -----

Michael Quigley/TheWay wrote on 03/03/2011 07:52:28 PM:

> I'm looking to automate key generation for gpg.  I found this link 
> in the list archive: http://lists.gnupg.org/pipermail/gnupg-
> users/2007-February/030330.html  The message suggests using the --
> batch option and either feeding parameters form stdin or from a 
> file.  It also states, "Check out the file DETAILS.  It should 
> explain everything."  However, I can't find a DETAILS file in either
> the documentation or the uncompressed directory tree.
> 
> Does anyone know where to feed parameters from a file is documented 
> or can someone explain it to this newbee?
> 
> Here's the pertinent part of the old thread:
> 
>           .          .          .
> >Check out the the file DETAILS.  It should explain everything.  I have
> >copied the section below.
> >
> >
> >Shalom-Salam,
> >
> >   Werner
> >
> >
> >Unattended key generation
> >=========================
> >This feature allows unattended generation of keys controlled by a
> >parameter file.  To use this feature, you use --gen-key together with
> >--batch and feed the parameters either from stdin or from a file given
> >on the commandline.
> >
> >The format of this file is as follows:
>           .          .          .
>           .          .          .
> 
> It documents what goes in the file, but not how to specify the file 
> on the command line.
> 
> Thanks,
> Michael Quigley
> Computer Services
> The Way International
> www.TheWay.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110303/e9ec50c7/attachment.htm>

From wk at gnupg.org  Fri Mar  4 09:52:22 2011
From: wk at gnupg.org (Werner Koch)
Date: Fri, 04 Mar 2011 09:52:22 +0100
Subject: OpenPGP Card source
In-Reply-To: <AANLkTimuxTL9zVXhJ+_54ZA34Scf0H9OtaDpqHMZ+ZSj@mail.gmail.com>
	(David Tomaschik's message of "Thu, 3 Mar 2011 14:44:35 -0500")
References: <20110303152809.GA33269@imac-6g2p.mgh.harvard.edu>
	<8762s0qc8r.fsf@vigenere.g10code.de>
	<AANLkTimuxTL9zVXhJ+_54ZA34Scf0H9OtaDpqHMZ+ZSj@mail.gmail.com>
Message-ID: <87sjv3p8s9.fsf@vigenere.g10code.de>

On Thu,  3 Mar 2011 20:44, david at systemoverlord.com said:

> I suppose this begs the question -- since the card has access to raw
> keys, how confident can we be that no back doors exist in the card?

We can't.

However, we can't be confident about our general purpose CPUs either.  A
few hundred gates out of hundred of millions should be enough to peep at
the code and leak key data.  The damage done to the vendors in case such
a backdoor is found might be different to a backdoor found in a security
chip.

In my threat model the most likely attacks are exploitable vulnerability
in standard software.  Creating such exploits is much cheaper and more
stealth than a backdoor in a mass market chip.  A smartcard is a
reasonable protection against such exploits - at least you key will not
be compromised in case the host box has been compromised.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From dkg at fifthhorseman.net  Fri Mar  4 16:24:56 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 04 Mar 2011 10:24:56 -0500
Subject: how to find gnupg's DETAILS [was: Re: Non-interactive use of gen-key]
In-Reply-To: <OF5DBB0FD9.F5385419-ON85257848.00788696-85257849.0004CE51@TheWay.ORG>
References: <OF5DBB0FD9.F5385419-ON85257848.00788696-85257849.0004CE51@TheWay.ORG>
Message-ID: <4D710448.6090906@fifthhorseman.net>

On 03/03/2011 07:52 PM, MichaelQuigley at TheWay.Org wrote:
> I'm looking to automate key generation for gpg.  I found this link in the 
> list archive: 
> http://lists.gnupg.org/pipermail/gnupg-users/2007-February/030330.html The 
> message suggests using the --batch option and either feeding parameters 
> form stdin or from a file.  It also states, "Check out the file DETAILS. 
> It should explain everything."  However, I can't find a DETAILS file in 
> either the documentation or the uncompressed directory tree.

If you're using debian or a debian-derived operating system, DETAILS is
shipped in /usr/share/doc/gnupg/DETAILS.gz

If you download and unpack the source you should be able to find it in
there as doc/DETAILS.

You can also browse the source via gitweb and find it there:


http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110304/59b25145/attachment.pgp>

From misamasek at gmail.com  Fri Mar  4 16:40:37 2011
From: misamasek at gmail.com (Michal Masek)
Date: Fri, 4 Mar 2011 16:40:37 +0100
Subject: Setpref affects only public key
Message-ID: <AANLkTi=wXy3Xz8FdNTL2oDMy5yKQ-uJnmP313nKr2us2@mail.gmail.com>

Hi,

I am using gpg version 1.4.9. I created new key using
gpg --gen-key
with default options. Than I added a second user ID and set its
preferences with setpref and than I saved the changes.

Now if I export the public key into a file using:
gpg --armor --output public.asc --export 051ED47
and list its packets:
gpg --list-packets public.asc
everything is ok, the first user ID has some default preferences and
the second user ID has those preferences I wanted. But if I export the
secret key:
gpg --armor --output secret.asc --export-secret-key 051ED47
and list its packets:
gpg --list-packets secret.asc
then both user IDs have the same default preferences. In other words
the signatures asociated with the second user ID are different for
public and for secret key. This seams to me like a bug. Or am I
missing something?

Thanks,
Michal Masek


From mailravi02 at yahoo.co.in  Sat Mar  5 08:03:07 2011
From: mailravi02 at yahoo.co.in (ravi shankar)
Date: Sat, 5 Mar 2011 12:33:07 +0530 (IST)
Subject: Need help on compiling gnupg 1.4.11 for powerPC (NetBSD 5)
Message-ID: <337506.52918.qm@web137416.mail.in.yahoo.com>

HI,



Regards,
Ravi



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110305/5c38ae93/attachment.htm>

From expires2011 at ymail.com  Sat Mar  5 23:11:27 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 5 Mar 2011 22:11:27 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6F5200.5020405@xs4all.nl>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net> <4D6F5200.5020405@xs4all.nl>
Message-ID: <1433188179.20110305221127@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 3 March 2011 at 8:32:00 AM, in
<mid:4D6F5200.5020405 at xs4all.nl>, Johan Wevers wrote:


> Op 2-3-2011 21:14, Daniel Kahn Gillmor schreef:

>> You'd still need to do the work of changing, say, MUAs
>> to re-think their key-selection criteria to include
>> keys without e-mail addresses (maybe just based on the
>> human-readable part of the To: header?)

> That can be done much easier: upload a version without
> the email address to the keyservers, and store locally
> a version with your (current) email. Then don't sync
> that with the keyservers of course.

I do that already. But what about anybody else whose MUA requires an
email address in the key UID to locate my key?


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

No man ever listened himself out of a job
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNcrUUnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pk9UEALzv
z2PBP2uLAd2ZPky6REU2Lcj6d5D3EpKZR+Dsqxa2rEO32RhUGvl2kczfWVs8rHWE
F5l8OzVkoKrZfeVP+ud6ayH7hlQmGA1Zvpds5h9T/+kMCXfriJGDBkelwojwxJ5z
tPlRLJJgJdDBOZg+RMwV42bW197QH6LyDpA0NDYg
=c3uY
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar  5 23:15:24 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 5 Mar 2011 22:15:24 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6F5314.1070904@xs4all.nl>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
Message-ID: <1049765826.20110305221524@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 3 March 2011 at 8:36:36 AM, in
<mid:4D6F5314.1070904 at xs4all.nl>, Johan Wevers wrote:


> Op 3-3-2011 1:21, MFPA schreef:

>> Something that would not be necessary if the
>> underlying openPGP implementations could handle hashed
>> user IDs.

> Isn't it much easier to use the key ID / signature for
> that? You already have that.

I don't understand.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Success isn't how far you got, but the distance you travelled from where you started
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNcrYBnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pr3ED/RQb
yNmn7SVKQojUvWRFZoKvI0Jt6AJC6MFovc3vNPMJKqsCfF+mYgGxsHL2t8oPaKkb
O8asryh2EmUlFpJfHnqQD1bYQCgIdXWmTjSk5C5Sk7nwt6xZr7W2UW+ex8sHTsN3
+aidIIku/4dlwar8XB6GUMiOvQ9JGDJJCFQmniDK
=rNlT
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar  5 22:29:22 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 5 Mar 2011 21:29:22 +0000
Subject: No subject
Message-ID: <1319917472.20110305212922@my_localhost>

Hi 






-- 
Best regards

MFPA                    mailto:expires2011 at ymail.com

Never interrupt me when I'm trying to interrupt you.



From expires2011 at ymail.com  Sun Mar  6 12:57:02 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 6 Mar 2011 11:57:02 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6F5195.2090903@vulcan.xs4all.nl>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6F5195.2090903@vulcan.xs4all.nl>
Message-ID: <45205483.20110306115702@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 3 March 2011 at 8:30:13 AM, in
<mid:4D6F5195.2090903 at vulcan.xs4all.nl>, Johan Wevers wrote:


> Op 2-3-2011 20:25, MFPA schreef:

>> It is also much easier to create new email addresses
>> than it is to change phone numbers. And more practical
>> to have multiple or short-life email addresses than is
>> the case with phone numbers.

> Not really, here I can get a new (mobile) phone number
> by buying a prepaid simcard

Certainly that is true of mobile numbers, and thank you for pointing
it out. I should have specified I was referring to landline numbers
but since mobile numbers (in the UK) are not usually listed in the
telephone directory, it didn't occur to me.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

If you are afraid to speak against tyranny, then you are already a slave.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNc3bHnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p2HMEAJWZ
kTOluPqlFsDbClyRPV7U2gnCzKzvBXd3wpLkMSn88Guz3R/6nqcN3VGRs6/VsWAE
LnefHIny48V4C9Dt1ltE736xoNCJERbimyRHzI2h1Pzdgt+RQ/8fQAKgsSbS6eXt
/LG0pmn6Pa5tTUp0Vdb32lzP8zwqant6WmmIVgiJ
=2tJq
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sun Mar  6 14:12:11 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 6 Mar 2011 13:12:11 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D6EE1D7.2050707@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA846.4080402@sixdemonbag.org>
	<18210146283.20110302233437@my_localhost>
	<4D6EE1D7.2050707@sixdemonbag.org>
Message-ID: <156923250.20110306131211@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 3 March 2011 at 12:33:27 AM, in
<mid:4D6EE1D7.2050707 at sixdemonbag.org>, Robert J. Hansen wrote:


> It's not a tangent at all, and for almost the exact
> reason you cite. You would say "it can easily be done."
> I would say, "it can easily be enforced."  I'm not
> seeing an effective enforcement mechanism here. Without
> that, I don't see how it can easily be done.

What would need to be enforced? If a user chose to use hashes when
creating their user-IDs, then all by themself without the need for any
enforcement mechanism they have obscured the data; somebody already in
possession of the data can compare hashes but somebody inspecting the
user-IDs cannot extract the information that is obscured.



> Basically what you're saying is, "I don't want other
> people to be able to publicly share data that I feel
> personally identifies me."  That's a perfectly
> understandable want, but you can't make data
> uncopyable. Digital information may be easily and near
> costlessly copied and shared: that's just its essential
> nature.

Precisely the point of using hashes in user-IDs: all that would be
available to copy and share is a hash of the data.



>> 3.      I have email addresses that you don't know.
>> These email addresses are readable from my key's user
>> IDs.         It is trivial for you to obtain these
>> email addresses.

>> 4.      I have email addresses that you don't know.
>> These email addresses are not readable from my key's
>> user IDs.         It is harder for you to obtain these
>> email addresses.

> I don't believe 4 is the case at all.  In this era of
> Facebook, Twitter, social media and people profligately
> sharing information, well... this seems a lot like
> locking up the barn after the cattle have run off.

Even if you consider the search to be trivial, it is still harder than
not needing to search. I deliberately used the comparative. Now I'm
just being a pedant. (-:



> You're begging the question: how does it get made
> ex-directory?  In the case of a telephone, it's because
> you have a single point of authority who will enforce
> your wishes.  In the case of the certificate servers,
> how does it get done?

> I'm not saying it shouldn't get done or that I wouldn't
> like it if it were done.  I'm only saying that, at
> present, it doesn't appear it *can* be done.


The user already has complete control over what string to use as their
user-ID.

There is nothing stopping anybody from publishing a key with
user-IDs such as

"b735ed0655b5a9017bc102f6b1799aa9959a3251
(55fbb2c0169d568bbd2ced25e1f47737e7ef3a34)
<529ed52d3ec1186584ec75109e732f9b9da3f12d>"

but there is no point without a mechanism for other users to
select that key from an email address (or a name).

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Lotto: A tax on people who are bad at statistics!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNc4gwnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pgdgEALob
6wWg/GGyae8cHa9nl4eExBGTONpi+r+BITD735NZLm2FREVHvFisc7An7Ti9jLbU
lurAycbCQ5BXeR+V+b5UgxBVK5AOLa69nwAxL7eoESyZ+Lnzq4fuMNUnFd2vmEth
iI1QBknRG3qiiY3vnucpCgTI+Dy7VILR0ceREbgb
=Jimz
-----END PGP SIGNATURE-----



From christoph.rachinger at ce.stud.uni-erlangen.de  Mon Mar  7 13:23:27 2011
From: christoph.rachinger at ce.stud.uni-erlangen.de (Christoph Rachinger)
Date: Mon, 7 Mar 2011 13:23:27 +0100
Subject: Byteformat of a RSA signature
Message-ID: <21095fdec02ddabe89ba68025986f26b.squirrel@faumail.uni-erlangen.de>

Hi everyone,

this question is probably rather simply to those involved in developing
GPG, maybe some of the user users know the answer as well:
I'm trying to write a program for reading signatures of binary files. For
this, I make use of GPG's SHA1 and RSA implementations (and the MPI
implementation to be able to calculate them). But my problem is the
following: To check whether a file's signature is valid or nor I have to
read the current detached signature into an MPI. But I do not know when
the actual MPI starts, i.e. where I have to start reading with
mpi_data_from_buffer. So I hope anyone can tell me the format of the RSA
signature or just tell me the offset, where I need to start reading the
MPI.
I'm currently using GPG 1.4.11

Thank you
Chris




From wk at gnupg.org  Mon Mar  7 14:56:14 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 07 Mar 2011 14:56:14 +0100
Subject: Byteformat of a RSA signature
In-Reply-To: <21095fdec02ddabe89ba68025986f26b.squirrel@faumail.uni-erlangen.de>
	(Christoph Rachinger's message of "Mon, 7 Mar 2011 13:23:27 +0100")
References: <21095fdec02ddabe89ba68025986f26b.squirrel@faumail.uni-erlangen.de>
Message-ID: <87r5ajnif5.fsf@vigenere.g10code.de>

On Mon,  7 Mar 2011 13:23, christoph.rachinger at ce.stud.uni-erlangen.de
said:

> mpi_data_from_buffer. So I hope anyone can tell me the format of the RSA
> signature or just tell me the offset, where I need to start reading the
> MPI.

There is no fixed offset; you need to parse OpenPGP packets.  This is
all described in RFC-4880.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From shavital at mac.com  Mon Mar  7 22:03:01 2011
From: shavital at mac.com (Charly Avital)
Date: Mon, 07 Mar 2011 16:03:01 -0500
Subject: "This key may be unsafe"
In-Reply-To: <316.4471@winter.webconquest.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com> <316.4471@winter.webconquest.com>
Message-ID: <4D754805.5050109@mac.com>

GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
for *any* key with a length equal or inferior to 1024 bits.

GPG Keychain Access 0.8.4 is a GUI for key management for Mac users.
<http://www.gpgtools.org/keychain.html>

A Google search with key sentence "This key maybe unsafe" between
inverted commas, to limit the search to the whole sentence, displays
hits that relate directly or indirectly (Twitter) only to GPGTools' lists.

I am cross-posting to gnupg-users to try and get more feedback about
this issue:
Are keys whose length is equal or inferior to 1024 bits *unsafe*?
If so, how are they unsafe?
Where is this key length unsafe situation documented?

As a personal example, my primary key A57A8EFA is a DSA "old" 1024 bit
key, but its encryption subkey is 2048 bit long, and I use a sign-only
2048 bit long RSA subkey. I also get that red warning with GPG Keychain
Access 0.8.4

TIA.
Charly







From shavital at mac.com  Mon Mar  7 22:41:34 2011
From: shavital at mac.com (Charly Avital)
Date: Mon, 07 Mar 2011 16:41:34 -0500
Subject: "This key may be unsafe" - Redux
In-Reply-To: <316.4471@winter.webconquest.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com> <316.4471@winter.webconquest.com>
Message-ID: <4D75510E.5040803@mac.com>

> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
> for *any* key with a length equal or inferior to 1024 bits.
[...]

> 
> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
> If so, how are they unsafe?
> Where is this key length unsafe situation documented?

I am not aware of any GnuPG command in Terminal that would display or
warn about this situation. Is there any, or should there be any?


[...]

TIA.
Charly







From david at systemoverlord.com  Mon Mar  7 23:08:01 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 7 Mar 2011 17:08:01 -0500
Subject: "This key may be unsafe" - Redux
In-Reply-To: <4D75510E.5040803@mac.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com> <316.4471@winter.webconquest.com>
	<4D75510E.5040803@mac.com>
Message-ID: <AANLkTikJO5mdJFeOQcVWFowpwHOs1zDkzX3-kHP2Yh4z@mail.gmail.com>

This key length concern is highly dependent on the threat model.  I
believe RSA-1024 is likely safe TODAY for MOST attacks.  That being
said, I could not, in good conscience, suggest that anyone generate a
1024 bit key today -- the lifetime on that is probably too short, and
almost any device (including most mobile devices that can handle some
form of OpenPGP) should be able to handle at least 2048 bit without
much trouble.  Section 5.6 of NIST Publiction 800-57
(http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf)
is the best guidance I use for key length selection.  NIST recommended
that use of 1024 bit RSA-type (IFC) keys be discontinued in 2010.
2048 is recommended through 2030.  I use a 4k master key
(certification only) and 3k keys for encrypt and sign.  Yes, this is
perhaps a bit paranoid, but I have yet to run into any device where I
feel the delay is unacceptable (my android phone included).

I don't believe that GPG alerts on key lengths at all, but it does
have suggested lengths at key generation time.

David


On Mon, Mar 7, 2011 at 4:41 PM, Charly Avital <shavital at mac.com> wrote:
>> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
>> for *any* key with a length equal or inferior to 1024 bits.
> [...]
>
>>
>> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
>> If so, how are they unsafe?
>> Where is this key length unsafe situation documented?
>
> I am not aware of any GnuPG command in Terminal that would display or
> warn about this situation. Is there any, or should there be any?
>
>
> [...]
>
> TIA.
> Charly
>
>
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


From rjh at sixdemonbag.org  Mon Mar  7 23:32:47 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 07 Mar 2011 17:32:47 -0500
Subject: "This key may be unsafe"
In-Reply-To: <4D754805.5050109@mac.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>	<315.CE2@winter.webconquest.com>
	<316.4471@winter.webconquest.com> <4D754805.5050109@mac.com>
Message-ID: <4D755D0F.8020908@sixdemonbag.org>

On 3/7/11 4:03 PM, Charly Avital wrote:
> Are keys whose length is equal or inferior to 1024 bits *unsafe*?

A 1024-bit key is believed to be roughly comparable to an 80-bit
symmetric key.  I am comfortable saying this is a reasonable level of
security for the next few years for people who are not worried about
being targeted by people who can afford to drop a few million dollars on
cryptanalysis.

It is not a wise choice for long-term security, but I am not comfortable
calling it "unsafe" for most users.



From kgo at grant-olson.net  Tue Mar  8 00:20:34 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 07 Mar 2011 18:20:34 -0500
Subject: "This key may be unsafe"
In-Reply-To: <4D755D0F.8020908@sixdemonbag.org>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>	<315.CE2@winter.webconquest.com>	<316.4471@winter.webconquest.com>
	<4D754805.5050109@mac.com> <4D755D0F.8020908@sixdemonbag.org>
Message-ID: <4D756842.9060405@grant-olson.net>

On 3/7/11 5:32 PM, Robert J. Hansen wrote:
> On 3/7/11 4:03 PM, Charly Avital wrote:
>> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
> 
> A 1024-bit key is believed to be roughly comparable to an 80-bit
> symmetric key.  I am comfortable saying this is a reasonable level of
> security for the next few years for people who are not worried about
> being targeted by people who can afford to drop a few million dollars on
> cryptanalysis.
> 
> It is not a wise choice for long-term security, but I am not comfortable
> calling it "unsafe" for most users.
> 
> 

Here's a case where the difference between < and <= is HUGE.

gnupg 1.4 only switched the defaults from 1024 DSA/ElGamal to 2048
RSA/RSA in 1.4.10, which isn't even two years old.  I still see plenty
of boxes in the wild that only have 1.4.9, and not just those ones that
are old and creaky and people are afraid to reboot for fear of an actual
hardware failure.

Like you said, I would avoid creating one that size now, but even just a
year-and-a-half ago, your mantra of "use the defaults unless you know
what you're doing" would have resulted in 1024 bit keys for most users.

Meanwhile, warning about keys < 1024 bit would be a little more
practical, at least until ECC hits the standard.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110307/a79440ef/attachment.pgp>

From noloader at gmail.com  Tue Mar  8 00:30:02 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Mon, 7 Mar 2011 18:30:02 -0500
Subject: "This key may be unsafe"
In-Reply-To: <4D754805.5050109@mac.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com> <316.4471@winter.webconquest.com>
	<4D754805.5050109@mac.com>
Message-ID: <AANLkTimup_jg2f93+5MMNHxK1OdBg15d5OaiLuhZ5_0g@mail.gmail.com>

On Mon, Mar 7, 2011 at 4:03 PM, Charly Avital <shavital at mac.com> wrote:
> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
> for *any* key with a length equal or inferior to 1024 bits.
>
> GPG Keychain Access 0.8.4 is a GUI for key management for Mac users.
> <http://www.gpgtools.org/keychain.html>
>
> A Google search with key sentence "This key maybe unsafe" between
> inverted commas, to limit the search to the whole sentence, displays
> hits that relate directly or indirectly (Twitter) only to GPGTools' lists.
Search for Security Levels and then take a look at NIST SP 800-57
(Table 2, Comparable Strengths), SP 800-131, or ECRYPT2's "Yearly
Report on Algorithms and Keysizes"

> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
It depends on whom you ask. NIST say yes under most situations, others
say no. Lenstra, et al feel 1024 RSA/P-160 ECC will hold until 2020
with an acceptable amount of risk. See "On the Security of 1024-bit
RSA and 160-bit Elliptic Curve Cryptography"

> If so, how are they unsafe?
The bad guy can recover your secrets because the "work" to break the
key is too easy.

> Where is this key length unsafe situation documented?
See above.

> As a personal example, my primary key A57A8EFA is a DSA "old" 1024 bit
> key, but its encryption subkey is 2048 bit long, and I use a sign-only
> 2048 bit long RSA subkey. I also get that red warning with GPG Keychain
> Access 0.8.4
A 1024 bit key has a security level of about 80 bits. The 2048 bit key
holds about 112 bits of security.

The bad guy has two choices: break the 1024 signing key (80 bits of
security), or allow you to send an ephemeral key comparable to a 2048
bit modulu (112 bits of security) and break the 2048 ephemeral key. He
either attacks the 1024 bit key, or the 2048 bit key. He choice is
simple: break your signing key (1024 bits), then step in the middle
and sign an ephemeral key of his choosing (pretending to be you).

As a side note, most SSL certificates I have looked at mismatch
security levels also. GeoTrust just issued me two certificates signed
with SHA-1. Yet my keys were RSA 2048/SHA-224. The bad guy should
attack GeoTrust's weaker signature rather than my authentication keys
:(

Jeff


From jeandavid8 at verizon.net  Tue Mar  8 04:09:11 2011
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Mon, 07 Mar 2011 22:09:11 -0500
Subject: "This key may be unsafe"
In-Reply-To: <4D756842.9060405@grant-olson.net>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com>	<316.4471@winter.webconquest.com>
	<4D754805.5050109@mac.com> <4D755D0F.8020908@sixdemonbag.org>
	<4D756842.9060405@grant-olson.net>
Message-ID: <4D759DD7.7040205@verizon.net>

Grant Olson wrote:

> Here's a case where the difference between < and <= is HUGE.
> 
> gnupg 1.4 only switched the defaults from 1024 DSA/ElGamal to 2048
> RSA/RSA in 1.4.10, which isn't even two years old.  I still see plenty
> of boxes in the wild that only have 1.4.9, and not just those ones that
> are old and creaky and people are afraid to reboot for fear of an actual
> hardware failure.
> 
> Like you said, I would avoid creating one that size now, but even just a
> year-and-a-half ago, your mantra of "use the defaults unless you know
> what you're doing" would have resulted in 1024 bit keys for most users.
> 
> Meanwhile, warning about keys < 1024 bit would be a little more
> practical, at least until ECC hits the standard.
> 
I run Red Hat Enterprise Linux 5.6 (the latest of the RHEL5 series) and
they are only up to gnupg-1.4.5-14.el5_5.1, They will probably not move
up until RHEL 6 (that I believe has just recently come out). It looks as
though that one is: gnupg2-2.0.14-4.el6.i686  (for my 32-bit machines);
unless I am confused.

-- 
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 21:50:01 up 4 days, 6:51, 3 users, load average: 4.73, 4.72, 4.92


From ben at adversary.org  Tue Mar  8 04:44:39 2011
From: ben at adversary.org (Ben McGinnes)
Date: Tue, 08 Mar 2011 14:44:39 +1100
Subject: "This key may be unsafe"
In-Reply-To: <4D759DD7.7040205@verizon.net>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>	<315.CE2@winter.webconquest.com>	<316.4471@winter.webconquest.com>	<4D754805.5050109@mac.com>
	<4D755D0F.8020908@sixdemonbag.org>	<4D756842.9060405@grant-olson.net>
	<4D759DD7.7040205@verizon.net>
Message-ID: <4D75A627.8010809@adversary.org>

On 8/03/11 2:09 PM, Jean-David Beyer wrote:
> 
> I run Red Hat Enterprise Linux 5.6 (the latest of the RHEL5 series)
> and they are only up to gnupg-1.4.5-14.el5_5.1, They will probably
> not move up until RHEL 6 (that I believe has just recently come
> out).

It has, a couple of months ago.

> It looks as though that one is: gnupg2-2.0.14-4.el6.i686 (for my
> 32-bit machines); unless I am confused.

I would recommend compiling GnuPG 1.4.11 in in /usr/local/src or
/opt/local/src (the latter will require specifying the prefix and
eprefix flags).  I've done this on a CentOS 5.5 system, so I know it
will work for you.  There's no problem with installing this and
leaving the default package in place, just remember that
/usr/local/bin/gpg (or /opt/local/bin/gpg) will be different from
/usr/bin/gpg.


Regards,
Ben


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110308/3eb13a84/attachment.pgp>

From shavital at mac.com  Tue Mar  8 07:58:55 2011
From: shavital at mac.com (Charly Avital)
Date: Tue, 08 Mar 2011 01:58:55 -0500
Subject: "This key may be unsafe"
In-Reply-To: <4D75A627.8010809@adversary.org>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com> <316.4471@winter.webconquest.com>
	<4D754805.5050109@mac.com> <4D755D0F.8020908@sixdemonbag.org>
	<4D756842.9060405@grant-olson.net> <4D759DD7.7040205@verizon.net>
	<4D75A627.8010809@adversary.org>
Message-ID: <4D75D3AF.4050105@mac.com>

Hi,

thanks to all who answered, explained and referred.

As far as I am concerned, I am satisfied, documented, and again, grateful.

Charly




From alex at willner.ws  Mon Mar  7 23:50:13 2011
From: alex at willner.ws (Alexander Willner)
Date: Mon, 7 Mar 2011 23:50:13 +0100
Subject: [gpgtools-users] "This key may be unsafe"
In-Reply-To: <4D754805.5050109@mac.com>
References: <05F7AF4E-7B94-4E23-A0AA-24CDE23A1485@mac.com>
	<315.CE2@winter.webconquest.com>
	<316.4471@winter.webconquest.com> <4D754805.5050109@mac.com>
Message-ID: <D80384CD-0250-490A-9E2A-D21205CF5886@willner.ws>

Hi,

in this context: http://www.keylength.com/en/compare/

Best regards, Alex


On 07.03.2011, at 22:03, Charly Avital wrote:

> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe'
> for *any* key with a length equal or inferior to 1024 bits.
> 
> GPG Keychain Access 0.8.4 is a GUI for key management for Mac users.
> <http://www.gpgtools.org/keychain.html>
> 
> A Google search with key sentence "This key maybe unsafe" between
> inverted commas, to limit the search to the whole sentence, displays
> hits that relate directly or indirectly (Twitter) only to GPGTools' lists.
> 
> I am cross-posting to gnupg-users to try and get more feedback about
> this issue:
> Are keys whose length is equal or inferior to 1024 bits *unsafe*?
> If so, how are they unsafe?
> Where is this key length unsafe situation documented?
> 
> As a personal example, my primary key A57A8EFA is a DSA "old" 1024 bit
> key, but its encryption subkey is 2048 bit long, and I use a sign-only
> 2048 bit long RSA subkey. I also get that red warning with GPG Keychain
> Access 0.8.4
> 
> TIA.
> Charly
> 
> 
> 
> 
> 
> _______________________________________________
> gpgtools-users mailing list
> gpgtools-users at lists.gpgtools.org
> FAQ: http://www.gpgtools.org/faq.html
> Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
> Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/alex at willner.ws?unsub=Unsubscribe&unsubconfirm=1
> 
> This email sent to: alex at willner.ws

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3769 bytes
Desc: not available
URL: </pipermail/attachments/20110307/5c70beca/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 243 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110307/5c70beca/attachment-0001.pgp>

From wk at gnupg.org  Tue Mar  8 14:16:04 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 08 Mar 2011 14:16:04 +0100
Subject: GnuPG 2.1 beta 2 released
Message-ID: <87hbbdoiqz.fsf@vigenere.g10code.de>

Hello!
    
We just released the second *beta version* of GnuPG 2.1.  It has been
released to give you the opportunity to check out the new features.

It is marked as a beta versions and the plan is to release a couple more
betas in the next months before we can declare 2.1.0 stable enough for
general use.  In any case the 2.1 series won't replace the 2.0 series.
If you need stable and fully maintained version of GnuPG, you should in
general use 2.0.x or even 1.4.x.  Eventually we will release 2.2 as the
new stable version but that may take some time.

Noteworthy changes in version 2.1.0beta2 (2011-03-08)
-----------------------------------------------------

 * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt.

 * New GPGSM feature to create certificates from a parameter file.
   Add prompt to the --gen-key UI to create self-signed certificates.

 * Dirmngr has taken over the function of the keyserver helpers.  Thus
   we now have a specified direct interface to keyservers via Dirmngr.
   LDAP, DNS and mail backends are not yet implemented.

 * TMPDIR is now also honored when creating a socket using
   --no-standard-socket and with symcryptrun's temp files.

 * Fixed a bug where SCdaemon sends a signal to Gpg-agent running in
   non-daemon mode.

 * Print "AES128" instead of "AES".  This change introduces a little
   incompatibility for tools using "gpg --list-config".  We hope that
   these tools are written robust enough to accept this new algorithm
   name as well.

 * Fixed CRL loading under W32 (bug#1010).

 * Fixed TTY management for pinentries and session variable update
   problem.


Noteworthy changes already found in beta1:

 * GPG does not anymore use secring.gpg but delegates all secret key
   operations to gpg-agent.  The import command moves secret keys to
   the agent.

 * The OpenPGP import command is now able to merge secret keys.

 * The G13 tool for disk encryption key management has been added.

 * If the agent's --use-standard-socket option is active, all tools
   try to start and daemonize the agent on the fly.  In the past this
   was only supported on W32; on non-W32 systems the new configure
   option --disable-standard-socket may now be used to disable this
   new default.

 * Dirmngr is now a part of this package.  Dirmngr is now also
   expected to run as a system service and the configuration
   directories are changed to the GnuPG name space.

 * Removed GPG options:
    --export-options: export-secret-subkey-passwd
    --simple-sk-checksum

 * New GPG options:
    --try-secret-key

 * Support DNS lookups for SRV, PKA and CERT on W32.

 * The default for --include-cert is now to include all certificates
   in the chain except for the root certificate.

 * Numerical values may now be used as an alternative to the
   debug-level keywords.

 * New GPGSM option --ignore-cert-extension.

 * Support for Windows CE.

 * Given sufficient permissions Dirmngr is started automagically.

 * Bug fixes.


Migration from 1.4 or 2.0
=========================

The major change in 2.1 is that gpg-agent now takes care of the
OpenPGP secret keys (those managed by GPG).  The former secring.gpg
will not be used anymore.  Newly generated keys are generated and
stored in the agent's key store (~/.gnupg/private-keys-v1.d/).  To
migrate your existing keys to the agent you should run this command

  gpg2 --import ~/.gnupg/secring.gpg

The agent will you ask for the passphrase of each key.  You may use
the Cancel button of the Pinentry to skip importing this key.  If you
want to stop the import process and you use one of the latest
pinentries, you should close the pinentry window instead of hitting
the cancel button.  Secret keys already imported are skipped by the
import command.  It is advisable to keep the secring.gpg for use with
older versions of GPG.

Note that gpg-agent now uses a fixed socket by default.  All tools
will start the gpg-agent as needed.  In general there is no more need
to set the GPG_AGENT_INFO environment variable.  The SSH_AUTH_SOCK
environment variable should be set to a fixed value.

GPG's smartcard commands --card-edit and --card-status as well as the
card related sub-commands of --edit-key are not yet supported.
However, signing and decryption with a smartcard does work.

The Dirmngr is now part of GnuPG proper.  Thus there is no more need
to install the separate dirmngr package.  The directroy layout of
Dirmngr changed to make use of the GnuPG directories; for example you
use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs.  Dirmngr
needs to be started as a system daemon.


Getting the Software
====================

GnuPG 2.1 is available at

 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0beta2.tar.bz2
 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0beta2.tar.bz2.sig

and soon on all mirrors <http://www.gnupg.org/mirrors.html>.

Note that libgcrypt 1.5.0 is now required; it is available at

 ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.5.0-beta1.tar.bz2


Checking the Integrity
======================

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * You are expected to have a trusted version of GnuPG installed, thus
   you may simply check the supplied signature.  For example to check
   the signature of the file gnupg-2.1.0beta2.tar.bz2 you would use this
   command:

     gpg --verify gnupg-2.1.0beta2.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.  Note, that you can retrieve the signing key using the command

     finger wk ,at' g10code.com

   or using a key server like

     gpg --recv-key 4F25E3B6

   The distribution key 4F25E3B6 is signed by the well known key
   5B0358A2.  If you get an key expired message, you should retrieve a
   fresh copy as the expiration date might have been prolonged.

   NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
   INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!


Internationalization
====================

This version comes only with support for English and German.  More
languages will be added for the real release.


Documentation
=============

We are currently working on an installation guide to explain in more
detail how to configure the new features.  As of now the chapters on
gpg-agent and gpgsm include brief information on how to set up the
whole thing.  Please watch the GnuPG website for updates of the
documentation.  In the meantime you may search the GnuPG mailing list
archives or ask on the gnupg-users mailing lists for advise on how to
solve problems.  Many of the new features are around for several years
and thus enough public knowledge is already available.


Future Plans
============

Some tasks we would like to do before a 2.1 release:

* Replace the pubring.gpg public key store with the keybox format.

* Re-enable importing keys to a smartcard

* Re-enable LDAP, kDNS and mail keyserver methods


Support
=======

Improving GnuPG is costly, but you can help!  We are looking for
organizations that find GnuPG useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or by donating
money.

Commercial support contracts for GnuPG are available, and they help
finance continued maintenance.  g10 Code GmbH, a Duesseldorf based
company owned and headed by GnuPG's principal author, is currently
funding GnuPG development.  We are always looking for interesting
development projects.

A service directory is available at:

  http://www.gnupg.org/service.html


Thanks
======

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word or answering questions on the mailing
lists.  


Happy Hacking,

  The GnuPG Team



-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From christoph.rachinger at ce.stud.uni-erlangen.de  Tue Mar  8 14:53:05 2011
From: christoph.rachinger at ce.stud.uni-erlangen.de (Christoph Rachinger)
Date: Tue, 8 Mar 2011 14:53:05 +0100
Subject: Signature Verification using GPG
Message-ID: <1dca6a56f8cd6bcd7de011b9e672a63a.squirrel@faumail.uni-erlangen.de>

Hello everyone,

I hope that this is the right place for my question - if not please
forgive me. Anyway, any form of help will is appreciated.

I'm currently trying to write a kernel module that checks digital
signatures of binaries. For the cryptographic part I'm using the
sourcecode of GPG 1.4.11 (the SHA1 computation, the RSA verifcation and
the MPI part) - I think I made everything correctly, but that it would
work...

Some Infos:
For the sake of simplicity we can assume that the keys are correctly
initalized and both the hash that was signed as well as the signature
itself (i.e. the whole packet as specified by RFC 4880) was read
correctly.
Now I compute the new hash over the old hash plus the trailer (parts of
the packet body plus some 6-byte information), convert this new hash as
well as the original signature to an MPI and call rsa_verify().
But it just won't work.

And finally my code, I left out all error handling to keep it compact - so
it should be pretty self-explanatory, but I'll answer every question if
somethings unclear ofcouse:
http://pastebin.com/gs99VdmF



Again, it would be great if someone could help me.
If this was the wrong place to ask, please tell me also (maybe with a hint
where to ask instead :))

Regards,
Chris






From wk at gnupg.org  Tue Mar  8 17:08:05 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 08 Mar 2011 17:08:05 +0100
Subject: Signature Verification using GPG
In-Reply-To: <1dca6a56f8cd6bcd7de011b9e672a63a.squirrel@faumail.uni-erlangen.de>
	(Christoph Rachinger's message of "Tue, 8 Mar 2011 14:53:05 +0100")
References: <1dca6a56f8cd6bcd7de011b9e672a63a.squirrel@faumail.uni-erlangen.de>
Message-ID: <87d3m1oasa.fsf@vigenere.g10code.de>

On Tue,  8 Mar 2011 14:53, christoph.rachinger at ce.stud.uni-erlangen.de
said:

> I'm currently trying to write a kernel module that checks digital
> signatures of binaries. For the cryptographic part I'm using the
> sourcecode of GPG 1.4.11 (the SHA1 computation, the RSA verifcation and

FWIW:  You might be interested in 

  ftp://ftp.g10code.com/people/werner/crypto/sfsv-0.5.0.tar.gz

which is a implementation of OpenPGP signature verification for ELF
object.  It is DSA only but may it may be of help to get your code
working.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From bernhard.kleine at gmx.net  Wed Mar  9 07:52:12 2011
From: bernhard.kleine at gmx.net (Bernhard Kleine)
Date: Wed, 09 Mar 2011 07:52:12 +0100
Subject: signed messages take an eternity to be formatted by evolution
Message-ID: <1299653532.3067.8.camel@bkamd2000>

Hi everybody,

I am using ubuntu 10.10, gpg and evolution. And I am reading this
mailing list for quite some time. Lately to read this list is a pain
since many keys are no longer found on the key server(s) I have entered
into the keyserver list and for any mail thus signed with an unknown key
I have to wait till the keyservers time limit is reached. 

When a message's key is not found I get the following: message signed,
but the public key is required. a click on the symbol reveals:

gpg: ASCII-H?lle: Version: GnuPG v2.0.18-gitcb2f55e (GNU/Linux)
gpg: ASCII-H?lle: Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
gpg: Signatur am Di 01 M?r 2011 03:20:12 CET mit RSA Schl?ssel, ID
A18A54D6, erfolgt
gpg: Schl?ssel A18A54D6 von hkp Server wwwkeys.eu.pgp.net anfordern
gpg: Schl?sselserver hat das Zeitlimit ?berschritten
gpg: Unterschrift kann nicht gepr?ft werden: ?ffentlicher Schl?ssel
nicht gefunden

i.e. last three lines:
get the key from the key server
time limit of the key server reached
signature can not be tested, no public key found

I would be very gratefull if someone could point me to a remedy of this
situation.

Greetings from the Black Forest

Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110309/ad0d4421/attachment.pgp>

From ben at adversary.org  Wed Mar  9 09:12:24 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 09 Mar 2011 19:12:24 +1100
Subject: signed messages take an eternity to be formatted by evolution
In-Reply-To: <1299653532.3067.8.camel@bkamd2000>
References: <1299653532.3067.8.camel@bkamd2000>
Message-ID: <4D773668.8020107@adversary.org>

On 9/03/11 5:52 PM, Bernhard Kleine wrote:
> Hi everybody,
> 
> I am using ubuntu 10.10, gpg and evolution. And I am reading this
> mailing list for quite some time. Lately to read this list is a pain
> since many keys are no longer found on the key server(s) I have entered
> into the keyserver list and for any mail thus signed with an unknown key
> I have to wait till the keyservers time limit is reached. 

Have you tried using an alternate keyserver?  Perhaps
pool.sks-keyservers.net would be better.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110309/49406669/attachment.pgp>

From johanw at xs4all.nl  Tue Mar  8 16:44:36 2011
From: johanw at xs4all.nl (Johan Wevers)
Date: Tue, 8 Mar 2011 16:44:36 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1049765826.20110305221524@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net> <4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost> <4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
Message-ID: <c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>

MFPA schreef:

>>> Something that would not be necessary if the
>>> underlying openPGP implementations could handle hashed
>>> user IDs.
>
>> Isn't it much easier to use the key ID / signature for
>> that? You already have that.
>
> I don't understand.

Use the keyID / signature as the hashed user ID, since it (should)
uniquely identify the key. Since a hash is one way you can't derive the
email address from it anyway, from the keyID you also can't (directly)
deduce the email address.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
Public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




From ben at adversary.org  Wed Mar  9 14:11:16 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 00:11:16 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
Message-ID: <4D777C74.8010901@adversary.org>

On 9/03/11 2:44 AM, Johan Wevers wrote:
> MFPA schreef:
> 
>>>> Something that would not be necessary if the
>>>> underlying openPGP implementations could handle hashed
>>>> user IDs.
>>
>>> Isn't it much easier to use the key ID / signature for
>>> that? You already have that.
>>
>> I don't understand.
> 
> Use the keyID / signature as the hashed user ID, since it (should)
> uniquely identify the key. Since a hash is one way you can't derive
> the email address from it anyway, from the keyID you also can't
> (directly) deduce the email address.

Ah, but the keyID can already be used to locate a key, that's not what
MFPA is getting at.  What he wants is a function built into GPG and
the keyservers, possibly via some kind of proxy tool, to do this:

* User generates a key, when prompted for a name enters "Joe Citizen"
  and when prompted for an email address enters "joe at example.net"

* GPG or interface for it takes those strings and generates a hash
  (let's use SHA256 for this example) so the UID for the key appears
  to be:
  "7b7581fe6670a6a4a29b2fd46eaf5ac34a6a86d134fe8931729e66970b707349
  <466ffe71badce782db1808ee80bd01dabf0d95e4a3b8ccbbe5fcdc68b86c2bb9>"

* Anyone trawling through keys on a public server or downloading
  random keys cannot see who owns that key or what their email address
  is, but anyone who knows Joe or his email address can search the
  keyservers for that data because the hash can be calculated from the
  data they do have (e.g. joe at example.net) and search for the key with
  the matching hash.

This would allow someone to use a single key for multiple identities
or pseudonyms, without the information about those identities being
learned by different groups.  Well, probably not.

Personally, I think it's an interesting idea and I can see the value
in it, but I'm not sure there are enough people really pushing for it
(yet).  With things like the data retention legislation being pushed
in Europe, Australia and other countries, that may change.

Not that Werner has to worry since he's in Germany and they ruled that
the data retention legislation was unconstitutional.  Another reason
why we all love Germany now.  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/44dcc07c/attachment-0001.pgp>

From rjh at sixdemonbag.org  Wed Mar  9 14:24:12 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Mar 2011 08:24:12 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D777C74.8010901@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
Message-ID: <4D777F7C.9030008@sixdemonbag.org>

On 3/9/2011 8:11 AM, Ben McGinnes wrote:
> Personally, I think it's an interesting idea and I can see the value
> in it, but I'm not sure there are enough people really pushing for it
> (yet).  With things like the data retention legislation being pushed
> in Europe, Australia and other countries, that may change.

It seems like this is really close to asking for private stream
searching, which would be the next logical step -- some way for the
client to query the database for a record in such a way there is no way
for the database to know what was queried.  This may sound alluring, but
it's an ephemera.  The current best-known PSS algorithm requires about
one zebibyte of traffic to do a ten-character ASCII search.

These sorts of blinded searches are really tempting, but there are
enormous theoretical hurdles to be cleared.  I would respectfully
suggest that if any discussion moves to PSS-type functionality, that
discussion be headed off at the pass.  :)



("Private searching on streaming data" by R. Ostrovsky: PDF available at
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.78.631&rep=rep1&type=pdf
).


From rjh at sixdemonbag.org  Wed Mar  9 14:39:35 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Mar 2011 08:39:35 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D777C74.8010901@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
Message-ID: <4D778317.3020102@sixdemonbag.org>

On 3/9/2011 8:11 AM, Ben McGinnes wrote:
> * Anyone trawling through keys on a public server or downloading
>   random keys cannot see who owns that key or what their email address
>   is, but anyone who knows Joe or his email address can search the
>   keyservers for that data because the hash can be calculated from the
>   data they do have (e.g. joe at example.net) and search for the key with
>   the matching hash.

There are a couple of major problems here:

1.  There's not all that much entropy in an email address.  Let's say
that I want to harvest email addresses.  I create a list of, say, the
top thousand email providers in the world, and then every five-character
lowercase username.  For each five-character lowercase username, compute
the hash for that user name at each of the top thousand email providers.
 For each hash, look it up in the database.  Total work factor: about 11
billion hashes have to be made, probably under a terabyte of data --
very practical.

        (a) And don't forget that with services like Amazon's cloud,
            massive data crunching distributed across hundreds of
            machines costs a few pennies per processor-hour.  This
            has the potential to ruin your entire day: cloud computing
            shifts the fulcrum of computational leverage *immensely*.

2.  To really gain benefit from this scheme, you must:

        (a) have a non-trivially-brute-forceable email address
        (b) want to be able to hide your email address

If you don't care ("b" fails), then this scheme is just an
inconvenience.  If you have a brute-forceable email address ("a" fails),
then this scheme offers no benefit.

3.  Deploying this scheme means:

        (a) people can no longer do fuzzy searches for email
            addresses ("show me all user IDs that look like this
            pattern")
        (b) finding people's certificates may be made more
            difficult due to (a)

4.  My suspicion is the number of users covered by (2) is pretty small.
 My suspicion is the number of users impacted by (3) is pretty large.
My suspicion is we do not have a very good handle on just how difficult
we need to make things, given the resources available to spammers in (1a).


From mailinglisten at hauke-laging.de  Wed Mar  9 14:46:53 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Wed, 9 Mar 2011 14:46:53 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D777C74.8010901@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
Message-ID: <201103091446.53974.mailinglisten@hauke-laging.de>

Am Mittwoch 09 M?rz 2011 14:11:16 schrieb Ben McGinnes:

This discussion has been there before (initiated once by me).

> This would allow someone to use a single key for multiple identities
> or pseudonyms, without the information about those identities being
> learned by different groups.  Well, probably not.

There are several advantages:

1) You don't reveal the social connections by signing keys. If you want to 
validate a key by its signatures and see a signature of an unknown key then 
there is (IMHO) no reason why you should know who has certified this key. This 
information can easily be abused. The perfect web of trust would be the 
perfect source of information which should be considered private (who knows 
whom). This problem is hardly reduced by the fact that there are signatures 
(from key signing parties) from people without real social or commercial 
contact.


2) For people in countries where authorities' rights and actions are not as 
easily ruled unconstitutional like in Germany (or not at all) it is useful if 
not only the content of their communication is hidden but also the identity of 
the communication partners (even of those in free countries). This is, of 
course, more complex than hashing a key ID, thus I am not sure how important 
this feature would be (as you have to hide the partner's email address or the 
connection to the identity and these email addresses have both to be kept 
secret (because you can easily hash all "publicly available" addresses) and to 
be complex enough not to be guessed; this may result in greatnesses like 
sqq8ctpmbf81yucw8nzwbaod at hauke-laging.de).

In general it is useful for a web of trust to have long living keys. Email 
addresses are more easily changed than keys.


3) You prevent spammers from using keyservers as a source. Yes, I am aware 
that certain people on this list don't accept this as an argument (for 
different reasons). The most important point for this question is probably 
that the infrastructure has to be safe BEFORE it gets so big that it becomes 
interesting for spammers.


> Another reason why we all love Germany now.  ;)

According to a new study it has the best worldwide image of all relevant 
countries worldwide. However. :-)


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110309/b5a83156/attachment.pgp>

From dshaw at jabberwocky.com  Wed Mar  9 15:27:04 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 9 Mar 2011 09:27:04 -0500
Subject: signed messages take an eternity to be formatted by evolution
In-Reply-To: <4D773668.8020107@adversary.org>
References: <1299653532.3067.8.camel@bkamd2000>
	<4D773668.8020107@adversary.org>
Message-ID: <8FBABD23-0F35-4D9B-916D-1A9435582E8E@jabberwocky.com>


On Mar 9, 2011, at 3:12 AM, Ben McGinnes wrote:

> On 9/03/11 5:52 PM, Bernhard Kleine wrote:
>> Hi everybody,
>> 
>> I am using ubuntu 10.10, gpg and evolution. And I am reading this
>> mailing list for quite some time. Lately to read this list is a pain
>> since many keys are no longer found on the key server(s) I have entered
>> into the keyserver list and for any mail thus signed with an unknown key
>> I have to wait till the keyservers time limit is reached. 
> 
> Have you tried using an alternate keyserver?  Perhaps
> pool.sks-keyservers.net would be better.

Strange.  Keyservers should not need to time out if they do not have a key.  They should be able to return a no-answer response immediately.  It looks like something is not healthy on wwwkeys.eu.pgp.net (and it only has one server in the pool), so pool.sks-keyservers.net will probably improve things.

Incidentally, the keyserver timeout is configurable.  If you want to stop waiting earlier, you can change this by sticking "keyserver-options timeout=XXXX" (XXXX is in seconds) in your config file.

David



From bernhard.kleine at gmx.net  Wed Mar  9 17:31:00 2011
From: bernhard.kleine at gmx.net (Bernhard Kleine)
Date: Wed, 09 Mar 2011 17:31:00 +0100
Subject: signed messages take an eternity to be formatted by evolution
In-Reply-To: <4D77868E.6020502@adversary.org>
References: <1299653532.3067.8.camel@bkamd2000>
	<4D773668.8020107@adversary.org> <1299676721.3067.11.camel@bkamd2000>
	<4D77868E.6020502@adversary.org>
Message-ID: <1299688260.2195.9.camel@bkamd2000>

Am Donnerstag, den 10.03.2011, 00:54 +1100 schrieb Ben McGinnes:
> On 10/03/11 12:18 AM, Bernhard Kleine wrote:
> > 
> > well, I took a mail from Grant Olson from this list:
> > gpg: ASCII-H?lle: Version: GnuPG v2.0.18-gitcb2f55e (GNU/Linux)
> > gpg: ASCII-H?lle: Comment: Using GnuPG with Mozilla -
> > http://enigmail.mozdev.org/
> > gpg: Signatur am Di 01 M?r 2011 03:20:12 CET mit RSA Schl?ssel, ID
> > A18A54D6, erfolgt
> > gpg: Schl?ssel A18A54D6 von hkp Server wwwkeys.eu.pgp.net anfordern
> > gpg: Schl?sselserver hat das Zeitlimit ?berschritten
> > gpg: Unterschrift kann nicht gepr?ft werden: ?ffentlicher Schl?ssel
> > nicht gefunden
> > 
> > I checked per hand with sks-keyservers.net and the key was not found.
> > There are several mails from him within the last days/week. Which
> > keyserver do you use?
> 
> I use pool.sks-keyservers.net and, taking Grant as the example, I get
> this:
> 
> bash-3.2$ gpg --search-keys A18A54D6
> gpg: searching for "A18A54D6" from hkp server pool.sks-keyservers.net
> (1)	Grant T. Olson (pikimal) <grant at pikimal.com>
> 	Grant T. Olson (Personal email) <kgo at grant-olson.net>
> 	Grant T. Olson (Grant - home email) <olsongt at verizon.net>
> 	  2048 bit RSA key E3B5806F, created: 2010-01-11
> Keys 1-1 of 1 for "A18A54D6".  Enter number(s), N)ext, or Q)uit > q
> bash-3.2$
> 
> So his key is on there (as is mine).  That address is, of course, a
> pool of multiple servers which are accessed in a round-robin fashion.
> What was the error you received when searching for the Grant's key on
> sks-keyservers.net?
> 
> 
> Regards,
> Ben
> 

Some strange things have happened: 

first: on the interactive sks-keyservers.net page I looked up the key
A18A54D6 and it did not show any result. Afterwards I typed olson grant
and got several keys listed but not the one we have been looking for
here A18....

second: I have seahorse as the gui tool to enter keyservers and keys.
However, I removed any other keyserver but pool.sks-keyservers.net.
After that I type your suggestion:

gpg --search-keys A18A54D

and to my surprise it still looked up wwwkeys.eu.pgp.net with no result.
This leaves us with two questions:

1. why do I not get a response for A18A54D6 on sks-keyservers.net?
2. where do we have to tune gpg and evolution on ubuntu 10.10 to look
for the correct keyserver?

Bernhard


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110309/f61703b8/attachment.pgp>

From ben at adversary.org  Wed Mar  9 22:09:52 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 08:09:52 +1100
Subject: signed messages take an eternity to be formatted by evolution
In-Reply-To: <1299688260.2195.9.camel@bkamd2000>
References: <1299653532.3067.8.camel@bkamd2000>	<4D773668.8020107@adversary.org>
	<1299676721.3067.11.camel@bkamd2000>	<4D77868E.6020502@adversary.org>
	<1299688260.2195.9.camel@bkamd2000>
Message-ID: <4D77ECA0.8030801@adversary.org>

On 10/03/11 3:31 AM, Bernhard Kleine wrote:
> 
> Some strange things have happened: 
> 
> first: on the interactive sks-keyservers.net page I looked up the
> key A18A54D6 and it did not show any result. Afterwards I typed
> olson grant and got several keys listed but not the one we have been
> looking for here A18....

It is there, but may not be visible at first glance because key ID
0xA18A54D6 is actually a subkey for 0xE3B5806F.

> second: I have seahorse as the gui tool to enter keyservers and
> keys.  However, I removed any other keyserver but
> pool.sks-keyservers.net.

The settings for the GUI will only affect the GUI and not GPG itself.

> After that I type your suggestion:
> 
> gpg --search-keys A18A54D
> 
> and to my surprise it still looked up wwwkeys.eu.pgp.net with no
> result.

To change the default keyserver for GPG on the command line you will
need to edit ~/.gnupg/gpg.conf to comment out whatever is currently
listed and add:

keyserver hkp://pool.sks-keyservers.net

> This leaves us with two questions:
> 
> 1. why do I not get a response for A18A54D6 on sks-keyservers.net?

It's there, see above.

> 2. where do we have to tune gpg and evolution on ubuntu 10.10 to look
> for the correct keyserver?

The ~/.gnupg/gpg.conf contains all the options for the command line.
Evolution specific things I can't help with, I've never used it.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/c5b211dd/attachment.pgp>

From mailinglisten at hauke-laging.de  Thu Mar 10 01:03:14 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 10 Mar 2011 01:03:14 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D778317.3020102@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
Message-ID: <201103100103.22525.mailinglisten@hauke-laging.de>

Am Mittwoch 09 M?rz 2011 14:39:35 schrieb Robert J. Hansen:

> 2.  To really gain benefit from this scheme, you must:
> 
>         (a) have a non-trivially-brute-forceable email address
>         (b) want to be able to hide your email address

> 3.  Deploying this scheme means:
> 
>         (a) people can no longer do fuzzy searches for email
>             addresses ("show me all user IDs that look like this
>             pattern")
>         (b) finding people's certificates may be made more
>             difficult due to (a)
> 
> 4.  My suspicion is the number of users covered by (2) is pretty small.

As we all know you love anecdotal evidence, here's mine: You are probably 
right but consider two points:

1) Today there is no use in obeying the (2) rules. If such a feature is 
implemented then those who are interested in using it will consider creating 
new email addresses according to (2). Nonetheless the number of interested 
users may be small (but increasing with increasing public attention to privacy 
problems besides reading mail contents).

2) gpg offers a lot of features which I guess are used (and even known) by a 
small share of its users. Nonetheless they got implemented. Obviously the main 
argument is not the number of users but the quality of the software. There is 
a whole section "Doing things one usually doesn't want to do." in the man 
page. I guess it contains more than 80 options.


>  My suspicion is the number of users impacted by (3) is pretty large.

I have never done that. I cannot iamagine why this should be important to 
anyone. You know which email address you are going to write to, don't you? 
OpenPGP should not prevent new features because somebody abuses the 
infrastructure as a kind of address book.

More important: Not everyone is going to do this. Those people who regard it 
important to protect their addresses and names really don't care about 
convenience (if the alternative is omitting the feature).

It might make sense to print a warning if a user activates this hashing 
feature for a UID with an email address which is obviously not brute force 
safe.

And in contrast to Werner I do believe that signatures are going to kill the 
spam problem one day. :-)


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/b857c810/attachment-0001.pgp>

From noloader at gmail.com  Thu Mar 10 02:12:03 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Wed, 9 Mar 2011 20:12:03 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D777C74.8010901@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
Message-ID: <AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>

On Wed, Mar 9, 2011 at 8:11 AM, Ben McGinnes <ben at adversary.org> wrote:
> On 9/03/11 2:44 AM, Johan Wevers wrote:
>> MFPA schreef:
>>
>>>>> Something that would not be necessary if the
>>>>> underlying openPGP implementations could handle hashed
>>>>> user IDs.
>>>
>>>> Isn't it much easier to use the key ID / signature for
>>>> that? You already have that.
>>>
>>> I don't understand.
>>
>> Use the keyID / signature as the hashed user ID, since it (should)
>> uniquely identify the key. Since a hash is one way you can't derive
>> the email address from it anyway, from the keyID you also can't
>> (directly) deduce the email address.
>
> Ah, but the keyID can already be used to locate a key, that's not what
> MFPA is getting at. ?What he wants is a function built into GPG and
> the keyservers, possibly via some kind of proxy tool, to do this:
>
> * User generates a key, when prompted for a name enters "Joe Citizen"
> ?and when prompted for an email address enters "joe at example.net"
>
> * GPG or interface for it takes those strings and generates a hash
> ?(let's use SHA256 for this example) so the UID for the key appears
> ?to be:
> ?"7b7581fe6670a6a4a29b2fd46eaf5ac34a6a86d134fe8931729e66970b707349
> ?<466ffe71badce782db1808ee80bd01dabf0d95e4a3b8ccbbe5fcdc68b86c2bb9>"
>
> * Anyone trawling through keys on a public server or downloading
> ?random keys cannot see who owns that key or what their email address
> ?is, but anyone who knows Joe or his email address can search the
> ?keyservers for that data because the hash can be calculated from the
> ?data they do have (e.g. joe at example.net) and search for the key with
> ?the matching hash.
>
> This would allow someone to use a single key for multiple identities
> or pseudonyms, without the information about those identities being
> learned by different groups. ?Well, probably not.
>
> Personally, I think it's an interesting idea and I can see the value
> in it, but I'm not sure there are enough people really pushing for it
> (yet). ?With things like the data retention legislation being pushed
> in Europe, Australia and other countries, that may change.
>
Imagine you are Tunisian or Libyan or some other nationality where
disagreeing with the regime might get you killed. Would you want your
name and email associated with another's keyring? Or would you prefer
anonymity?

Jeff


From ben at adversary.org  Thu Mar 10 03:25:21 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 13:25:21 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D777F7C.9030008@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<4D777F7C.9030008@sixdemonbag.org>
Message-ID: <4D783691.9010007@adversary.org>

On 10/03/11 12:24 AM, Robert J. Hansen wrote:
> 
> It seems like this is really close to asking for private stream
> searching, which would be the next logical step -- some way for the
> client to query the database for a record in such a way there is no
> way for the database to know what was queried.

That seems unnecessary.  The conversion of a search string to a hash
can be performed locally and the hash can then be passed to the
keyserver.  If there is a match, the key can be retrieved or updated
and since a specific key will be requested there is no need to conceal
the search parameters further.

> This may sound alluring, but it's an ephemera.  The current
> best-known PSS algorithm requires about one zebibyte of traffic to
> do a ten-character ASCII search.

Wow, that would certainly kill my pissant little DSL connection.

> These sorts of blinded searches are really tempting, but there are
> enormous theoretical hurdles to be cleared.  I would respectfully
> suggest that if any discussion moves to PSS-type functionality, that
> discussion be headed off at the pass.  :)

Yep, fair enough.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/430da6b2/attachment.pgp>

From ben at adversary.org  Thu Mar 10 03:35:33 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 13:35:33 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D778317.3020102@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>
Message-ID: <4D7838F5.9000304@adversary.org>

On 10/03/11 12:39 AM, Robert J. Hansen wrote:
> 
> 4.  My suspicion is the number of users covered by (2) is pretty
> small.

Very probably, at least at the moment (for the reasons Hauke
mentioned).

> My suspicion is the number of users impacted by (3) is pretty large.

Almost certainly.

> My suspicion is we do not have a very good handle on just how
> difficult we need to make things, given the resources available to
> spammers in (1a).

I don't really think the spamming scenario is of great concern.
Spammers get email addresses from plenty of other methods and there
are better ways to stop spam than preventing your email address from
being posted somewhere, including a keyserver.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/ab5fcf37/attachment.pgp>

From ben at adversary.org  Thu Mar 10 03:58:32 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 13:58:32 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103100103.22525.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
Message-ID: <4D783E58.5090205@adversary.org>

On 10/03/11 11:03 AM, Hauke Laging wrote:
> Am Mittwoch 09 M?rz 2011 14:39:35 schrieb Robert J. Hansen:
> 
> As we all know you love anecdotal evidence, here's mine: You are
> probably right but consider two points:
> 
> 1) Today there is no use in obeying the (2) rules. If such a feature
> is implemented then those who are interested in using it will
> consider creating new email addresses according to (2). Nonetheless
> the number of interested users may be small (but increasing with
> increasing public attention to privacy problems besides reading mail
> contents).

I'd agree with this.  There are enough increases in prying eyes from
governments and corporations for more and more people to consider such
obfuscation warranted or warranted under some circumstances.

>>  My suspicion is the number of users impacted by (3) is pretty large.
>
> I have never done that. I cannot iamagine why this should be
> important to anyone. You know which email address you are going to
> write to, don't you?  OpenPGP should not prevent new features
> because somebody abuses the infrastructure as a kind of address
> book.

I have.  Many, many times.  There's no point doing it for a free email
service provider's domain (e.g. gmail.com), but sometimes there are
advantages in checking for keys belonging to people at particular
organisations (e.g. government departments).  This is one of the
reasons why I'd prefer MFPA's suggestion, were it ever implemented, to
be optional rather than the default.

If that feature weren't available, I doubt I would've found this:

pub   1024D/B3F77236 2000-09-21
uid                  Stephen Smith <stephen.smith.mp at aph.gov.au>
sub   2048g/0E0EEE5F 2000-09-21

Stephen Smith was in Opposition when he made that key, but now he's
Minister of Defence.

> More important: Not everyone is going to do this. Those people who
> regard it important to protect their addresses and names really
> don't care about convenience (if the alternative is omitting the
> feature).

In the mean time, those who would be more likely to do this end up
creating pseudonymous accounts and separate keys for each case they
wish to deal with.

> It might make sense to print a warning if a user activates this
> hashing feature for a UID with an email address which is obviously
> not brute force safe.

Good idea.

> And in contrast to Werner I do believe that signatures are going to
> kill the spam problem one day. :-)

Ah, but will that be in our lifetimes?

I don't know how much effect that will really have on spam, but I can
see signatures helping to prevent things like this:

https://secure.wikimedia.org/wikipedia/en/wiki/Utegate

Following the revelation that the email at the centre of the scandal
had been faked by Godwin Grech, I did email my MP suggesting they
start using OpenPGP signatures.  Apparently the DSD had cleared
OpenPGP compliant software for use by government departments years
ago, but it was up to each department to decide whether or not to use
them.  Presumably Treasury and the Department of the Prime Minister
and Cabinet chose not to.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/7d0de6f9/attachment.pgp>

From ben at adversary.org  Thu Mar 10 04:01:10 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 14:01:10 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
Message-ID: <4D783EF6.5090608@adversary.org>

On 10/03/11 12:12 PM, Jeffrey Walton wrote:
> 
> Imagine you are Tunisian or Libyan or some other nationality where
> disagreeing with the regime might get you killed. Would you want
> your name and email associated with another's keyring? Or would you
> prefer anonymity?

Another perfectly good reason for wanting to conceal identifying
information.  There are, no doubt, plenty.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/a98bee63/attachment.pgp>

From rjh at sixdemonbag.org  Thu Mar 10 04:10:40 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Mar 2011 22:10:40 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D783EF6.5090608@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
	<4D783EF6.5090608@adversary.org>
Message-ID: <4D784130.1060300@sixdemonbag.org>

On 3/9/2011 10:01 PM, Ben McGinnes wrote:
>> Imagine you are Tunisian or Libyan or some other nationality where
>> disagreeing with the regime might get you killed. Would you want
>> your name and email associated with another's keyring? Or would you
>> prefer anonymity?
> 
> Another perfectly good reason for wanting to conceal identifying
> information.  There are, no doubt, plenty.

I think it should also be noted that if I was serious about trying to
overthrow a government, I'd create a bare certificate without a name or
an email address on it.  I'd also use it as infrequently as possible and
try to avoid any technology more complicated than, say, a wheel, lever,
or inclined plane.

GnuPG will not keep your communications secure against major adversaries
who are willing to torture you for so long you think you've made an
unfortunate lateral career move.  It's just a tool in the toolbox.
You're going to need the rest of the toolbox, too.


From ben at adversary.org  Thu Mar 10 04:42:25 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 14:42:25 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D784130.1060300@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>	<4D783EF6.5090608@adversary.org>
	<4D784130.1060300@sixdemonbag.org>
Message-ID: <4D7848A1.9050905@adversary.org>

On 10/03/11 2:10 PM, Robert J. Hansen wrote:
> 
> I think it should also be noted that if I was serious about trying to
> overthrow a government, I'd create a bare certificate without a name or
> an email address on it.  I'd also use it as infrequently as possible and
> try to avoid any technology more complicated than, say, a wheel, lever,
> or inclined plane.

Heh.  Trying to topple any government is definitely on the hazardous
side of things.  In general they're either large enough to have
enormous resources to track you down or small and dodgy enough to just
send a hit team.  Or both.

> GnuPG will not keep your communications secure against major adversaries
> who are willing to torture you for so long you think you've made an
> unfortunate lateral career move.  It's just a tool in the toolbox.
> You're going to need the rest of the toolbox, too.

Which brings us back to creating a pseudonym, using Tor (or other
anonymising services), getting a disposable mail drop (or using
alt.anonymous.messages) and going from there.  At the bare minimum.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/49696c05/attachment.pgp>

From rjh at sixdemonbag.org  Thu Mar 10 06:17:25 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 00:17:25 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7848A1.9050905@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>	<4D783EF6.5090608@adversary.org>	<4D784130.1060300@sixdemonbag.org>
	<4D7848A1.9050905@adversary.org>
Message-ID: <4D785EE5.20205@sixdemonbag.org>

On 3/9/2011 10:42 PM, Ben McGinnes wrote:
> Which brings us back to creating a pseudonym, using Tor (or other
> anonymising services), getting a disposable mail drop (or using
> alt.anonymous.messages) and going from there.  At the bare minimum.

Which brings us back to the elephant in the middle of the room: as far
as I can see there's no consensus on a use case for this feature.

Some people have a knee-jerk reaction to their email addresses being in
any searchable database and want their emails obfuscated.  Against this
threat, the proposed feature doesn't work: email addresses don't offer
enough entropy and the mechanism could be brute-forced.

Some people think they're going to take over the People's Republic of
Berkeley in a military coup and need to be able to deny their
connections to each other.  Against this threat, the proposed feature
doesn't work very well: while you could conceivably come up with an
email address with high enough entropy, it's easier to just use
anonymous services and dead-drop emails.

Has a use case been articulated for this feature, along with how this
feature would substantially advance the use case?  Because if not, one
really needs to be.


From rjh at sixdemonbag.org  Thu Mar 10 06:20:29 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 00:20:29 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D785EE5.20205@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>	<4D783EF6.5090608@adversary.org>	<4D784130.1060300@sixdemonbag.org>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.or! g>
Message-ID: <4D785F9D.6000500@sixdemonbag.org>

> Some people think they're going to take over the People's Republic of
> Berkeley in a military coup

Idiom note for non-Americans: the University of California at Berkeley
is often called, tongue-in-cheek, "the People's Republic of Berkeley."
This is a (hopefully humorous) reference to having a military coup
taking over a college campus.


From ben at adversary.org  Thu Mar 10 07:17:59 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 17:17:59 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D785F9D.6000500@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>	<4D783EF6.5090608@adversary.org>	<4D784130.1060300@sixdemonbag.org>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.or! g>
	<4D785F9D.6000500@sixdemonbag.org>
Message-ID: <4D786D17.1010203@adversary.org>

On 10/03/11 4:20 PM, Robert J. Hansen wrote:
>> Some people think they're going to take over the People's Republic of
>> Berkeley in a military coup
> 
> Idiom note for non-Americans: the University of California at Berkeley
> is often called, tongue-in-cheek, "the People's Republic of Berkeley."
> This is a (hopefully humorous) reference to having a military coup
> taking over a college campus.

There hasn't been one of those since Kent State.  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/3e18c84b/attachment.pgp>

From ben at adversary.org  Thu Mar 10 07:27:30 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 17:27:30 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D785EE5.20205@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>	<4D783EF6.5090608@adversary.org>	<4D784130.1060300@sixdemonbag.org>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.org >
Message-ID: <4D786F52.5030006@adversary.org>

On 10/03/11 4:17 PM, Robert J. Hansen wrote:
> On 3/9/2011 10:42 PM, Ben McGinnes wrote:
>> Which brings us back to creating a pseudonym, using Tor (or other
>> anonymising services), getting a disposable mail drop (or using
>> alt.anonymous.messages) and going from there.  At the bare minimum.
> 
> Which brings us back to the elephant in the middle of the room: as
> far as I can see there's no consensus on a use case for this
> feature.

Certainly not that I've seen, I just like exploring ideas that seem
interesting or which may lead to other ideas.  I have, however,
discussed this one at length with MFPA on another list (which one or
two other readers here can attest to).

> Some people have a knee-jerk reaction to their email addresses being
> in any searchable database and want their emails obfuscated.

Meh.  I'm not in that camp, that horse has well and truly bolted.
Besides, anyone who just knows my name and domain can easily guess
which addresses will work for me.

> Against this threat, the proposed feature doesn't work: email
> addresses don't offer enough entropy and the mechanism could be
> brute-forced.

> Some people think they're going to take over the People's Republic
> of Berkeley in a military coup and need to be able to deny their
> connections to each other.  Against this threat, the proposed
> feature doesn't work very well: while you could conceivably come up
> with an email address with high enough entropy, it's easier to just
> use anonymous services and dead-drop emails.

Which, for those people who need to attain a certain degree of
deniability, this already works very well.

> Has a use case been articulated for this feature, along with how
> this feature would substantially advance the use case?  Because if
> not, one really needs to be.

I'd like to cede the floor to MFPA for this one.  If he doesn't, I
suppose I can trawl through my PGPNET folder and find our discussion.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/1517fabe/attachment.pgp>

From mailinglisten at hauke-laging.de  Thu Mar 10 10:57:46 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 10 Mar 2011 10:57:46 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7848A1.9050905@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D784130.1060300@sixdemonbag.org> <4D7848A1.9050905@adversary.org>
Message-ID: <201103101057.53728.mailinglisten@hauke-laging.de>

Am Donnerstag 10 M?rz 2011 04:42:25 schrieb Ben McGinnes:

> Which brings us back to creating a pseudonym, using Tor (or other
> anonymising services), getting a disposable mail drop (or using
> alt.anonymous.messages) and going from there.  At the bare minimum.

A little practical advantage: If gpg had such a feature then the documentation 
may mention everything that is needed additionally (depending on the targetet 
opponent: spammers, facebook-alikes, secret police) or useful. Then people in 
a bad situation (which are probably no security experts) had a trustworthy 
source of information for planning their communication strategy.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/e7793b8c/attachment.pgp>

From mailinglisten at hauke-laging.de  Thu Mar 10 11:23:56 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 10 Mar 2011 11:23:56 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D785EE5.20205@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
Message-ID: <201103101123.56759.mailinglisten@hauke-laging.de>

Am Donnerstag 10 M?rz 2011 06:17:25 schrieb Robert J. Hansen:

> while you could conceivably come up with an
> email address with high enough entropy, it's easier to just use
> anonymous services and dead-drop emails.

Of course, you can create a key with UIDs without name and email only but such 
keys are not very comfortable to have in your keyring ("What's that?"). Of 
course, you can add a UID annotation feature without having the hashing 
feature.

But not having the hashing feature makes it more difficult to get the key (and 
key updates). Keyserver access is pretty anonymous. If you put keys on a 
website (the address of which the one can have given you who gave you the non-
public email address) then that is another way to try to reveal the identity 
of the communication partner.

I appreciate your effort to consider the problem as a whole. It would be a 
pity to create something that turns out to be useless in the end. But that is 
not a problem here any longer: Those people who just want to protect their 
social connections by signing other keys without revealing their identity to 
those who don't know it already have no need to cover their target addresses 
because the marketing people and "just curious" normal ones are not capable of 
reading their email traffic. So there already is a use case. Your objections 
for the high security cases are very good to raise awareness but point outside 
the gnupg sphere.

You made a brute force calculation. Why should keyservers allow brute force 
searches for hash IDs? If you use millions of remotely controlled idiot PCs 
simultaneously for that then it may be hard to track them but then we are 
close to a DoS, aren't we?


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/5f6ec4ab/attachment-0001.pgp>

From runaprinsloo at gmail.com  Thu Mar 10 10:22:18 2011
From: runaprinsloo at gmail.com (Runa)
Date: Thu, 10 Mar 2011 11:22:18 +0200
Subject: Help with error message in GNUPG 2.0.14
Message-ID: <AANLkTikFDPzyr3NhRRwoHwuzRw59Zv7oZQa5SgcdYybv@mail.gmail.com>

I'm sorry if this is not the right list to send this to. I'd appreciate it
if you could refer me to the right place that can deal with my problem.

I've never had problems with GNUPG 2.0.14 before. Now all of a sudden I
can't decrypt my files. I get the message: "[filename] contains no value
encrypted data". I don't know what this means or how to correct it. I'm not
a programmer and don't have advanced skills. I've used the programme without
any hassles on XP but now have WIndows 7. It used to work fine on WIn7
except that I could not verify and decrypt, only decrypt. I has a recent
run-in with viruses and set my Avast Free settings to the max. Could this be
the cause and how do I fix it. If the security software setting is not a
cause, then what is and how to I fix it.

Please help. I have a large number of files encrypted and would hate to
loose my data in them.

Runa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110310/a504f732/attachment.htm>

From ben at adversary.org  Thu Mar 10 12:24:29 2011
From: ben at adversary.org (Ben McGinnes)
Date: Thu, 10 Mar 2011 22:24:29 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103091446.53974.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<201103091446.53974.mailinglisten@hauke-laging.de>
Message-ID: <4D78B4ED.9060800@adversary.org>

On 10/03/11 12:46 AM, Hauke Laging wrote:
> 
> There are several advantages:
> 
> 1) You don't reveal the social connections by signing keys. If you
> want to validate a key by its signatures and see a signature of an
> unknown key then there is (IMHO) no reason why you should know who
> has certified this key. This information can easily be abused. The
> perfect web of trust would be the perfect source of information
> which should be considered private (who knows whom). This problem is
> hardly reduced by the fact that there are signatures (from key
> signing parties) from people without real social or commercial
> contact.

I can certainly see where a number of people would be interested in
this aspect, while those people wishing to publicly announce that
they've signed particular keys can do so by not utilising the hashing.

> 2) For people in countries where authorities' rights and actions are
> not as easily ruled unconstitutional like in Germany (or not at all)
> it is useful if not only the content of their communication is
> hidden but also the identity of the communication partners (even of
> those in free countries). This is, of course, more complex than
> hashing a key ID, thus I am not sure how important this feature
> would be (as you have to hide the partner's email address or the
> connection to the identity and these email addresses have both to be
> kept secret (because you can easily hash all "publicly available"
> addresses) and to be complex enough not to be guessed; this may
> result in greatnesses like sqq8ctpmbf81yucw8nzwbaod at hauke-laging.de).

This, can only really work for the identities associated with a given
key.  At the end of the day, Alice still has to send an email to Bob
and a truly determined adversary who can intercept that email can at
least derive the key IDs the message is encrypted to.  Unless that
(incredibly annoying) feature of checking all secret keys is enabled,
of course.  I've forgotten what the option is called.

> In general it is useful for a web of trust to have long living
> keys. Email addresses are more easily changed than keys.

Yeah, well, I got so sick of changing my email address that I got my
own domain name (no, that wasn't the only reason).

> 3) You prevent spammers from using keyservers as a source. Yes, I am
> aware that certain people on this list don't accept this as an
> argument (for different reasons). The most important point for this
> question is probably that the infrastructure has to be safe BEFORE
> it gets so big that it becomes interesting for spammers.

With the way most spammers operate, I think this is of little effect
until such a time as the majority of global email users have keys on
the keyservers.  Most spammers just generate usernames at a target
domain name.  At least that's what my Postfix logs indicate.

>> Another reason why we all love Germany now.  ;)
> 
> According to a new study it has the best worldwide image of all
> relevant countries worldwide. However. :-)

There's nothing quite like an unnamed report to back up a nebulous
claim.  It's probably right, though, albeit only because Iceland is so
bloody cold.  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/5368ec09/attachment.pgp>

From runaprinsloo at gmail.com  Thu Mar 10 13:20:57 2011
From: runaprinsloo at gmail.com (Runa)
Date: Thu, 10 Mar 2011 14:20:57 +0200
Subject: Fwd: Help with error message in GNUPG 2.0.14
In-Reply-To: <AANLkTikFDPzyr3NhRRwoHwuzRw59Zv7oZQa5SgcdYybv@mail.gmail.com>
References: <AANLkTikFDPzyr3NhRRwoHwuzRw59Zv7oZQa5SgcdYybv@mail.gmail.com>
Message-ID: <AANLkTimoUsf_=2OuAsdTfGyjALRU-Em4uhpN0h=jxdqB@mail.gmail.com>

I'm sorry if this is not the right list to send this to. I'd appreciate it
if you could refer me to the right place that can deal with my problem.

I've never had problems with GNUPG 2.0.14 before. Now all of a sudden I
can't decrypt my files. I get the message: "[filename] contains no value
encrypted data". I don't know what this means or how to correct it. I'm not
a programmer and don't have advanced skills. I've used the programme without
any hassles on XP but now have WIndows 7. It used to work fine on WIn7
except that I could not verify and decrypt, only decrypt. I has a recent
run-in with viruses and set my Avast Free settings to the max. Could this be
the cause and how do I fix it. If the security software setting is not a
cause, then what is and how to I fix it.

Please help. I have a large number of files encrypted and would hate to
loose my data in them.

Runa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110310/50f39fd8/attachment.htm>

From mailinglisten at hauke-laging.de  Thu Mar 10 13:56:53 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 10 Mar 2011 13:56:53 +0100
Subject: Signing signature policies required for safe key usage?
Message-ID: <201103101356.53745.mailinglisten@hauke-laging.de>

Hello,

this is not gnupg specific (though one could think of new feature making this 
point more comfortable, of course...).

I often read on this list: "You need a valid signature of a validated key. 
Everything else is more or less useless." I would like to push this a bit 
further by questioning the worth of a valid signature.

A signature itself does not say much except that the one who created it had 
access to the secret key. The biggest threat to the security of OpenPGP is the 
security of the secret keys and obviously there is a wide range of key 
security. This "must" be the case as security is strongly related to 
comfort/usability.

Different signatures are supposed to offer different levels of security 
(against the secret key to be compromised). In order to reliably use OpenPGP 
you need to know the security level a certain key has. As long as there is no 
standardized way to express this (you may remember my occasional statements 
about that which never get any response...) this can be done by publishing the 
respective signature policy only. Fortunately OpenPGP makes this easy by 
adding a policy URL to a signature.

Probably every signature policy document is signed by the key it refers to. 
Why should you trust it otherwise?

After this foreword now my point: Such a document (signed by the respective 
key only) is IMHO useless for any security requirement above minimum level. 
Why? If the key becomes compromised (which is quite possible for minimum 
security keys) then the attacker can easily write and sign whatever signature 
policy he wants. "This is a low security key which I use for signing all my 
emails and reading encrypted mail from public systems." becomes "This key is 
stored on a smartcard and used in a high security environment only."

Thus I think that we should not only certify other people's keys but also sign 
the respective signature policy document. You trust the key because it has 
valid signatures by other keys you trust. You can analogically trust a policy 
document because an attacker would not only have to steal the respective 
secret key but also all secret keys for the signatures you demand to accept 
the policy document as valid.

Maybe anyone wants to comment on that... :-)


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/07beae14/attachment.pgp>

From rjh at sixdemonbag.org  Thu Mar 10 14:10:32 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 08:10:32 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103101123.56759.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
Message-ID: <4D78CDC8.8000304@sixdemonbag.org>

On 3/10/2011 5:23 AM, Hauke Laging wrote:
> You made a brute force calculation. Why should keyservers allow brute force 
> searches for hash IDs? If you use millions of remotely controlled idiot PCs 
> simultaneously for that then it may be hard to track them but then we are 
> close to a DoS, aren't we?

Not at all.  Every few days the keyserver network posts complete dumps
of all the certificates in the system.  (Or, more accurately, various
people within the network do.)  This exists so that new volunteers who
want to contribute their services to the community can get their own
servers bootstrapped.

If I want to brute-force the certificates, I'd just say, "hey, I'm
interested in standing up a new keyserver," get a dump of all the certs,
and then do the brute forcing on my own system without ever needing to
hit the network.


From rjh at sixdemonbag.org  Thu Mar 10 14:18:36 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 08:18:36 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103101057.53728.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D784130.1060300@sixdemonbag.org>
	<4D7848A1.9050905@adversary.org>
	<201103101057.53728.mailinglisten@hauke-laging.de>
Message-ID: <4D78CFAC.2020008@sixdemonbag.org>

On 3/10/2011 4:57 AM, Hauke Laging wrote:
> A little practical advantage: If gpg had such a feature then the 
> documentation may mention everything that is needed additionally 
> (depending on the targetet opponent: spammers, facebook-alikes, 
> secret police) or useful.

Someone would have to be crazy to write this.  The product liability
lawsuits alone would be daunting.  Remember that a jury trial is often
not so much about the law as it is about blame: if something bad happens
the jury wants to be able to point at someone and say, "that person is
responsible."

If I were to write this, it wouldn't matter how big of a disclaimer I
put on the cover page: I would live in fear of someone hauling me into
court to say, "Ladies and gentlemen of the jury, I followed his
instructions and I got to spend six weeks discovering what my own liver
tasted like.  I blame him for the fact I was captured and tortured by
the secret police."

This also doesn't get into the problem of there being so astonishingly
few people on the list -- quite possibly *zero* people on the list --
who are competent to write such a thing.  A good rule of thumb in crypto
is to never trust ciphers designed by people who haven't first earned
their bones by breaking them.  The same applies to countersurveillance
and tradecraft: don't take advice from people who haven't first proven
their abilities at finding people who really, really don't want to be found.


From rjh at sixdemonbag.org  Thu Mar 10 14:34:13 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 08:34:13 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103101123.56759.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
Message-ID: <4D78D355.3000307@sixdemonbag.org>

On 3/10/2011 5:23 AM, Hauke Laging wrote:
> ]Those people who just want to protect their 
> social connections by signing other keys without revealing their identity to 
> those who don't know it already have no need to cover their target addresses 
> because the marketing people and "just curious" normal ones are not capable of 
> reading their email traffic. So there already is a use case.

You've just described the use case for a local certification.

Certifications come in two basic varieties: public and private.  A
public certification is intended as an announcement to the world: "Hey,
world!  I am [name] and I vouch for this certificate!"

If people want to make public pronouncements of social relationship, why
in the world would you want to deploy a technology that makes it
difficult to discover this social relationship?

This doesn't make any sense to me.  Quite possibly I have completely
misunderstood what you're arguing.


From rjh at sixdemonbag.org  Thu Mar 10 14:40:55 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Mar 2011 08:40:55 -0500
Subject: Signing signature policies required for safe key usage?
In-Reply-To: <201103101356.53745.mailinglisten@hauke-laging.de>
References: <201103101356.53745.mailinglisten@hauke-laging.de>
Message-ID: <4D78D4E7.3060401@sixdemonbag.org>

On 3/10/2011 7:56 AM, Hauke Laging wrote:
> Thus I think that we should not only certify other people's keys but
> also sign the respective signature policy document. You trust the key
> because it has valid signatures by other keys you trust. You can
> analogically trust a policy document because an attacker would not
> only have to steal the respective secret key but also all secret keys
> for the signatures you demand to accept the policy document as
> valid.

I don't believe it will ever happen.

For all that we like to believe people validate certificates, the blunt
reality is certificate validation is an unusual event.  Certificate
signing is a technical procedure and most users don't do it.  This is
why GnuPG allows for a trust model of "always", where all keys are
treated as validated even though they haven't been.

When the overwhelming majority of users validate keys by fiat, there's
no reason to think they'll either (a) write a policy document, (b) read
another person's policy document, (c) adhere to their own policy
document, or (d) randomly check certificates they've signed in order to
make sure the cert owner is adhering to his or her policy document.

I mean, in an abstract sense, yes, it would be nice if..., but I don't
expect it to ever happen.


From johanw at vulcan.xs4all.nl  Thu Mar 10 18:17:17 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu, 10 Mar 2011 18:17:17 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
Message-ID: <4D79079D.5070901@vulcan.xs4all.nl>

On 10-03-2011 2:12, Jeffrey Walton wrote:

> Imagine you are Tunisian or Libyan or some other nationality where
> disagreeing with the regime might get you killed. Would you want your
> name and email associated with another's keyring?

I would not sign any key in that case. Even more, I would not sign any
email so the regime could prove I wrote it. I would only encrypt them.

> Or would you prefer anonymity?

Of course.

-- 
Met vriendelijke groet,

Johan Wevers



From dougb at dougbarton.us  Thu Mar 10 20:39:35 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Thu, 10 Mar 2011 11:39:35 -0800
Subject: Signing signature policies required for safe key usage?
In-Reply-To: <201103101356.53745.mailinglisten@hauke-laging.de>
References: <201103101356.53745.mailinglisten@hauke-laging.de>
Message-ID: <4D7928F7.4080409@dougbarton.us>

On 03/10/2011 04:56, Hauke Laging wrote:
> A signature itself does not say much except that the one who created it had
> access to the secret key.

... and whether or not the thing you have (email message, software blob, 
etc.) is the same as the thing that was signed by the signer. Beyond 
that you're correct in saying that everything else you can infer from 
the signature is based on your understanding/confidence/etc. in the 
keyholder's security, policy, etc.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From mailinglisten at hauke-laging.de  Thu Mar 10 21:09:58 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 10 Mar 2011 21:09:58 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D78D355.3000307@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
Message-ID: <201103102110.06081.mailinglisten@hauke-laging.de>

Am Donnerstag 10 M?rz 2011 14:34:13 schrieb Robert J. Hansen:
> On 3/10/2011 5:23 AM, Hauke Laging wrote:
> > ]Those people who just want to protect their
> > social connections by signing other keys without revealing their identity
> > to those who don't know it already have no need to cover their target
> > addresses because the marketing people and "just curious" normal ones are
> > not capable of reading their email traffic. So there already is a use
> > case.

> Certifications come in two basic varieties: public and private.  A
> public certification is intended as an announcement to the world: "Hey,
> world!  I am [name] and I vouch for this certificate!"

That's the technical situation today. But it is no use to announce that to the 
whole world. It is required only for those people who use your signature in a 
validation chain. Everyone else does not need (and probably not use) the 
signature so there is no benefit for exposing the connection (though unclear) 
between the key owner and the certifier.


> If people want to make public pronouncements of social relationship, why
> in the world would you want to deploy a technology that makes it
> difficult to discover this social relationship?

I want to deploy this technology because

a) this is in my strong opinion not what people WANT (it's just what they DO 
because there is neither much awareness for the problem nor a usable 
alternative)

b) nobody who really wants to inform the whole world is in any way affected in 
doing that.


> This doesn't make any sense to me.  Quite possibly I have completely
> misunderstood what you're arguing.

May be a language problem, sorry. I'll try with an example:

You have validated my key (among others) and I (among others) have validated 
Ben's. Now you want to validate Ben's key indirectly. Ben's key has ten 
signatures, the one by my key is the only one usable for you. The next person 
who tries to validate find another signature useful. It's perfectly OK for me 
that you can see that I have signed Ben's key but why should others know that? 
Why should you be able to find out who are the other ones who have made 
signatures for Ben's key?

I would make a local signature if I would not want to let anyone know that I 
have verified the key. But in that case you could not verify Ben's key what I 
am willing to enable. The motto is: Don't reveal more than necessary. You have 
to reveal something in order to make the whole thing work but you don't have 
to reveal all.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110310/df3a0e73/attachment.pgp>

From dkg at fifthhorseman.net  Thu Mar 10 21:44:00 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 10 Mar 2011 15:44:00 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103102110.06081.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
Message-ID: <4D793810.1040809@fifthhorseman.net>

On 03/10/2011 03:09 PM, Hauke Laging wrote:
> You have validated my key (among others) and I (among others) have validated 
> Ben's. Now you want to validate Ben's key indirectly. Ben's key has ten 
> signatures, the one by my key is the only one usable for you. The next person 
> who tries to validate find another signature useful. It's perfectly OK for me 
> that you can see that I have signed Ben's key but why should others know that? 
> Why should you be able to find out who are the other ones who have made 
> signatures for Ben's key?
> 
> I would make a local signature if I would not want to let anyone know that I 
> have verified the key. But in that case you could not verify Ben's key what I 
> am willing to enable. The motto is: Don't reveal more than necessary. You have 
> to reveal something in order to make the whole thing work but you don't have 
> to reveal all.

How does hashed user IDs address this particular question?  You don't
need to care about the User IDs on keys if you just want to map
relationships.

If i'm mapping relationships, and i decide from that mapping that a
particular keyholder is "interesting", *then* the hashed User IDs might
become a minor stumbling block in my figuring out who the keyholder is
in the "real world".

But the point of User IDs is to bind human-intelligible (and therefore
likely low-entropy) "real world" information to keys.  So if i have
reasonable computer resources at my disposal, reversing the digest of
low-entropy material seems like a possibility.

If you want to keep the fact that one keyholder has verified another
keyholder's identity secret, you cannot solve that by obscuring the User
IDs.

The right way to solve that is with non-exportable OpenPGP
certifications, which must be passed between users explicitly.

For example:

"Hi Bob, I'm Alice.  Charles vouches for my identity as you can see from
this non-exportable cert."

In this example, Charles does not want the world to know that he has
certified Alice's key.  But he's willing to let Alice decide who knows
this information, so he gives her a copy of his non-exportable cert.

After Alice has introduced herself to Bob this way, both B and A know
about the C->A certification, but the rest of the world is still at a
loss.  either B or A could share this certificate with anyone else, of
course.  It's out of C's hands as soon as he gave a copy of the
non-exportable cert to A.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/c880f61a/attachment.pgp>

From rookcifer at gmail.com  Thu Mar 10 12:09:04 2011
From: rookcifer at gmail.com (chr0n0)
Date: Thu, 10 Mar 2011 03:09:04 -0800 (PST)
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D786F52.5030006@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
	<AANLkTim20h9PvMn057dXoxK4wsJN=zY_=NnL=zi+g7Uf@mail.gmail.com>
	<4D783EF6.5090608@adversary.org> <4D784130.1060300@sixdemonbag.org>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
	<4D786F52.5030006@adversary.org>
Message-ID: <31114600.post@talk.nabble.com>


If one really wanted to overthrow the "People's Republic of Berkeley," using
obfuscated e-mail addresses with the proposed methods outlined in this
thread would be akin to inventing a solution for a problem that doesn't
exist.  There are already numerous methods for off-the-record encrypted
communications.  Indeed, OTR was to devised as a protocol that allows
encrypted and authenticated communications without having to be a slave to
an interminable digital signature that might come back to haunt you.

As for remaining anonymous, one can merely connect to the IM server via Tor
or some other similar method.  Or one could even run their own P2P IM
software like XMPP thus cutting out the middle man.  Another option is a
hidden .onion IRC service or a SILC chat conference.  If one is really bent
on using e-mail, one can merely create a throw-away address using Tor and
then create a throw-away GPG key.  There are numerous ways to do this
already.

OpenPGP's goal is not anonymity or deniability.  If you want that, there's
better protocols and methods as Robert Hansen has hinted at already.
-- 
View this message in context: http://old.nabble.com/Security-of-the-gpg-private-keyring--tp31031263p31114600.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From ben at adversary.org  Fri Mar 11 07:07:57 2011
From: ben at adversary.org (Ben McGinnes)
Date: Fri, 11 Mar 2011 17:07:57 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D78CDC8.8000304@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78CDC8.8000304@sixdemonbag.org>
Message-ID: <4D79BC3D.3080201@adversary.org>

On 11/03/11 12:10 AM, Robert J. Hansen wrote:
> 
> Not at all.  Every few days the keyserver network posts complete dumps
> of all the certificates in the system.  (Or, more accurately, various
> people within the network do.)  This exists so that new volunteers who
> want to contribute their services to the community can get their own
> servers bootstrapped.

Out of curiosity, how big is that now?


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/4cf3eeb5/attachment.pgp>

From ben at adversary.org  Fri Mar 11 07:44:57 2011
From: ben at adversary.org (Ben McGinnes)
Date: Fri, 11 Mar 2011 17:44:57 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D793810.1040809@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D793810.1040809@fifthhorseman.net>
Message-ID: <4D79C4E9.9050109@adversary.org>

On 11/03/11 7:44 AM, Daniel Kahn Gillmor wrote:
> 
> If you want to keep the fact that one keyholder has verified another
> keyholder's identity secret, you cannot solve that by obscuring the
> User IDs.
> 
> The right way to solve that is with non-exportable OpenPGP
> certifications, which must be passed between users explicitly.

Ah, this is what I've been looking around for!  For the sake of the
archives, how does one provide a non-exportable certification?
Obviously the export flag won't cut it.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/538d48fb/attachment-0001.pgp>

From ben at adversary.org  Fri Mar 11 07:32:15 2011
From: ben at adversary.org (Ben McGinnes)
Date: Fri, 11 Mar 2011 17:32:15 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103101123.56759.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
Message-ID: <4D79C1EF.7080402@adversary.org>

On 10/03/11 9:23 PM, Hauke Laging wrote:
> Am Donnerstag 10 M?rz 2011 06:17:25 schrieb Robert J. Hansen:
> 
>> while you could conceivably come up with an email address with high
>> enough entropy, it's easier to just use anonymous services and
>> dead-drop emails.
> 
> Of course, you can create a key with UIDs without name and email
> only but such keys are not very comfortable to have in your keyring
> ("What's that?").

There's nothing stopping you from creating an alternate gpg.conf file
(invoked via the --options flag) which points to different default
keys and even alternate keyrings.  Put the entire lot in a TrueCrypt
volume and when it's not in use, people won't be able to decrypt
enough to know about the alternate identities.

> Of course, you can add a UID annotation feature without having the
> hashing feature.  But not having the hashing feature makes it more
> difficult to get the key (and key updates).

Not necessarily.  You can put anything you like in the UID and people
can search on that.  Just running "gpg --search-keys
alt.anonymous.messages" should show a good list of keys where people
have done exactly that over the years.

> Keyserver access is pretty anonymous. If you put keys on a website
> (the address of which the one can have given you who gave you the
> non- public email address) then that is another way to try to reveal
> the identity of the communication partner.

There are plenty of ways to reveal the identity of of correspondents
unless a certain amount of effort has been put into anonymising the
transmission.  Anyone wanting to do this (including just to play
around and see how it works) would be well served by looking into Tor
and remailers.

> I appreciate your effort to consider the problem as a whole. It
> would be a pity to create something that turns out to be useless in
> the end.

Yes and it would be dangerous to create something which instills a
false sense of security.  This hashing idea is an interesting method
of preventing the revelation of a given identity (real or
pseudonymous) from a casual observer, but it does not prevent a number
of things which enable that information to be determined, including
traffic analysis.

> But that is not a problem here any longer: Those people who just
> want to protect their social connections by signing other keys
> without revealing their identity to those who don't know it already
> have no need to cover their target addresses because the marketing
> people and "just curious" normal ones are not capable of reading
> their email traffic. So there already is a use case. Your objections
> for the high security cases are very good to raise awareness but
> point outside the gnupg sphere.

The thing is, the hashed UID idea isn't attempting to address an issue
with GPG per se.  It's attempting to address an issue with privacy of
identity in a larger context; to whit, by attempting to conceal names
and social connections as they are displayed as UIDs and signatures or
certificates.  There are other ways to obtain this information, even
without utilising GPG or examining the body of a message.  Traffic
analysis alone reveals far more than who may have signed someone's key
at some point in time.

> You made a brute force calculation. Why should keyservers allow
> brute force searches for hash IDs? If you use millions of remotely
> controlled idiot PCs simultaneously for that then it may be hard to
> track them but then we are close to a DoS, aren't we?

Robert's already covered this pretty well.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/ac01eea7/attachment.pgp>

From dkg at fifthhorseman.net  Fri Mar 11 08:50:33 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 11 Mar 2011 02:50:33 -0500
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <4D79C4E9.9050109@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D793810.1040809@fifthhorseman.net>
	<4D79C4E9.9050109@adversary.org>
Message-ID: <4D79D449.4000109@fifthhorseman.net>

On 03/11/2011 01:44 AM, Ben McGinnes wrote:
> Ah, this is what I've been looking around for!  For the sake of the
> archives, how does one provide a non-exportable certification?
> Obviously the export flag won't cut it.

non-exportable OpenPGP certifications are also known as "local"
certifications.

To make a non-exportable OpenPGP certification, use:

 gpg --lsign-key frida at example.net

To put that in a file:

 gpg --export-options export-local --export --armor frida at example.net \
    > frida.gpg

Then the receiving party does:

 gpg --import-options import-local --import < frida.gpg

 -----------------

So, for example, if you wanted to mail your certifications over alice's
key to bob without exposing them over the network, you would do
something like:

gpg --export-options export-local --export --armor alice at example.net | \
 gpg --encrypt --armor -r bob at example.net | \
 mail -s 'sekrit info 4 u' bob at example.net

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/7c87623e/attachment.pgp>

From ben at adversary.org  Fri Mar 11 11:08:50 2011
From: ben at adversary.org (Ben McGinnes)
Date: Fri, 11 Mar 2011 21:08:50 +1100
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <4D79D449.4000109@fifthhorseman.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D793810.1040809@fifthhorseman.net>	<4D79C4E9.9050109@adversary.org>
	<4D79D449.4000109@fifthhorseman.net>
Message-ID: <4D79F4B2.3090608@adversary.org>

On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
> On 03/11/2011 01:44 AM, Ben McGinnes wrote:
>> Ah, this is what I've been looking around for!  For the sake of the
>> archives, how does one provide a non-exportable certification?
>> Obviously the export flag won't cut it.
> 
> non-exportable OpenPGP certifications are also known as "local"
> certifications.
> 
> To make a non-exportable OpenPGP certification, use:
> 
>  gpg --lsign-key frida at example.net

This bit I knew and have used sporadically, good to know that you were
referring to what I assumed, though.

> To put that in a file:
> 
>  gpg --export-options export-local --export --armor frida at example.net \
>     > frida.gpg
> 
> Then the receiving party does:
> 
>  gpg --import-options import-local --import < frida.gpg

Oh, excellent.  Just one little clarification; the man page lists the
parameters as export-local-sigs and import-local-sigs, does shortening
it the way you have work or does the full option name need to be used?


Regards,
Ben



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/88d25c47/attachment.pgp>

From roam at ringlet.net  Fri Mar 11 11:54:24 2011
From: roam at ringlet.net (Peter Pentchev)
Date: Fri, 11 Mar 2011 12:54:24 +0200
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <4D79F4B2.3090608@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D793810.1040809@fifthhorseman.net>
	<4D79C4E9.9050109@adversary.org>
	<4D79D449.4000109@fifthhorseman.net>
	<4D79F4B2.3090608@adversary.org>
Message-ID: <20110311105424.GA3559@straylight.ringlet.net>

On Fri, Mar 11, 2011 at 09:08:50PM +1100, Ben McGinnes wrote:
> On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
> > On 03/11/2011 01:44 AM, Ben McGinnes wrote:
> >> Ah, this is what I've been looking around for!  For the sake of the
> >> archives, how does one provide a non-exportable certification?
> >> Obviously the export flag won't cut it.
> > 
> > non-exportable OpenPGP certifications are also known as "local"
> > certifications.
> > 
> > To make a non-exportable OpenPGP certification, use:
> > 
> >  gpg --lsign-key frida at example.net
> 
> This bit I knew and have used sporadically, good to know that you were
> referring to what I assumed, though.
> 
> > To put that in a file:
> > 
> >  gpg --export-options export-local --export --armor frida at example.net \
> >     > frida.gpg
> > 
> > Then the receiving party does:
> > 
> >  gpg --import-options import-local --import < frida.gpg
> 
> Oh, excellent.  Just one little clarification; the man page lists the
> parameters as export-local-sigs and import-local-sigs, does shortening
> it the way you have work or does the full option name need to be used?

All the GnuPG command-line commands and options may be abbreviated to
a unique, unambiguous starting part of their names.  Try gpg --clearsi
or gpg --cl, for instance :)

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
I've heard that this sentence is a rumor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110311/019a8f08/attachment.pgp>

From dshaw at jabberwocky.com  Fri Mar 11 14:33:25 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 11 Mar 2011 08:33:25 -0500
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <4D79F4B2.3090608@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D793810.1040809@fifthhorseman.net>	<4D79C4E9.9050109@adversary.org>
	<4D79D449.4000109@fifthhorseman.net>
	<4D79F4B2.3090608@adversary.org>
Message-ID: <B6932C67-3CCD-4376-9105-926AE272A79D@jabberwocky.com>

On Mar 11, 2011, at 5:08 AM, Ben McGinnes wrote:

> On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
>> On 03/11/2011 01:44 AM, Ben McGinnes wrote:
>>> Ah, this is what I've been looking around for!  For the sake of the
>>> archives, how does one provide a non-exportable certification?
>>> Obviously the export flag won't cut it.
>> 
>> non-exportable OpenPGP certifications are also known as "local"
>> certifications.
>> 
>> To make a non-exportable OpenPGP certification, use:
>> 
>> gpg --lsign-key frida at example.net
> 
> This bit I knew and have used sporadically, good to know that you were
> referring to what I assumed, though.
> 
>> To put that in a file:
>> 
>> gpg --export-options export-local --export --armor frida at example.net \
>>> frida.gpg
>> 
>> Then the receiving party does:
>> 
>> gpg --import-options import-local --import < frida.gpg
> 
> Oh, excellent.  Just one little clarification; the man page lists the
> parameters as export-local-sigs and import-local-sigs, does shortening
> it the way you have work or does the full option name need to be used?

As a general rule, most gpg options can be shortened, so long as they are still unique.  So the real name for the option is "export-local-sigs", but "export-local" or even "export-l" is fine (and "export" would not be as gpg can't tell if you mean export-local-sigs, or export-attributes, or...)

If you're documenting or scripting things, it's good practice to give the full name since you never know if we're going to add a "export-lovely-sigs" option or some such, and thus make "export-l" non unique.

David



From rjh at sixdemonbag.org  Fri Mar 11 14:33:38 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Mar 2011 08:33:38 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D79BC3D.3080201@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>
	<4D79BC3D.3080201@adversary.org>
Message-ID: <4D7A24B2.6010308@sixdemonbag.org>

On 3/11/2011 1:07 AM, Ben McGinnes wrote:
> Out of curiosity, how big is that now?

My complete /var/lib/sks/DB directory comes in at 7.8G.  Not too large.



From rjh at sixdemonbag.org  Fri Mar 11 14:54:57 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Mar 2011 08:54:57 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103102110.06081.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
Message-ID: <4D7A29B1.4010706@sixdemonbag.org>

On 3/10/2011 3:09 PM, Hauke Laging wrote:
> That's the technical situation today. But it is no use to announce
> that to the whole world.

(Did you mean "not necessary" instead of "no use"?)

It is useful to quite a lot of people.  Look at how many people map out
webs of trust for entirely innocent purposes.  In fact, mapping out webs
of trust is necessary for the WoT idea to even work.  "Well, I've signed
Frank's key and I see that Frank's signed Gianna's key, and I trust
Frank so..."

> It is required only for those people who use your signature in a 
> validation chain.

How do you propose determining who really needs those signatures for
validation purposes and who doesn't?  And once you've made that
determination, how do you enforce it?

Those are the two major, outstanding questions, and so far I've not seen
any serious attempts at answering them.  It seems this discussion is
stuck at the stage of "it would be nice if we all had ponies," without
any real answers to questions of "so where will we get the real estate
to house the ponies?" and "who among us is an equine veterinarian?"

> b) nobody who really wants to inform the whole world is in any way
> affected in doing that.

I don't know how to respond to this: since we don't have a workable
proposal for how to accomplish your objectives, we also can't discuss
how your proposal will affect existing users.

> It's perfectly OK for me that you can see that I have signed Ben's
> key but why should others know that?

Because this is not an ORCON system.  The system is built around public
certifications and private certifications.  You're talking about
introducing an entirely new method, something which seems basically like
an ORCON certification: "I'll make the certification, but I get to
control who gets to learn about the certification."


From ben at adversary.org  Fri Mar 11 16:31:56 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sat, 12 Mar 2011 02:31:56 +1100
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <B6932C67-3CCD-4376-9105-926AE272A79D@jabberwocky.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D793810.1040809@fifthhorseman.net>	<4D79C4E9.9050109@adversary.org>	<4D79D449.4000109@fifthhorseman.net>	<4D79F4B2.3090608@adversary.org>
	<B6932C67-3CCD-4376-9105-926AE272A79D@jabberwocky.com>
Message-ID: <4D7A406C.6010706@adversary.org>

On 12/03/11 12:33 AM, David Shaw wrote:
> 
> As a general rule, most gpg options can be shortened, so long as
> they are still unique. 

A bit like IOS commands, good to know.

> So the real name for the option is "export-local-sigs", but
> "export-local" or even "export-l" is fine (and "export" would not be
> as gpg can't tell if you mean export-local-sigs, or
> export-attributes, or...)

Makes sense.

> If you're documenting or scripting things, it's good practice to
> give the full name since you never know if we're going to add a
> "export-lovely-sigs" option or some such, and thus make "export-l"
> non unique.

That's sensible, although I'd be a little disturbed if there ever was
an "export-lovely-sigs" (presumably "export-despised-sigs" would be
the opposite).  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/0162bb71/attachment.pgp>

From ben at adversary.org  Fri Mar 11 16:25:43 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sat, 12 Mar 2011 02:25:43 +1100
Subject: non-exportable OpenPGP certifications [was: Re: hashed user IDs ]
In-Reply-To: <20110311105424.GA3559@straylight.ringlet.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D793810.1040809@fifthhorseman.net>	<4D79C4E9.9050109@adversary.org>	<4D79D449.4000109@fifthhorseman.net>	<4D79F4B2.3090608@adversary.org>
	<20110311105424.GA3559@straylight.ringlet.net>
Message-ID: <4D7A3EF7.7000006@adversary.org>

On 11/03/11 9:54 PM, Peter Pentchev wrote:
> 
> All the GnuPG command-line commands and options may be abbreviated to
> a unique, unambiguous starting part of their names.  Try gpg --clearsi
> or gpg --cl, for instance :)

Excellent, thanks.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/26cb2960/attachment.pgp>

From ben at adversary.org  Fri Mar 11 16:24:19 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sat, 12 Mar 2011 02:24:19 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A24B2.6010308@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>
	<4D7A24B2.6010308@sixdemonbag.org>
Message-ID: <4D7A3EA3.7080305@adversary.org>

On 12/03/11 12:33 AM, Robert J. Hansen wrote:
> On 3/11/2011 1:07 AM, Ben McGinnes wrote:
>> Out of curiosity, how big is that now?
> 
> My complete /var/lib/sks/DB directory comes in at 7.8G.  Not too large.

That's smaller than I would have thought, but a *lot* larger than the
last time I checked (sometime in the '90s).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/f4ffaf45/attachment.pgp>

From avi.wiki at gmail.com  Fri Mar 11 18:50:26 2011
From: avi.wiki at gmail.com (Avi)
Date: Fri, 11 Mar 2011 12:50:26 -0500
Subject: Compression used in an encrypted message
Message-ID: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Forgive my ignorance, but is there a way to take a given
encrypted message/file and determine which compression algorithm
was used (and which level)? I know how to set compression
algorithm and level prefs, but I'm curious to see what others
use, if possible.

Thanks,

Avi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs

iJgEAREKAEAFAk16YNE5GGh0dHA6Ly9wZ3AubmljLmFkLmpwL3Brcy9sb29rdXA/
b3A9Z2V0JnNlYXJjaD0weEY4MEUyOUY5AAoJEA1isBn4Din5uvUA/2qqX7JAcw1C
36V3m9rSWMTt96xQeK6l+/abhwgb7Z6kAQCK0kPjBRiFromrcBueppwKKcvA6Rmw
gO/pjOJhkKxMWQ==
=kVV4
-----END PGP SIGNATURE-----

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com
>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC  ABAA 0D62 B019 F80E
29F9
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110311/eb1c18f1/attachment.htm>

From roam at ringlet.net  Fri Mar 11 19:30:30 2011
From: roam at ringlet.net (Peter Pentchev)
Date: Fri, 11 Mar 2011 20:30:30 +0200
Subject: Compression used in an encrypted message
In-Reply-To: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
References: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
Message-ID: <20110311183029.GA3769@straylight.ringlet.net>

On Fri, Mar 11, 2011 at 12:50:26PM -0500, Avi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Forgive my ignorance, but is there a way to take a given
> encrypted message/file and determine which compression algorithm
> was used (and which level)? I know how to set compression
> algorithm and level prefs, but I'm curious to see what others
> use, if possible.

If the file has been encrypted to you (or, more specifically, to
one of the secret keys currently accessible to you), then, yes, you
most probably can - "gpg --list-packets filename" should tell you
what compression algorithm has been used, then it's just a matter of
looking it up in RFC 4880 :)

If the message has been encrypted to someone else's key, then you
most probably won't be able to examine it - at least GnuPG does
the compression before the encryption, so that the information about
the compression algorithm used is contained within the encrypted data.
You may still give it a shot with --list-packets, but don't expect
too much :)

Hope that helps.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence contains exactly threee erors.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110311/bab04360/attachment.pgp>

From dshaw at jabberwocky.com  Fri Mar 11 19:35:19 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 11 Mar 2011 13:35:19 -0500
Subject: Compression used in an encrypted message
In-Reply-To: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
References: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
Message-ID: <3DA96175-218D-4BFD-86D6-4F4520F06A2A@jabberwocky.com>

On Mar 11, 2011, at 12:50 PM, Avi wrote:

> Forgive my ignorance, but is there a way to take a given
> encrypted message/file and determine which compression algorithm
> was used (and which level)? I know how to set compression
> algorithm and level prefs, but I'm curious to see what others
> use, if possible.

You can't tell which compression is used in any arbitrary message since you need to be able to decrypt it first.  If the message is to you, however, you can run 'gpg --list-packets' on it.

When running list-packets, you should see a line like this:

   :compressed packet: algo=2

Algo 1 == ZIP
Algo 2 == ZLIB
Algo 3 == BZIP2

If there is no "compressed packet" line at all, then the message is uncompressed.

David



From avi.wiki at gmail.com  Fri Mar 11 20:01:20 2011
From: avi.wiki at gmail.com (Avi)
Date: Fri, 11 Mar 2011 14:01:20 -0500
Subject: Compression used in an encrypted message
In-Reply-To: <3DA96175-218D-4BFD-86D6-4F4520F06A2A@jabberwocky.com>
References: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
	<3DA96175-218D-4BFD-86D6-4F4520F06A2A@jabberwocky.com>
Message-ID: <AANLkTinz3CMcr2uT_DTGwooQiOLB6Ws9=XURg7tMtgRP@mail.gmail.com>

Thanks, everyone.

So we can see the algorithm, but can not be able to see the compression
level used, correct?

Thanks,

--Avi

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com
>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC  ABAA 0D62 B019 F80E
29F9


On Fri, Mar 11, 2011 at 1:35 PM, David Shaw <dshaw at jabberwocky.com> wrote:

> On Mar 11, 2011, at 12:50 PM, Avi wrote:
>
> > Forgive my ignorance, but is there a way to take a given
> > encrypted message/file and determine which compression algorithm
> > was used (and which level)? I know how to set compression
> > algorithm and level prefs, but I'm curious to see what others
> > use, if possible.
>
> You can't tell which compression is used in any arbitrary message since you
> need to be able to decrypt it first.  If the message is to you, however, you
> can run 'gpg --list-packets' on it.
>
> When running list-packets, you should see a line like this:
>
>   :compressed packet: algo=2
>
> Algo 1 == ZIP
> Algo 2 == ZLIB
> Algo 3 == BZIP2
>
> If there is no "compressed packet" line at all, then the message is
> uncompressed.
>
> David
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110311/da3e4e78/attachment.htm>

From dshaw at jabberwocky.com  Fri Mar 11 20:25:52 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 11 Mar 2011 14:25:52 -0500
Subject: Compression used in an encrypted message
In-Reply-To: <AANLkTinz3CMcr2uT_DTGwooQiOLB6Ws9=XURg7tMtgRP@mail.gmail.com>
References: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
	<3DA96175-218D-4BFD-86D6-4F4520F06A2A@jabberwocky.com>
	<AANLkTinz3CMcr2uT_DTGwooQiOLB6Ws9=XURg7tMtgRP@mail.gmail.com>
Message-ID: <12FF761C-E1D4-48DF-8567-B059B3FF3B3E@jabberwocky.com>

On Mar 11, 2011, at 2:01 PM, Avi wrote:

> Thanks, everyone.
> 
> So we can see the algorithm, but can not be able to see the compression level used, correct?

Not directly, no.  OpenPGP just encapsulates the compressed stream, so you'd have to extract the compressed data and examine it.  I'm not sure if a single-number answer is available even then.  Basically, if you can get the level from a regular compressed .gz or .bz2 file, then you can get it here, but either way, GPG does not have visibility into that.

David



From johanw at vulcan.xs4all.nl  Fri Mar 11 20:48:59 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Fri, 11 Mar 2011 20:48:59 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A24B2.6010308@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>
	<4D7A24B2.6010308@sixdemonbag.org>
Message-ID: <4D7A7CAB.2070109@vulcan.xs4all.nl>

On 11-03-2011 14:33, Robert J. Hansen wrote:

> My complete /var/lib/sks/DB directory comes in at 7.8G.  Not too large.

How much of that is repeated automated signatures from the pgp keyserver?

-- 
Met vriendelijke groet,

Johan Wevers



From dshaw at jabberwocky.com  Fri Mar 11 21:14:38 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 11 Mar 2011 15:14:38 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A24B2.6010308@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>
	<4D79BC3D.3080201@adversary.org> <4D7A24B2.6010308@sixdemonbag.org>
Message-ID: <3C085950-1473-467D-B3B7-FEEAE50A5DC6@jabberwocky.com>

On Mar 11, 2011, at 8:33 AM, Robert J. Hansen wrote:

> On 3/11/2011 1:07 AM, Ben McGinnes wrote:
>> Out of curiosity, how big is that now?
> 
> My complete /var/lib/sks/DB directory comes in at 7.8G.  Not too large.

That's the on-disk SKS database format, and so contains a good bit of non-key data and other inefficiencies.  A dump of just key data is around 3.5G nowadays.

David



From avi.wiki at gmail.com  Fri Mar 11 21:15:10 2011
From: avi.wiki at gmail.com (Avi)
Date: Fri, 11 Mar 2011 15:15:10 -0500
Subject: Compression used in an encrypted message
In-Reply-To: <12FF761C-E1D4-48DF-8567-B059B3FF3B3E@jabberwocky.com>
References: <AANLkTi=SO+OiuCF8YPSZai_y6BN-JJgKN=CoirGoG7dg@mail.gmail.com>
	<3DA96175-218D-4BFD-86D6-4F4520F06A2A@jabberwocky.com>
	<AANLkTinz3CMcr2uT_DTGwooQiOLB6Ws9=XURg7tMtgRP@mail.gmail.com>
	<12FF761C-E1D4-48DF-8567-B059B3FF3B3E@jabberwocky.com>
Message-ID: <AANLkTimWFOsEtmz+FTLkrJGpmb5VbAAXVcOGQX9npyQq@mail.gmail.com>

Thank you for the explanations, everone.

--Avi

On 3/11/11, David Shaw <dshaw at jabberwocky.com> wrote:
> On Mar 11, 2011, at 2:01 PM, Avi wrote:
>
>> Thanks, everyone.
>>
>> So we can see the algorithm, but can not be able to see the compression
>> level used, correct?
>
> Not directly, no.  OpenPGP just encapsulates the compressed stream, so you'd
> have to extract the compressed data and examine it.  I'm not sure if a
> single-number answer is available even then.  Basically, if you can get the
> level from a regular compressed .gz or .bz2 file, then you can get it here,
> but either way, GPG does not have visibility into that.
>
> David
>
>

-- 
Sent from my mobile device

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC  ABAA 0D62 B019 F80E 29F9


From rjh at sixdemonbag.org  Fri Mar 11 21:39:07 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Mar 2011 15:39:07 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A7CAB.2070109@vulcan.xs4all.nl>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>
	<4D7A7CAB.2070109@vulcan.xs4all.nl>
Message-ID: <4D7A886B.2060508@sixdemonbag.org>

On 3/11/11 2:48 PM, Johan Wevers wrote:
> How much of that is repeated automated signatures from the pgp
> keyserver?

Don't know, but it would be an interesting thing to test.



From thajsta at gmail.com  Fri Mar 11 21:50:15 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Fri, 11 Mar 2011 15:50:15 -0500
Subject: For Windows
Message-ID: <4D7A8B07.4090907@gmail.com>

Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9
because [1] I can not find an executable for 2.0.17 for Windows, and [2]
I do not know how to configure the GPG-agent. Can somebody please assist
me with upgrading to 2.0.17 and configuring the agent? For about a week
I have been searching everywhere but found nothing. I did install
GPG4WIN then uninstalled it because I could not figure out how to use
the agent and the GPA utility is not screen reader accessible. Thanks in
advance for your help.

PS. I am blind and use a screen reader. Everything must be 100% keyboard
accessible.
-- 
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
files or previous e-mail messages attached to it may contain
confidential information that is legally privileged. If you are not the
intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or use of any of the information contained in or
attached to this transmission is STRICTLY PROHIBITED. If you have
received this transmission in error, please immediately notify the
sender, and please destroy the original transmission and its attachments
without reading or saving in any manner. Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3101 bytes
Desc: not available
URL: </pipermail/attachments/20110311/6de37138/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/6de37138/attachment.pgp>

From aaron.toponce at gmail.com  Sat Mar 12 00:56:11 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Fri, 11 Mar 2011 16:56:11 -0700
Subject: For Windows
In-Reply-To: <4D7A8B07.4090907@gmail.com>
References: <4D7A8B07.4090907@gmail.com>
Message-ID: <4D7AB69B.7040003@gmail.com>

On 03/11/2011 01:50 PM, Jonathan Ely wrote:
> Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9
> because [1] I can not find an executable for 2.0.17 for Windows, and [2]
> I do not know how to configure the GPG-agent. Can somebody please assist
> me with upgrading to 2.0.17 and configuring the agent? For about a week
> I have been searching everywhere but found nothing. I did install
> GPG4WIN then uninstalled it because I could not figure out how to use
> the agent and the GPA utility is not screen reader accessible. Thanks in
> advance for your help.
> 
> PS. I am blind and use a screen reader. Everything must be 100% keyboard
> accessible.

I don't know about an "official" GnuPG agent for Windows, but Enigmail
ships with a passphrase caching setting. You can access it via the
keyboard with the following shortcuts:

ALT+n 		(currently, the "Events and Tasks" menu is selected)
right arrow 	(now the "OpenPGP" menu is selected)
p		(this brings up the "OpenPGP Preferences window)
TAB

You should now be in the "Passphrase settings" part of the "Basic" tab
of the "OpenPGP Preferences". Your cursor is focused on a number for
remembering your passphrase for a certain length of time. The default is
5 minutes of idle time. You can change this to anything you want, up to
9999 minutes.

1 more TAB key press will allow you to select a checkbox for "Never ask
for any passphrase". 3 more TAB key presses past that point will get you
to the "OK" button, to apply the settings.

Hope that helps.

On a side note, you may wish to re-evaluate your email signature.
Confidentiality notices are usually annoying to most recipients,
especially on mailing lists, where the email is publicly accessible on
the Internet for all to see.

If sensitive information must be sent over email, it should be
encrypted, with a note in the encrypted mail notifying the user of the
its sensitivity. Otherwise, they come across as elitist and
overprotective in nature, and there likely aren't many laws or legal
recourse you can take, should someone redistribute an email you sent, or
post it in a public forum.

FYI.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/71b99db9/attachment.pgp>

From kgo at grant-olson.net  Sat Mar 12 01:40:47 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Fri, 11 Mar 2011 19:40:47 -0500
Subject: For Windows
In-Reply-To: <4D7A8B07.4090907@gmail.com>
References: <4D7A8B07.4090907@gmail.com>
Message-ID: <4D7AC10F.2070503@grant-olson.net>

On 3/11/11 3:50 PM, Jonathan Ely wrote:
> Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9
> because [1] I can not find an executable for 2.0.17 for Windows, and [2]
> I do not know how to configure the GPG-agent. Can somebody please assist
> me with upgrading to 2.0.17 and configuring the agent? For about a week
> I have been searching everywhere but found nothing. I did install
> GPG4WIN then uninstalled it because I could not figure out how to use
> the agent and the GPA utility is not screen reader accessible. Thanks in
> advance for your help.
> 
> PS. I am blind and use a screen reader. Everything must be 100% keyboard
> accessible.
> 

Sorry, I don't have any windows boxes around right now, but did want to
provide two notes.

- GPG4WIN is the right package to install gpg2 on windows, so you've got
the right installer.  It's a shame GPA doesn't work with a screen reader.

- The 1.4 branch is still supported and maintained in parallel with the
2.0 branch.  If 1.4.9 is working for you, just stick with 1.4.9, or
perhaps upgrade to 1.4.11.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/d868e612/attachment-0001.pgp>

From John at enigmail.net  Sat Mar 12 07:20:45 2011
From: John at enigmail.net (John Clizbe)
Date: Sat, 12 Mar 2011 00:20:45 -0600
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D79BC3D.3080201@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>
	<4D79BC3D.3080201@adversary.org>
Message-ID: <4D7B10BD.2080104@enigmail.net>

Ben McGinnes wrote:
> On 11/03/11 12:10 AM, Robert J. Hansen wrote:
>> 
>> Not at all.  Every few days the keyserver network posts complete dumps
>> of all the certificates in the system.  (Or, more accurately, various
>> people within the network do.)  This exists so that new volunteers who
>> want to contribute their services to the community can get their own
>> servers bootstrapped.
> 
> Out of curiosity, how big is that now?

Checking both of my keyservers:

Total number of keys: 2922831
  http://sks.keyservers.net:11371/pks/lookup?op=stats
    @ 2011-03-12 00:00:46 CST
  http://keyserver.gingerbear.net:11371/pks/lookup?op=stats
    @ 2011-03-12 00:00:06 CST

103 servers (from http://www.sks-keyservers.net/status/)
  64 active in the pool, 39 excluded from the pool (for various reasons)

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 889 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/38fa0ce4/attachment.pgp>

From JPClizbe at tx.rr.com  Sat Mar 12 08:26:46 2011
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Sat, 12 Mar 2011 01:26:46 -0600
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A3EA3.7080305@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>
	<4D7A3EA3.7080305@adversary.org>
Message-ID: <4D7B2036.5020200@tx.rr.com>

Ben McGinnes wrote:
> On 12/03/11 12:33 AM, Robert J. Hansen wrote:
>> On 3/11/2011 1:07 AM, Ben McGinnes wrote:
>>> Out of curiosity, how big is that now?
>> 
>> My complete /var/lib/sks/DB directory comes in at 7.8G.  Not too large.
> 
> That's smaller than I would have thought, but a *lot* larger than the
> last time I checked (sometime in the '90s).

Ben,

That's the SKS implementation of the key database. On top of the keys, there are
several other tables. Within each table there is also empty space, most commonly
space left at the end of a page.

The present size of just the raw keys -- like you would pull in a keydump to
bootstrap a server -- is 4.38 GB

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 889 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/7e53a947/attachment.pgp>

From remco at webconquest.com  Sat Mar 12 12:29:34 2011
From: remco at webconquest.com (Remco Rijnders)
Date: Sat, 12 Mar 2011 12:29:34 +0100
Subject: For Windows
In-Reply-To: <4D7AB69B.7040003@gmail.com>
References: <4D7A8B07.4090907@gmail.com>
 <4D7AB69B.7040003@gmail.com>
Message-ID: <348.1AA0@winter.webconquest.com>

On Fri, Mar 11, 2011 at 04:56:11PM -0700, Aaron Toponce wrote:
>
>On a side note, you may wish to re-evaluate your email signature.
>Confidentiality notices are usually annoying to most recipients,
>especially on mailing lists, where the email is publicly accessible on
>the Internet for all to see.

And as a further side note... the GPG-signature failed to validate, most 
likely due to the legalise bla-bla signature being inserted in the 
message. I suppose that disabling that signature might be out of the 
original senders control, but since they used a gmail account, perhaps 
they should post through gmail instead of using whatever server that 
inserts the legal disclaimer.

Remco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110312/9f479d22/attachment.pgp>

From shavital at mac.com  Sat Mar 12 13:56:06 2011
From: shavital at mac.com (Charly Avital)
Date: Sat, 12 Mar 2011 07:56:06 -0500
Subject: Hashed user ID.
In-Reply-To: <4D7B2036.5020200@tx.rr.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78CDC8.8000304@sixdemonbag.org> <4D79BC3D.3080201@adversary.org>
	<4D7A24B2.6010308@sixdemonbag.org> <4D7A3EA3.7080305@adversary.org>
	<4D7B2036.5020200@tx.rr.com>
Message-ID: <4D7B6D66.2040509@mac.com>

Hi,

from Terminal, from two different keyservers:

(1)	Barack Hussein Obama (PoC) <presidente at casabranca.gov>
	  1024 bit DSA key 76F5FE21, created: 2010-04-07
(2)	Barack Hussein Obama (DOD) <president at whitehouse.gov>
	  1024 bit DSA key 0B72EB0F, created: 2009-04-27


presidente can be Portuguese, Brazilian or Spanish

casabranca is both Portuguese and Brazilian

"PoC" no less that 94 acronyms can be Googled. I don't know whether PoC
stands for some Portuguese or Brazilian function.

DOD, Department of Defense?

Phishing?

Charly

I didn't actually download the keys, so I don't know what's in them.







From expires2011 at ymail.com  Sat Mar 12 17:55:50 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 16:55:50 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D78CFAC.2020008@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D784130.1060300@sixdemonbag.org> <4D7848A1.9050905@adversary.org>
	<201103101057.53728.mailinglisten@hauke-laging.de>
	<4D78CFAC.2020008@sixdemonbag.org>
Message-ID: <1232916104.20110312165550@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 10 March 2011 at 1:18:36 PM, in
<mid:4D78CFAC.2020008 at sixdemonbag.org>, Robert J. Hansen wrote:


> Remember that a jury trial is often not so much about
> the law as it is about blame: if something bad happens
> the jury wants to be able to point at someone and say,
> "that person is responsible."

Determining whether it has been proven beyond reasonable doubt that
the defendant is guilty as charged has nothing to do with the
apportionment of blame.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

The best way to destroy your enemy is to make him your friend.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe6WenhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pRfMD/iw2
OXYwUxfEbX1kBJanilJCHCJywTXapANwqeM3IoToOS2vq5Z/n9YRlGLjMjmUS7W4
rrQsG1wlGKpTIOTLtb9B9CsheVirEE+kX5b2zEG0ZdVkQG536t0nvUpCo+3pfOvo
f2bUAzLr+p+XNCIW66ev/B8iITGV2l6/4Xxf1HmL
=GJI3
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 19:05:28 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 18:05:28 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A29B1.4010706@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D7A29B1.4010706@sixdemonbag.org>
Message-ID: <32737151.20110312180528@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 11 March 2011 at 1:54:57 PM, in
<mid:4D7A29B1.4010706 at sixdemonbag.org>, Robert J. Hansen wrote:


> It is useful to quite a lot of people.  Look at how
> many people map out webs of trust for entirely innocent
> purposes.  In fact, mapping out webs of trust is
> necessary for the WoT idea to even work.  "Well, I've
> signed Frank's key and I see that Frank's signed
> Gianna's key, and I trust Frank so..."

The WoT can be mapped with or without names. In your example, how is
your trust enhanced by knowing Gianna's name? "I signed Frank's key
and I see that Frank's signed a key that has user ID
'7b7581fe6670a6a4a29b2fd46eaf5ac34a6a86d134fe8931729e66970b707349
<466ffe71badce782db1808ee80bd01dabf0d95e4a3b8ccbbe5fcdc68b86c2bb9>',
and I trust Frank so..."

How does the WoT idea require me to know the names or email addresses
associated with the keys in the trust path? The text strings in User
IDs do not feature in the trust calculation.



>> It's perfectly OK for me that you can see that I have
>> signed Ben's key but why should others know that?

> Because this is not an ORCON system.  The system is
> built around public certifications and private
> certifications.  You're talking about introducing an
> entirely new method, something which seems basically
> like an ORCON certification: "I'll make the
> certification, but I get to control who gets to learn
> about the certification."

That one sentence quoted in isolation from Hauke could be construed in
that way. But take into account the context and it becomes clear that
he was saying no such thing. A certification made by a key that had
hashed user IDs would be just as visible as any other certification.
What would not be visible (at least to people who didn't already know
it) is the identity and email address of the certifying key's owner.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

A nod is as good as a wink to a blind bat!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe7X4nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pGoQD/jR0
q47WKypv3KVj2prv09mYxLKbYakIPSR4wF57LoEMOg0J3WpD6ceGURsWJX8lovDv
ii4VHB3jcGWgupYa0EzsOYGxZviHVWi+TNgblNHEcsUH4+ucIHqoh6nRoyWrOUGD
2C/ojDYkipYM+ISTWq9cSgHv+hiV1EgY8HlOPKf2
=aYPX
-----END PGP SIGNATURE-----



From ben at adversary.org  Sat Mar 12 18:46:03 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 04:46:03 +1100
Subject: Hashed user ID.
In-Reply-To: <4D7B6D66.2040509@mac.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>
	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>
	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>
	<4D7A3EA3.7080305@adversary.org>	<4D7B2036.5020200@tx.rr.com>
	<4D7B6D66.2040509@mac.com>
Message-ID: <4D7BB15B.4010804@adversary.org>

On 12/03/11 11:56 PM, Charly Avital wrote:
> Hi,
> 
> from Terminal, from two different keyservers:
> 
> (1)	Barack Hussein Obama (PoC) <presidente at casabranca.gov>
> 	  1024 bit DSA key 76F5FE21, created: 2010-04-07
> (2)	Barack Hussein Obama (DOD) <president at whitehouse.gov>
> 	  1024 bit DSA key 0B72EB0F, created: 2009-04-27

They're all fake.  Currently there are two dozen keys for
president at whitehouse.gov, of which my favourite is 0x5F3FDC7E.  Using
any of these keys will just result in sending encrypted email to the
whitehouse that they probably already have a filter to discard.

As for the casabranca.gov domain, it doesn't even exist (no DNS
records).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/83ae0cd6/attachment-0001.pgp>

From expires2011 at ymail.com  Sat Mar 12 19:39:25 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 18:39:25 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D78D355.3000307@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
Message-ID: <959389065.20110312183925@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 10 March 2011 at 1:34:13 PM, in
<mid:4D78D355.3000307 at sixdemonbag.org>, Robert J. Hansen wrote:

> A public certification is intended as an
> announcement to the world: "Hey, world!  I am [name]
> and I vouch for this certificate!"

Which most people will hear as "Hey, world! I am somebody you don't
know and I vouch for this certificate!"



> If people want to make public pronouncements of social
> relationship, why in the world would you want to deploy
> a technology that makes it difficult to discover this
> social relationship?

I don't think anything has been suggested here that would make it
difficult to discover the social relationship. Just a means to make
the public pronouncement without publicly stating your identity. And
to do so in such a way that people who already know your identity can
tell it is you that made the pronouncement.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Only dead fish go with the flow
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe73lnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pWrED/jE7
3QaDWRXhk5W5X8/cPvJ0bR8BqceuEND5Cpy+SqrtWO2TxnSH2KxYRiqRm8lr5yuk
CMPEvmugRdacynVzg7Smr33H01oSfl/Zi+tPjpMzDsYiKMnMKHwt3WkncqKNvgdW
kvbPqU5IJgUVBH5HRad+4YeDUwN1gLa2YVZkfj0Q
=gKTd
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 20:00:39 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 19:00:39 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103091446.53974.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org>
	<201103091446.53974.mailinglisten@hauke-laging.de>
Message-ID: <1185159801.20110312190039@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 9 March 2011 at 1:46:53 PM, in
<mid:201103091446.53974.mailinglisten at hauke-laging.de>, Hauke Laging
wrote:


>If you want to validate a key by its signatures
> and see a signature of an unknown key then there is
> (IMHO) no reason why you should know who has certified
> this key. This information can easily be abused.

Information that has no use to you in the task in hand is just
"noise." If it is information about me for which you have no
legitimate use, I would rather it were not at your disposal in case of
possible nefarious use.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Keep them dry and don't feed them after midnight
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe8LqnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pOl4D/jx2
3yMqLREYequSYhS5lOMyF+i7ItZADI2k74Cj6IzOowSQqrEk2G6wX8xmwI8vBVTP
3VK41B/haudCg9L7B0pQI1YYT2Fjlyb8by1DiN8UOPpq4KJJEt+wvs+oMtq1DmYW
w6gJIphvNKu1ZTifXfBZmBsNc4CvCVTe4jLcH4XU
=P5Kp
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 20:37:33 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 19:37:33 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D783E58.5090205@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
Message-ID: <1688705621.20110312193733@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 10 March 2011 at 2:58:32 AM, in
<mid:4D783E58.5090205 at adversary.org>, Ben McGinnes wrote:


> I have.  Many, many times.  There's no point doing it
> for a free email service provider's domain (e.g.
> gmail.com), but sometimes there are advantages in
> checking for keys belonging to people at particular
> organisations (e.g. government departments).  This is
> one of the reasons why I'd prefer MFPA's suggestion,
> were it ever implemented, to be optional rather than
> the default.

Whatever you do with user IDs is optional, since they are just a
free-text field. And of course a user wanting to make their key match
more searches could include extra UIDs with additional hashes. For
example John Smith <john.smith573 at example.com> could include hashes of
example.com and of john.smith. In any event, including the information
in hashed form should make the key more likely to be found than if the
info were not there at all.



> If that feature weren't available, I doubt I would've
> found this:

> pub   1024D/B3F77236 2000-09-21 uid
> Stephen Smith <stephen.smith.mp at aph.gov.au> sub
> 2048g/0E0EEE5F 2000-09-21

> Stephen Smith was in Opposition when he made that key,
> but now he's Minister of Defence.

If there was a point there other than curiosity value, it went way
over my head.  (-:



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

COMMITTEE: A body that keeps minutes and wastes hours.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe8uEnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pbxAEAIAh
17OwkWRD6Y72jkJY3RQxub8ycj2buFKS6F7uTrRKad3yaLbPv7Pmh8NKWs42YZa+
jOflm3L53gAD7slSvSWwE2pzeorIZU/Gz0MWdxXSyJUTTykwZHPzvKMwtPL0nQcJ
u76y9Q821KbUfiA2gGVTZQjt7wusRF7NEZK29Bot
=QdF0
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 21:10:00 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 20:10:00 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D778317.3020102@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
Message-ID: <457191023.20110312201000@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 9 March 2011 at 1:39:35 PM, in
<mid:4D778317.3020102 at sixdemonbag.org>, Robert J. Hansen wrote:


> 3.  Deploying this scheme means:

>         (a) people can no longer do fuzzy searches for
>         email     addresses ("show me all user IDs that
>         look like this     pattern")
>         (b) finding
>         people's certificates may be made more
>         difficult due to (a)

Certificates with only hashed user IDs would be harder to find than
those that contain the actual name and email address. But easier to
find than those that show spurious information or contain no email
address or name at all.



> 4.  My suspicion is the number of users covered by (2)
> is pretty small.  My suspicion is the number of users
> impacted by (3) is pretty large. My suspicion is we do
> not have a very good handle on just how difficult we
> need to make things, given the resources available to
> spammers in (1a).

After generating the list of possible email addresses, why would a
spammer generate the hashes and search for keys instead of simply
blasting out messages to the whole lot?

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Wisdom is a companion to age; yet age may travel alone.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe9McnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pEYMD/3Q/
Qt8LnJvVjv4Bb88jeiMBFxETBKcfkeJsY5u+dICB9lS7JmKzGoR6gzTod/mZdTMV
9+NuLrlDXcOxQfRZTdd38z6YIf6nBgmRSvAxzG7DH/WCxGVoQkChNV13+pY/rf6c
BBFW2gf/DruOyWHh6jN3IV8YDjdM1p1+0NUAgu71
=3R5z
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Sat Mar 12 21:14:34 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 12 Mar 2011 15:14:34 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1232916104.20110312165550@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D784130.1060300@sixdemonbag.org> <4D7848A1.9050905@adversary.org>
	<201103101057.53728.mailinglisten@hauke-laging.de>
	<4D78CFAC.2020008@sixdemonbag.org>
	<1232916104.20110312165550@my_localhost>
Message-ID: <4D7BD42A.1020203@sixdemonbag.org>

On 3/12/2011 11:55 AM, MFPA wrote:
> Determining whether it has been proven beyond reasonable doubt that
> the defendant is guilty as charged has nothing to do with the
> apportionment of blame.

Product liability is civil, not criminal.  Regardless, it doesn't
matter: for all that judges tell juries "your job is to determine the
truth of the accusation," a jury's natural instinct is going to be to
find a responsible party.


From expires2011 at ymail.com  Sat Mar 12 21:17:16 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 20:17:16 +0000
Subject: Hashed user ID.
In-Reply-To: <4D7BB15B.4010804@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78CDC8.8000304@sixdemonbag.org> <4D79BC3D.3080201@adversary.org>
	<4D7A24B2.6010308@sixdemonbag.org>
	<4D7A3EA3.7080305@adversary.org> <4D7B2036.5020200@tx.rr.com>
	<4D7B6D66.2040509@mac.com> <4D7BB15B.4010804@adversary.org>
Message-ID: <962310911.20110312201716@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 5:46:03 PM, in
<mid:4D7BB15B.4010804 at adversary.org>, Ben McGinnes wrote:



> As for the casabranca.gov domain, it doesn't even exist
> (no DNS records).

Probably a Chinaman trying to say "Casablanca"...



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Always borrow money from a pessimist - they don't expect it back
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe9TRnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p948D+wYi
bde8BCtTsVe90OKtiZnlxr6pl8ynTyjJP88pnFW0Bs+zGYY4px13f6lTQdyUY87h
7W36qX9b/SQB9lV06N0BqxKC2vVSBcQmJHAe7J0rBzErsf47iNkm7NEYJrUrqmhp
ZN6RWXWUM1NhoNs//KTwNAw6sxMYMAeh2qKtFQty
=lEv1
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Sat Mar 12 21:22:06 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 12 Mar 2011 15:22:06 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <32737151.20110312180528@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D7A29B1.4010706@sixdemonbag.org>
	<32737151.20110312180528@my_localhost>
Message-ID: <4D7BD5EE.80301@sixdemonbag.org>

On 3/12/2011 1:05 PM, MFPA wrote:
> How does the WoT idea require me to know the names or email addresses
> associated with the keys in the trust path? The text strings in User
> IDs do not feature in the trust calculation.

Yes, in fact, they do.

In my past, there's an ex-CEO whom I'll just call "Ben."  Ben made some
really astonishingly bad decisions that put him in prison for eighteen
months, and left me with a permanent distrust for him.  If I see Frank
has signed Ben's certificate, and I trust Frank, am I going to trust Ben?

Of course not.

Trust is not transitive.  If A trusts B and B trusts C, there is no
requirement that A trusts C.  In fact, if it turns out A knows C,
transitivity can break completely.

> What would not be visible (at least to people who didn't already know
> it) is the identity and email address of the certifying key's owner.

So far, you haven't produced a mechanism that will do this.  We're still
at the "it would be nice if..." stage of your idea.  Thus, I really
can't respond to statements of what this mechanism would or wouldn't do,
since we don't have a mechanism to analyze.


From rjh at sixdemonbag.org  Sat Mar 12 21:24:34 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 12 Mar 2011 15:24:34 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <457191023.20110312201000@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
Message-ID: <4D7BD682.2020200@sixdemonbag.org>

On 3/12/2011 3:10 PM, MFPA wrote:
> After generating the list of possible email addresses, why would a
> spammer generate the hashes and search for keys instead of simply
> blasting out messages to the whole lot?

Beats me.  You're the one who's assuming someone wants to harvest email
addresses.  Imagining a spammer behind it is just part of a thought
exercise.  Focus on the real issue -- that this scheme you're proposing
is not secure against an even mildly motivated attacker -- not who the
prospective attacker is.


From expires2011 at ymail.com  Sat Mar 12 21:24:38 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 20:24:38 +0000
Subject: For Windows
In-Reply-To: <348.1AA0@winter.webconquest.com>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
Message-ID: <1208561845.20110312202438@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 11:29:34 AM, in
<mid:348.1AA0 at winter.webconquest.com>, Remco Rijnders wrote:


> And as a further side note... the GPG-signature failed
> to validate, most likely due to the legalise bla-bla
> signature being inserted in the  message. I suppose
> that disabling that signature might be out of the
> original senders control, but since they used a gmail
> account, perhaps they should post through gmail instead
> of using whatever server that  inserts the legal
> disclaimer.

Or simply use pgp-inline so that the disclaimer comes after the
signature.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

I would like to help you out. Which way did you come in?
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe9aMnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p2wkD/30N
8nxFAtjiZBaqTPTsHJgmlWjLHAB7OgGck/OKV6h0YiKa7NtW6EFWsnexxze/kQa8
fPxKIPjfXg8CRgcwYAP5k0IF5tnURn7lUO1QN5MyE0rOHhC35t+i1vfq3rtyZ9jQ
XPBUmp6Oy+YKSFNGJZyYgibuQK/S0+nW0ji+vzXU
=MLhe
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 21:38:58 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 20:38:58 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BD42A.1020203@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D784130.1060300@sixdemonbag.org> <4D7848A1.9050905@adversary.org>
	<201103101057.53728.mailinglisten@hauke-laging.de>
	<4D78CFAC.2020008@sixdemonbag.org>
	<1232916104.20110312165550@my_localhost>
	<4D7BD42A.1020203@sixdemonbag.org>
Message-ID: <782638434.20110312203858@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 8:14:34 PM, in
<mid:4D7BD42A.1020203 at sixdemonbag.org>, Robert J. Hansen wrote:


> Product liability is civil, not criminal.

OK, balance of probabilities rather than beyond reasonable doubt.



> Regardless,
> it doesn't matter: for all that judges tell juries
> "your job is to determine the truth of the accusation,"
> a jury's natural instinct is going to be to find a
> responsible party.

Fair enough, you know more about this than I do. I would expect their
natural instinct to be doing the job they were charged with, as
quickly as possible so that they could get back to their own lives.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

There is no job so simple that it cannot be done wrong
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe9nqnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p2C8EAIrM
de47xF1hdJU7EzxaUeZVibVy06f9mNRiaXs/8vw5wIhgGSHOsxvEgU5qMyGoPOQq
YOeKUcbFYTlxfYa7OCbLtIl1mKV007Hdyn9FaLXF6tdXKiyRLK6kx+e2NudB+64z
Pyd+1Md/AllA4SeAVTXNs4vhuns3vnIsOtX5zTYP
=CDp/
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sat Mar 12 22:23:08 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 21:23:08 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BD5EE.80301@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78D355.3000307@sixdemonbag.org>
	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D7A29B1.4010706@sixdemonbag.org>
	<32737151.20110312180528@my_localhost>
	<4D7BD5EE.80301@sixdemonbag.org>
Message-ID: <11510614187.20110312212308@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 8:22:06 PM, in
<mid:4D7BD5EE.80301 at sixdemonbag.org>, Robert J. Hansen wrote:


> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.

> Yes, in fact, they do.

> In my past, there's an ex-CEO whom I'll just call
> "Ben."  Ben made some really astonishingly bad
> decisions that put him in prison for eighteen months,
> and left me with a permanent distrust for him.  If I
> see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?

> Of course not.

Presumably GnuPG factors this into the trust calculations by virtue of
the trust level you have assigned to Ben's key, not by parsing his
User IDs.



> Trust is not transitive.  If A trusts B and B trusts C,
> there is no requirement that A trusts C.

In real life, true. But what about the GnuPG default of trusting a key
that carries certifications from 1 fully trusted or 3 marginally
trusted keys. Unless you manually inspect each trust path, how would
you spot unknown keys from past real-life associates you distrusted?



> In fact, if
> it turns out A knows C, transitivity can break
> completely.

Indeed, if you know that a certificate belongs to somebody you
actually know, trust *calculations* are irrelevant. Of course you
might trust somebody's security procedures and keysigning policy but
wish to keep your valuables or your wife well away from him.



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

A picture is a poem without words
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe+REnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5piV8EAKTN
tjx4dkO4XZWWjW/IW+rt39i3YKVsrXcEhpyiH/Gc9RdOMxXaKd+SUkSCDRSAqd0d
wl4WFhGQpbR42kAYbMliDAnbKZpxuydlZMbL/MAx2ncZYBMAjQd6RP5FOx/W4NPh
8zeALI92omNd4QGtMLql6bZjKi9waDyV/sjReiCV
=slFP
-----END PGP SIGNATURE-----



From Mike_Acker at charter.net  Sat Mar 12 21:47:13 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sat, 12 Mar 2011 15:47:13 -0500
Subject: validating signatures
Message-ID: <4D7BDBD1.20803@charter.net>

I think one of the things that is generally missed in the public
internet environment is the need to validate signatures

this would apply to x.509 certificates but working with PGP or GnuPG is
a very good way to learn about digital signatures and I try to encourage
my computer friends to do this

a thread on Internet Evolution by Jart Armin gets into this a little,
digressing into some discussion of man in the middle attacks and session
hijacking

stuff that should not be happening.  I suspect it may be related to
obsolete software such as old versions of Windows and/or IE.  State of
the Art browsers should be sandboxing each web page as a separate
application program so that one webpage can't snoop on or modify another
-- even though they are running under one browser.  Given that you are
preventing unauthorized modifications to your system -- and that you are
running a State of the Art Browser -- it should be pretty tough for a
MITM attack to get into one of your sessions.

in validating a key though there are two ways to do it: one you have
received the key directly from the owner by a secure means; or two: you
have received the key with an authenticating signature attached.

that authenticating signature is what Certificate authorities are for.

now if the key you are looking at has two or more authenticating
signatures you may only need one signature to satisfy yourself that that
key is valid before you sign it and assign a trust level.  do you need
to recognize all the signatures?

I'd say that's strictly up to you.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/70af3d8a/attachment.pgp>

From Mike_Acker at charter.net  Sat Mar 12 22:00:07 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sat, 12 Mar 2011 16:00:07 -0500
Subject: Computer tools and Human Intelligence
Message-ID: <4D7BDED7.3020007@charter.net>

Authentication "Mechanism"

I'm not so sure about this.

Public Key Signatures are tools which enable us to test identities
against our known references.

The Important Things are that we see to the validity of those Known
References and that we effect Due Diligence in running the tests when
appropriate.

The PGP signatures provide the tools for this; I think human
intelligence will always be needed.  although automation would be very
desirable when procedures have been established,-- such as in connecting
with a service using SSL or TLS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110312/c0ebdb2c/attachment.pgp>

From expires2011 at ymail.com  Sat Mar 12 23:25:53 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 12 Mar 2011 22:25:53 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BD682.2020200@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<53D7490F-18DA-40DE-8A47-CCF4C27BD013@jabberwocky.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
	<4D7BD682.2020200@sixdemonbag.org>
Message-ID: <707692675.20110312222553@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 8:24:34 PM, in
<mid:4D7BD682.2020200 at sixdemonbag.org>, Robert J. Hansen wrote:


> On 3/12/2011 3:10 PM, MFPA wrote:
>> After generating the list of possible email addresses, why would a
>> spammer generate the hashes and search for keys instead of simply
>> blasting out messages to the whole lot?

> Beats me.  You're the one who's assuming someone wants
> to harvest email addresses.

A desire to not publish my email addresses (but still have somebody
who knows any of my addresses find my key on a server) does not equate
to an assumption that somebody wants to harvest email addresses from
servers. If such an assumption was stated it wasn't by me. (-:



> Imagining a spammer behind
> it is just part of a thought exercise.

Fair enough. It just seemed difficult to imagine what would be the
return on their effort.



> Focus on the
> real issue -- that this scheme you're proposing is not
> secure against an even mildly motivated attacker -- not
> who the prospective attacker is.

Fair enough, I underestimated quite how easy a brute force attack
could be. Longer email addresses at less-obvious domain names makes it
just that little bit harder but that is not really the point, IMHO.
Since anybody can add a certification to the key saying whatever they
choose, somebody else could make public one or more of the hashed
email addresses or identities. No major problem, just add a new one.

Is not about providing complete confidentiality, anonymity or
security. Instead of leaving a document open on the desk, this scheme
is more akin to putting it in the drawer or cupboard than it is to
putting it in the safe. Not secure but good enough in many
circumstances.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

You can't build a reputation on what you are going to do
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe/L5nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pYCwD/3iq
j/lM7ACgiteMKjkncvhLTnrNv2yJg+ybKd1fqz+K9oTkT/UG/aoiNGLQZOmHDs1y
HtjfrqcdUQVael3uhj5zl1KrYpXWmDjTBFpQHEspxpqmXY2529WqOrvDqyHdvUMg
qFeWHDI8hbCXGi4+gY/md9JzOfymLo0LNcPBV8eB
=m7VY
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Sun Mar 13 00:06:14 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 12 Mar 2011 18:06:14 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <707692675.20110312222553@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
	<4D7BD682.2020200@sixdemonbag.org>
	<707692675.20110312222553@my_localhost>
Message-ID: <4D7BFC66.3040301@sixdemonbag.org>

On 3/12/2011 5:25 PM, MFPA wrote:
> A desire to not publish my email addresses (but still have somebody
> who knows any of my addresses find my key on a server) does not equate
> to an assumption that somebody wants to harvest email addresses from
> servers.

Yes, it does.

If nobody's looking for people's email addresses, then there's no need
to not publish email addresses.  And if there's a need to not publish
email addresses, that's because somebody's looking for them.

> Is not about providing complete confidentiality, anonymity or
> security. Instead of leaving a document open on the desk, this scheme
> is more akin to putting it in the drawer or cupboard than it is to
> putting it in the safe. Not secure but good enough in many
> circumstances.

It is not good enough right now to prevent an even moderately skilled
attacker from recovering email addresses.  A work factor of 10 billion
means I write a Perl script, let my iMac work for a week, and fill up a
$100 hard drive.

This scheme offers the illusion of security instead of actual security:
and I feel selling people an illusion is a deeply corrupt act.

"If we use this blinding scheme it will look like it works but in
reality anyone who wants to map out the Web of Trust will probably just
be delayed for a week and the majority of users will think they're secure."

I mean, really, is that what you want to sell?  Or should this be taken
as a, "the idea of blinded UIDs is a good one, but this idea is
inadequate and should be taken back to the drawing board"?


From mailinglisten at hauke-laging.de  Sun Mar 13 01:21:19 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Sun, 13 Mar 2011 01:21:19 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BFC66.3040301@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<707692675.20110312222553@my_localhost>
	<4D7BFC66.3040301@sixdemonbag.org>
Message-ID: <201103130121.26782.mailinglisten@hauke-laging.de>

Am Sonntag 13 M?rz 2011 00:06:14 schrieb Robert J. Hansen:

> I mean, really, is that what you want to sell?  Or should this be taken
> as a, "the idea of blinded UIDs is a good one, but this idea is
> inadequate and should be taken back to the drawing board"?

Your arguing pretends that somebody is to be fooled. That is not the case. 
Nothing prevents gnupg (and I even suggested to do that) from warning that 
this feature seems to just be used for an email address which is does not make 
sense to be used with (for the reason you explained very convincingly).

When offering this feature it should be clearly said that it not worth much 
for most existing addresses. It isn't, too, for new addresses which are 
simple. As a user you should decide to take both or none: a safe email address 
and a safe UID or a normal address and a normal UID.

This would not be snake oil. But a tool that requires certain knowledge and 
awareness. Just as today's gnupg itself.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110313/39f04573/attachment.pgp>

From olav at seyfarth.de  Sat Mar 12 01:46:18 2011
From: olav at seyfarth.de (Olav Seyfarth)
Date: Sat, 12 Mar 2011 01:46:18 +0100
Subject: For Windows
In-Reply-To: <4D7A8B07.4090907@gmail.com>
References: <4D7A8B07.4090907@gmail.com>
Message-ID: <4D7AC25A.60302@seyfarth.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi Jonathan,

> I can not find an executable for 2.0.17 for Windows

http://gpg4win.org/download.html , but later you wrote that you installed
(and uninstalled) it already. In fact, gpg4win 2.1.0-rc2 comes with GnuPG
2.0.17. The 2.x series MUST use gpg-agent and gpg-agent DOES use a graphical
pinentry. Depending on how you install gpg4win, GTK or Qt pinentry is used.
They have slightly different behavior concerning focus. If you did a default
install, then Qt is installed. If you install JUST GnuPG and disable all
other packages (documentation doesn't hurt), then GTK is used.

> I do not know how to configure the GPG-agent

It does not need to be set up but you may tweak it by creating gpg-agent.conf
in the GnuPG home directory and maybe add a line with "default-cache-ttl 86400".
But it uses pinentry GUI and that dialog is even problematic for non-blind
since it is sometimes hidden behind other windows. Mind that if you use GnuPG
2.x (requiring gpg-agent), then you must also set Enigmail to use it (in
EXPERT OpenPGP preferences -> Advanced -> "Use gpg-agent for passphrases".

> Everything must be 100% keyboard accessible.

Then GnuPG 2.x may not be for you. Are there features the 1.4 series doesn't
provide that you really need (such as different passphrases for multiple keys)
because Eningmail doesn't provide for that? If not: 1.4 is still up-tp-date
and will be for long ...

Olav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGcBAEBAwAGBQJNesJYAAoJEKGX32tq4e9WuHgL/iZdbSD10jeWuSTjFybbcfsY
xI0DvXRw7Cu/verZdGMXwoGc0isE9y9XOzS1ZvYklwbbX64hdjL/3Rnb6khtrRmq
iW8a42VcO2AQxUXS3OKVIGaFtH0aiuV/DOf42FnoujCwTdLPQJkBMbuGUNCN2Nio
VJTb7wIhuJ/qL8zqQWG57PpPs10398BNfbYZHPxnK7O9zL4esQkJMNEK4ZL9Ha1U
yUicJ3AUXE4/mS9WsyqAmtIGJkF6Xgs2iFZsUY2HDmQUz+cPPdeYBalArMoy0F+C
V1ZV29j673KEXARI8p+p+QcXrBWAkgOAvJ8boARKxhGqNws6GhgW9+AuoR9fNbzi
qKMdf5vTjCIyd9m2bIwFqSWBQ0Nm+wnMUslsL+oIcETe01dsqB+3kExBgytJEqzx
QWnnv5iOv60qU30kWPdsK3RMUpJCpKBSWh3lCUlbLPgShHRGL6A7hdOZaOArJ/76
rcBc6cjwFblPAgiJVp3IrWA8phXL4g2Cad8K49OdAA==
=06F1
-----END PGP SIGNATURE-----


From dougb at dougbarton.us  Sun Mar 13 01:32:20 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Sat, 12 Mar 2011 16:32:20 -0800
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BFC66.3040301@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>	<178555886.20110228224027@my_localhost>	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>	<4D6C393E.80407@fifthhorseman.net>	<4D6C4166.9070703@grant-olson.net>	<4D6C51D1.6030908@fifthhorseman.net>	<1444818915.20110302010510@my_localhost>	<4D6DA0D1.20900@fifthhorseman.net>	<1121665374.20110302032125@my_localhost>	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>	<1048993523.20110302192517@my_localhost>	<4D6EA510.7080408@fifthhorseman.net>	<333125614.20110303002111@my_localhost>	<4D6F5314.1070904@xs4all.nl>	<1049765826.20110305221524@my_localhost>	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<457191023.20110312201000@my_localhost>	<4D7BD682.2020200@sixdemonbag.org>	<707692675.20110312222553@my_localhost>
	<4D7BFC66.3040301@sixdemonbag.org>
Message-ID: <4D7C1094.5000500@dougbarton.us>

On 03/12/2011 15:06, Robert J. Hansen wrote:
> This scheme offers the illusion of security instead of actual security:
> and I feel selling people an illusion is a deeply corrupt act.

+1

I'm hoping that this discussion is going to draw to a close soon, having 
already lived through it and drawn roughly the same conclusions on PGPNET.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From mailinglisten at hauke-laging.de  Sun Mar 13 01:41:14 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Sun, 13 Mar 2011 01:41:14 +0100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7A29B1.4010706@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<201103102110.06081.mailinglisten@hauke-laging.de>
	<4D7A29B1.4010706@sixdemonbag.org>
Message-ID: <201103130141.15395.mailinglisten@hauke-laging.de>

Am Freitag 11 M?rz 2011 14:54:57 schrieb Robert J. Hansen:
> On 3/10/2011 3:09 PM, Hauke Laging wrote:
> > That's the technical situation today. But it is no use to announce
> > that to the whole world.
> 
> (Did you mean "not necessary" instead of "no use"?)

I meant "not useful".


> It is useful to quite a lot of people.  Look at how many people map out
> webs of trust for entirely innocent purposes.

As MFPA mentioned: This would not prevent mapping. It would (if noone fails) 
help limiting the access to the identities in the map to those who are 
supposed to be able to do that by the decision of the respective identity 
owner.


> How do you propose determining who really needs those signatures for
> validation purposes and who doesn't?  And once you've made that
> determination, how do you enforce it?

The access to signatures is not limited. Everyone decides himself which ones 
he needs. But the owner of the identity decides whom it is revealed to.


> "I'll make the certification, but I get to
> control who gets to learn about the certification."

No. You just control who can make the next step: Mapping keys to UIDs.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110313/6579c13c/attachment.pgp>

From ben at adversary.org  Sun Mar 13 06:21:43 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 16:21:43 +1100
Subject: For Windows
In-Reply-To: <1208561845.20110312202438@my_localhost>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
Message-ID: <4D7C5467.1030001@adversary.org>

On 13/03/11 7:24 AM, MFPA wrote:
> 
> Or simply use pgp-inline so that the disclaimer comes after the
> signature.

Yes, this is a fine example of why in-line still has a place in the world.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/9a273835/attachment.pgp>

From rjh at sixdemonbag.org  Sun Mar 13 06:43:32 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 13 Mar 2011 00:43:32 -0500
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <201103130141.15395.mailinglisten@hauke-laging.de>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D7A29B1.4010706@sixdemonbag.org>
	<201103130141.15395.mailinglisten@hauke-laging.de>
Message-ID: <4D7C5984.6080705@sixdemonbag.org>

On 3/12/2011 7:41 PM, Hauke Laging wrote:
> No. You just control who can make the next step: Mapping keys to UIDs.

Yes.  Like I said, you want an ORCON system.  If you control how people
can use data, then you've entered ORCON.

As soon as you invent an ORCON system, I would love to revisit this
conversation.  I am not being in the slightest bit facetious: I think
ORCON systems are difficult theoretical and practical challenges and I'd
love to see a successful system fielded.

It's just that, as currently drafted, this isn't it.


From ben at adversary.org  Sun Mar 13 06:48:55 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 16:48:55 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1688705621.20110312193733@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
Message-ID: <4D7C5AC7.70903@adversary.org>

On 13/03/11 6:37 AM, MFPA wrote:
> 
> Whatever you do with user IDs is optional, since they are just a
> free-text field. And of course a user wanting to make their key
> match more searches could include extra UIDs with additional
> hashes. For example John Smith <john.smith573 at example.com> could
> include hashes of example.com and of john.smith. In any event,
> including the information in hashed form should make the key more
> likely to be found than if the info were not there at all.

I think you're assuming a level of innate understanding of what can be
done with every part of a UID by every user when they create a key.
This is most definitely not the case.

> If there was a point there other than curiosity value, it went way
> over my head.  (-:

That was an example.  The point was being able to determine, to some
extent, the degree of OpenPGP use in Australian politics and the civil
service.  In the case of that minister, I knew the rest of his party
used it because I know they were using a corporate version of PGP in
2000 or 2001.  The two major parties over here have always had some
interesting interactions online (ever since a scandal involving a
staffer of one providing information to "hack" the website of the
other in 1998).

Currently I can run "gpg --search-keys aph.gov.au" and get the keys
for everyone who has one in Parliament House (most of them are civil
servants, only two or three are politicians).  With hashed UIDs,
unless the person generating the hash specifies additional hashes to
be included then that will cease to work.

As much as I find your idea interesting, I think I'd rather have the
ability to search on sections of a UID.  If I ever want to be
contacted in a way that is separate from my name, then I'll just go to
the effort of creating a new key with a pseudonym and relevant mail
drop.

If your hashed UID were an optional feature that were not enabled by
default, I doubt I would object, but I think the current use of UIDs
has value that I would not want to see superceded by the hashed
version.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/8b363cb3/attachment-0001.pgp>

From ben at adversary.org  Sun Mar 13 07:02:05 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 17:02:05 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7B2036.5020200@tx.rr.com>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>	<4D7A3EA3.7080305@adversary.org>
	<4D7B2036.5020200@tx.rr.com>
Message-ID: <4D7C5DDD.40806@adversary.org>

On 12/03/11 6:26 PM, John Clizbe wrote:
> 
> That's the SKS implementation of the key database. On top of the
> keys, there are several other tables. Within each table there is
> also empty space, most commonly space left at the end of a page.
> 
> The present size of just the raw keys -- like you would pull in a
> keydump to bootstrap a server -- is 4.38 GB

Thanks.  I think I might have to play around with installing a local
server.  I don't have a big enough link to run a public server, but
running a local one would probably serve as an interesting exercise.

Is the source on the sks-servers.net site or should I be looking
elsewhere?


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/aaa6e394/attachment.pgp>

From John at enigmail.net  Sun Mar 13 07:32:27 2011
From: John at enigmail.net (John Clizbe)
Date: Sun, 13 Mar 2011 00:32:27 -0600
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7C5DDD.40806@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>	<4D7A3EA3.7080305@adversary.org>	<4D7B2036.5020200@tx.rr.com>
	<4D7C5DDD.40806@adversary.org>
Message-ID: <4D7C64FB.4050409@enigmail.net>

Ben McGinnes wrote:
> On 12/03/11 6:26 PM, John Clizbe wrote:
>> 
>> That's the SKS implementation of the key database. On top of the
>> keys, there are several other tables. Within each table there is
>> also empty space, most commonly space left at the end of a page.
>> 
>> The present size of just the raw keys -- like you would pull in a
>> keydump to bootstrap a server -- is 4.38 GB
> 
> Thanks.  I think I might have to play around with installing a local
> server.  I don't have a big enough link to run a public server, but
> running a local one would probably serve as an interesting exercise.

I think that's my problem with sks.keyservers.net, getting too many timeouts.
Have to beat on AT&T *again*
> 
> Is the source on the sks-servers.net site or should I be looking
> elsewhere?

Originally @ https://savannah.nongnu.org/projects/sks/

Currently at Google?? Code: http://code.google.com/p/sks-keyserver/

Current release:
http://code.google.com/p/sks-keyserver/downloads/detail?name=sks-1.1.1.tgz&can=2&q=

trunk: hg clone https://sks-keyserver.googlecode.com/hg/ sks-keyserver

my branch: hg clone https://johnclizbe-sks-keyserver.googlecode.com/hg/
johnclizbe-sks-keyserver

You need Berkeley DB >= 4.6 and ocaml >= 3.11.0
I've built on Linux, Mac OS (MacPorts), and Solaris (Blastwave)

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 889 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/077abf95/attachment.pgp>

From ben at adversary.org  Sun Mar 13 08:38:14 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 18:38:14 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BD5EE.80301@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D7A29B1.4010706@sixdemonbag.org>	<32737151.20110312180528@my_localhost>
	<4D7BD5EE.80301@sixdemonbag.org>
Message-ID: <4D7C7466.4060107@adversary.org>

On 13/03/11 7:22 AM, Robert J. Hansen wrote:
> On 3/12/2011 1:05 PM, MFPA wrote:
>> How does the WoT idea require me to know the names or email addresses
>> associated with the keys in the trust path? The text strings in User
>> IDs do not feature in the trust calculation.
> 
> Yes, in fact, they do.
> 
> In my past, there's an ex-CEO whom I'll just call "Ben." 

I wish you hadn't.  ;)

> Ben made some really astonishingly bad decisions that put him in
> prison for eighteen months, and left me with a permanent distrust
> for him.  If I see Frank has signed Ben's certificate, and I trust
> Frank, am I going to trust Ben?
> 
> Of course not.

I wouldn't trust him either.


Regards,
Ben




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/7129b2f6/attachment.pgp>

From ben at adversary.org  Sun Mar 13 08:58:36 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 18:58:36 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1688705621.20110312193733@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
Message-ID: <4D7C792C.2000206@adversary.org>

On 13/03/11 6:37 AM, MFPA wrote:
> 
> Whatever you do with user IDs is optional, since they are just a
> free-text field. And of course a user wanting to make their key
> match more searches could include extra UIDs with additional
> hashes. For example John Smith <john.smith573 at example.com> could
> include hashes of example.com and of john.smith. In any event,
> including the information in hashed form should make the key more
> likely to be found than if the info were not there at all.

There's something else about this which has been nagging me, how would
you address this:

Currently a user's public keyring contains easily readable UIDs and
can be examined in any way they see fit.  If hashed UIDs were adopted
it would be possible to have hundreds of keys in the keyring which
only display hashed UIDs when listing the keyring.  Some of these may
belong to people the user corresponds with, some may have been picked
up in order to try to verify the WoT and some may have been picked up
to verify signatures on correspondence (e.g. in mailing lists).

So, my question, how would you enable a user to display those keys
with known names or identities without searching for a specific key
belonging to a particular person?

Say I ended up with a couple of hundred keys using only hashed UIDs
and I know that around 40 of them are people I correspond with, the
rest are from signatures on mailing lists or whatever.  If I wish to
split those keys off from the others into a smaller keyring, instead
of leaving everything in the default keyring, how do I determine that
without wading through large email archives to find the key IDs of
those people I have corresponded with?

Also, when I am viewing the signatures on keys and I see signatures
containing hashed UIDs of other people I do know and also have keys
for, how do I know which one is which in order to differentiate them
from the hashed UIDs of keys I may have, but don't know the identities
of?

It could be done with a local db or address book which maps previous
key searches to the hashes and keys they match, but this seems to be
an additional level of complexity just to achieve a current feature
and could also be used to circumvent the entire idea if performed on a
large enough scale.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/6098aee9/attachment.pgp>

From ben at adversary.org  Sun Mar 13 09:04:39 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 13 Mar 2011 19:04:39 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7C64FB.4050409@enigmail.net>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D7848A1.9050905@adversary.org>	<4D785EE5.20205@sixdemonbag.org>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78CDC8.8000304@sixdemonbag.org>	<4D79BC3D.3080201@adversary.org>	<4D7A24B2.6010308@sixdemonbag.org>	<4D7A3EA3.7080305@adversary.org>	<4D7B2036.5020200@tx.rr.com>	<4D7C5DDD.40806@adversary.org>
	<4D7C64FB.4050409@enigmail.net>
Message-ID: <4D7C7A97.6040704@adversary.org>

On 13/03/11 5:32 PM, John Clizbe wrote:
> Ben McGinnes wrote:
>>
>> Thanks.  I think I might have to play around with installing a local
>> server.  I don't have a big enough link to run a public server, but
>> running a local one would probably serve as an interesting exercise.
> 
> I think that's my problem with sks.keyservers.net, getting too many
> timeouts.  Have to beat on AT&T *again*

Even though my poor little ADSL connection is fairly small, at least I
do have a very competent and responsive ISP.

>> Is the source on the sks-servers.net site or should I be looking
>> elsewhere?
> 
> Originally @ https://savannah.nongnu.org/projects/sks/
> 
> Currently at Google? Code: http://code.google.com/p/sks-keyserver/

Thanks.

> my branch: hg clone https://johnclizbe-sks-keyserver.googlecode.com/hg/
> johnclizbe-sks-keyserver

What does your branch have that the main one doesn't?

> You need Berkeley DB >= 4.6 and ocaml >= 3.11.0

Cool.

> I've built on Linux, Mac OS (MacPorts), and Solaris (Blastwave)

I'd be building on Linux and there will be plenty of examples of that
floating around.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/5b3c2464/attachment.pgp>

From gnupg.user at seibercom.net  Sun Mar 13 12:42:34 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Sun, 13 Mar 2011 07:42:34 -0400
Subject: For Windows
In-Reply-To: <4D7C5467.1030001@adversary.org>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org>
Message-ID: <20110313074234.64ecda85@scorpio>

On Sun, 13 Mar 2011 16:21:43 +1100
Ben McGinnes <ben at adversary.org> articulated:

> Yes, this is a fine example of why in-line still has a place in the
> world.

Actually, it is a fine example of users/MUAs not correctly formatting
e-mail messages thereby forcing the use of a deprecated method. One
that forces me to clean up the mess when I receive just such an e-mail.

-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.


From aaron.toponce at gmail.com  Sun Mar 13 13:05:12 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Sun, 13 Mar 2011 06:05:12 -0600
Subject: For Windows
In-Reply-To: <20110313074234.64ecda85@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>
Message-ID: <4D7CB2F8.6070404@gmail.com>

On 03/13/2011 05:42 AM, Jerry wrote:
> Actually, it is a fine example of users/MUAs not correctly formatting
> e-mail messages thereby forcing the use of a deprecated method.

[citation required]

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/1648e24c/attachment-0001.pgp>

From expires2011 at ymail.com  Sun Mar 13 13:37:23 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 12:37:23 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7BFC66.3040301@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
	<4D7BD682.2020200@sixdemonbag.org>
	<707692675.20110312222553@my_localhost>
	<4D7BFC66.3040301@sixdemonbag.org>
Message-ID: <20354898.20110313123723@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 11:06:14 PM, in
<mid:4D7BFC66.3040301 at sixdemonbag.org>, Robert J. Hansen wrote:


> If nobody's looking for people's email addresses, then
> there's no need to not publish email addresses.

That assumes that there is no need to obscure a piece of information
unless it is known that somebody is actively looking for the
information. In my world you obscure certain information simply
because it is nobody else's business. Just like you move stuff to the
drawer or filing cupboard because there is an offchance that somebody
walking through the office might read it if left on the desk, not
because you think they are specifically looking for it.



> And if
> there's a need to not publish email addresses, that's
> because somebody's looking for them.

That suggests that all information should be published unless it can
be demonstrated there is a compelling reason to not publish. Whilst
this is true for some categories of information, it is not universally
true for all information. Much information relating to corporations or
individuals would not be published unless there were a compelling
reason to publish.

My email addresses are personal contact information relating to me as
an individual. I know of no reason to publish any of my email
addresses to anybody other than those with whom I use that email
address to communicate; they are quite simply nobody else's business.
In the absence of a reason to publish, there is no requirement for a
reason to not publish.



> It is not good enough right now to prevent an even
> moderately skilled attacker from recovering email
> addresses.

Just like a moderately skilled attacker could look in the desk drawer
or filing cabinet, or could open the envelope that obscures a bank
statement or telephone bill. Those schemes are good enough for the
minimal level of protection they seek to provide.



> This scheme offers the illusion of security instead of
> actual security:

It offers no such thing. In order to be an illusion it would need to
be fooling somebody. The scheme was never claimed to offer security
against any form of attack more severe than casual snooping, and never
could because anybody could add signatures to the key that stated the
unhashed version of any of the hashed strings.

The scenario of a spammer brute-forcing and then spamming was
interesting, if a little esoteric. Usually, spamming subsides after a
few weeks and (aside from a certain amount of irritation and wasted
time) is of little consequence. If the spammer published a list
enumerating the email accounts that went with the particular key ID
then it might be a significant attack against this scheme. Even then,
it would have little relevance unless the list (or maybe a link to it)
were in a signature appended to the key.



> and I feel selling people an illusion
> is a deeply corrupt act.

Insurance companies, amongst others, earn billions by doing just that.
But this scheme is no illusion; I am aware of no pretence that it
offers anything it does not.



> I mean, really, is that what you want to sell?  Or
> should this be taken as a, "the idea of blinded UIDs is
> a good one, but this idea is inadequate and should be
> taken back to the drawing board"?

It depends on the reason for wishing to use blinded UIDs. You have
demonstrated limitations to this idea; I still believe it to be
adequate for my purposes. More thought is needed, followed by further
discussion at some point.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Wise men learn many things from their enemies.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfLqUnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pJlgD/1yR
ITx5g87K8gc7EXsMD+fI+r/avMP9ih8iHfJL7ih4Ibyk3sl3lCP7eIeZ1TC4ZET5
Q3uP/mWX+y/XwwAy2uB3c5otBr3ariVbjK1G3dKnVGeL2fh6oQoGXEgmfp+MOih/
G+V5k/OMNC6UIaOU6uZcI6+1BRV8edTGvAm0ERDx
=KnPv
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sun Mar 13 14:32:02 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 13:32:02 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7C5AC7.70903@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C5AC7.70903@adversary.org>
Message-ID: <407588411.20110313133202@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 5:48:55 AM, in
<mid:4D7C5AC7.70903 at adversary.org>, Ben McGinnes wrote:


> I think you're assuming a level of innate understanding
> of what can be done with every part of a UID by every
> user when they create a key. This is most definitely
> not the case.

I'm assuming a short descriptive paragraph in the gpg.man file plus
some good info becoming available over time in various "start up
guides" etc. by searching the web or mailing list archives or asking
on mailing lists, as with other GnuPG features. It doesn't matter if
people learn after the key is created because additional UIDs
containing extra hashes can be added later.



> As much as I find your idea interesting, I think I'd
> rather have the ability to search on sections of a UID.

Fair enough but I believe a person's desire to withhold their own
personal information outranks another person's desire to make use of
that personal information.



> If your hashed UID were an optional feature that were
> not enabled by default, I doubt I would object,

I would like hashing to be offered for the name and then again for the
email address, along with a one-liner that obscuring the information
in the UIDS offered minimal protection as described in gpg.man and
made it harder for other users to locate and use the key; if there's a
default answer it should be "No". Maybe others would feel it should be
only in expert mode, or perhaps enabled by a "hash-uid" option to the
"gen-key" command.

> but I
> think the current use of UIDs has value that I would
> not want to see superceded by the hashed version.

The main disadvantage I see in hashing the information is slightly
increased complexity in locating keys. That assumes the individual
would otherwise have a key containing his information unhashed. For
individuals whose UIDs would otherwise contain spurious or no
information, locating their key should become easier.

The search/research capability that you outlined would be reduced if
significant numbers of keys with only hashed UIDs came about, if
the organisations you are searching allow their people to use such
UIDs.

The impact on the WoT is unclear. One scenario is no change from the
current situation, where an individual who chooses not to reveal their
name and email address(es) in their UID has little chance of success
in finding people willing to provide certifications.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Yellow snow is not lemon flavoured
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfMdZnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pjkwD/1Zu
TjY54C6MwgqVJ6hN5VcmaeEhSNwZsLXZbL4F5RtWvLRIqzneHYr3gFLug7YKTTWb
qXtSgUwrMjYEL4KbP+Ah34EerpQ7/PMq/PaY99bxNWpSfLBD7LOkR/65spR0etU1
Qhf6gMLrFzHvJUeGBfxgovYdKo8Zecnmj3DAFmkN
=KpW4
-----END PGP SIGNATURE-----



From brad at fineby.me.uk  Sun Mar 13 13:56:53 2011
From: brad at fineby.me.uk (Brad Rogers)
Date: Sun, 13 Mar 2011 12:56:53 +0000
Subject: For Windows
In-Reply-To: <4D7CB2F8.6070404@gmail.com>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
Message-ID: <20110313125653.03671aa3@abydos.stargate.org.uk>

On Sun, 13 Mar 2011 06:05:12 -0600
Aaron Toponce <aaron.toponce at gmail.com> wrote:

Hello Aaron,

> On 03/13/2011 05:42 AM, Jerry wrote:
> > Actually, it is a fine example of users/MUAs not correctly formatting
> > e-mail messages thereby forcing the use of a deprecated method.  
> [citation required]

See the way Outlook Express treats PGP sigs, and the messages to which
they're attached.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Well well well, you just can't tell
My Michelle - Guns 'N' Roses
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110313/3a50dbe8/attachment.pgp>

From expires2011 at ymail.com  Sun Mar 13 15:12:19 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 14:12:19 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7C792C.2000206@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C792C.2000206@adversary.org>
Message-ID: <1944500773.20110313141219@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 7:58:36 AM, in
<mid:4D7C792C.2000206 at adversary.org>, Ben McGinnes wrote:


> So, my question, how would you enable a user to display
> those keys with known names or identities without
> searching for a specific key belonging to a particular
> person?

My understanding is that the new keybox format for storing keys will
allow storing of metadata such as when the key was last
refreshed/updated/matched a search, usage statistics, and local notes
which might include the known names and/or email addresses.



> It could be done with a local db or address book which
> maps previous key searches to the hashes and keys they
> match, but this seems to be an additional level of
> complexity just to achieve a current feature

Don't forget the additional feature of being able to publish a key
that, by direct examination, will not reveal your name(s) and/or email
address(es) but can still be located by a user who already has that
information about you.

There is a balance to be achieved. A user taking advantage of the new
feature have to accept the key would be less efficiently searched and
located than one which announced all their details in flashing lights;
a user encountering that key can at least locate it from the name or
email address, unlike if the key owner had used spurious or no
information in the UIDs.



>  and could
> also be used to circumvent the entire idea if performed
> on a large enough scale.

Yes, different people you communicate with using different names/email
addresses could share information. If this were uploaded to a database
that became widely used instead of keyservers it would circumvent the
whole idea...


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

My mind works like lightning... one brilliant flash and it's gone
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfNDLnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pUosD/19j
MG6l6l1aaS9Ou/g8alGi3zwLUZbnpqcp5PDhUGn2F4CW5JB06TK29FDxrh+Ij/9B
39rOb4nd3d84/cIa/SMcyvgOqJB9GAjORCIE/JuQbp8+JplkGQQ+y5/8GZ60jWqq
AVh22ZiJzIjh9jV2MEIU3jiSJMR1dii74TmCHVqf
=x//r
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sun Mar 13 15:18:14 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 14:18:14 +0000
Subject: For Windows
In-Reply-To: <20110313125653.03671aa3@abydos.stargate.org.uk>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio> <4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
Message-ID: <1453545536.20110313141814@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 12:56:53 PM, in
<mid:20110313125653.03671aa3 at abydos.stargate.org.uk>, Brad Rogers
wrote:


> On Sun, 13 Mar 2011 06:05:12 -0600 Aaron Toponce
> <aaron.toponce at gmail.com> wrote:

> Hello Aaron,

>> On 03/13/2011 05:42 AM, Jerry wrote: > Actually, it is
>> a fine example of users/MUAs not correctly formatting
>> > e-mail messages thereby forcing the use of a
>> deprecated method.   [citation required]

> See the way Outlook Express treats PGP sigs, and the
> messages to which they're attached.


Whatever Outlook Express does with PGP signatures, no deprecated
methods have been mentioned in this thread so far.



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

CAUTION! - Beware of Warnings!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfNItnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pS4QEAI35
Ax0XAPX76vGvyKmpCBPREMoH2lDzBfcREbdVsKjwVHzThLkRq6kmiWxzlxLt+K7e
4NmXA0ZPCo04C0XJcIl374QzXK6U4K7jxI+LBFSTMgo/TfZrsRxX9FBceiDW/7ZZ
/LYTXYNL/2CvgtEHXr697eylRK598ShRM0ewBalC
=yQTL
-----END PGP SIGNATURE-----



From aaron.toponce at gmail.com  Sun Mar 13 15:19:58 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Sun, 13 Mar 2011 08:19:58 -0600
Subject: For Windows
In-Reply-To: <20110313125653.03671aa3@abydos.stargate.org.uk>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
Message-ID: <4D7CD28E.2010602@gmail.com>

On 03/13/2011 06:56 AM, Brad Rogers wrote:
> On Sun, 13 Mar 2011 06:05:12 -0600
> Aaron Toponce <aaron.toponce at gmail.com> wrote:
> 
> Hello Aaron,
> 
>> On 03/13/2011 05:42 AM, Jerry wrote:
>>> Actually, it is a fine example of users/MUAs not correctly formatting
>>> e-mail messages thereby forcing the use of a deprecated method.  
>> [citation required]
> 
> See the way Outlook Express treats PGP sigs, and the messages to which
> they're attached.

Are you implying that Outlook Express determines the support life cycle
of OpenPGP standards?

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/1a7eaf4c/attachment.pgp>

From rjh at sixdemonbag.org  Sun Mar 13 15:47:23 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 13 Mar 2011 10:47:23 -0400
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <20354898.20110313123723@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
	<4D7BD682.2020200@sixdemonbag.org>
	<707692675.20110312222553@my_localhost>
	<4D7BFC66.3040301@sixdemonbag.org>
	<20354898.20110313123723@my_localhost>
Message-ID: <4D7CD8FB.7090006@sixdemonbag.org>

On 3/13/2011 8:37 AM, MFPA wrote:
>> If nobody's looking for people's email addresses, then
>> there's no need to not publish email addresses.
> 
> That assumes that there is no need to obscure a piece of information
> unless it is known that somebody is actively looking for the
> information. In my world...

So at this point you're saying, "I want to convince somebody else to
volunteer their time and energy implementing a bogus solution to a
problem that doesn't even exist."

I'm done with this thread.


From gnupg.user at seibercom.net  Sun Mar 13 15:57:16 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Sun, 13 Mar 2011 10:57:16 -0400
Subject: For Windows
In-Reply-To: <4D7CD28E.2010602@gmail.com>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com>
Message-ID: <20110313105716.261460eb@scorpio>

On Sun, 13 Mar 2011 08:19:58 -0600
Aaron Toponce <aaron.toponce at gmail.com> articulated:

> On 03/13/2011 06:56 AM, Brad Rogers wrote:
> > On Sun, 13 Mar 2011 06:05:12 -0600
> > Aaron Toponce <aaron.toponce at gmail.com> wrote:
> > 
> > Hello Aaron,
> > 
> >> On 03/13/2011 05:42 AM, Jerry wrote:
> >>> Actually, it is a fine example of users/MUAs not correctly
> >>> formatting e-mail messages thereby forcing the use of a
> >>> deprecated method.  
> >> [citation required]
> > 
> > See the way Outlook Express treats PGP sigs, and the messages to
> > which they're attached.
> 
> Are you implying that Outlook Express determines the support life
> cycle of OpenPGP standards?

Outlook Express has been replaced by Windows Mail, an improved e?mail
program with enhancements such as junk e?mail filtering and protection
against phishing messages.

Why are we even discussing a product that in not and has not been
available for quite some time. I heard, although have not confirmed,
that it does not work on Windows 7 anyway which effectively means it is
dead.

-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.



From aaron.toponce at gmail.com  Sun Mar 13 16:21:36 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Sun, 13 Mar 2011 09:21:36 -0600
Subject: For Windows
In-Reply-To: <20110313105716.261460eb@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>
Message-ID: <4D7CE100.8070903@gmail.com>

On 03/13/2011 08:57 AM, Jerry wrote:
> Outlook Express has been replaced by Windows Mail, an improved e?mail
> program with enhancements such as junk e?mail filtering and protection
> against phishing messages.
> 
> Why are we even discussing a product that in not and has not been
> available for quite some time. I heard, although have not confirmed,
> that it does not work on Windows 7 anyway which effectively means it is
> dead.

I'm just trying to figure out why people keep saying inline signatures
are deprecated, when no documented evidence has come forth showing the
fact. Further, I was trying to understand why (if the case at all)
Outlook Express would be the one to define what is and is not deprecated
out of RFC 4880.

I guess it's like the reoccurring Slashdot theme that BSD is dead
(deprecated) since the mid-'90s, year-after-year, decade-after-decade.
*Shrug*.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/2611d994/attachment.pgp>

From brad at fineby.me.uk  Sun Mar 13 16:44:21 2011
From: brad at fineby.me.uk (Brad Rogers)
Date: Sun, 13 Mar 2011 15:44:21 +0000
Subject: For Windows
In-Reply-To: <4D7CE100.8070903@gmail.com>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CE100.8070903@gmail.com>
Message-ID: <20110313154421.0ad20249@abydos.stargate.org.uk>

On Sun, 13 Mar 2011 09:21:36 -0600
Aaron Toponce <aaron.toponce at gmail.com> wrote:

Hello Aaron,

> I'm just trying to figure out why people keep saying inline signatures
> are deprecated, when no documented evidence has come forth showing the

Ah, I did indeed misunderstand what was intended.

I first read that inline sigs were deprecated on this list some time
(one or more years) ago.  Although, from memory, nothing authoritative
was cited then, either.

Apologies to all for the confusion.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
It belongs to them, let's give it back
Beds Are Burning - Midnight Oil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110313/82bebc19/attachment.pgp>

From brad at fineby.me.uk  Sun Mar 13 16:52:56 2011
From: brad at fineby.me.uk (Brad Rogers)
Date: Sun, 13 Mar 2011 15:52:56 +0000
Subject: For Windows
In-Reply-To: <20110313105716.261460eb@scorpio>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
Message-ID: <20110313155256.41ad0372@abydos.stargate.org.uk>

On Sun, 13 Mar 2011 10:57:16 -0400
Jerry <gnupg.user at seibercom.net> wrote:

Hello Jerry,

> Why are we even discussing a product that in not and has not been

That's my fault.  A misunderstanding of what was being asked for.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
We're going to hell anyway, let's travel first class
Saturday Night - Kaiser Chiefs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110313/35057619/attachment.pgp>

From ben at adversary.org  Sun Mar 13 16:54:28 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 14 Mar 2011 02:54:28 +1100
Subject: For Windows
In-Reply-To: <20110313074234.64ecda85@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>
Message-ID: <4D7CE8B4.5090100@adversary.org>

On 13/03/11 10:42 PM, Jerry wrote:
> On Sun, 13 Mar 2011 16:21:43 +1100
> Ben McGinnes <ben at adversary.org> articulated:
> 
>> Yes, this is a fine example of why in-line still has a place in the
>> world.
> 
> Actually, it is a fine example of users/MUAs not correctly
> formatting e-mail messages thereby forcing the use of a deprecated
> method. One that forces me to clean up the mess when I receive just
> such an e-mail.

It would be nice to be able to fix the errors of every poorly designed
MUA, but then it would have been nice to have kept HTML out of email.
We work with what we've got.

Also, let's not continue the "in-line is deprecated" argument, just
because PGP/MIME may be better (personally I agree that it is better).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/5d1bb6b2/attachment-0001.pgp>

From dougb at dougbarton.us  Sun Mar 13 17:37:17 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Sun, 13 Mar 2011 09:37:17 -0700
Subject: For Windows
In-Reply-To: <20110313105716.261460eb@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>
Message-ID: <4D7CF2BD.6050209@dougbarton.us>

On 03/13/2011 07:57, Jerry wrote:
> Outlook Express has been replaced by Windows Mail, an improved e?mail
> program with enhancements such as junk e?mail filtering and protection
> against phishing messages.
>
> Why are we even discussing a product that in not and has not been
> available for quite some time. I heard, although have not confirmed,
> that it does not work on Windows 7 anyway which effectively means it is
> dead.

Wow, are you ever naive. :)  There are millions of people still using 
Windows XP and Outlook Express. Microsoft has apparently committed to 
_supporting_ XP into 2014, which means that you won't see serious 
reduction in XP use for a few years after that, with a very long tail of 
people continuing to use it for years following. (I spoke with someone 
the other day who is still using Windows 98 because "it does what I want 
it to do.")


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From ben at adversary.org  Sun Mar 13 17:39:49 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 14 Mar 2011 03:39:49 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <407588411.20110313133202@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C5AC7.70903@adversary.org>
	<407588411.20110313133202@my_localhost>
Message-ID: <4D7CF355.3050606@adversary.org>

On 14/03/11 12:32 AM, MFPA wrote:
> On Sunday 13 March 2011 at 5:48:55 AM, in
> <mid:4D7C5AC7.70903 at adversary.org>, Ben McGinnes wrote:
> 
> I'm assuming a short descriptive paragraph in the gpg.man file plus
> some good info becoming available over time in various "start up
> guides" etc. by searching the web or mailing list archives or asking
> on mailing lists, as with other GnuPG features. It doesn't matter if
> people learn after the key is created because additional UIDs
> containing extra hashes can be added later.

Don't depend on the mailing lists, we're a very small subset of GPG
users.  All relevant documentation will need to be included for those
users where connectivity to the Internet is sporadic at best.

>> As much as I find your idea interesting, I think I'd rather have
>> the ability to search on sections of a UID.
> 
> Fair enough but I believe a person's desire to withhold their own
> personal information outranks another person's desire to make use of
> that personal information.

That too is an understandable argument.  Especially when it comes to
searching the keyservers, but less easy to maintain in relation to
searches of a local keyring (as I discussed in my other message).

>> If your hashed UID were an optional feature that were not enabled
>> by default, I doubt I would object,
> 
> I would like hashing to be offered for the name and then again for
> the email address, along with a one-liner that obscuring the
> information in the UIDS offered minimal protection as described in
> gpg.man and made it harder for other users to locate and use the
> key; if there's a default answer it should be "No". Maybe others
> would feel it should be only in expert mode, or perhaps enabled by a
> "hash-uid" option to the "gen-key" command.

I'd definitely say the default should be off and enabling it only via
expert mode would probably be wise.

> The main disadvantage I see in hashing the information is slightly
> increased complexity in locating keys. That assumes the individual
> would otherwise have a key containing his information unhashed. For
> individuals whose UIDs would otherwise contain spurious or no
> information, locating their key should become easier.

That appears to be the case.  Certainly for individuals like yourself
I can see the appeal.

> The search/research capability that you outlined would be reduced if
> significant numbers of keys with only hashed UIDs came about,

Yes.  Although to be honest, even if this feature were added, I don't
see it becoming very popular.

> if the organisations you are searching allow their people to use
> such UIDs.

That would require an OpenPGP policy being adopted which is not
exactly common with most organisations.

> The impact on the WoT is unclear. One scenario is no change from the
> current situation, where an individual who chooses not to reveal
> their name and email address(es) in their UID has little chance of
> success in finding people willing to provide certifications.

I doubt there would be much change, although it does raise another
question: if you have a key that only has hashed UIDs of your real
name and email address(es), would you wish to prevent signatures of
your key from contacts who did not use the hashing function?  If the
concern is preventing your personal information being revealed and
someone who knows you, but is less concerned about this is willing to
sign your key, would you attempt to stop them?  After all, a
relationship could be determined by their identity and if there were
enough such signatures from people you know in real life, it may be
possible to determine your identity that way.

It seems that the only real strength the hashed UID has is if it is
adopted by every user, regardless of whether they want it or not.

Anyway, the more we discuss this, the less likely it appears that it
will be added to either GnuPG or any of the commercial PGP products,
let alone the RFCs.

Still, the advantage of GnuPG is that it is released under the GPL
(version 3, last time I checked), so there's nothing stopping you from
creating your own fork to add the feature.  If it became popular
through practical example then the chances of the feature being
incorporated in the main release would be vastly increased.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/d6f944a8/attachment.pgp>

From expires2011 at ymail.com  Sun Mar 13 18:12:52 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 17:12:52 +0000
Subject: For Windows
In-Reply-To: <4D7CE8B4.5090100@adversary.org>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CE8B4.5090100@adversary.org>
Message-ID: <110290192.20110313171252@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 3:54:28 PM, in
<mid:4D7CE8B4.5090100 at adversary.org>, Ben McGinnes wrote:


> Also, let's not continue the "in-line is deprecated"
> argument, just because PGP/MIME may be better
> (personally I agree that it is better).

On the other hand, I think inline is better.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Volvo, Video, Velcro. (I came, I saw, I stuck around.)
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfPscnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pvkED/2cJ
LQPTgjpibM+Efscj8XEQ1HCHSAB2qN4IMQxn99JwX/K1CLz1SVO+TazYX8Ce8rXg
RKHsCAQruDlAlWNd2PlXkL2wes7SGnRA0tlqpSNYoNUKbiG2MCZ4c/g+FjOpSQR/
0hhUXANaq94o+q6i31j9NEEU5TvEmgWj8EOWMS/X
=1gQt
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Sun Mar 13 18:14:47 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 13 Mar 2011 17:14:47 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7CD8FB.7090006@sixdemonbag.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<178555886.20110228224027@my_localhost>
	<D8186941-6E29-4358-9F0F-4A9C900CDA8B@jabberwocky.com>
	<4D6C393E.80407@fifthhorseman.net>
	<4D6C4166.9070703@grant-olson.net>
	<4D6C51D1.6030908@fifthhorseman.net>
	<1444818915.20110302010510@my_localhost>
	<4D6DA0D1.20900@fifthhorseman.net>
	<1121665374.20110302032125@my_localhost>
	<A27B6155-D269-47F2-923D-873E0C3F76FF@sixdemonbag.org>
	<1048993523.20110302192517@my_localhost>
	<4D6EA510.7080408@fifthhorseman.net>
	<333125614.20110303002111@my_localhost>
	<4D6F5314.1070904@xs4all.nl>
	<1049765826.20110305221524@my_localhost>
	<c71c3d8f17a95f75f6a444146f5e26c6.squirrel@webmail.xs4all.nl>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<457191023.20110312201000@my_localhost>
	<4D7BD682.2020200@sixdemonbag.org>
	<707692675.20110312222553@my_localhost>
	<4D7BFC66.3040301@sixdemonbag.org>
	<20354898.20110313123723@my_localhost>
	<4D7CD8FB.7090006@sixdemonbag.org>
Message-ID: <269620494.20110313171447@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 2:47:23 PM, in
<mid:4D7CD8FB.7090006 at sixdemonbag.org>, Robert J. Hansen wrote:


> On 3/13/2011 8:37 AM, MFPA wrote:
>> of information unless it is known that somebody is
>> actively looking for the information. In my world...

> So at this point you're saying, "I want to convince
> somebody else to volunteer their time and energy
> implementing a bogus solution to a problem that doesn't
> even exist."

I am saying no such thing in that short snippet nor in the rest of my
posting.



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Roses smell better than onions but don't make such good soup
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfPuOnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p4qAD/2hA
jHgGFfJ1xUnv5dpFuqwjvAxKgkVXyf/ZLkOOr72JyFOkx2m3lrEN9qpE6KZnKjjB
X4MyHo0TGPojZAWrIW7XGfrtfIPKaD/oCpIWPMJfYXlx32K03e8AAHG50BX/q8MS
a+L06W4l8b6sqdVHo6HYFSorZZ6aOP/tlUpqq512
=JCAI
-----END PGP SIGNATURE-----



From ben at adversary.org  Sun Mar 13 18:02:52 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 14 Mar 2011 04:02:52 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <1944500773.20110313141219@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C792C.2000206@adversary.org>
	<1944500773.20110313141219@my_localhost>
Message-ID: <4D7CF8BC.3060509@adversary.org>

On 14/03/11 1:12 AM, MFPA wrote:
> On Sunday 13 March 2011 at 7:58:36 AM, in
> <mid:4D7C792C.2000206 at adversary.org>, Ben McGinnes wrote:
> 
>> So, my question, how would you enable a user to display those keys
>> with known names or identities without searching for a specific key
>> belonging to a particular person?
> 
> My understanding is that the new keybox format for storing keys will
> allow storing of metadata such as when the key was last
> refreshed/updated/matched a search, usage statistics, and local
> notes which might include the known names and/or email addresses.

Ah, I'm still using the 1.4.x branch, so I haven't seen any of that.
Maybe when 2.1 actually reaches the next stable release (2.2) I'll
have to have another look.

> There is a balance to be achieved. A user taking advantage of the
> new feature have to accept the key would be less efficiently
> searched and located than one which announced all their details in
> flashing lights;

I'd hardly call it "flashing lights" just to be listed on the
keyserver, especially when the same data source also contains a large
amount of effectively useless data in which any key on the servers is
buried amongst.

Speaking of which, I presume key ID 0x992F6351 is one of your tests?
If so, you probably should've used example.net as the domain name.
It's possible that the registrant of dfgh.net in Turkey might object
to this reference to his domain.

> Yes, different people you communicate with using different names/email
> addresses could share information. If this were uploaded to a database
> that became widely used instead of keyservers it would circumvent the
> whole idea...

As, indeed, would traffic analysis.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/5608dbc4/attachment.pgp>

From kloecker at kde.org  Sun Mar 13 19:19:16 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Sun, 13 Mar 2011 19:19:16 +0100
Subject: For Windows
In-Reply-To: <4D7C5467.1030001@adversary.org>
References: <4D7A8B07.4090907@gmail.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org>
Message-ID: <201103131919.22378@thufir.ingo-kloecker.de>

On Sunday 13 March 2011, Ben McGinnes wrote:
> On 13/03/11 7:24 AM, MFPA wrote:
> > Or simply use pgp-inline so that the disclaimer comes after the
> > signature.
> 
> Yes, this is a fine example of why in-line still has a place in the
> world.

I disagree. This very mailing list demonstrates how to add a footer to a 
message without breaking PGP/MIME signatures. I don't accept the example 
of a broken or wrongly configured mail application/gateway as argument 
in favor of inline PGP. Of course, that's just MHO. Feel free to have a 
different opinion.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110313/cd8ffbdb/attachment.pgp>

From gnupg.user at seibercom.net  Sun Mar 13 21:02:57 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Sun, 13 Mar 2011 16:02:57 -0400
Subject: For Windows
In-Reply-To: <4D7CF2BD.6050209@dougbarton.us>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CF2BD.6050209@dougbarton.us>
Message-ID: <20110313160257.257e9f8b@scorpio>

On Sun, 13 Mar 2011 09:37:17 -0700
Doug Barton <dougb at dougbarton.us> articulated:

> On 03/13/2011 07:57, Jerry wrote:
> > Outlook Express has been replaced by Windows Mail, an improved
> > e?mail program with enhancements such as junk e?mail filtering and
> > protection against phishing messages.
> >
> > Why are we even discussing a product that in not and has not been
> > available for quite some time. I heard, although have not confirmed,
> > that it does not work on Windows 7 anyway which effectively means
> > it is dead.
> 
> Wow, are you ever naive. :)  There are millions of people still using 
> Windows XP and Outlook Express. Microsoft has apparently committed to 
> _supporting_ XP into 2014, which means that you won't see serious 
> reduction in XP use for a few years after that, with a very long tail
> of people continuing to use it for years following. (I spoke with
> someone the other day who is still using Windows 98 because "it does
> what I want it to do.")

So I am naive, then what are you? You CC'd me even though I
specifically stated that off-list replies are basically ignored. In
following with my basic procedure for unwanted e-mails like that, I
reported it as SPAM.

Now, XP sales were terminated on October 22, 2010, with support for
service pack three to end on April 8, 2014. So what? Outlook Express is
no longer available. It has been superseded by another product which
works differently. What part of that has got you confused? There are
numerous users who still employ old, EOL'd operating systems. Does that
mean we have to support them at the expense of those who have moved on
to more modern systems and software?

You have also failed to calculate in the simple fact that just because
a system has Win XP installed it is also actively using Outlook
Express. I still have an old PC with XP installed that I keep around
for some gaming exercises. Outlook Express never was used on that
system. The newer version, AKA Windows Mail can run on any version of
Windows. Your assumption that Win XP =  Outlook Express is incorrect.

Windows XP was down to 64% as of March 2010 with Win7 surpassing Vista
by a few percentage points. That data is one year old obviously. I am
reasonably certain that it has progressed quite a bit. That much is
a given since Win XP is no longer available commercially. Outlook
Express is no longer available. Another fact. To continue to actively
support a piece of dead software is a poor use of one's time and
resources.

-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.



From ben at adversary.org  Sun Mar 13 23:06:20 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 14 Mar 2011 09:06:20 +1100
Subject: For Windows
In-Reply-To: <201103131919.22378@thufir.ingo-kloecker.de>
References: <4D7A8B07.4090907@gmail.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<201103131919.22378@thufir.ingo-kloecker.de>
Message-ID: <4D7D3FDC.6070409@adversary.org>

On 14/03/11 5:19 AM, Ingo Kl?cker wrote:
> On Sunday 13 March 2011, Ben McGinnes wrote:
>> On 13/03/11 7:24 AM, MFPA wrote:
>>> Or simply use pgp-inline so that the disclaimer comes after the
>>> signature.
>>
>> Yes, this is a fine example of why in-line still has a place in the
>> world.
> 
> I disagree. This very mailing list demonstrates how to add a footer
> to a message without breaking PGP/MIME signatures.

True.

Although I've received other email from the OP that did not include
the footer, so now I'm curious to know where it came from, especially
since he is using the GMail MX servers.

> I don't accept the example of a broken or wrongly configured mail
> application/gateway as argument in favor of inline PGP. Of course,
> that's just MHO. Feel free to have a different opinion.

I don't think it is appropriate for broken MUAs or MTAs to be an
appropriate reason for using in-line signatures and I prefer PGP/MIME
because I think it's better (for the reasons many people have
previously mentioned on this list).  I don't, however, agree with the
constant repetition of statements to the effect that in-line is
deprecated.

For a die-hard "in-line is better" stance you'll have to look to
someone else (yes, MFPA, I'm looking at you).  ;)


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/c808cdb2/attachment.pgp>

From dougb at dougbarton.us  Sun Mar 13 23:28:02 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Sun, 13 Mar 2011 15:28:02 -0700
Subject: For Windows
In-Reply-To: <20110313160257.257e9f8b@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>	<4D7CF2BD.6050209@dougbarton.us>
	<20110313160257.257e9f8b@scorpio>
Message-ID: <4D7D44F2.7090501@dougbarton.us>

On 3/13/2011 1:02 PM, Jerry wrote:
> On Sun, 13 Mar 2011 09:37:17 -0700 Doug Barton<dougb at dougbarton.us>
> articulated:
>
>> On 03/13/2011 07:57, Jerry wrote:
>>> Outlook Express has been replaced by Windows Mail, an improved
>>> e?mail program with enhancements such as junk e?mail filtering
>>> and protection against phishing messages.
>>>
>>> Why are we even discussing a product that in not and has not
>>> been available for quite some time. I heard, although have not
>>> confirmed, that it does not work on Windows 7 anyway which
>>> effectively means it is dead.
>>
>> Wow, are you ever naive. :)  There are millions of people still
>> using Windows XP and Outlook Express. Microsoft has apparently
>> committed to _supporting_ XP into 2014, which means that you won't
>> see serious reduction in XP use for a few years after that, with a
>> very long tail of people continuing to use it for years following.
>> (I spoke with someone the other day who is still using Windows 98
>> because "it does what I want it to do.")
>
> So I am naive, then what are you?

Not in 3rd grade?

> You CC'd me even though I specifically stated that off-list replies
> are basically ignored.

That's just silly, given that:

1) 30 years of Internet tradition says that cc'ing the poster in
messages to the list is the polite thing to do
2) The "Robustness Principle" says, "Be conservative in what you send,
liberal in what you receive."
3) It's completely irrational for you to expect that everyone else on
the Internet is going to change their behavior to suit you
4) If you _really care_ so much about this topic, there is a mailman
configuration option that you can twiddle to solve it for you. You can
follow the instructions at the bottom of the post to get there.

> In following with my basic procedure for unwanted e-mails like that,
> I reported it as SPAM.

Well that's both silly _and_ childish.

> Now, XP sales were terminated on October 22, 2010, with support for
> service pack three to end on April 8, 2014. So what? Outlook Express
> is no longer available.

"I don't think that word means what you think it means." It's totally 
available to the millions of desktops that still have XP installed. This 
is the most recent survey I could find, and they make the mistake of 
conflating "Outlook Express" with older "Outlook" versions (which is a 
mistake because they are separate products) but it should give you an idea:

http://visibleranking.com/2010/05/most-popular-email-clients.php

> It has been superseded by another product
> which works differently. What part of that has got you confused?

I'm pretty sure I'm not the one who is confused. :)

> There are numerous users who still employ old, EOL'd operating
> systems. Does that mean we have to support them at the expense of
> those who have moved on to more modern systems and software?

That depends on your goals. If your goal is to try to force a certain 
idea of communicative purity down people's throats, then no. If your 
goal is to be able to communicate most effectively with the widest 
number of mail recipients, you might want to think about it.

> You have also failed to calculate in the simple fact that just
> because a system has Win XP installed it is also actively using
> Outlook Express.

No, actually I haven't. I stand by my statement that there are millions 
of OE users now, and that those numbers won't be going down much any 
time soon.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From kgo at grant-olson.net  Sun Mar 13 23:29:46 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sun, 13 Mar 2011 18:29:46 -0400
Subject: For Windows
In-Reply-To: <20110313105716.261460eb@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>
Message-ID: <4D7D455A.1040303@grant-olson.net>

On 03/13/2011 10:57 AM, Jerry wrote:
> On Sun, 13 Mar 2011 08:19:58 -0600
> Aaron Toponce <aaron.toponce at gmail.com> articulated:
> 
>> On 03/13/2011 06:56 AM, Brad Rogers wrote:
>>> On Sun, 13 Mar 2011 06:05:12 -0600
>>> Aaron Toponce <aaron.toponce at gmail.com> wrote:
>>>
>>> Hello Aaron,
>>>
>>>> On 03/13/2011 05:42 AM, Jerry wrote:
>>>>> Actually, it is a fine example of users/MUAs not correctly
>>>>> formatting e-mail messages thereby forcing the use of a
>>>>> deprecated method.  
>>>> [citation required]
>>>
>>> See the way Outlook Express treats PGP sigs, and the messages to
>>> which they're attached.
>>
>> Are you implying that Outlook Express determines the support life
>> cycle of OpenPGP standards?
> 
> Outlook Express has been replaced by Windows Mail, an improved e?mail
> program with enhancements such as junk e?mail filtering and protection
> against phishing messages.
> 

I really don't want to get involved in this debate.  The same one two
weeks ago didn't change anyone's mind and this one won't either.
But...

Last time I tested, maybe a year ago, Windows Live Mail had the same
weird behavior.  It leads me to believe that it's just a re-branded
version of outlook express.

If we actually want to add some new content the MIME vs Inline debate
this time, consider that the OP is blind and uses a screen reader.  I've
got a strong suspicion that PGP/Mime would play much more nicely with a
screen reader or braille display than PGP/Inline.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/8eb2031e/attachment.pgp>

From expires2011 at ymail.com  Mon Mar 14 01:44:13 2011
From: expires2011 at ymail.com (MFPA)
Date: Mon, 14 Mar 2011 00:44:13 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7CF8BC.3060509@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C792C.2000206@adversary.org>
	<1944500773.20110313141219@my_localhost>
	<4D7CF8BC.3060509@adversary.org>
Message-ID: <9710109712.20110314004413@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 5:02:52 PM, in
<mid:4D7CF8BC.3060509 at adversary.org>, Ben McGinnes wrote:

> Ah, I'm still using the 1.4.x branch, so I haven't seen
> any of that.

Nor have I; it is just my understanding from descriptions and answers
to questions that I have read.



> I'd hardly call it "flashing lights" just to be listed
> on the keyserver, especially when the same data source
> also contains a large amount of effectively useless
> data in which any key on the servers is buried amongst.

Ok, you know what I mean. When you have found the key, all user IDs
are readable and the information is clearly visible. Compared to a key
showing only hashes in the user IDs, this is like having the
information up in lights for all to see. (-:



> Speaking of which, I presume key ID 0x992F6351 is one
> of your tests?

Without looking at it I couldn't comment; I have a handful out there.
(-;



> If so, you probably should've used
> example.net as the domain name.

Depends. What was being tested may have required a working email
address.



> It's possible that the
> registrant of dfgh.net in Turkey might object to this
> reference to his domain.

Last I heard, dfgh.net was one of the domains whose owner allows its
use as an alternative to spamgourmet.com. If it has changed hands, the
new owner could be in for a shock...



>> Yes, different people you communicate with using
>> different names/email addresses could share
>> information. If this were uploaded to a database that
>> became widely used instead of keyservers it would
>> circumvent the whole idea...

> As, indeed, would traffic analysis.

And neither of these are within the scope of the limited protection
intended by this scheme.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Wisdom is a companion to age; yet age may travel alone.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNfWTknhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p3yMD/1IJ
vAVZxk3WTNL9Hlzy3b5raJcvfW3dA1SxL8079IhoxWPh9Pu7RrmuE6hSzenwmY+2
BeNOAIFTfWwc5n5nUALFZtosgRI/y18VxtQVDSs4/S4QYwxzfrzUpJrlCwdeM5nQ
+Zx4PoqeTexjsxhX+YdjJahc1Y51JiW3JTwur/TK
=qb68
-----END PGP SIGNATURE-----



From ben at adversary.org  Mon Mar 14 02:06:26 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 14 Mar 2011 12:06:26 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <9710109712.20110314004413@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C792C.2000206@adversary.org>	<1944500773.20110313141219@my_localhost>	<4D7CF8BC.3060509@adversary.org>
	<9710109712.20110314004413@my_localhost>
Message-ID: <4D7D6A12.308@adversary.org>

On 14/03/11 11:44 AM, MFPA wrote:
> On Sunday 13 March 2011 at 5:02:52 PM, in
> <mid:4D7CF8BC.3060509 at adversary.org>, Ben McGinnes wrote:
> 
>> I'd hardly call it "flashing lights" just to be listed on the
>> keyserver, especially when the same data source also contains a
>> large amount of effectively useless data in which any key on the
>> servers is buried amongst.
> 
> Ok, you know what I mean. When you have found the key, all user IDs
> are readable and the information is clearly visible. Compared to a
> key showing only hashes in the user IDs, this is like having the
> information up in lights for all to see. (-:

I can't speak for everyone else, but I've always taken the term of
saying something is in "flashing lights" to mean that something is
drawing attention to that thing.  The existence of a UID being in a
human readable format on a keyserver doesn't really fit that category.

>> Speaking of which, I presume key ID 0x992F6351 is one of your
>> tests?
> 
> Without looking at it I couldn't comment; I have a handful out there.
> (-;

Well, the name kind of gives it away:

N.O. Hashing <EB089BE1992F6351_uploaded_20100303.mfpa at dfgh.net>
  2048 bit RSA key 992F6351, created: 2010-03-03

> Last I heard, dfgh.net was one of the domains whose owner allows its
> use as an alternative to spamgourmet.com. If it has changed hands, the
> new owner could be in for a shock...

The whois data says it's been registered for a few years, so it
probably hasn't changed hands.

Anyway, out of curiosity, did you ever receive spam by that address
and prove it had been harvested from the keyservers?  I still think
harvesting addresses from the keyservers is too much effort for
spammers, who mostly generate the target addresses, but it would be
nice to finally answer that question.


Regards,
Ben



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/464e6241/attachment.pgp>

From rjh at sixdemonbag.org  Mon Mar 14 04:55:19 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 13 Mar 2011 23:55:19 -0400
Subject: For Windows
In-Reply-To: <20110313160257.257e9f8b@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>	<4D7CF2BD.6050209@dougbarton.us>
	<20110313160257.257e9f8b@scorpio>
Message-ID: <4D7D91A7.9090907@sixdemonbag.org>

On 3/13/2011 4:02 PM, Jerry wrote:
> So I am naive, then what are you? You CC'd me even though I 
> specifically stated that off-list replies are basically ignored. In 
> following with my basic procedure for unwanted e-mails like that, I 
> reported it as SPAM.

Well, it's not exactly "unsolicited," given it's a response to something
you said, and it's not hawking any good or service so it's hardly
"commercial."  I think you're going a bit overboard here.

> Now, XP sales were terminated on October 22, 2010, with support for 
> service pack three to end on April 8, 2014.

True, but more or less irrelevant.  Consider how long it's taken to kill
IE 6, even when Microsoft's been making IE 7+ free downloads for as long
as can be imagined.  XP is going to suffer much the same fate.  I would
be absolutely gobsmackingly astonished if XP dropped below, say, a 10%
market share before 2015.

Remember what it was that killed Vista -- the perception that XP was
good enough and nobody needed what Vista was offering.  Now consider
that Windows 7 is basically just a rebranded, remarketed Vista.  It
seems highly premature to declare that XP is on its last legs.  It's
transitioned into the end-of-life stage, yes... but there's no knowing
how long it'll hang on.

> It has been superseded by another product which works differently.

It has been superseded among the bleeding-edgers.  There are still a lot
of people who insist on using OE on the grounds of, "I don't want to
have to learn a new user interface."

> To continue to actively support a piece of dead software is a poor
> use of one's time and resources.

I would agree with you if I thought XP and OE were dead.  I don't.



From thajsta at gmail.com  Mon Mar 14 04:21:25 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 13 Mar 2011 23:21:25 -0400
Subject: RSA Versus DSA and EL GAMAL
Message-ID: <4D7D89B5.20401@gmail.com>

I apologise in advance if this is a stupid question to ask now or if
people already asked it before I stepped on the scene, but which
algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
undergone a ridiculous amount of scrutiny and is immensely popular. I
also know it generates longer keys.

I have a 4096 RSA key but really never found the answer whilst searching
beforehand which one to choose. I know 4096 is much better than 2048, so
I can not figure out why Enigmail defaults to a 2048 instead of 4096 but
whatever. I am not concerned about speed; I will gladly sacrifice speed
for security any day. As always, thanks for the future lessons.
-- 
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
files or previous e-mail messages attached to it may contain
confidential information that is legally privileged. If you are not the
intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or use of any of the information contained in or
attached to this transmission is STRICTLY PROHIBITED. If you have
received this transmission in error, please immediately notify the
sender, and please destroy the original transmission and its attachments
without reading or saving in any manner. Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: </pipermail/attachments/20110313/eb3d4cbd/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/eb3d4cbd/attachment.pgp>

From rjh at sixdemonbag.org  Mon Mar 14 05:23:15 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Mar 2011 00:23:15 -0400
Subject: RSA Versus DSA and EL GAMAL
In-Reply-To: <4D7D89B5.20401@gmail.com>
References: <4D7D89B5.20401@gmail.com>
Message-ID: <4D7D9833.7010706@sixdemonbag.org>

On 3/13/2011 11:21 PM, Jonathan Ely wrote:
> I apologise in advance if this is a stupid question to ask now or if 
> people already asked it before I stepped on the scene, but which 
> algorithm is more secure: DSA and EL GAMAL or RSA?

There are probably only a couple of dozen mathematicians in the entire
world who are really competent to argue about the relative merits of the
concepts underlying each algorithm.  I'm not one of them.  I doubt any
of them are on this list.

For the rest of us, it's kind of like wondering whether King Kong or
Godzilla is better at terrorizing urban centers.  It's an interesting
thought experiment, but we'll probably never reach a consensus.  All
we'll be certain of is that if we need an urban megalopolis thoroughly
cowed, either of the two will do the job just fine.


From dshaw at jabberwocky.com  Mon Mar 14 05:35:55 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 14 Mar 2011 00:35:55 -0400
Subject: RSA Versus DSA and EL GAMAL
In-Reply-To: <4D7D89B5.20401@gmail.com>
References: <4D7D89B5.20401@gmail.com>
Message-ID: <3AA31698-8B59-496B-A52A-422C4A7D672B@jabberwocky.com>

On Mar 13, 2011, at 11:21 PM, Jonathan Ely wrote:

> I apologise in advance if this is a stupid question to ask now or if
> people already asked it before I stepped on the scene, but which
> algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
> undergone a ridiculous amount of scrutiny and is immensely popular. I
> also know it generates longer keys.
> 
> I have a 4096 RSA key but really never found the answer whilst searching
> beforehand which one to choose. I know 4096 is much better than 2048, so
> I can not figure out why Enigmail defaults to a 2048 instead of 4096 but
> whatever. I am not concerned about speed; I will gladly sacrifice speed
> for security any day. As always, thanks for the future lessons.

This is a very frequently asked question on this list.  You might hit Google and see some of the previous discussions.  Basically though, the argument between RSA and Elgamal is like comparing a 9999-foot wall vs a 10000-foot wall (and I'm not saying which is the 9999 and which is the 10000).  Does the difference really matter, as long as you can't climb over either one?

The short answer: use RSA.  It's the default for various little fiddly operational reasons, none of which are relevant to the question of "which is more secure".

David



From remco at webconquest.com  Mon Mar 14 07:24:06 2011
From: remco at webconquest.com (Remco Rijnders)
Date: Mon, 14 Mar 2011 07:24:06 +0100
Subject: For Windows
In-Reply-To: <4D7D3FDC.6070409@adversary.org>
References: <4D7A8B07.4090907@gmail.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org>
	<201103131919.22378@thufir.ingo-kloecker.de>
	<4D7D3FDC.6070409@adversary.org>
Message-ID: <368.AB1D@winter.webconquest.com>

On Mon, Mar 14, 2011 at 09:06:20AM +1100, Ben McGinnes wrote:
>
>Although I've received other email from the OP that did not include
>the footer, so now I'm curious to know where it came from, especially
>since he is using the GMail MX servers.
>

Hi Ben,

I exchanged a few emails off list with the OP as well, and that led us to 
conclude that most likely the original mail also included a HTML-part 
(scrubbed off by the mailing list?) which caused the signature to fail. 
The legal mumbo jumbo disclaimer was added by the MUA and not the MTA, so 
I imagine enigmail properly signed the footer and my original assumption 
that the MTA was to blame was incorrect.

Cheers,

Remco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110314/13c3c38e/attachment.pgp>

From wk at gnupg.org  Mon Mar 14 08:56:32 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Mar 2011 08:56:32 +0100
Subject: For Windows
In-Reply-To: <4D7AC10F.2070503@grant-olson.net> (Grant Olson's message of
	"Fri, 11 Mar 2011 19:40:47 -0500")
References: <4D7A8B07.4090907@gmail.com> <4D7AC10F.2070503@grant-olson.net>
Message-ID: <874o76m8y7.fsf@vigenere.g10code.de>

On Sat, 12 Mar 2011 01:40, kgo at grant-olson.net said:

> - GPG4WIN is the right package to install gpg2 on windows, so you've got
> the right installer.  It's a shame GPA doesn't work with a screen reader.

What is the problem with GPA?  It is a plain gtk+ application and thus
should have the same features and problems as other gtk+ applications.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From thajsta at gmail.com  Mon Mar 14 11:55:02 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Mon, 14 Mar 2011 06:55:02 -0400
Subject: For Windows
In-Reply-To: <368.AB1D@winter.webconquest.com>
References: <4D7A8B07.4090907@gmail.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>	<201103131919.22378@thufir.ingo-kloecker.de>	<4D7D3FDC.6070409@adversary.org>
	<368.AB1D@winter.webconquest.com>
Message-ID: <4D7DF406.30906@gmail.com>

I think I made the mistake of using HTML format the first time then
learnt my signature failed to validate. I realised it was because of the
HTML check box being checked; thus, I have disabled that. I have also
disabled the text signature for replies.

On 14/03/2011 02:24 AM, Remco Rijnders wrote:
> On Mon, Mar 14, 2011 at 09:06:20AM +1100, Ben McGinnes wrote:
>>
>> Although I've received other email from the OP that did not include
>> the footer, so now I'm curious to know where it came from, especially
>> since he is using the GMail MX servers.
>>
> 
> Hi Ben,
> 
> I exchanged a few emails off list with the OP as well, and that led us
> to conclude that most likely the original mail also included a HTML-part
> (scrubbed off by the mailing list?) which caused the signature to fail.
> The legal mumbo jumbo disclaimer was added by the MUA and not the MTA,
> so I imagine enigmail properly signed the footer and my original
> assumption that the MTA was to blame was incorrect.
> 
> Cheers,
> 
> Remco
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: </pipermail/attachments/20110314/a2bdf346/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/a2bdf346/attachment-0001.pgp>

From thajsta at gmail.com  Mon Mar 14 11:57:59 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Mon, 14 Mar 2011 06:57:59 -0400
Subject: For Windows
In-Reply-To: <874o76m8y7.fsf@vigenere.g10code.de>
References: <4D7A8B07.4090907@gmail.com> <4D7AC10F.2070503@grant-olson.net>
	<874o76m8y7.fsf@vigenere.g10code.de>
Message-ID: <4D7DF4B7.1070002@gmail.com>

I use a screen reader called JAWS For Windows. The GUI is not screen
reader accessible, meaning I can not use the Arrow keys, Tab, Shift+Tab
and any other navigational keys to use the GPA utility like you can with
the mouse. I really hate that; people have no idea how much it annoys
me. I might write to the GPG4WIN developers if I can track down their
information. The command-line utility of GnuPG is more verbose than that.

On 14/03/2011 03:56 AM, Werner Koch wrote:
> On Sat, 12 Mar 2011 01:40, kgo at grant-olson.net said:
> 
>> - GPG4WIN is the right package to install gpg2 on windows, so you've got
>> the right installer.  It's a shame GPA doesn't work with a screen reader.
> 
> What is the problem with GPA?  It is a plain gtk+ application and thus
> should have the same features and problems as other gtk+ applications.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: </pipermail/attachments/20110314/be56b58f/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/be56b58f/attachment.pgp>

From Gloria.Teo at bit.admin.ch  Mon Mar 14 11:23:26 2011
From: Gloria.Teo at bit.admin.ch (Gloria.Teo at bit.admin.ch)
Date: Mon, 14 Mar 2011 11:23:26 +0100
Subject: GPG and PGP
Message-ID: <E1306337AED1804282B19099556FB90A0AB4A6DF@sbem35exc1005.efd.intra.admin.ch>

Hi,

 

1.     I've tried to install PGP 6.5.8 on SUSE SLES 11 and it doesn't
work. I gave up and 

 

2.     Try to import the pgp (6.5.8) keys (public and private) on my
server (SUSE SLES 11) with GPG 2.0.9.

While importing the private key, I get 

 

gpg: key B5AC473D: secret key imported

gpg: key B5AC473D: no valid user IDs

gpg: this may be caused by a missing self-signature

gpg: /home/appl/.gnupg/trustdb.gpg: trustdb created

gpg: key B5AC473D: public key "epflpepfl" imported

gpg: WARNING: key B5AC473D contains preferences for unavailable

algorithms on these user IDs:

gpg:          "epflpepfl": preference for cipher algorithm 1

gpg: it is strongly suggested that you update your preferences and

gpg: re-distribute this key to avoid potential algorithm mismatch
problems

 

Set preference list to:

     Cipher: AES256, AES192, AES, CAST5, 3DES

     Digest: SHA1, SHA256, RIPEMD160

     Compression: ZLIB, BZIP2, ZIP, Uncompressed

     Features: MDC, Keyserver no-modify

Really update the preferences? (y/N) y

 

You need a passphrase to unlock the secret key for

user: "epflpepfl"

1024-bit DSA key, ID B5AC473D, created 2003-01-09

 

gpg: cancelled by user

gpg: update_keysig_packet failed: General error

 

Key not changed so no update needed.

gpg: Total number processed: 2

gpg:           w/o user IDs: 1

gpg:               imported: 1

gpg:       secret keys read: 1

gpg:   secret keys imported: 1

 

so I tried to edit this key and try to change the password. See below.
There is no prompt for passphrase and it just exit.

 

gpg --edit-key B5AC473D

gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

 

Secret key is available.

 

pub  1024D/B5AC473D  created: 2003-01-09  expires: never       usage:
SCA

                     trust: full          validity: unknown

sub  2048g/D4679812  created: 2003-01-09  expires: never       usage: E

[ unknown] (1). epflpepfl

 

Command> passwd

Key is protected.

 

You need a passphrase to unlock the secret key for

user: "epflpepfl"

1024-bit DSA key, ID B5AC473D, created 2003-01-09

 

gpg: cancelled by user

Can't edit this key: General error

 

How can I unlock the secret key? Please help!

 

Still trying hard to figure pgp and gpg out.

gpg-amateur

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110314/aad7664b/attachment-0001.htm>

From aaron.toponce at gmail.com  Mon Mar 14 13:20:39 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Mon, 14 Mar 2011 06:20:39 -0600
Subject: RSA Versus DSA and EL GAMAL
In-Reply-To: <4D7D89B5.20401@gmail.com>
References: <4D7D89B5.20401@gmail.com>
Message-ID: <4D7E0817.3050409@gmail.com>

On 03/13/2011 09:21 PM, Jonathan Ely wrote:
> I apologise in advance if this is a stupid question to ask now or if
> people already asked it before I stepped on the scene, but which
> algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
> undergone a ridiculous amount of scrutiny and is immensely popular. I
> also know it generates longer keys.

http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

Fortunately, GnuPG ships with good PRNG support, so the value for k can
be guaranteed to be "random enough" to hold the security of DSA in
place. However, DSA is fragile enough that if for any reason, your PRNG
doesn't generate a good k, the private key can be generated.

RSA, afaict, doesn't suffer from this.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/894f3d24/attachment.pgp>

From gnupg.user at seibercom.net  Mon Mar 14 13:23:46 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Mon, 14 Mar 2011 08:23:46 -0400
Subject: For Windows
In-Reply-To: <4D7D44F2.7090501@dougbarton.us>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CF2BD.6050209@dougbarton.us> <20110313160257.257e9f8b@scorpio>
	<4D7D44F2.7090501@dougbarton.us>
Message-ID: <20110314082346.1f6493a5@scorpio>

On Sun, 13 Mar 2011 15:28:02 -0700
Doug Barton <dougb at dougbarton.us> articulated:

[snip]

This entire thread breaks down to a few simple principals of which the
most prominent one is if you are going to become a slave to the past.
While one's method may be more circuitous than another's is irrelevant.
The final goal is to produce a high quality product.

Microsoft realized that they could not produce a more functional
version of IE, aka IE9, without abandoning older versions of its OS.
They could have went to great lengths to make older and EOL'd versions
functional with IE9, but that would have been extremely costly and
wasted valuable resources. They simply bit the bullet and moved on.
There are several URLs including on Microsoft's own TechNet that you can
search for verification.

Take for example a user who happens to have a large collection of Disco
cloths hanging around his/her home. Should they keep them in some vain
hope that Disco will return or simply dispose of them and move on to a
newer wardrobe?

The point being that at some point you have to move on. Outlook Express
is dead. It has been officially abandoned by its creator. Yes, there are
still remnants of it in circulation; however, they will all die a
natural death soon enough. Heck, there are still users of FreeBSD 4.x
lurking around. Would you have the creators of every piece of software
out there continuing to waste time and resources on making their
software backward compatible? Do you fully realize what a nightmare
that would become? It is bad enough when a library version is bumped
and I have to rebuild 800+ applications. To continually support this
software is to waste time and resources. Many of the complaints from
FOSS users is that Microsoft's products are bloated. To continue to
support architectures that are no longer viable is to bring the same
criticism upon us.

Perhaps a possible solution would be to freeze "GNUPG" at its present
state of development. Now, start the creation of a new branch that
supports only modern, fully RFC approved standards. It might also offer
the developers a change to clean up some code, etc. Yes, it would take
time, but time well spent I believe. In this way, everybody would be
happy. Those wishing to use the older version would be free to do so;
while those wanting a more streamlined version would have that
opportunity also. It looks like a win-win situation to me.

-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.



From Mike_Acker at charter.net  Mon Mar 14 13:23:27 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 14 Mar 2011 08:23:27 -0400
Subject: PGPFW658Win32
Message-ID: <4D7E08BF.50606@charter.net>

I had used the above -- obsolete/MIT distribution of PGP for some time. 
It is unfortunately, obsolete: it had a much better GUI than GnuPG,
especially when you wanted to examine a key.

I think though that PGP has an assortment of different levels of
support; the above being only valid through Level 6.  someplace int he
documentation I think I remember seeing that for the current GnuPG to
support level 6 keys you have to set some kind of switches. 

dunno; i stopped researching this and switched entirely to GnuPG.

I don't like GPA and I don't like Cleopatra either.  In the first place
you should need only 1 key-manager.  Evidently GPA didn't cut it and so
they tried Cleopatra and missed with that too

no matter

what matters to me is that I can install the GnuPG package and access it
via ENIGMAIL -- which is a plug-in for the Thunderbird e/mail client

this should be compatible with clients using Microsoft Mail with PGP
desk-top: it is my understanding these things are supposed to be
interoperable as PGP is supposed to be an open standard.  how they got
into this level/version problem with the keys is a bit of a mystery to
me but I think somebody took a shortcut someplace
/GW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/3de07a77/attachment.pgp>

From aaron.toponce at gmail.com  Mon Mar 14 13:39:56 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Mon, 14 Mar 2011 06:39:56 -0600
Subject: PGPFW658Win32
In-Reply-To: <4D7E08BF.50606@charter.net>
References: <4D7E08BF.50606@charter.net>
Message-ID: <4D7E0C9C.8080703@gmail.com>

On 03/14/2011 06:23 AM, Mike Acker wrote:
> I don't like GPA and I don't like Cleopatra either.  In the first place
> you should need only 1 key-manager.  Evidently GPA didn't cut it and so
> they tried Cleopatra and missed with that too

Who's "they"? The developers behind GPA are not the same developers
behind Kleopatra, who in turn are not the same developers behind
Seahorse who are not the same developers behind KGPG. Et cetera, et cetera.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110314/a4136e9c/attachment.pgp>

From rjh at sixdemonbag.org  Mon Mar 14 14:17:59 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Mar 2011 09:17:59 -0400
Subject: For Windows
In-Reply-To: <20110314082346.1f6493a5@scorpio>
References: <4D7A8B07.4090907@gmail.com>
	<4D7AB69B.7040003@gmail.com>	<348.1AA0@winter.webconquest.com>	<1208561845.20110312202438@my_localhost>	<4D7C5467.1030001@adversary.org>
	<20110313074234.64ecda85@scorpio>	<4D7CB2F8.6070404@gmail.com>	<20110313125653.03671aa3@abydos.stargate.org.uk>	<4D7CD28E.2010602@gmail.com>
	<20110313105716.261460eb@scorpio>	<4D7CF2BD.6050209@dougbarton.us>
	<20110313160257.257e9f8b@scorpio>	<4D7D44F2.7090501@dougbarton.us>
	<20110314082346.1f6493a5@scorpio>
Message-ID: <4D7E1587.40400@sixdemonbag.org>

On 3/14/2011 8:23 AM, Jerry wrote:
> The point being that at some point you have to move on.

Yes, exactly.  At some point *you* have to move on -- but you don't get
to say if, or when, other people decide to move on.

For the time being, a lot of people are still on platforms that use
outdated software.  In this case, Outlook Express (although I agree with
Doug: I believe Windows Mail still has the same problem).  The question
is whether in our desire to move on we're willing to write off the
possibility of communicating with people who have not yet moved on.

> Outlook Express is dead.

"Dead" is a subjective term, and not one I believe is appropriate here.

> Would you have the creators of every piece of software out there
> continuing to waste time and resources on making their software
> backward compatible?

Of course not: however, that's not what we're talking about here.  What
we're talking about is inline signatures.  The code for this already
exists, is stable, and isn't going away anytime soon.  The question is
not whether we are going to spend resources specifically targeting OE,
but whether we are going to use *already developed* resources in order
to facilitate communication with OE.

> Many of the complaints from FOSS users is that Microsoft's products
> are bloated. To continue to support architectures that are no longer
> viable is to bring the same criticism upon us.

Quite the opposite: one of the big selling points of the free UNIXes is
how well they function on old, outdated hardware.  I could install one
on the very first PC I ever owned, a 386DX/20.  Support for old systems
is a feature, not a bug!

> Now, start the creation of a new branch that supports only modern,
> fully RFC approved standards.

Inline signatures /are/ standards.  RFC 4880 is far newer than RFC 3156:
by your logic, 4880 should supersede 3156 and we should all move to the
current standard and abandon 3156 support.



Note: I'm not advocating everyone use inline signatures, the same way I
don't advocate everyone use PGP/MIME signatures.  Use what works for
you.  At the end of the day, that's the final analysis, the only
interesting result.


From wk at gnupg.org  Mon Mar 14 15:37:36 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Mar 2011 15:37:36 +0100
Subject: For Windows
In-Reply-To: <4D7DF4B7.1070002@gmail.com> (Jonathan Ely's message of "Mon, 14
	Mar 2011 06:57:59 -0400")
References: <4D7A8B07.4090907@gmail.com> <4D7AC10F.2070503@grant-olson.net>
	<874o76m8y7.fsf@vigenere.g10code.de> <4D7DF4B7.1070002@gmail.com>
Message-ID: <87vczllqdr.fsf@vigenere.g10code.de>

On Mon, 14 Mar 2011 11:57, thajsta at gmail.com said:
> I use a screen reader called JAWS For Windows. The GUI is not screen
> reader accessible, meaning I can not use the Arrow keys, Tab, Shift+Tab

I see that you are talking about GPA for Windows.  It is quite possible
that this is not up to what the GTK+ provides on Posix platforms.

Feel free to fix that.  GPA is Free Software; there is even no copyright
assignment required as we do for the GnuPG core.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From wk at gnupg.org  Mon Mar 14 15:41:35 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Mar 2011 15:41:35 +0100
Subject: For Windows
In-Reply-To: <20110314082346.1f6493a5@scorpio> (Jerry's message of "Mon, 14
	Mar 2011 08:23:46 -0400")
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CF2BD.6050209@dougbarton.us> <20110313160257.257e9f8b@scorpio>
	<4D7D44F2.7090501@dougbarton.us> <20110314082346.1f6493a5@scorpio>
Message-ID: <87r5a9lq74.fsf@vigenere.g10code.de>

On Mon, 14 Mar 2011 13:23, gnupg.user at seibercom.net said:

> Perhaps a possible solution would be to freeze "GNUPG" at its present
> state of development. Now, start the creation of a new branch that

Fortunately this is not required.  GnuPG does not know about mail; it
does not even know about PGP/MIME.  The whole mail business is up to the
MUAs.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From gnupg.user at seibercom.net  Mon Mar 14 15:44:21 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Mon, 14 Mar 2011 10:44:21 -0400
Subject: For Windows
In-Reply-To: <4D7E1587.40400@sixdemonbag.org>
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CF2BD.6050209@dougbarton.us> <20110313160257.257e9f8b@scorpio>
	<4D7D44F2.7090501@dougbarton.us> <20110314082346.1f6493a5@scorpio>
	<4D7E1587.40400@sixdemonbag.org>
Message-ID: <20110314104421.24c0cc7a@scorpio>

On Mon, 14 Mar 2011 09:17:59 -0400
Robert J. Hansen <rjh at sixdemonbag.org> articulated:

> On 3/14/2011 8:23 AM, Jerry wrote:
> > The point being that at some point you have to move on.
> 
> Yes, exactly.  At some point *you* have to move on -- but you don't
> get to say if, or when, other people decide to move on.
> 
> For the time being, a lot of people are still on platforms that use
> outdated software.  In this case, Outlook Express (although I agree
> with Doug: I believe Windows Mail still has the same problem).  The
> question is whether in our desire to move on we're willing to write
> off the possibility of communicating with people who have not yet
> moved on.
> 
> > Outlook Express is dead.
> 
> "Dead" is a subjective term, and not one I believe is appropriate
> here.
> 
> > Would you have the creators of every piece of software out there
> > continuing to waste time and resources on making their software
> > backward compatible?
> 
> Of course not: however, that's not what we're talking about here.
> What we're talking about is inline signatures.  The code for this
> already exists, is stable, and isn't going away anytime soon.  The
> question is not whether we are going to spend resources specifically
> targeting OE, but whether we are going to use *already developed*
> resources in order to facilitate communication with OE.
> 
> > Many of the complaints from FOSS users is that Microsoft's products
> > are bloated. To continue to support architectures that are no longer
> > viable is to bring the same criticism upon us.
> 
> Quite the opposite: one of the big selling points of the free UNIXes
> is how well they function on old, outdated hardware.  I could install
> one on the very first PC I ever owned, a 386DX/20.  Support for old
> systems is a feature, not a bug!

Excuse me, but where did the term "bug" come from in this discussion? I
specifically stated "bloat". It you don't know the difference then this
discussion is never going to go anyway. Might I suggest:
<http://en.wikipedia.org/wiki/Software_bloat> for further reading.

> > Now, start the creation of a new branch that supports only modern,
> > fully RFC approved standards.
> 
> Inline signatures /are/ standards.  RFC 4880 is far newer than RFC
> 3156: by your logic, 4880 should supersede 3156 and we should all
> move to the current standard and abandon 3156 support.

Actually, yes I would suggest that we all move. However, that would be
extremely naive of me like believing that readers actually view a
signature and pay heed to a posters requests. Now, RFC does explicitly
obsolete other RFCs, specifically: Obsoletes: 1991, 2440 as stated in
the RFC. There is no specific mention of any other RFC so obviously
obsolescence is not the question here. There are always going to be
slackers; it is just the nature of the beast.

> Note: I'm not advocating everyone use inline signatures, the same way
> I don't advocate everyone use PGP/MIME signatures.  Use what works for
> you.  At the end of the day, that's the final analysis, the only
> interesting result.

I have no problem with that basic philosophy. If some user wants to use
a seriously comatose method, that is their right I suppose. However, I
find rather interesting the number of users who would state that I
should be willing to accept inline signatures even though it breaks the
functionality of sig-delimiters, plus adds garbage to the actual message
which inevitably some other moron then forwards or replies to with that
same garbage still visible, ad infinitum, yet bitch like little school
girls if some user posts using HTML or attempts to make use of a
Microsoft ".doc" formatted item. For the record, I am opposed to both;
however, that does not change the fact that, that same behavior is
prevalent.

I have seriously considered adding some body checks to my Postfix mail
server to reject messages with inline signatures. I would only then
need to whitelist a few actual bona fide senders that I actually need to
correspond with that still employ the older protocol. Now that sounds
like a real win-win compromise.

-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.



From vedaal at nym.hush.com  Mon Mar 14 15:50:58 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Mon, 14 Mar 2011 10:50:58 -0400
Subject: GPG and PGP
Message-ID: <20110314145058.A909210E2BB@smtp.hushmail.com>

Gloria.Teo at bit.admin.ch Gloria.Teo at bit.admin.ch wrote on
Mon Mar 14 11:23:26 CET 2011 :

>gpg:  epflpepfl": preference for cipher algorithm 1

Cipher Algorithm 1 is IDEA, and was used as a default cipher for 
RSA keys by 6.5.8

GnuPG does not use IDEA although it will accept the IDEA module.


>You need a passphrase to unlock the secret key for
user: "epflpepfl"
1024-bit DSA key, ID B5AC473D, created 2003-01-09

This is unusual, because the 6.5.8 default cipher for a DSA key is 
CAST5, not IDEA, unless you specifically set up 6.5.8 to use IDEA 
even for DSA keys.

Be that as it may, there are two ways you can unlock your secret 
key:

[1] If you have an existing workable 6.5.8 on any machine, use it 
to edit the key, and REMOVE the passphrase, then import it into 
GnupG and edit it again to set the passphrase, then, once you're 
satisfied that that works, delete any copies of the key that had 
the passphrase removed.


[2] Use GnuPG with the IDEA module.

IDEA.dll can be downloaded from Disastry's preserved site:
http://www.spywarewarrior.com/uiuc/disastry/gpg.htm
(btw, Disastry is the one who wrote the IDEA.dll module, 
specifically to bridge the gap between gnupg and pgp users.)

(a) Copy idea.dll into your gnupg home directory
(b) add the following line to your gpg.conf
load-extension 'pathway to your gnupg home directory'/idea.dll

(backward slash '\' if you're doing this on windows)

(c) save gpg.conf
(d) open gnupg, and at the prompt, type gpg -h

gnupg should then list the following;

Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), 
AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), 
CAMELLIA192 (S12), CAMELLIA256 (S13)

If IDEA is listed, then  everything you want to do will work.
(Don't worry if CAMEllIA isn't listed, it just means you aren't 
using the latest version of GnuPG.)


vedaal








From sattva at pgpru.com  Mon Mar 14 15:36:11 2011
From: sattva at pgpru.com (Vlad "SATtva" Miller)
Date: Mon, 14 Mar 2011 20:36:11 +0600
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <11510614187.20110312212308@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<201103101123.56759.mailinglisten@hauke-laging.de>	<4D78D355.3000307@sixdemonbag.org>	<201103102110.06081.mailinglisten@hauke-laging.de>	<4D7A29B1.4010706@sixdemonbag.org>	<32737151.20110312180528@my_localhost>	<4D7BD5EE.80301@sixdemonbag.org>
	<11510614187.20110312212308@my_localhost>
Message-ID: <4D7E27DB.8070609@pgpru.com>

MFPA:
>> Trust is not transitive.  If A trusts B and B trusts C,
>> there is no requirement that A trusts C.
>
> In real life, true. But what about the GnuPG default of trusting a key
> that carries certifications from 1 fully trusted or 3 marginally
> trusted keys. Unless you manually inspect each trust path, how would
> you spot unknown keys from past real-life associates you distrusted?

You're mixing concepts. Trusting someone to vouch for others' keys
validity in *not* the same as believing someone else's key is valid. I
think, what Robert meant (and feel free to correct if I'm off here) is
he wouldn't trust certifications from that "ex-CEO Ben", but there's
nothing wrong really if one or several persons whom Robert trusts
certify "Ben's" key.

In GnuPG, you assign trust levels manually. In turn, GnuPG computes
validity automatically. Trust doesn't gets transferred from one key to
another. Validity does (in a sense).

-- 
Vlad "SATtva" Miller
3d viz | security & privacy consulting
www.vladmiller.info | www.pgpru.com



From wk at gnupg.org  Mon Mar 14 16:44:19 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Mar 2011 16:44:19 +0100
Subject: For Windows
In-Reply-To: <4D7E1587.40400@sixdemonbag.org> (Robert J. Hansen's message of
	"Mon, 14 Mar 2011 09:17:59 -0400")
References: <4D7A8B07.4090907@gmail.com> <4D7AB69B.7040003@gmail.com>
	<348.1AA0@winter.webconquest.com>
	<1208561845.20110312202438@my_localhost>
	<4D7C5467.1030001@adversary.org> <20110313074234.64ecda85@scorpio>
	<4D7CB2F8.6070404@gmail.com>
	<20110313125653.03671aa3@abydos.stargate.org.uk>
	<4D7CD28E.2010602@gmail.com> <20110313105716.261460eb@scorpio>
	<4D7CF2BD.6050209@dougbarton.us> <20110313160257.257e9f8b@scorpio>
	<4D7D44F2.7090501@dougbarton.us> <20110314082346.1f6493a5@scorpio>
	<4D7E1587.40400@sixdemonbag.org>
Message-ID: <87ipvllnak.fsf@vigenere.g10code.de>

On Mon, 14 Mar 2011 14:17, rjh at sixdemonbag.org said:

> Inline signatures /are/ standards.  RFC 4880 is far newer than RFC 3156:
> by your logic, 4880 should supersede 3156 and we should all move to the
> current standard and abandon 3156 support.

You are mixing the MIME standards with the OpenPGP standard.  OpenPGP
may be used with mail much like you can use JPEGs with MIME (inline
uuencoded or MIME?).

OpenPGP does not say much about mail, except for:

Section 7 (cleartext signatures) has this remark:

  (Note that this framework is not intended to be reversible.  RFC 3156
   [RFC3156] defines another way to sign cleartext messages for
   environments that support MIME.)

and in the implementation nits:

  * ASCII armor is an optional feature of OpenPGP.  
    [...]
    Moreover, implementations of OpenPGP-MIME [RFC3156] already have a
    requirement for ASCII armor so those implementations will
    necessarily have support.

thus I conclude that email is not part of OpenPGP's business.  The armor
stuff is actually a relict from BBS times!  Now if it comes to mail,
everyone agrees that you have to use MIME if you want so send anything
which is not plain ASCII text.  MOSS and thus PGP/MIME in the OpenPGP
case is the correct MIME container for encrypted and signed messages.

Embedding armored OpenPGP messages in plain ASCII mail or even MIME is
as antiquated as uuencoding is.


Shalom-Salam,

   Werner  (kerckhoffs!wheatstone!vigenere!wk)


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From wk at gnupg.org  Mon Mar 14 16:50:29 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Mar 2011 16:50:29 +0100
Subject: GPG and PGP
In-Reply-To: <20110314145058.A909210E2BB@smtp.hushmail.com>
	(vedaal@nym.hush.com's message of "Mon, 14 Mar 2011 10:50:58 -0400")
References: <20110314145058.A909210E2BB@smtp.hushmail.com>
Message-ID: <87ei69ln0a.fsf@vigenere.g10code.de>

On Mon, 14 Mar 2011 15:50, vedaal at nym.hush.com said:

> (btw, Disastry is the one who wrote the IDEA.dll module, 
> specifically to bridge the gap between gnupg and pgp users.)

Hmmm, the signature claims that I wrote it.  However, I still recommend
not to use it.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From vedaal at nym.hush.com  Mon Mar 14 17:53:42 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Mon, 14 Mar 2011 12:53:42 -0400
Subject: GPG and PGP
Message-ID: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>

iOn Mon, 14 Mar 2011 11:50:29 -0400 Werner Koch <wk at gnupg.org> 
wrote:
>On Mon, 14 Mar 2011 15:50, vedaal at nym.hush.com said:
>
>> (btw, Disastry is the one who wrote the IDEA.dll module, 
>> specifically to bridge the gap between gnupg and pgp users.)
>
>Hmmm, the signature claims that I wrote it. 

I stand corrected, and am in awe.

Disastry's signature is on the ideadll file in the ideadll.zip file 
on his site.
Is that your signature on the idea.c module from key ID 621CC013 ?

=====[begin quoted section]=====
idea.c  -  IDEA function
 *	Copyright (c) 1997, 1998, 1999, 2001 by Werner Koch (dd9jn)
 *
 * Permission is hereby granted, free of charge, to any person 
obtaining a
 * copy of this software and associated documentation files (the 
"Software"),
 * to deal in the Software without restriction, including without 
limitation
 * the rights to use, copy, modify, merge, publish, distribute, 
sublicense,
 * and/or sell copies of the Software, and to permit persons to 
whom the
 * Software is furnished to do so, subject to the following 
conditions:
 *
 * The above copyright notice and this permission notice shall be 
included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 
MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO 
EVENT SHALL
 * WERNER KOCH BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
WHETHER
 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT 
OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
SOFTWARE.
 *
 * Except as contained in this notice, the name of Werner Koch 
shall not be
 * used in advertising or otherwise to promote the sale, use or 
other dealings
 * in this Software without prior written authorization from Werner 
Koch.
=====[end quoted section]=====

Well even if you don't recommend it,
at least people who *need* it, can now trust the author ;-))


vedaal



From wk at gnupg.org  Tue Mar 15 10:22:45 2011
From: wk at gnupg.org (Werner Koch)
Date: Tue, 15 Mar 2011 10:22:45 +0100
Subject: GPG and PGP
In-Reply-To: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
	(vedaal@nym.hush.com's message of "Mon, 14 Mar 2011 12:53:42 -0400")
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
Message-ID: <87oc5ckaai.fsf@vigenere.g10code.de>

On Mon, 14 Mar 2011 17:53, vedaal at nym.hush.com said:

> Disastry's signature is on the ideadll file in the ideadll.zip file 
> on his site.

So you trust some binary blob? .-)

> Is that your signature on the idea.c module from key ID 621CC013 ?

Yes.  Back in 1997 I implemented PGP 2 compatible code as the first
towards GPG.  Obviously I needed IDEA and RSA for testing.  That is the
reason why we have this code at all.  Later a lot of people demanded
that IDEA and RSA should be added to GPG so that existing files could be
decrypted.  The claim was that RSA is only patented in the U.S. and the
IDEA patent is not valid in some European countries like Luxembourg and
Denmark.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From aaron.toponce at gmail.com  Tue Mar 15 14:19:09 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Tue, 15 Mar 2011 07:19:09 -0600
Subject: GPG and PGP
In-Reply-To: <87oc5ckaai.fsf@vigenere.g10code.de>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
	<87oc5ckaai.fsf@vigenere.g10code.de>
Message-ID: <20110315131909.GA31412@poseidon.cocyt.us>

On Tue, Mar 15, 2011 at 10:22:45AM +0100, Werner Koch wrote:
> Yes.  Back in 1997 I implemented PGP 2 compatible code as the first
> towards GPG.  Obviously I needed IDEA and RSA for testing.  That is the
> reason why we have this code at all.  Later a lot of people demanded
> that IDEA and RSA should be added to GPG so that existing files could be
> decrypted.  The claim was that RSA is only patented in the U.S. and the
> IDEA patent is not valid in some European countries like Luxembourg and
> Denmark.

Three things-

1. The U.S. patent expires for IDEA on January 7, 2012.
2. IDEA has already been succeeded by IDEA NXT, another patented algo.
3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open
   algos.

So, if you ask me, I don't see the need to support even the capability
of a module with GnuPG. PGP 2 is long since dead, and anyone still using
IDEA for whatever reason, should migrate to more robust, secure and open
algos.

Just my 2?.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110315/45b66fbf/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 15 14:31:40 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 15 Mar 2011 09:31:40 -0400
Subject: GPG and PGP
In-Reply-To: <20110315131909.GA31412@poseidon.cocyt.us>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>
	<20110315131909.GA31412@poseidon.cocyt.us>
Message-ID: <4D7F6A3C.4060100@sixdemonbag.org>

> 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's open
>    algos.

Substitute "safety margin" for rigor and I'll agree with you.  IDEA is a
competent design by credible people and has had a whole lot of people
beating on it to only limited degrees of success: it seems to me they've
met the requirements for rigor.

> So, if you ask me, I don't see the need to support even the capability
> of a module with GnuPG.

I am generally in favor of modular design on general principle: it makes
it easier to write custom additions to GnuPG should the need arise.
Whether an IDEA module should exist or not ... eh.  I've always thought
that if people really needed RFC1991 compatibility, they know where to
find PGP 2.6.


From johanw at vulcan.xs4all.nl  Tue Mar 15 15:17:34 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue, 15 Mar 2011 15:17:34 +0100
Subject: GPG and PGP
In-Reply-To: <4D7F6A3C.4060100@sixdemonbag.org>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>
	<4D7F6A3C.4060100@sixdemonbag.org>
Message-ID: <4D7F74FE.6090601@vulcan.xs4all.nl>

Op 15-3-2011 14:19, Aaron Toponce schreef:

> 1. The U.S. patent expires for IDEA on January 7, 2012.

I propose to include the IDEA module then in GnuPG 1.4.12 and 2.2.(then
current + 1), just like the extra version that came out when the RSA
patent expired.

> 2. IDEA has already been succeeded by IDEA NXT, another patented
> algo.
> 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's
> open algos.

> So, if you ask me, I don't see the need to support even the
> capability of a module with GnuPG. PGP 2 is long since dead, and
> anyone still using IDEA for whatever reason, should migrate to more
> robust, secure and open algos.

I disagree. People might still need access to encrypted archives and old
keys with significant weight in the WoT might still be around. Further
pgp 2.x format can still be used with software like Mixmaster remailer.

-- 
With kind regards,

Johan Wevers



From dshaw at jabberwocky.com  Tue Mar 15 15:34:47 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Mar 2011 10:34:47 -0400
Subject: GPG and PGP
In-Reply-To: <4D7F74FE.6090601@vulcan.xs4all.nl>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>
	<4D7F6A3C.4060100@sixdemonbag.org>
	<4D7F74FE.6090601@vulcan.xs4all.nl>
Message-ID: <6B484620-1760-40A6-84E3-F888FC0122A9@jabberwocky.com>

On Mar 15, 2011, at 10:17 AM, Johan Wevers wrote:

> Op 15-3-2011 14:19, Aaron Toponce schreef:
> 
>> 1. The U.S. patent expires for IDEA on January 7, 2012.
> 
> I propose to include the IDEA module then in GnuPG 1.4.12 and 2.2.(then
> current + 1), just like the extra version that came out when the RSA
> patent expired.
> 
>> 2. IDEA has already been succeeded by IDEA NXT, another patented
>> algo.
>> 3. Both IDEA and IDEA NXT don't meet the rigor of many of today's
>> open algos.
> 
>> So, if you ask me, I don't see the need to support even the
>> capability of a module with GnuPG. PGP 2 is long since dead, and
>> anyone still using IDEA for whatever reason, should migrate to more
>> robust, secure and open algos.
> 
> I disagree. People might still need access to encrypted archives and old
> keys with significant weight in the WoT might still be around. Further
> pgp 2.x format can still be used with software like Mixmaster remailer.

While I'm no great fan of 2.x v3 keys, I agree with this, and would like to see IDEA included once the various patents expire.  PGP 2.x was used for a long time, and there is a lot of encrypted material out there, at least some of which is still needed.  I wouldn't put it in the default preferences or anything like that, but just having the cipher present would be a kindness to long-time PGP users.

(I know that IDEA is a possible cipher for v4 keys as well, but given that PGP made it a non-default to use IDEA in v4, and given that GPG never supported IDEA without a special plugin, a v4 key using IDEA is rare).

David



From johanw at vulcan.xs4all.nl  Tue Mar 15 16:14:25 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue, 15 Mar 2011 16:14:25 +0100
Subject: GPG and PGP
In-Reply-To: <20110315145554.GE31412@poseidon.cocyt.us>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
	<87oc5ckaai.fsf@vigenere.g10code.de>
	<20110315131909.GA31412@poseidon.cocyt.us>
	<4D7F6A3C.4060100@sixdemonbag.org>
	<4D7F74FE.6090601@vulcan.xs4all.nl>
	<20110315145554.GE31412@poseidon.cocyt.us>
Message-ID: <4D7F8251.9020707@vulcan.xs4all.nl>

Op 15-3-2011 15:55, Aaron Toponce schreef:

> Using this line of logic, web developers should continue support for
> IE6.

I would not mind them using fallbacks when it doesn't hinder other code
or bloat things. This last requirement, however, is in web development
much more difficult to achieve than adding another crypto algorithm to
GnuPG. The IDEA code does not hinder or complicate other code. Even the
crypto algo const (1) for IDEA is already defined.

> After all, it has 35% market share in China, and roughly 12%
> world-wide, given recent statistics.

My former employer still uses it. That's what you get for investing too
much in company and product specific code.

> I would venture to guess that PGP
> v2 has much less of a share in crypto circles.

I don't know, but I do know that adding IDEA does not complicate or
bloat GnuPG.

-- 
With kind regards,

Johan Wevers




From aaron.toponce at gmail.com  Tue Mar 15 16:29:05 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Tue, 15 Mar 2011 09:29:05 -0600
Subject: GPG and PGP
In-Reply-To: <4D7F8251.9020707@vulcan.xs4all.nl>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
	<87oc5ckaai.fsf@vigenere.g10code.de>
	<20110315131909.GA31412@poseidon.cocyt.us>
	<4D7F6A3C.4060100@sixdemonbag.org>
	<4D7F74FE.6090601@vulcan.xs4all.nl>
	<20110315145554.GE31412@poseidon.cocyt.us>
	<4D7F8251.9020707@vulcan.xs4all.nl>
Message-ID: <20110315152905.GG31412@poseidon.cocyt.us>

On Tue, Mar 15, 2011 at 04:14:25PM +0100, Johan Wevers wrote:
> I don't know, but I do know that adding IDEA does not complicate or
> bloat GnuPG.

You're probably right. I guess I just don't understand supporting dead,
deprecated, proprietary technology, bloat or no bloat.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110315/965fb362/attachment.pgp>

From johanw at vulcan.xs4all.nl  Tue Mar 15 16:40:11 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue, 15 Mar 2011 16:40:11 +0100
Subject: GPG and PGP
In-Reply-To: <20110315152905.GG31412@poseidon.cocyt.us>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>	<4D7F6A3C.4060100@sixdemonbag.org>	<4D7F74FE.6090601@vulcan.xs4all.nl>	<20110315145554.GE31412@poseidon.cocyt.us>	<4D7F8251.9020707@vulcan.xs4all.nl>
	<20110315152905.GG31412@poseidon.cocyt.us>
Message-ID: <4D7F885B.9090702@vulcan.xs4all.nl>

Op 15-3-2011 16:29, Aaron Toponce schreef:

>> I don't know, but I do know that adding IDEA does not complicate or
>> bloat GnuPG.

> You're probably right. I guess I just don't understand supporting dead,
> deprecated, proprietary technology, bloat or no bloat.

IDEA is far from dead. I have mailarchives dating back to the pgp 2.3
days and I would like to decrypt those mails from within my current mail
reader that uses GnuPG. And it isn't proprietary, the algorithm is fully
public (as the availability of the source code proves).

About deprecated, well, opinions differ. Currently there may be better
options, but I remember back in the pgp 5/6 days before CAST5 had had as
much public scrutiny as it has had now, many people trusted IDEA more
than CAST5 and still used it, which again increases the availability of
IDEA encrypted archive material.

-- 
Met vriendelijke groet / with kind regards,

Johan Wevers



From cas001s at yahoo.com  Tue Mar 15 12:15:03 2011
From: cas001s at yahoo.com (cas001)
Date: Tue, 15 Mar 2011 04:15:03 -0700 (PDT)
Subject: API for GnuPG for Windows, vesion 1.1.4
Message-ID: <601267.74616.qm@web111509.mail.gq1.yahoo.com>

Hi,


I am using GnuPG for Windows, version 1.1.4 to encrypt text files.It is 
a GUI based tool.Can I get the application programming interface (API) for
 the same? If I can get the API, Then it is possible for me to do the encryption pro grammatically instead of doing encryption manually using GUI based tool.



Thanks in advance.





      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110315/4e8a1254/attachment.htm>

From ben at adversary.org  Tue Mar 15 20:53:02 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 06:53:02 +1100
Subject: GPG and PGP
In-Reply-To: <20110315152905.GG31412@poseidon.cocyt.us>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>	<4D7F6A3C.4060100@sixdemonbag.org>	<4D7F74FE.6090601@vulcan.xs4all.nl>	<20110315145554.GE31412@poseidon.cocyt.us>	<4D7F8251.9020707@vulcan.xs4all.nl>
	<20110315152905.GG31412@poseidon.cocyt.us>
Message-ID: <4D7FC39E.8070605@adversary.org>

On 16/03/11 2:29 AM, Aaron Toponce wrote:
> On Tue, Mar 15, 2011 at 04:14:25PM +0100, Johan Wevers wrote:
>> I don't know, but I do know that adding IDEA does not complicate or
>> bloat GnuPG.
> 
> You're probably right. I guess I just don't understand supporting dead,
> deprecated, proprietary technology, bloat or no bloat.

It's simple, data which may have been encrypted 15+ years ago may
still have value to the people who encrypted it, even if they have
since chosen to move from older programs (e.g. PGP 2.x) for their
current needs.

This is why I join the clamour of support for inclusion of IDEA when
the patent expires.  It's also why I added the IDEA module when
compiling my current copy of GPG 1.4.11.  I've got encrypted files
that date back that far and I'm not sure which of them use IDEA and
which use CAST5.  Obviously I'd prefer to still be able to access my
data when I choose to.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/260d10d0/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 15 21:16:59 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 15 Mar 2011 16:16:59 -0400
Subject: GPG and PGP
In-Reply-To: <4D7FC39E.8070605@adversary.org>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>	<4D7F6A3C.4060100@sixdemonbag.org>	<4D7F74FE.6090601@vulcan.xs4all.nl>	<20110315145554.GE31412@poseidon.cocyt.us>	<4D7F8251.9020707@vulcan.xs4all.nl>	<20110315152905.GG31412@poseidon.cocyt.us>
	<4D7FC39E.8070605@adversary.org>
Message-ID: <4D7FC93B.2080402@sixdemonbag.org>

On 3/15/11 3:53 PM, Ben McGinnes wrote:
> It's simple, data which may have been encrypted 15+ years ago may 
> still have value to the people who encrypted it, even if they have 
> since chosen to move from older programs (e.g. PGP 2.x) for their 
> current needs.

This may not be so much an argument for IDEA's inclusion as it might be
an argument for data migration.  How long will we support RFC1991?
There are really only two interesting answers: "forever" and "for a while."

If forever, then sure, IDEA support, v3 keys, etc., etc.

If not-forever, then we should start talking about when precisely we'll
stop supporting RFC1991, and how we can help users migrate away.


From vedaal at nym.hush.com  Tue Mar 15 21:24:31 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Tue, 15 Mar 2011 16:24:31 -0400
Subject: GPG and PGP
Message-ID: <20110315202431.34AF86F438@smtp.hushmail.com>

David Shaw dshaw at jabberwocky.com wrote on
Tue Mar 15 15:34:47 CET 2011 :

> would like to see IDEA included once the various patents expire

As long as the non-256 bit symmetrical algorithms (IDEA, CAST5, 
3DES, BLOWFISH) will remain part of open PGP, and the MDC needs 
revision eventually to move up from SHA-1,

then can the MDC be modified to apply to the non-256 bit ciphers as 
well,
(or at least amend the gnupg error message to a less ominous one, 
that MDC's are not generated for non-256 bit ciphers) ?


vedaal

 



From ben at adversary.org  Tue Mar 15 21:32:33 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 07:32:33 +1100
Subject: GPG and PGP
In-Reply-To: <4D7FC93B.2080402@sixdemonbag.org>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>	<87oc5ckaai.fsf@vigenere.g10code.de>	<20110315131909.GA31412@poseidon.cocyt.us>	<4D7F6A3C.4060100@sixdemonbag.org>	<4D7F74FE.6090601@vulcan.xs4all.nl>	<20110315145554.GE31412@poseidon.cocyt.us>	<4D7F8251.9020707@vulcan.xs4all.nl>	<20110315152905.GG31412@poseidon.cocyt.us>	<4D7FC39E.8070605@adversary.org>
	<4D7FC93B.2080402@sixdemonbag.org>
Message-ID: <4D7FCCE1.6050009@adversary.org>

On 16/03/11 7:16 AM, Robert J. Hansen wrote:
> On 3/15/11 3:53 PM, Ben McGinnes wrote:
>> It's simple, data which may have been encrypted 15+ years ago may 
>> still have value to the people who encrypted it, even if they have 
>> since chosen to move from older programs (e.g. PGP 2.x) for their 
>> current needs.
> 
> This may not be so much an argument for IDEA's inclusion as it might
> be an argument for data migration.

True.  In my case I'm pretty sure that all the stuff that I've moved
to my current system has been migrated from IDEA and CAST5 to AES256.
I'm less sure about the stuff that's archived on old drives and other
media.

> If not-forever, then we should start talking about when precisely
> we'll stop supporting RFC1991, and how we can help users migrate
> away.

That's probably a worthwhile discussion to have.  Even if RFC1991
support is maintained, there's still value in migrating encrypted data
to more robust algorithms.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/b65fb1e7/attachment-0001.pgp>

From kloecker at kde.org  Tue Mar 15 21:57:55 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Tue, 15 Mar 2011 21:57:55 +0100
Subject: GPG and PGP
In-Reply-To: <4D7FC93B.2080402@sixdemonbag.org>
References: <20110314165342.9AA3C10E2BB@smtp.hushmail.com>
	<4D7FC39E.8070605@adversary.org> <4D7FC93B.2080402@sixdemonbag.org>
Message-ID: <201103152158.00666@thufir.ingo-kloecker.de>

On Tuesday 15 March 2011, Robert J. Hansen wrote:
> On 3/15/11 3:53 PM, Ben McGinnes wrote:
> > It's simple, data which may have been encrypted 15+ years ago may
> > still have value to the people who encrypted it, even if they have
> > since chosen to move from older programs (e.g. PGP 2.x) for their
> > current needs.
> 
> This may not be so much an argument for IDEA's inclusion as it might
> be an argument for data migration.  How long will we support
> RFC1991? There are really only two interesting answers: "forever"
> and "for a while."
> 
> If forever, then sure, IDEA support, v3 keys, etc., etc.
> 
> If not-forever, then we should start talking about when precisely
> we'll stop supporting RFC1991, and how we can help users migrate
> away.

Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there will 
always be GnuPG 1 and GnuPG 2 around to decrypt ancient data and verify 
signatures made decades ago. That's the beauty of Free Software. Nobody 
can take it away and since it's Open Source it will always be possible 
to compile it on new OSes (provided we will be able/allowed to install 
what we want on those OSes).

I fully understand that some people will want to migrate but I don't 
think an easy migration path should be one of the guiding design goals 
for a version not supporting RFC1991.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110315/eab8c55d/attachment.pgp>

From dshaw at jabberwocky.com  Tue Mar 15 22:28:23 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Mar 2011 17:28:23 -0400
Subject: GPG and PGP
In-Reply-To: <20110315202431.34AF86F438@smtp.hushmail.com>
References: <20110315202431.34AF86F438@smtp.hushmail.com>
Message-ID: <9E1883E2-108D-430A-979A-F6BC46944BF6@jabberwocky.com>

On Mar 15, 2011, at 4:24 PM, vedaal at nym.hush.com wrote:

> David Shaw dshaw at jabberwocky.com wrote on
> Tue Mar 15 15:34:47 CET 2011 :
> 
>> would like to see IDEA included once the various patents expire
> 
> As long as the non-256 bit symmetrical algorithms (IDEA, CAST5, 
> 3DES, BLOWFISH) will remain part of open PGP, and the MDC needs 
> revision eventually to move up from SHA-1,
> 
> then can the MDC be modified to apply to the non-256 bit ciphers as 
> well,
> (or at least amend the gnupg error message to a less ominous one, 
> that MDC's are not generated for non-256 bit ciphers) ?

I'm not quite sure what you mean.  The MDC can be used on any OpenPGP cipher, no matter what the size.

David



From vedaal at nym.hush.com  Tue Mar 15 23:51:42 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Tue, 15 Mar 2011 18:51:42 -0400
Subject: GPG and PGP
Message-ID: <20110315225142.B98E26F437@smtp.hushmail.com>

David Shaw dshaw at jabberwocky.com wrot on
Tue Mar 15 22:28:23 CET 2011 :

>I'm not quite sure what you mean.  
>The MDC can be used on any OpenPGP cipher, no matter what the 
size.

Yes, 
but it's done by gnupg by default for 256 bit ciphers, while it 
needs the option of '--force-mdc' for non-256 bit ciphers.

When this option isn't used, MDC is not done, and when gnupg 
decrypts the message, it gives an alert of:

gpg: WARNING: message was not integrity protected

My suggestion is to have gnupg do the MDC by default for all 
ciphers sizes.
(makes it easier for beginners who might get a little concerned 
about the above alert message ;-)  )


vedaal



From expires2011 at ymail.com  Tue Mar 15 23:54:28 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 15 Mar 2011 22:54:28 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7D6A12.308@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C792C.2000206@adversary.org>
	<1944500773.20110313141219@my_localhost>
	<4D7CF8BC.3060509@adversary.org>
	<9710109712.20110314004413@my_localhost>
	<4D7D6A12.308@adversary.org>
Message-ID: <743860612.20110315225428@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 14 March 2011 at 1:06:26 AM, in
<mid:4D7D6A12.308 at adversary.org>, Ben McGinnes wrote:


> Anyway, out of curiosity, did you ever receive spam by
> that address and prove it had been harvested from the
> keyservers?  I still think harvesting addresses from
> the keyservers is too much effort for spammers, who
> mostly generate the target addresses, but it would be
> nice to finally answer that question.


No mail received at all on that address so far. That key has only been
up just over a year. Up until now, if I received any mail on that
address, the address could only have been harvested from a keyserver
(or randomly matched). Going forward, if I receive any mail on that
address it was probably harvested from the mailing list archive.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Oven mitt: A partially charred grease stain that fits over the hand.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNf+4wnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p0lEEALDU
+aAzxVfu0TtDPZV2WJ784Tz0OBltiIAz2gqofF7hRH2ZzMAufJNdUTRMEI+spSB/
zhPn0je+Yk7PjVoHwRXyb+P7cPSmWxtJ7p5Af+u3/mF83hQcpEi4EgWxGXVHOSUu
qz2nhTXpneH3eBtqeC8KXvToHzAGcnFR979XFU7h
=y9Kx
-----END PGP SIGNATURE-----



From ben at adversary.org  Wed Mar 16 00:15:41 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 10:15:41 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <743860612.20110315225428@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C792C.2000206@adversary.org>	<1944500773.20110313141219@my_localhost>	<4D7CF8BC.3060509@adversary.org>	<9710109712.20110314004413@my_localhost>	<4D7D6A12.308@adversary.org>
	<743860612.20110315225428@my_localhost>
Message-ID: <4D7FF31D.5090608@adversary.org>

On 16/03/11 9:54 AM, MFPA wrote:
> On Monday 14 March 2011 at 1:06:26 AM, in
> <mid:4D7D6A12.308 at adversary.org>, Ben McGinnes wrote:
> 
>> Anyway, out of curiosity, did you ever receive spam by that address
>> and prove it had been harvested from the keyservers?  I still think
>> harvesting addresses from the keyservers is too much effort for
>> spammers, who mostly generate the target addresses, but it would be
>> nice to finally answer that question.
> 
> No mail received at all on that address so far. That key has only
> been up just over a year.

I think that if spammers were harvesting addresses from the keyservers
then you would have received some by now.

I don't think they bother because:

a) The effort required to harvest the addresses would be better spent
elsewhere and most, if not all, spammers are lazy.

b) It would be easier to just generate usernames at a target domain
name than to work from a large list (these days).

c) It is more likely that OpenPGP users are going to include people
who will hunt down spammers and get their upstream providers to
disconnect them.

> Up until now, if I received any mail on that address, the address
> could only have been harvested from a keyserver (or randomly
> matched). Going forward, if I receive any mail on that address it
> was probably harvested from the mailing list archive.

That would be likely.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/13f17bb9/attachment.pgp>

From dshaw at jabberwocky.com  Wed Mar 16 00:42:48 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Mar 2011 19:42:48 -0400
Subject: GPG and PGP
In-Reply-To: <20110315225142.B98E26F437@smtp.hushmail.com>
References: <20110315225142.B98E26F437@smtp.hushmail.com>
Message-ID: <F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>

On Mar 15, 2011, at 6:51 PM, vedaal at nym.hush.com wrote:

> David Shaw dshaw at jabberwocky.com wrot on
> Tue Mar 15 22:28:23 CET 2011 :
> 
>> I'm not quite sure what you mean.  
>> The MDC can be used on any OpenPGP cipher, no matter what the 
> size.
> 
> Yes, 
> but it's done by gnupg by default for 256 bit ciphers, while it 
> needs the option of '--force-mdc' for non-256 bit ciphers.

That is not quite right.  Whether the MDC is used or not is a key preference similar to the cipher preferences, to ensure that all recipients can handle the message.  Using --force-mdc overrides that, and similar to overriding the cipher preferences, runs the risk of sending a message that a particular recipient can't read.

The 256-bit cipher thing is a bit of a neat trick - when putting together RFC-4880, it was observed that all implementations that had 256-bit ciphers also had the MDC, so using a 256-bit cipher could be used to infer the ability to do a MDC.  GnuPG does that as well, since using the MDC is a good thing.

> My suggestion is to have gnupg do the MDC by default for all 
> ciphers sizes.

GnuPG does the MDC by default whenever all the keys can handle it (or if the chosen cipher is 256 bits)

All keys generated in GnuPG since the MDC preference was added (in 1.0.7, if I recall) have this flag set by default.  Anyone who wants to set the flag on a key that does not have it can use the usual --edit-key / setpref method with the keyword "mdc".

David



From expires2011 at ymail.com  Wed Mar 16 01:39:06 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 16 Mar 2011 00:39:06 +0000
Subject: Hashed user ID.
In-Reply-To: <962310911.20110312201716@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D7848A1.9050905@adversary.org> <4D785EE5.20205@sixdemonbag.org>
	<201103101123.56759.mailinglisten@hauke-laging.de>
	<4D78CDC8.8000304@sixdemonbag.org> <4D79BC3D.3080201@adversary.org>
	<4D7A24B2.6010308@sixdemonbag.org>
	<4D7A3EA3.7080305@adversary.org> <4D7B2036.5020200@tx.rr.com>
	<4D7B6D66.2040509@mac.com> <4D7BB15B.4010804@adversary.org>
	<962310911.20110312201716@my_localhost>
Message-ID: <831860043.20110316003906@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 12 March 2011 at 8:17:16 PM, in
<mid:962310911.20110312201716 at my_localhost>, MFPA wrote:


>> As for the casabranca.gov domain, it doesn't even
>> exist (no DNS records).

> Probably a Chinaman trying to say "Casablanca"...

I apologise profusely for my poor attempt at humour. It was not my
intention to upset or offend anybody. Remarks of that nature are
clearly inappropriate on a discussion group such as this. It is my
firm intention to refrain from making any similar comments in the
future.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Beware the deadly donkey falling slowly from the sky
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNgAa2nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pBPUD/0Z1
5b6/oPUgO9l1M1dlsiIW2AFyRo3vjATX54+KAaArnw85Vku56MFCPuIz7xEbego/
T/dN/s4AC0bET4GfE4z3nl1Nb1iLq7wuoCgtzoPgyDyXt3M9DCN+78s4mIMGqte6
ookiVfHMzcoxAhmGs/zudFwZ9ryNk++/b354r298
=S08F
-----END PGP SIGNATURE-----



From dougb at dougbarton.us  Wed Mar 16 04:04:18 2011
From: dougb at dougbarton.us (Doug Barton)
Date: Tue, 15 Mar 2011 20:04:18 -0700
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7FF31D.5090608@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C792C.2000206@adversary.org>	<1944500773.20110313141219@my_localhost>	<4D7CF8BC.3060509@adversary.org>	<9710109712.20110314004413@my_localhost>	<4D7D6A12.308@adversary.org>	<743860612.20110315225428@my_localhost>
	<4D7FF31D.5090608@adversary.org>
Message-ID: <4D8028B2.9060902@dougbarton.us>

On 03/15/2011 16:15, Ben McGinnes wrote:
> I think that if spammers were harvesting addresses from the keyservers
> then you would have received some by now.

I do, occasionally, get spam directed to addresses that I am sure were 
harvested from they keyservers. However at the far outside of the range 
it's no more than 10/month, whereas my usual run rate for all other 
types of spam is around 100/day.


hth,

Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



From ben at adversary.org  Wed Mar 16 04:24:56 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 14:24:56 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D8028B2.9060902@dougbarton.us>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C792C.2000206@adversary.org>	<1944500773.20110313141219@my_localhost>	<4D7CF8BC.3060509@adversary.org>	<9710109712.20110314004413@my_localhost>	<4D7D6A12.308@adversary.org>	<743860612.20110315225428@my_localhost>	<4D7FF31D.5090608@adversary.org>
	<4D8028B2.9060902@dougbarton.us>
Message-ID: <4D802D88.8000100@adversary.org>

On 16/03/11 2:04 PM, Doug Barton wrote:
> 
> I do, occasionally, get spam directed to addresses that I am sure
> were harvested from they keyservers.

How long ago would those addresses have been harvested from the
keyservers?

> However at the far outside of the range it's no more than 10/month,
> whereas my usual run rate for all other types of spam is around
> 100/day.

That's actually not that much.  Most stuff directed at my server is
for this address and one or two others and it's usually at least
200/day.  Although that doesn't count anything stopped by the
grey-listing (which stops a *lot*).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/8799907d/attachment.pgp>

From ben at adversary.org  Wed Mar 16 04:28:38 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 14:28:38 +1100
Subject: GPG and PGP
In-Reply-To: <F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
References: <20110315225142.B98E26F437@smtp.hushmail.com>
	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
Message-ID: <4D802E66.6000209@adversary.org>

On 16/03/11 10:42 AM, David Shaw wrote:
> 
> GnuPG does the MDC by default whenever all the keys can handle it
> (or if the chosen cipher is 256 bits)

Is that 256 bits only or 256 bits and larger?


Regards,
Ben


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/0d024c82/attachment.pgp>

From rjh at sixdemonbag.org  Wed Mar 16 04:37:51 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 15 Mar 2011 23:37:51 -0400
Subject: GPG and PGP
In-Reply-To: <4D802E66.6000209@adversary.org>
References: <20110315225142.B98E26F437@smtp.hushmail.com>	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
	<4D802E66.6000209@adversary.org>
Message-ID: <4D80308F.40100@sixdemonbag.org>

On 3/15/2011 11:28 PM, Ben McGinnes wrote:
> Is that 256 bits only or 256 bits and larger?

Given there are no symmetric ciphers in OpenPGP that use more than a
256-bit key, I think the answer here is "yes."  :)


From dshaw at jabberwocky.com  Wed Mar 16 04:41:52 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Mar 2011 23:41:52 -0400
Subject: GPG and PGP
In-Reply-To: <4D802E66.6000209@adversary.org>
References: <20110315225142.B98E26F437@smtp.hushmail.com>
	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
	<4D802E66.6000209@adversary.org>
Message-ID: <D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>

On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote:

> On 16/03/11 10:42 AM, David Shaw wrote:
>> 
>> GnuPG does the MDC by default whenever all the keys can handle it
>> (or if the chosen cipher is 256 bits)
> 
> Is that 256 bits only or 256 bits and larger?

Strictly speaking, it's anything with a cipher blocksize that isn't 128 bits.  In the case of OpenPGP, that means AES (any of them) or Twofish.  GnuPG will flip on the MDC when it sees any of those ciphers in the preferences, or failing that, it does the blocksize test.

David



From dshaw at jabberwocky.com  Wed Mar 16 04:50:35 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Mar 2011 23:50:35 -0400
Subject: GPG and PGP
In-Reply-To: <D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>
References: <20110315225142.B98E26F437@smtp.hushmail.com>
	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
	<4D802E66.6000209@adversary.org>
	<D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>
Message-ID: <3DA39294-7A9C-4B61-BA61-7F0F591D31B8@jabberwocky.com>

On Mar 15, 2011, at 11:41 PM, David Shaw wrote:

> On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote:
> 
>> On 16/03/11 10:42 AM, David Shaw wrote:
>>> 
>>> GnuPG does the MDC by default whenever all the keys can handle it
>>> (or if the chosen cipher is 256 bits)
>> 
>> Is that 256 bits only or 256 bits and larger?
> 
> Strictly speaking, it's anything with a cipher blocksize that isn't 128 bits.  In the case of OpenPGP, that means AES (any of them) or Twofish.  GnuPG will flip on the MDC when it sees any of those ciphers in the preferences, or failing that, it does the blocksize test.

Err - meant to say "anything with a cipher blocksize that isn't 64 bits".  AES & Twofish are of course 128 bits.

David



From ben at adversary.org  Wed Mar 16 06:26:57 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 16:26:57 +1100
Subject: GPG and PGP
In-Reply-To: <4D80308F.40100@sixdemonbag.org>
References: <20110315225142.B98E26F437@smtp.hushmail.com>	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>	<4D802E66.6000209@adversary.org>
	<4D80308F.40100@sixdemonbag.org>
Message-ID: <4D804A21.3080100@adversary.org>

On 16/03/11 2:37 PM, Robert J. Hansen wrote:
> On 3/15/2011 11:28 PM, Ben McGinnes wrote:
>> Is that 256 bits only or 256 bits and larger?
> 
> Given there are no symmetric ciphers in OpenPGP that use more than a
> 256-bit key, I think the answer here is "yes."  :)

Heh.  For some reason my brain was thinking hashes instead of ciphers.
I've been awake for a little while, though.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/a6d45eb7/attachment.pgp>

From ben at adversary.org  Wed Mar 16 06:33:53 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 16:33:53 +1100
Subject: GPG and PGP
In-Reply-To: <3DA39294-7A9C-4B61-BA61-7F0F591D31B8@jabberwocky.com>
References: <20110315225142.B98E26F437@smtp.hushmail.com>	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>	<4D802E66.6000209@adversary.org>	<D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>
	<3DA39294-7A9C-4B61-BA61-7F0F591D31B8@jabberwocky.com>
Message-ID: <4D804BC1.3030308@adversary.org>

On 16/03/11 2:50 PM, David Shaw wrote:
> On Mar 15, 2011, at 11:41 PM, David Shaw wrote:
>> On Mar 15, 2011, at 11:28 PM, Ben McGinnes wrote:
>>>
>>> Is that 256 bits only or 256 bits and larger?
>>
>> Strictly speaking, it's anything with a cipher blocksize that isn't
>> 128 bits.  In the case of OpenPGP, that means AES (any of them) or
>> Twofish.  GnuPG will flip on the MDC when it sees any of those
>> ciphers in the preferences, or failing that, it does the blocksize
>> test.
> 
> Err - meant to say "anything with a cipher blocksize that isn't 64
> bits".  AES & Twofish are of course 128 bits.

Okay, so that would cover 3DES too?  Surely there can't be many
ciphers that are limited that way still (or maybe there are and I just
don't use them).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/f14eb493/attachment.pgp>

From johanw at vulcan.xs4all.nl  Wed Mar 16 09:15:45 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 16 Mar 2011 09:15:45 +0100
Subject: GPG and PGP
Message-ID: <4D8071B1.3080501@vulcan.xs4all.nl>

Op 15-3-2011 21:32, Ben McGinnes schreef:

> That's probably a worthwhile discussion to have.  Even if RFC1991
> support is maintained, there's still value in migrating encrypted data
> to more robust algorithms.

Only if IDEA gets broken (or the pgp 2.x implementation of it turns out
flawed) or, very unlikely, 128 bit can be brute-forced in the future.
For now, I trust my most secret data to 128 bit strength.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




From johanw at vulcan.xs4all.nl  Wed Mar 16 09:16:23 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 16 Mar 2011 09:16:23 +0100
Subject: GPG and PGP
Message-ID: <4D8071D7.9000209@vulcan.xs4all.nl>

Op 15-3-2011 21:16, Robert J. Hansen schreef:

> This may not be so much an argument for IDEA's inclusion as it might be
> an argument for data migration.

How do I re-sign a message with someone else's private key? And for that
matter, how do I do that convenient with a mailbox with many encrypted
messages? I don't want to store them unencrypted, they might still be
sensitive, and I also don't want to loose the meta information (date,
sender, etc.).

> If forever, then sure, IDEA support, v3 keys, etc., etc.

It is obvious that I would prefer forever. Or, at least as long as the
people who have used pgp 2 died out, which means for another century or
so (ignoring corporate users). Which is probably in any IT planning the
same as "forever".

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html





From johanw at vulcan.xs4all.nl  Wed Mar 16 09:16:56 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 16 Mar 2011 09:16:56 +0100
Subject: GPG and PGP
Message-ID: <4D8071F8.5000804@vulcan.xs4all.nl>

Op 15-3-2011 21:57, Ingo Kl?cker schreef:

> Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there will 
> always be GnuPG 1 and GnuPG 2 around to decrypt ancient data and verify 
> signatures made decades ago.

If that is the case, you could also say we still have pgp 2.x arround
including source code.

> That's the beauty of Free Software. Nobody 
> can take it away and since it's Open Source it will always be possible 
> to compile it on new OSes (provided we will be able/allowed to install 
> what we want on those OSes).

Current OSes pose already a problem. PGP 2 did not provide nagtive
binaries for win32 so I compiled them myself, which was easy (just make
a new project file in VC5, add all C files and press compile). Added
benefit was long filename support. Now I have a Symbian phone and an
Android tablet, but I have no idea how to decrypt messages on those
devices. The source of pgp and GnuPG is freely available, but without a
C compiler you need to port them to the Symbian version of C and the
Google Java clone, or write a compiler yourself. The first task is a
huge effort I'm not sure I could even do myself and I'm certainly not up
to the second.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




From wk at gnupg.org  Wed Mar 16 10:50:07 2011
From: wk at gnupg.org (Werner Koch)
Date: Wed, 16 Mar 2011 10:50:07 +0100
Subject: GPG and PGP
In-Reply-To: <4D804BC1.3030308@adversary.org> (Ben McGinnes's message of "Wed, 
	16 Mar 2011 16:33:53 +1100")
References: <20110315225142.B98E26F437@smtp.hushmail.com>
	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>
	<4D802E66.6000209@adversary.org>
	<D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>
	<3DA39294-7A9C-4B61-BA61-7F0F591D31B8@jabberwocky.com>
	<4D804BC1.3030308@adversary.org>
Message-ID: <87k4fzjsxc.fsf@vigenere.g10code.de>

On Wed, 16 Mar 2011 06:33, ben at adversary.org said:

> Okay, so that would cover 3DES too?  Surely there can't be many

No.  DES and thus 3DES have a blocksize of 64 bit.  The blocksize is not
related to the keysize.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From ben at adversary.org  Wed Mar 16 11:37:35 2011
From: ben at adversary.org (Ben McGinnes)
Date: Wed, 16 Mar 2011 21:37:35 +1100
Subject: GPG and PGP
In-Reply-To: <87k4fzjsxc.fsf@vigenere.g10code.de>
References: <20110315225142.B98E26F437@smtp.hushmail.com>	<F2979EA2-6E59-4CAA-9132-13EB6D31204E@jabberwocky.com>	<4D802E66.6000209@adversary.org>	<D7373E93-36E6-4FC3-BC53-B190278A1365@jabberwocky.com>	<3DA39294-7A9C-4B61-BA61-7F0F591D31B8@jabberwocky.com>	<4D804BC1.3030308@adversary.org>
	<87k4fzjsxc.fsf@vigenere.g10code.de>
Message-ID: <4D8092EF.6030605@adversary.org>

On 16/03/11 8:50 PM, Werner Koch wrote:
> On Wed, 16 Mar 2011 06:33, ben at adversary.org said:
> 
>> Okay, so that would cover 3DES too?  Surely there can't be many
> 
> No.  DES and thus 3DES have a blocksize of 64 bit.  The blocksize is not
> related to the keysize.

Ah, right, got it.  Thanks.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/cbc8c158/attachment.pgp>

From mwood at IUPUI.Edu  Wed Mar 16 13:53:49 2011
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Wed, 16 Mar 2011 08:53:49 -0400
Subject: GPG and PGP
In-Reply-To: <4D8071B1.3080501@vulcan.xs4all.nl>
References: <4D8071B1.3080501@vulcan.xs4all.nl>
Message-ID: <20110316125348.GA1613@IUPUI.Edu>

On Wed, Mar 16, 2011 at 09:15:45AM +0100, Johan Wevers wrote:
> Op 15-3-2011 21:32, Ben McGinnes schreef:
> 
> > That's probably a worthwhile discussion to have.  Even if RFC1991
> > support is maintained, there's still value in migrating encrypted data
> > to more robust algorithms.
> 
> Only if IDEA gets broken (or the pgp 2.x implementation of it turns out
> flawed) or, very unlikely, 128 bit can be brute-forced in the future.

On that day it would be well to already know what to do about it and
already have the tools in hand.  It would be best to have already done
so.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20110316/68d5cc89/attachment.pgp>

From johanw at vulcan.xs4all.nl  Wed Mar 16 13:58:29 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 16 Mar 2011 13:58:29 +0100
Subject: GPG and PGP
In-Reply-To: <20110316125348.GA1613@IUPUI.Edu>
References: <4D8071B1.3080501@vulcan.xs4all.nl>
	<20110316125348.GA1613@IUPUI.Edu>
Message-ID: <4D80B3F5.3080008@vulcan.xs4all.nl>

Op 16-3-2011 13:53, Mark H. Wood schreef:

>> Only if IDEA gets broken (or the pgp 2.x implementation of it turns out
>> flawed) or, very unlikely, 128 bit can be brute-forced in the future.

> On that day it would be well to already know what to do about it and
> already have the tools in hand.  It would be best to have already done
> so.

That, however, is true for any crypto algorithm, not specifically for IDEA.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



From vedaal at nym.hush.com  Wed Mar 16 14:41:39 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Wed, 16 Mar 2011 09:41:39 -0400
Subject: GPG and PGP
Message-ID: <20110316134139.1F09C6F437@smtp.hushmail.com>

David Shaw dshaw at jabberwocky.com wrote on
Wed Mar 16 00:42:48 CET 2011 :


>GnuPG does the MDC by default whenever all the keys can handle it 

What kind of key can't handle it in gnupg?

I sent messages to all key types, including v3 keys, using the 
forced MDC, 
(my preferred cipher is 3DES, not that I have anything against any 
others, but have been used to using it and see no particular reason 
to change), 
and gnupg still decrypts without any problems or error messages, 
and confirms the MDC. 


vedaal



From noloader at gmail.com  Wed Mar 16 15:05:49 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Wed, 16 Mar 2011 10:05:49 -0400
Subject: GPG and PGP
In-Reply-To: <20110316134139.1F09C6F437@smtp.hushmail.com>
References: <20110316134139.1F09C6F437@smtp.hushmail.com>
Message-ID: <AANLkTim+SUSW9On4Lx9AF-FLjxHokqSpGaa=xPWKsguB@mail.gmail.com>

On Wed, Mar 16, 2011 at 9:41 AM,  <vedaal at nym.hush.com> wrote:
> David Shaw dshaw at jabberwocky.com wrote on
> Wed Mar 16 00:42:48 CET 2011 :
>
>
>>GnuPG does the MDC by default whenever all the keys can handle it
>
> What kind of key can't handle it in gnupg?
>
> I sent messages to all key types, including v3 keys, using the
> forced MDC,
> (my preferred cipher is 3DES, not that I have anything against any
> others, but have been used to using it and see no particular reason
> to change),
2 key or 3 key? 2TDEA only provides about 80 bits of security, and is
usually not recommend for use.

NIST SP 800-57:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
ECRYPT2 Yearly report on Key Sizes:
http://www.ecrypt.eu.org/documents/D.SPA.13.pdf

Jeff


From rjh at sixdemonbag.org  Wed Mar 16 15:12:12 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 16 Mar 2011 10:12:12 -0400
Subject: GPG and PGP
In-Reply-To: <AANLkTim+SUSW9On4Lx9AF-FLjxHokqSpGaa=xPWKsguB@mail.gmail.com>
References: <20110316134139.1F09C6F437@smtp.hushmail.com>
	<AANLkTim+SUSW9On4Lx9AF-FLjxHokqSpGaa=xPWKsguB@mail.gmail.com>
Message-ID: <4D80C53C.2070004@sixdemonbag.org>

On 3/16/2011 10:05 AM, Jeffrey Walton wrote:
> 2 key or 3 key? 2TDEA only provides about 80 bits of security, and is
> usually not recommend for use.

The OpenPGP spec requires three-key 3DES, and GnuPG conforms to the spec.


From dshaw at jabberwocky.com  Wed Mar 16 15:18:39 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 16 Mar 2011 10:18:39 -0400
Subject: GPG and PGP
In-Reply-To: <20110316134139.1F09C6F437@smtp.hushmail.com>
References: <20110316134139.1F09C6F437@smtp.hushmail.com>
Message-ID: <A77517A2-CBDC-48C1-BF51-29162622C3B4@jabberwocky.com>

On Mar 16, 2011, at 9:41 AM, vedaal at nym.hush.com wrote:

> David Shaw dshaw at jabberwocky.com wrote on
> Wed Mar 16 00:42:48 CET 2011 :
> 
> 
>> GnuPG does the MDC by default whenever all the keys can handle it 
> 
> What kind of key can't handle it in gnupg?

None.  It's not a key type, but a feature/detail of the implementation, like supporting a particular cipher.  The user IDs have a flag on them to indicate whether an MDC can be used.

Run gpg --edit-key on your key and enter "showpref".  Look at the "Features" line(s).  They should say (among other stuff) "MDC".  That's the flag.

Forcing the use of the MDC is similar to forcing the use of a cipher: it might work (probably will, these days), but if someone is using an implementation that doesn't understand the MDC, they won't be able to decrypt your message, any more than they would be if you forced the use of a cipher their implementation doesn't understand.

David



From dshaw at jabberwocky.com  Wed Mar 16 15:20:03 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 16 Mar 2011 10:20:03 -0400
Subject: GPG and PGP
In-Reply-To: <AANLkTim+SUSW9On4Lx9AF-FLjxHokqSpGaa=xPWKsguB@mail.gmail.com>
References: <20110316134139.1F09C6F437@smtp.hushmail.com>
	<AANLkTim+SUSW9On4Lx9AF-FLjxHokqSpGaa=xPWKsguB@mail.gmail.com>
Message-ID: <5E797528-E753-4C42-99BB-A1D288C4ECA6@jabberwocky.com>

On Mar 16, 2011, at 10:05 AM, Jeffrey Walton wrote:

> On Wed, Mar 16, 2011 at 9:41 AM,  <vedaal at nym.hush.com> wrote:
>> David Shaw dshaw at jabberwocky.com wrote on
>> Wed Mar 16 00:42:48 CET 2011 :
>> 
>> 
>>> GnuPG does the MDC by default whenever all the keys can handle it
>> 
>> What kind of key can't handle it in gnupg?
>> 
>> I sent messages to all key types, including v3 keys, using the
>> forced MDC,
>> (my preferred cipher is 3DES, not that I have anything against any
>> others, but have been used to using it and see no particular reason
>> to change),
> 2 key or 3 key? 2TDEA only provides about 80 bits of security, and is
> usually not recommend for use.

3DES in OpenPGP is only 3 key.

David



From vedaal at nym.hush.com  Wed Mar 16 17:38:55 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Wed, 16 Mar 2011 12:38:55 -0400
Subject: GPG and PGP
Message-ID: <20110316163855.E5E376F437@smtp.hushmail.com>

Johan Wevers johanw at vulcan.xs4all.nl wrote on
Wed Mar 16 09:16:56 CET 2011 :

>Current OSes pose already a problem. PGP 2 did not provide nagtive
binaries for win32 so I compiled them myself


I've had a problem running Disastry's PGP 2.6.3 multi6 on 64 bit 
windows systems, because the DOS command line window didn't work 
with even Disastry's 32 bit pgp.exe.

Finally found a workaround by writing a simple new batch file:

set PGPHome = home
%SystemRoot%\system32\cmd.exe

and saved this as pgp64.bat

(I have both pgp 2.6.3m6 and gnupg 1.4.11 on a flash drive, and 
they both run on 64 bit windows systems from a command line dos 
window, without having pgp or gnupg installed.)

For 'gnupg64.bat' the first line of the above two lines should 
read:
set GNUPGHOME=home

As mobile phones become bundled with OSes, it shouldn't be long 
before gnupg can be run on a mobile.


vedaal



From malte.gell at gmx.de  Wed Mar 16 19:31:30 2011
From: malte.gell at gmx.de (Malte Gell)
Date: Wed, 16 Mar 2011 19:31:30 +0100
Subject: Running GnuPG smartcard with CTAPI?
Message-ID: <201103161931.30481.malte.gell@gmx.de>

Hello,

currently I have some trouble to get my Cyberjack running with PCSC. So I 
wonder, can GnuPG (2.0.16) also work with CTAPI drivers?

Thanx
Malte


From Mike_Acker at charter.net  Thu Mar 17 00:01:21 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Wed, 16 Mar 2011 19:01:21 -0400
Subject: compatible with PGP/Desktop
Message-ID: <4D814141.4000905@charter.net>

Is PGP/ENIGMAIL compatible with folks using Outlook or Microsoft Mail
with PGP Desktop?

I've tried searching for this but no luck,-- :-(



From rjh at sixdemonbag.org  Thu Mar 17 01:17:26 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 16 Mar 2011 20:17:26 -0400
Subject: compatible with PGP/Desktop
In-Reply-To: <4D814141.4000905@charter.net>
References: <4D814141.4000905@charter.net>
Message-ID: <4D815316.2070308@sixdemonbag.org>

On 3/16/2011 7:01 PM, Mike Acker wrote:
> Is PGP/ENIGMAIL compatible with folks using Outlook or Microsoft
> Mail with PGP Desktop?

PGP is a registered trademark of the PGP Corporation.  It's a great
product, but Enigmail doesn't use it.  Enigmail uses GnuPG, which is a
compatible implementation of PGP.

The answer to your question is, "yes."  The only thing you need to be
careful about is that historically Microsoft products have had awful
support for sending messages as encrypted MIME data.  The Enigmail folks
recommend not using that feature when communicating with people using
Outlook Express, Outlook, or Windows Live Mail.

If this doesn't answer your question fully, perhaps you should try
asking on the Enigmail mailing list?  You can sign up for it at:

	http://www.mozdev.org/mailman/listinfo/enigmail


From John at enigmail.net  Thu Mar 17 01:23:50 2011
From: John at enigmail.net (John Clizbe)
Date: Wed, 16 Mar 2011 19:23:50 -0500
Subject: compatible with PGP/Desktop
In-Reply-To: <4D814141.4000905@charter.net>
References: <4D814141.4000905@charter.net>
Message-ID: <4D815496.5040904@enigmail.net>

Mike Acker wrote:
> Is PGP/ENIGMAIL compatible with folks using Outlook or Microsoft Mail
> with PGP Desktop?
> 
> I've tried searching for this but no luck,-- :-(

Enigmail is an extension for Thunderbird and Mozilla mail. It uses GnuPG for its
cryptographic processing. It conforms to RFC2 4880 and 3156. That said, you
shouldn't have any trouble.

However, I've not used the mail extensions in PGP Desktop, so I cannot make any
claim to compatibility.  You may wish to ask on the PGP-Basics Yahoo list. There
are a greater percentage of PGP users there.

http://groups.yahoo.com/group/PGP-Basics/


-John

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110316/f43545ec/attachment.pgp>

From johanw at vulcan.xs4all.nl  Thu Mar 17 08:57:50 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu, 17 Mar 2011 08:57:50 +0100
Subject: GPG and PGP
In-Reply-To: <20110316163855.E5E376F437@smtp.hushmail.com>
References: <20110316163855.E5E376F437@smtp.hushmail.com>
Message-ID: <4D81BEFE.9050904@vulcan.xs4all.nl>

Op 16-3-2011 17:38, vedaal at nym.hush.com schreef:

> I've had a problem running Disastry's PGP 2.6.3 multi6 on 64 bit 
> windows systems, because the DOS command line window didn't work 
> with even Disastry's 32 bit pgp.exe.

That is because his executables are DOS executables and not win32
commandline programs. AFAIK win64 dumped the support for 16 bit DOS
programs altogether, I'm surprised the executable could be made to run
anyway. Compiling the source with a Windows compiler should solve that

> (I have both pgp 2.6.3m6 and gnupg 1.4.11 on a flash drive, and 
> they both run on 64 bit windows systems from a command line dos 
> window, without having pgp or gnupg installed.)

Technically on Windows NT and up, you don't have a "DOS" window but a
command shell, like Unix tcsh or bash.

> As mobile phones become bundled with OSes, it shouldn't be long 
> before gnupg can be run on a mobile.

I hope so, but this isn't an easy job. I remember it has been discussed
here before.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



From albert_waa at charter.net  Wed Mar 16 17:26:45 2011
From: albert_waa at charter.net (Bill Albert)
Date: Wed, 16 Mar 2011 12:26:45 -0400
Subject: compatible with PGP/Desktop
Message-ID: <4D80E4C5.8050102@charter.net>

Is PGP/ENIGMAIL compatible with folks using Outlook or Microsoft Mail
with PGP Desktop?

I've tried searching for this but no luck,-- :-(



From malte.gell at gmx.de  Thu Mar 17 13:52:34 2011
From: malte.gell at gmx.de (Malte Gell)
Date: Thu, 17 Mar 2011 13:52:34 +0100
Subject: Running GnuPG smartcard with CTAPI?
In-Reply-To: <87ei66jf0s.fsf@vigenere.g10code.de>
References: <201103161931.30481.malte.gell@gmx.de>
	<87ei66jf0s.fsf@vigenere.g10code.de>
Message-ID: <20110317135234.00003664malte.gell@gmx.de@unknown>

Am Thu, 17 Mar 2011 10:02:43 +0100
schrieb Werner Koch <wk at gnupg.org>:

> On Wed, 16 Mar 2011 19:31, malte.gell at gmx.de said:
> 
> > currently I have some trouble to get my Cyberjack running with
> > PCSC. So I wonder, can GnuPG (2.0.16) also work with CTAPI drivers?
> 
> I doubt that.  CTAPI has not been used for years.  There is some code
> still but it will eventually be removed.  
 
> Swap your Cyberjack against a real reader.  Reiner stuff does not
> comply to any modern standards.  Or well, only to their own
> interpretation of the standards.

They supported Linux at least... what other brand would you recommend?
(Security class III with pinpad and display with Linux support).

Regards
Malte


From shavital at mac.com  Thu Mar 17 15:42:02 2011
From: shavital at mac.com (Charly Avital)
Date: Thu, 17 Mar 2011 10:42:02 -0400
Subject: Language question
Message-ID: <4D821DBA.5050701@mac.com>

Hi,

when the user's locale is e.g. French, and she/he is generating a key in
Terminal (or DOS prompt, if that's what it is called in Windows),  is
the interactive dialogue displayed in French (or in the language of the
user's locale)?
Ditto for all other gpg interactive dialogues.

Thanks,
Charly


From kloecker at kde.org  Thu Mar 17 20:41:17 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Thu, 17 Mar 2011 20:41:17 +0100
Subject: Language question
In-Reply-To: <4D821DBA.5050701@mac.com>
References: <4D821DBA.5050701@mac.com>
Message-ID: <201103172041.18832@thufir.ingo-kloecker.de>

On Thursday 17 March 2011, Charly Avital wrote:
> Hi,
> 
> when the user's locale is e.g. French, and she/he is generating a key
> in Terminal (or DOS prompt, if that's what it is called in Windows),
>  is the interactive dialogue displayed in French (or in the language
> of the user's locale)?
> Ditto for all other gpg interactive dialogues.

On Linux this the case. Why do you ask?


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110317/cf0eba94/attachment.pgp>

From kloecker at kde.org  Thu Mar 17 21:06:35 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Thu, 17 Mar 2011 21:06:35 +0100
Subject: GPG and PGP
In-Reply-To: <20110316125348.GA1613@IUPUI.Edu>
References: <4D8071B1.3080501@vulcan.xs4all.nl>
	<20110316125348.GA1613@IUPUI.Edu>
Message-ID: <201103172106.36104@thufir.ingo-kloecker.de>

On Wednesday 16 March 2011, Mark H. Wood wrote:
> On Wed, Mar 16, 2011 at 09:15:45AM +0100, Johan Wevers wrote:
> > Op 15-3-2011 21:32, Ben McGinnes schreef:
> > > That's probably a worthwhile discussion to have.  Even if RFC1991
> > > support is maintained, there's still value in migrating encrypted
> > > data to more robust algorithms.
> > 
> > Only if IDEA gets broken (or the pgp 2.x implementation of it turns
> > out flawed) or, very unlikely, 128 bit can be brute-forced in the
> > future.
> 
> On that day it would be well to already know what to do about it and
> already have the tools in hand.

Obviously.


> It would be best to have already done so.

I'm not so sure about this. Migration requires decryption of the 
encrypted data. This introduces an attack vector that does not exist if 
you keep the data encrypted with IDEA.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110317/bd875bc6/attachment.pgp>

From shavital at mac.com  Thu Mar 17 21:14:54 2011
From: shavital at mac.com (Charly Avital)
Date: Thu, 17 Mar 2011 16:14:54 -0400
Subject: Language question
In-Reply-To: <201103172041.18832@thufir.ingo-kloecker.de>
References: <4D821DBA.5050701@mac.com>
	<201103172041.18832@thufir.ingo-kloecker.de>
Message-ID: <4D826BBE.7090103@mac.com>

Ingo Kl?cker wrote the following on 3/17/11 3:41 PM:
> On Thursday 17 March 2011, Charly Avital wrote:
>> Hi,
>>
>> when the user's locale is e.g. French, and she/he is generating a key
>> in Terminal (or DOS prompt, if that's what it is called in Windows),
>>  is the interactive dialogue displayed in French (or in the language
>> of the user's locale)?
>> Ditto for all other gpg interactive dialogues.
> 
> On Linux this the case. Why do you ask?
> 
> 
> Regards,
> Ingo

Hi Ingo,

I'm asking because in the course of localizing an application written
for Mac users, and that is a GUI for interactive actions that can be
carried via Terminal by Command Line Instructions, I have found several
terms that are exactly the ones that are displayed in Terminal.

I was surprised that in spite of being a GUI, it was still necessary to
actually include those interactive processes in the body of the
applications, whereas _*maybe*_ it would have been possible to somehow
create an interface that would have retrieved the interactive commands
and actions from GnuPG running in the language required for the
localization.

I have *not* written the application (I have no programing skills or
even knowledge), but was just helping to localize the required strings.

Thanks,
Charly




From kloecker at kde.org  Thu Mar 17 21:30:00 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Thu, 17 Mar 2011 21:30:00 +0100
Subject: GPG and PGP
In-Reply-To: <4D8071F8.5000804@vulcan.xs4all.nl>
References: <4D8071F8.5000804@vulcan.xs4all.nl>
Message-ID: <201103172130.01509@thufir.ingo-kloecker.de>

On Wednesday 16 March 2011, Johan Wevers wrote:
> Op 15-3-2011 21:57, Ingo Kl?cker schreef:
> > Why migrate away? Even if GnuPG 3 stops supporting RFC1991 there
> > will always be GnuPG 1 and GnuPG 2 around to decrypt ancient data
> > and verify signatures made decades ago.
> 
> If that is the case, you could also say we still have pgp 2.x arround
> including source code.

Sure. That's definitely an option for old data that can be decrypted 
with PGP 2.


> > That's the beauty of Free Software. Nobody
> > can take it away and since it's Open Source it will always be
> > possible to compile it on new OSes (provided we will be
> > able/allowed to install what we want on those OSes).
> 
> Current OSes pose already a problem. PGP 2 did not provide nagtive
> binaries for win32 so I compiled them myself, which was easy (just
> make a new project file in VC5, add all C files and press compile).
> Added benefit was long filename support. Now I have a Symbian phone
> and an Android tablet, but I have no idea how to decrypt messages on
> those devices. The source of pgp and GnuPG is freely available, but
> without a C compiler you need to port them to the Symbian version of
> C and the Google Java clone, or write a compiler yourself. The first
> task is a huge effort I'm not sure I could even do myself and I'm
> certainly not up to the second.

The good thing is that you are not alone. ;-)

And if nobody wants to do it you still have the option to pay somebody 
for doing it.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110317/51815e0f/attachment.pgp>

From andrew.long at mac.com  Thu Mar 17 21:43:46 2011
From: andrew.long at mac.com (Andrew Long)
Date: Thu, 17 Mar 2011 20:43:46 +0000
Subject: keyservers
Message-ID: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>

Anyone else having problems accessing pool.sks-keyservers.net? I've  
tried pointing nslookup at a couple of the root DNS name servers and  
get DOMAIN (not known)

Regards, Andy
--
Andrew Long
andrew dot long at mac dot com



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 235 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110317/e4345371/attachment.pgp>

From gollo at fsfe.org  Thu Mar 17 21:57:19 2011
From: gollo at fsfe.org (Martin Gollowitzer)
Date: Thu, 17 Mar 2011 21:57:19 +0100
Subject: keyservers
In-Reply-To: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
Message-ID: <20110317205719.GA2533@wingback.gollo.at>

* Andrew Long <andrew.long at mac.com> [110317 21:47, mID <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356 at mac.com>]:
> Anyone else having problems accessing pool.sks-keyservers.net? I've  
> tried pointing nslookup at a couple of the root DNS name servers and  
> get DOMAIN (not known)

By now, I at least get NS records again, but lookup of the pools doesn't
work. 

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110317/0d1cf684/attachment.pgp>

From kgo at grant-olson.net  Thu Mar 17 21:58:06 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Thu, 17 Mar 2011 16:58:06 -0400
Subject: keyservers
In-Reply-To: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
Message-ID: <4D8275DE.7030105@grant-olson.net>

On 3/17/11 4:43 PM, Andrew Long wrote:
> Anyone else having problems accessing pool.sks-keyservers.net? I've
> tried pointing nslookup at a couple of the root DNS name servers and get
> DOMAIN (not known)
> 

There were a few emails on sks-devel this morning.  Apparently it is
indeed down.

http://lists.nongnu.org/archive/html/sks-devel/2011-03/msg00017.html

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110317/b463ffde/attachment.pgp>

From shavital at mac.com  Thu Mar 17 22:31:46 2011
From: shavital at mac.com (Charly Avital)
Date: Thu, 17 Mar 2011 17:31:46 -0400
Subject: keyservers
In-Reply-To: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
Message-ID: <4D827DC2.10807@mac.com>

Andrew Long wrote the following on 3/17/11 4:43 PM:
> Anyone else having problems accessing pool.sks-keyservers.net? I've  
> tried pointing nslookup at a couple of the root DNS name servers and  
> get DOMAIN (not known)
> 
> Regards, Andy

Was down two hours ago, still down now 5:30 PM DST.

Charly


From John at enigmail.net  Fri Mar 18 03:57:49 2011
From: John at enigmail.net (John Clizbe)
Date: Thu, 17 Mar 2011 21:57:49 -0500
Subject: keyservers
In-Reply-To: <4D8275DE.7030105@grant-olson.net>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
	<4D8275DE.7030105@grant-olson.net>
Message-ID: <4D82CA2D.6080708@enigmail.net>

Grant Olson wrote:
> On 3/17/11 4:43 PM, Andrew Long wrote:
>> Anyone else having problems accessing pool.sks-keyservers.net? I've
>> tried pointing nslookup at a couple of the root DNS name servers and get
>> DOMAIN (not known)
>> 
> 
> There were a few emails on sks-devel this morning.  Apparently it is
> indeed down.
> 
> http://lists.nongnu.org/archive/html/sks-devel/2011-03/msg00017.html

yeah, and keys.kfwebs.net, Kristian's keyserver which hosts the pool code, is
also down. Still no word from him on sks-devel. Of course, he might not be able
to get the mail if the server is offline.

-John
-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110317/4e766c66/attachment.pgp>

From Gloria.Teo at bit.admin.ch  Fri Mar 18 17:57:08 2011
From: Gloria.Teo at bit.admin.ch (Gloria.Teo at bit.admin.ch)
Date: Fri, 18 Mar 2011 17:57:08 +0100
Subject: GPG and non ssh user
Message-ID: <E1306337AED1804282B19099556FB90A0AC028AE@sbem35exc1005.efd.intra.admin.ch>

Dear All,

 

due to our new security, we have to login in Linux SLESS 11 with a
personal "ABC" ssh-user then change to a batch user with the commands
sudo -i -u <batchuser>. And tty belongs to user "ABC" and not batchuser.
I could import new keys, both private and public and also decrypt a
pgp-encrypted file under the user ABC but it doesn't work when I run gpg
with batchuser. The batchuser is not a ssh user. How can I make gpg
works under a batchuser? Can anybody help?

 

Greetings

Desperate looking for a solution

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110318/802a7b67/attachment-0001.htm>

From kgo at grant-olson.net  Fri Mar 18 18:48:47 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Fri, 18 Mar 2011 13:48:47 -0400
Subject: keyservers
In-Reply-To: <4D82CA2D.6080708@enigmail.net>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>	<4D8275DE.7030105@grant-olson.net>
	<4D82CA2D.6080708@enigmail.net>
Message-ID: <4D839AFF.6070401@grant-olson.net>

On 3/17/11 10:57 PM, John Clizbe wrote:
> 
> yeah, and keys.kfwebs.net, Kristian's keyserver which hosts the pool code, is
> also down. Still no word from him on sks-devel. Of course, he might not be able
> to get the mail if the server is offline.
> 
> -John
> 

Some news is starting to pop up on sks-devel.  I know you've seen all
this, but for the sake of people who don't subscribe:

+ Kristian was out of town when things went down.

+ He's aware of the issue.  Said it was a hardware problem, and he's
expecting to have working hardware on Sunday.

+ He will be looking into more redundancy with slave dns servers in
alternate locations.

Until then, I'll just use my favorite member of the sks pool:
gingerbear.net.

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110318/b866f749/attachment.pgp>

From expires2011 at ymail.com  Sat Mar 19 19:07:16 2011
From: expires2011 at ymail.com (MFPA)
Date: Sat, 19 Mar 2011 18:07:16 +0000
Subject: keyservers
In-Reply-To: <4D839AFF.6070401@grant-olson.net>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
	<4D8275DE.7030105@grant-olson.net> <4D82CA2D.6080708@enigmail.net>
	<4D839AFF.6070401@grant-olson.net>
Message-ID: <612913679.20110319180716@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 18 March 2011 at 5:48:47 PM, in
<mid:4D839AFF.6070401 at grant-olson.net>, Grant Olson wrote:


> Until then, I'll just use my favorite member of the sks
> pool: gingerbear.net.

Is it your favourite because of the name?


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

There is no snooze button for a cat that wants breakfast
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNhPDonhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pRCkD/jBC
LHqSwCRgUZNy9AmaUTpA2wACFTBzLm87sPdCH8j1e4jC/2glW/+WmoOS6o2N3fgK
biNJ3Ebe9nMt5QWKVi+UDQtzDYzIgYzkhrgovIo/5lxGYGUDYU2DkmeAhmI8FUTA
02VA8x7Qo4iWWrM+DQly+n2AVjc2oiw3d683SzYJ
=xy7v
-----END PGP SIGNATURE-----



From kgo at grant-olson.net  Sat Mar 19 22:55:43 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sat, 19 Mar 2011 17:55:43 -0400
Subject: keyservers
In-Reply-To: <612913679.20110319180716@my_localhost>
References: <7871BBEE-1F8D-4EFC-B0F3-9A17EC4CE356@mac.com>
	<4D8275DE.7030105@grant-olson.net> <4D82CA2D.6080708@enigmail.net>
	<4D839AFF.6070401@grant-olson.net>
	<612913679.20110319180716@my_localhost>
Message-ID: <4D85265F.9080400@grant-olson.net>

On 03/19/2011 02:07 PM, MFPA wrote:
> Hi
> 
> 
> On Friday 18 March 2011 at 5:48:47 PM, in
> <mid:4D839AFF.6070401 at grant-olson.net>, Grant Olson wrote:
> 
> 
>> Until then, I'll just use my favorite member of the sks
>> pool: gingerbear.net.
> 
> Is it your favourite because of the name?
> 
> 

It's just the only name I actually remember.  Not sure if it's because
of the distinctiveness, or the repeated exposure via John's sig...

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110319/8750386a/attachment.pgp>

From Mike_Acker at charter.net  Sun Mar 20 03:26:41 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sat, 19 Mar 2011 22:26:41 -0400
Subject: what are the sub keys
Message-ID: <4D8565E1.7080608@charter.net>

what are the 'sub keys' that are listed with each RSA key?  Also which
type of key is preferred RSA or DSA?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110319/6096e8a8/attachment.pgp>

From thajsta at gmail.com  Sun Mar 20 03:34:41 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sat, 19 Mar 2011 22:34:41 -0400
Subject: what are the sub keys
In-Reply-To: <4D8565E1.7080608@charter.net>
References: <4D8565E1.7080608@charter.net>
Message-ID: <4D8567C1.5040507@gmail.com>

Hahahaha, the RSA versus DSA is a question I asked earlier this week I
believe. You might wish to rummage through the archives for that short
conversation. I would use RSA due to its ridiculous amount of sscrutiny
over the years, but be sure to set your preferences and choose a 4096
over 2048. Doing these will increase security provided the recipient has
their security tightened as well.

On 19/03/2011 10:26 PM, Mike Acker wrote:
> what are the 'sub keys' that are listed with each RSA key?  Also which
> type of key is preferred RSA or DSA?
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: </pipermail/attachments/20110319/a886660f/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110319/a886660f/attachment.pgp>

From dshaw at jabberwocky.com  Sun Mar 20 03:36:29 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 19 Mar 2011 22:36:29 -0400
Subject: what are the sub keys
In-Reply-To: <4D8565E1.7080608@charter.net>
References: <4D8565E1.7080608@charter.net>
Message-ID: <EEA9E396-5F7C-4392-BABB-9EA07A85136C@jabberwocky.com>

On Mar 19, 2011, at 10:26 PM, Mike Acker wrote:

> what are the 'sub keys' that are listed with each RSA key?  Also which
> type of key is preferred RSA or DSA?

OpenPGP keys are made up of a single primary key, and any number of subkeys (including, in some cases zero).  This allows the user to pick particular key types for particular purposes.  For example, a common usage is to use the primary key for signing things and the subkey for encrypting things.

As to your other question, it was asked earlier this week.  See http://www.gossamer-threads.com/lists/gnupg/users/53692

David



From expires2011 at ymail.com  Sun Mar 20 03:52:33 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 20 Mar 2011 02:52:33 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D7CF355.3050606@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C5AC7.70903@adversary.org>
	<407588411.20110313133202@my_localhost>
	<4D7CF355.3050606@adversary.org>
Message-ID: <18692048.20110320025234@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 13 March 2011 at 4:39:49 PM, in
<mid:4D7CF355.3050606 at adversary.org>, Ben McGinnes wrote:


> On 14/03/11 12:32 AM, MFPA wrote:
>> Fair enough but I believe a person's desire to
>> withhold their own personal information outranks
>> another person's desire to make use of that personal
>> information.

> That too is an understandable argument.  Especially
> when it comes to searching the keyservers, but less
> easy to maintain in relation to searches of a local
> keyring

Whether on a keyserver or on your local keyring, I see little
difference. Keys that exist on local keyrings sooner or later tend to
end up on keyservers.



>> I would like hashing to be offered for the name and
>> then again for the email address, along with a
>> one-liner that obscuring the information in the UIDS
>> offered minimal protection as described in gpg.man and
>> made it harder for other users to locate and use the
>> key; if there's a default answer it should be "No".
>> Maybe others would feel it should be only in expert
>> mode, or perhaps enabled by a "hash-uid" option to the
>> "gen-key" command.

> I'd definitely say the default should be off and
> enabling it only via expert mode would probably be
> wise.

The first two or three times I looked at PGP and GnuPG, I found the
apparent requirement to include personal information in user IDs
repulsive and therefore moved on without any further study. A feature
such as this might have attracted me to study further and maybe adopt
sooner. Burying it in expert mode, and thereby branding it as
nonsensical or silly and for experts only, would have effectively
rendered it invisible to me.



> if you have a key that only has
> hashed UIDs of your real name and email address(es),
> would you wish to prevent signatures of your key from
> contacts who did not use the hashing function?

No I would not wish to prevent them. Anyway, I'm not convinced that a
mechanism to enforce the keyserver-no-modify flag is possible. In the
absence of such a mechanism, wishing is about all you could do to
prevent such signatures.



>  If the
> concern is preventing your personal information being
> revealed and someone who knows you, but is less
> concerned about this is willing to sign your key, would
> you attempt to stop them?

I would not seek to stop them, and if I did they might not listen.

A scheme such as this would allow the user, without publishing their
personal information, to publish a key that others could locate and
use. That is not the same thing as preventing their personal
information being revealed.



> After all, a relationship
> could be determined by their identity and if there were
> enough such signatures from people you know in real
> life, it may be possible to determine your identity
> that way.

Maybe inferred rather than determined. You could have gone to a
keysigning party and met a group of people who knew each other in real
life but you'd never seen any of them before. And working out who you
are in real life wouldn't necessarily reveal your email addresses or
any other identities you had in hashed user IDs. (You might have your
name unhashed and only be hashing your email addresses.)



> It seems that the only real strength the hashed UID has
> is if it is adopted by every user, regardless of
> whether they want it or not.

Why?


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Look, it's a hat! It's not going to hurt you.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNhWwFnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pnW4D/1Va
N7ry2e6L236i6UTq5PS0mYx/5Abvlz7NtinXwAMAmaTvhm+X7mibRj1hAKdK+XMY
sqAM3/ThV4DNFaie5Y4SPI9XXiomq3phnZQQoGNMa9GV+dleUbrJHd8b4d6z6+wd
HquiMCw26FstnWvvBLMf5fgqUYS5DnWblcJGm9dF
=Dp1h
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Sun Mar 20 04:36:57 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 19 Mar 2011 23:36:57 -0400
Subject: what are the sub keys
In-Reply-To: <4D8567C1.5040507@gmail.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
Message-ID: <4D857659.8040404@sixdemonbag.org>

On 3/19/11 10:34 PM, Jonathan Ely wrote:
> I would use RSA due to its ridiculous amount of sscrutiny over the
> years,

DSA has received comparable scrutiny, IMO.  The Elgamal family (of which
DSA is a member) has an impressive pedigree.

> but be sure to set your preferences and choose a 4096 over 2048.

Why?  This is like saying, "I like the bank vault on my front door, but
I wish it was thicker: I want the extra security."  Key length is only a
small part (arguably the smallest part) of communications security.


From runaprinsloo at gmail.com  Sun Mar 20 12:06:39 2011
From: runaprinsloo at gmail.com (Runa)
Date: Sun, 20 Mar 2011 13:06:39 +0200
Subject: Help with error message in GNUPG 2.0.14
In-Reply-To: <AANLkTikFDPzyr3NhRRwoHwuzRw59Zv7oZQa5SgcdYybv@mail.gmail.com>
References: <AANLkTikFDPzyr3NhRRwoHwuzRw59Zv7oZQa5SgcdYybv@mail.gmail.com>
Message-ID: <AANLkTikeMhrBbMuh3frz9V4cjejqE-7t0bUSfseqV5TN@mail.gmail.com>

:

> I'm sorry if this is not the right list to send this to. I'd appreciate it
> if you could refer me to the right place that can deal with my problem.
>
> I've never had problems with GNUPG 2.0.14 before. Now all of a sudden I
> can't decrypt my files. I get the message: "[filename] contains no value
> encrypted data". I don't know what this means or how to correct it. I'm not
> a programmer and don't have advanced skills. I've used the programme without
> any hassles on XP but now have WIndows 7 Home Premium. It used to work fine
> on WIn7 except that I could not verify and decrypt, only decrypt. I had a
> recent run-in with viruses and set my Avast Free settings to the max. Could
> this be the cause and how do I fix it. If the security software setting is
> not a cause, then what is and how to I fix it.
>
> Please help. I have a large number of files encrypted and would hate to
> loose my data in them.
>
> Runa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110320/409ba932/attachment.htm>

From runap at afrihost.co.za  Sun Mar 20 12:23:03 2011
From: runap at afrihost.co.za (Runa)
Date: Sun, 20 Mar 2011 13:23:03 +0200
Subject: Error message in GNUPG 2.0.1
Message-ID: <AANLkTin8rEUBL5+N_fk=--+nYm4Ur_CVUo0h0YwRdM_G@mail.gmail.com>

I'm sorry if this is not the right list to send this to. I'd appreciate it
if you could refer me to the right place that can deal with my problem.

I've never had problems with GNUPG 2.0.14 before. Now all of a sudden I
can't decrypt my files. I get the message: "[filename] contains no value
encrypted data". I don't know what this means or how to correct it. I'm not
a programmer and don't have advanced skills. I've used the programme without
any hassles on XP but now have WIndows 7 Home Premium. It used to work fine
on WIn7 except that I could not verify and decrypt, only decrypt. I had a
recent run-in with viruses and set my Avast Free settings to the max. Could
this be the cause and how do I fix it. If the security software setting is
not a cause, then what is and how to I fix it.

Please help. I have a large number of files encrypted and would hate to
loose my data in them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110320/900ffa7e/attachment.htm>

From thajsta at gmail.com  Sun Mar 20 13:57:51 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 08:57:51 -0400
Subject: Keyservers
Message-ID: <4D85F9CF.7080707@gmail.com>

It seems no matter which key server I try I encounter the alert saying
nothing can be found. This is very annoying. Does anybody know what the
problem is and how I can fix it? I can not seem to find a list of key
servers online. All I want to do is search for one's public key and
import it but I can not.
-- 
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
files or previous e-mail messages attached to it may contain
confidential information that is legally privileged. If you are not the
intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that any disclosure,
copying, distribution or use of any of the information contained in or
attached to this transmission is STRICTLY PROHIBITED. If you have
received this transmission in error, please immediately notify the
sender, and please destroy the original transmission and its attachments
without reading or saving in any manner. Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4B22824D.asc
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: </pipermail/attachments/20110320/87277db1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/87277db1/attachment.pgp>

From shavital at mac.com  Sun Mar 20 15:34:55 2011
From: shavital at mac.com (Charly Avital)
Date: Sun, 20 Mar 2011 10:34:55 -0400
Subject: Keyservers
In-Reply-To: <4D85F9CF.7080707@gmail.com>
References: <4D85F9CF.7080707@gmail.com>
Message-ID: <4D86108F.7090006@mac.com>

Jonathan Ely wrote the following on 3/20/11 8:57 AM:
> It seems no matter which key server I try I encounter the alert saying
> nothing can be found. This is very annoying. Does anybody know what the
> problem is and how I can fix it? I can not seem to find a list of key
> servers online. All I want to do is search for one's public key and
> import it but I can not.

When verifying your signature and *without* importing the keyblock you
attached to your message:

gpg: Signature made Sun Mar 20 08:58:08 2011 EDT using RSA key ID 4B22824D
gpg: requesting key 4B22824D from hkp server pool.sks-keyservers.net
gpg: key 4B22824D: public key "Jonathan Ely <thajsta at gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: BAD signature from "Jonathan Ely <thajsta at gmail.com>"

That server (pool.sks-keyservers.net) is working, as well as e.g.
pgp.uni-mainz.de, keyserver.linux.it, just to mention those.

The raw source of your e-mail displays:
From: Jonathan Ely <thajsta at gmail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;	rv:1.9.2.15)
Gecko/20110303 Thunderbird/3.1.9
Something *might* be wrong in the settings of your OpenPGP keyserver
configuration.

Your signature does not verify. I doesn't verify either in your previous
post with subject "Re: what are subkeys"

In both e-mails the raw source displays:
Content-Transfer-Encoding: quoted-printable
and the string: --=20  between the actual text and the blurb
"CONFIDENTIALITY NOTICE: This e-mail...." .

"quote-printable" might be the reason why the signature does not verify.

Charly
MacOS 10.6.6-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.17
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.6; en-US; rv:1.9.2.15)
Gecko/20110303 Thunderbird/3.1.9 Enigmail 1.2a1pre (20110314-1953)



From kloecker at kde.org  Sun Mar 20 16:43:46 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Sun, 20 Mar 2011 16:43:46 +0100
Subject: Keyservers
In-Reply-To: <4D86108F.7090006@mac.com>
References: <4D85F9CF.7080707@gmail.com> <4D86108F.7090006@mac.com>
Message-ID: <201103201643.53472@thufir.ingo-kloecker.de>

On Sunday 20 March 2011, Charly Avital wrote:
> Jonathan Ely wrote the following on 3/20/11 8:57 AM:
> > It seems no matter which key server I try I encounter the alert
> > saying nothing can be found. This is very annoying. Does anybody
> > know what the problem is and how I can fix it? I can not seem to
> > find a list of key servers online. All I want to do is search for
> > one's public key and import it but I can not.
> 
> When verifying your signature and *without* importing the keyblock
> you attached to your message:
> 
> gpg: Signature made Sun Mar 20 08:58:08 2011 EDT using RSA key ID
> 4B22824D gpg: requesting key 4B22824D from hkp server
> pool.sks-keyservers.net gpg: key 4B22824D: public key "Jonathan Ely
> <thajsta at gmail.com>" imported gpg: Total number processed: 1
> gpg:               imported: 1  (RSA: 1)
> gpg: BAD signature from "Jonathan Ely <thajsta at gmail.com>"
> 
> That server (pool.sks-keyservers.net) is working, as well as e.g.
> pgp.uni-mainz.de, keyserver.linux.it, just to mention those.
> 
> The raw source of your e-mail displays:
> From: Jonathan Ely <thajsta at gmail.com>
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
> en-GB;	rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
> Something *might* be wrong in the settings of your OpenPGP keyserver
> configuration.
> 
> Your signature does not verify. I doesn't verify either in your
> previous post with subject "Re: what are subkeys"
> 
> In both e-mails the raw source displays:
> Content-Transfer-Encoding: quoted-printable
> and the string: --=20  between the actual text and the blurb
> "CONFIDENTIALITY NOTICE: This e-mail...." .
> 
> "quote-printable" might be the reason why the signature does not
> verify.

I doubt this very much because the encoding surely happens before the 
signing.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110320/31cc116b/attachment.pgp>

From thajsta at gmail.com  Sun Mar 20 16:49:53 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 11:49:53 -0400
Subject: Keyservers
In-Reply-To: <201103201643.53472@thufir.ingo-kloecker.de>
References: <4D85F9CF.7080707@gmail.com> <4D86108F.7090006@mac.com>
	<201103201643.53472@thufir.ingo-kloecker.de>
Message-ID: <4D862221.1050805@gmail.com>

I removed the text signature in the account options just to be sure.
Hopefully this avoids complications. Is it because I use MIME?

On 20/03/2011 11:43 AM, Ingo Kl?cker wrote:
> On Sunday 20 March 2011, Charly Avital wrote:
>> Jonathan Ely wrote the following on 3/20/11 8:57 AM:
>>> It seems no matter which key server I try I encounter the alert
>>> saying nothing can be found. This is very annoying. Does anybody
>>> know what the problem is and how I can fix it? I can not seem to
>>> find a list of key servers online. All I want to do is search for
>>> one's public key and import it but I can not.
>>
>> When verifying your signature and *without* importing the keyblock
>> you attached to your message:
>>
>> gpg: Signature made Sun Mar 20 08:58:08 2011 EDT using RSA key ID
>> 4B22824D gpg: requesting key 4B22824D from hkp server
>> pool.sks-keyservers.net gpg: key 4B22824D: public key "Jonathan Ely
>> <thajsta at gmail.com>" imported gpg: Total number processed: 1
>> gpg:               imported: 1  (RSA: 1)
>> gpg: BAD signature from "Jonathan Ely <thajsta at gmail.com>"
>>
>> That server (pool.sks-keyservers.net) is working, as well as e.g.
>> pgp.uni-mainz.de, keyserver.linux.it, just to mention those.
>>
>> The raw source of your e-mail displays:
>> From: Jonathan Ely <thajsta at gmail.com>
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
>> en-GB;	rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
>> Something *might* be wrong in the settings of your OpenPGP keyserver
>> configuration.
>>
>> Your signature does not verify. I doesn't verify either in your
>> previous post with subject "Re: what are subkeys"
>>
>> In both e-mails the raw source displays:
>> Content-Transfer-Encoding: quoted-printable
>> and the string: --=20  between the actual text and the blurb
>> "CONFIDENTIALITY NOTICE: This e-mail...." .
>>
>> "quote-printable" might be the reason why the signature does not
>> verify.
> 
> I doubt this very much because the encoding surely happens before the 
> signing.
> 
> 
> Regards,
> Ingo
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/113b16fa/attachment-0001.pgp>

From shavital at mac.com  Sun Mar 20 16:52:32 2011
From: shavital at mac.com (Charly Avital)
Date: Sun, 20 Mar 2011 11:52:32 -0400
Subject: Keyservers
In-Reply-To: <201103201643.53472@thufir.ingo-kloecker.de>
References: <4D85F9CF.7080707@gmail.com> <4D86108F.7090006@mac.com>
	<201103201643.53472@thufir.ingo-kloecker.de>
Message-ID: <4D8622C0.3010102@mac.com>

Ingo Kl?cker wrote the following on 3/20/11 11:43 AM:
> 
> I doubt this very much because the encoding surely happens before the 
> signing.
> 
> 
> Regards,
> Ingo

In my post, I also indicated that there was a string --=20 between the
actual text and the signature disclaimer ""CONFIDENTIALITY NOTICE: This
e-mail...."

After Jonathan disabled that signature add-on, his signed messages verified.

Regards,
Charly



From kloecker at kde.org  Sun Mar 20 18:28:06 2011
From: kloecker at kde.org (Ingo =?utf-8?q?Kl=C3=B6cker?=)
Date: Sun, 20 Mar 2011 18:28:06 +0100
Subject: Keyservers
In-Reply-To: <4D8622C0.3010102@mac.com>
References: <4D85F9CF.7080707@gmail.com>
	<201103201643.53472@thufir.ingo-kloecker.de> <4D8622C0.3010102@mac.com>
Message-ID: <201103201828.07200@thufir.ingo-kloecker.de>

On Sunday 20 March 2011, Charly Avital wrote:
> Ingo Kl?cker wrote the following on 3/20/11 11:43 AM:
> > I doubt this very much because the encoding surely happens before
> > the signing.
> > 
> > 
> > Regards,
> > Ingo
> 
> In my post, I also indicated that there was a string --=20 between
> the actual text and the signature disclaimer ""CONFIDENTIALITY
> NOTICE: This e-mail...."

Well, that's the "standard" signature separator: 2 dashes followed by a 
space. To preserve this trailing space Thunderbird/enigmail does the 
right thing and encodes it.


> After Jonathan disabled that signature add-on, his signed messages
> verified.

Yeah, well. Even though Jonathan disabled the signature his message is 
still quoted-printable encoded. As are my messages. So, quoted-printable 
encoding does not seem to be the problem.

Also, Jonathan's message "Re: what are the sub keys" does not have a 
signature. Still the signature is broken. What the two messages with 
broken signatures seem to have in common is the attached key. Maybe 
that's what is causing the problems.


Regards,
Ingo

-- 
Test signature. Please ignore.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110320/de0e2a7e/attachment.pgp>

From thajsta at gmail.com  Sun Mar 20 19:11:58 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 14:11:58 -0400
Subject: Keyservers
In-Reply-To: <201103201828.07200@thufir.ingo-kloecker.de>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>
	<4D8622C0.3010102@mac.com>
	<201103201828.07200@thufir.ingo-kloecker.de>
Message-ID: <4D86436E.20404@gmail.com>

The attached .asc file causes problems? I have disabled that but still
enabled the header. Why would the .asc attachment option be there if it
causes problems?

On 20/03/2011 01:28 PM, Ingo Kl?cker wrote:
> On Sunday 20 March 2011, Charly Avital wrote:
>> Ingo Kl?cker wrote the following on 3/20/11 11:43 AM:
>>> I doubt this very much because the encoding surely happens before
>>> the signing.
>>>
>>>
>>> Regards,
>>> Ingo
>>
>> In my post, I also indicated that there was a string --=20 between
>> the actual text and the signature disclaimer ""CONFIDENTIALITY
>> NOTICE: This e-mail...."
> 
> Well, that's the "standard" signature separator: 2 dashes followed by a 
> space. To preserve this trailing space Thunderbird/enigmail does the 
> right thing and encodes it.
> 
> 
>> After Jonathan disabled that signature add-on, his signed messages
>> verified.
> 
> Yeah, well. Even though Jonathan disabled the signature his message is 
> still quoted-printable encoded. As are my messages. So, quoted-printable 
> encoding does not seem to be the problem.
> 
> Also, Jonathan's message "Re: what are the sub keys" does not have a 
> signature. Still the signature is broken. What the two messages with 
> broken signatures seem to have in common is the attached key. Maybe 
> that's what is causing the problems.
> 
> 
> Regards,
> Ingo
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/25ba93d2/attachment.pgp>

From ben at adversary.org  Sun Mar 20 19:31:49 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 21 Mar 2011 05:31:49 +1100
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <18692048.20110320025234@my_localhost>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>	<4D777C74.8010901@adversary.org>
	<4D778317.3020102@sixdemonbag.org>	<201103100103.22525.mailinglisten@hauke-laging.de>	<4D783E58.5090205@adversary.org>	<1688705621.20110312193733@my_localhost>	<4D7C5AC7.70903@adversary.org>	<407588411.20110313133202@my_localhost>	<4D7CF355.3050606@adversary.org>
	<18692048.20110320025234@my_localhost>
Message-ID: <4D864815.6020205@adversary.org>

On 20/03/11 1:52 PM, MFPA wrote:
> On Sunday 13 March 2011 at 4:39:49 PM, in
> <mid:4D7CF355.3050606 at adversary.org>, Ben McGinnes wrote:
>>
>> That too is an understandable argument.  Especially when it comes
>> to searching the keyservers, but less easy to maintain in relation
>> to searches of a local keyring
> 
> Whether on a keyserver or on your local keyring, I see little
> difference.

Which just shows how your use differs with that of others.  I have a
number of keys on my keyring and when I list them I like to see which
key belongs to which identity/account (I don't care if it's a real
name or not, just as long as I can see something that makes sense to
me).  Hashed IDs, depending on how common they became, would make this
and key management difficult.

> Keys that exist on local keyrings sooner or later tend to end up on
> keyservers.

True.

> The first two or three times I looked at PGP and GnuPG, I found the
> apparent requirement to include personal information in user IDs
> repulsive and therefore moved on without any further study. A
> feature such as this might have attracted me to study further and
> maybe adopt sooner.

No offence, but I think this is more a lack of imagination.  I think
my second key ever used a pseudonym with no email address or comment
and it was made the same day as my first one.

> Burying it in expert mode, and thereby branding it as nonsensical or
> silly and for experts only, would have effectively rendered it
> invisible to me.

Perhaps.  As long as it is not a default option and it is well and
truly clear what limited privacy options it provides.  It would be too
easy for people just discovering it to believe that it provides
greater security than it really does.

> A scheme such as this would allow the user, without publishing their
> personal information, to publish a key that others could locate and
> use. That is not the same thing as preventing their personal
> information being revealed.

True, but if the aim is not publishing personal information in the
clear, then other means of revealing that same information make this
"protection" little more than an annoyance to others.

>> After all, a relationship could be determined by their identity and
>> if there were enough such signatures from people you know in real
>> life, it may be possible to determine your identity that way.
> 
> Maybe inferred rather than determined.

Perhaps inferred is better, at least at first.

> You could have gone to a keysigning party and met a group of people
> who knew each other in real life but you'd never seen any of them
> before.

True.

> And working out who you are in real life wouldn't necessarily reveal
> your email addresses or any other identities you had in hashed user
> IDs.

Okay.

> (You might have your name unhashed and only be hashing your email
> addresses.)

Alright, I can see how some might find that useful.

>> It seems that the only real strength the hashed UID has is if it is
>> adopted by every user, regardless of whether they want it or not.
> 
> Why?

If all the UIDs were hashed then it would be considerably more
difficult to determine the identity of one of them, even if they had
signed each others' keys than if only one person had their name and
addresses hashed.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/bdf56135/attachment.pgp>

From ben at adversary.org  Sun Mar 20 19:38:37 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 21 Mar 2011 05:38:37 +1100
Subject: Keyservers
In-Reply-To: <4D86436E.20404@gmail.com>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>
	<4D86436E.20404@gmail.com>
Message-ID: <4D8649AD.5070909@adversary.org>

On 21/03/11 5:11 AM, Jonathan Ely wrote:
>
> The attached .asc file causes problems? I have disabled that but
> still enabled the header. Why would the .asc attachment option be
> there if it causes problems?

The .asc file is the GPG signature and does not cause problems.  The
signature that is referred to is the "confidentiality notice" that is
appended to your email.  Presumably it is appended by your MUA or
GMail *after* the rest of your message is signed and thus the "bad
signature" message indicates your email has been modified (which it
has, by a disclaimer which everyone will ignore and not feel bound
by).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/729bf75d/attachment.pgp>

From thajsta at gmail.com  Sun Mar 20 20:11:30 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 15:11:30 -0400
Subject: Keyservers
In-Reply-To: <4D8649AD.5070909@adversary.org>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>	<4D86436E.20404@gmail.com>
	<4D8649AD.5070909@adversary.org>
Message-ID: <4D865162.1050504@gmail.com>

Firstly, what is MUA? I hear that but am not sure what that means.
Secondly, I have disabled that in Thunderbird. I had no idea it modified
anything; I thought it was simply a text signature that did not
interfere with Enigmail and GnuPG. Thanks for enabling me to understand
the complication there.

On 20/03/2011 02:38 PM, Ben McGinnes wrote:
> On 21/03/11 5:11 AM, Jonathan Ely wrote:
>>
>> The attached .asc file causes problems? I have disabled that but
>> still enabled the header. Why would the .asc attachment option be
>> there if it causes problems?
> 
> The .asc file is the GPG signature and does not cause problems.  The
> signature that is referred to is the "confidentiality notice" that is
> appended to your email.  Presumably it is appended by your MUA or
> GMail *after* the rest of your message is signed and thus the "bad
> signature" message indicates your email has been modified (which it
> has, by a disclaimer which everyone will ignore and not feel bound
> by).
> 
> 
> Regards,
> Ben
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/d64aa46e/attachment.pgp>

From ben at adversary.org  Sun Mar 20 20:35:23 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 21 Mar 2011 06:35:23 +1100
Subject: Keyservers
In-Reply-To: <4D865162.1050504@gmail.com>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>	<4D86436E.20404@gmail.com>	<4D8649AD.5070909@adversary.org>
	<4D865162.1050504@gmail.com>
Message-ID: <4D8656FB.9060506@adversary.org>

On 21/03/11 6:11 AM, Jonathan Ely wrote:
> Firstly, what is MUA? I hear that but am not sure what that means.

MUA = Mail User Agent, e.g. Thunderbird, Outlook, Apple Mail, etc.
MTA = Mail Transfer Agent, e.g. Sendmail, Postfix, Exchange, etc.

> Secondly, I have disabled that in Thunderbird. I had no idea it
> modified anything; I thought it was simply a text signature that did
> not interfere with Enigmail and GnuPG. Thanks for enabling me to
> understand the complication there.

If a signature is inserted before the message is signed then it will
be included as part of the message body and will be part of the signed
content.  This means it won't break the signature.  If it is inserted
as the message is being sent, but after the message is signed then it
will generate the error seen on the list.

To be sure that a text signature is appended without interfering with
the digital signature, it should appear in the body of the message
when you edit it.  Thunderbird is quite capable of doing this (I have
one, but don't normally include it when posting to lists).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/d6f27993/attachment-0001.pgp>

From Mike_Acker at charter.net  Sun Mar 20 20:42:24 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sun, 20 Mar 2011 15:42:24 -0400
Subject: 2.0.17
Message-ID: <4D8658A0.203@charter.net>

we are supposed to be on 2.0.17

if the user sent data and didn't click the PGP/MIME option this could be
trouble

if you don't have the key for the sender this will be trouble

check in Kleo/config, make sure you have the right keyserver.  i think
it should be

    hkp://keys.gnupg.net

if you had a virus in your 'puter "the results can be unpredictable". 
Try Malwarebytes on it; I've had some luck with that

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110320/d3174ce5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/d3174ce5/attachment.pgp>

From Mike_Acker at charter.net  Sun Mar 20 20:59:35 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sun, 20 Mar 2011 15:59:35 -0400
Subject: 2.0.17
In-Reply-To: <4D865A87.8010907@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
Message-ID: <4D865CA7.4000305@charter.net>

On 03/20/2011 15:50, Jonathan Ely wrote:
> Just to let you know, your signature failed to validate and thus says
> ?bad?. Hope this helps.
YES!! Thanks x 100!!

==> I have UPLOADED my Public key to the hkp://keys.gnupg.net server

let's see if this one goes OK!! I really appreciate the come-back we are
trying to get our group conversant with these excellent software products!!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/75404b5b/attachment.pgp>

From thajsta at gmail.com  Sun Mar 20 20:48:56 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 15:48:56 -0400
Subject: Keyservers
In-Reply-To: <4D8656FB.9060506@adversary.org>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>	<4D86436E.20404@gmail.com>	<4D8649AD.5070909@adversary.org>	<4D865162.1050504@gmail.com>
	<4D8656FB.9060506@adversary.org>
Message-ID: <4D865A28.3030505@gmail.com>

I do not use the Gmail interface any more; I only use the Thunderbird
client and typed the signature in the edit field found in the Tools |
Account options | General dialogue. It always appears in the body, right
under the point where I type. If this is the case it should not
interfere with Enigmail or GnuPG, correct?

PS. I learnt my lesson about including any signature for a mailing list.

On 20/03/2011 03:35 PM, Ben McGinnes wrote:
> On 21/03/11 6:11 AM, Jonathan Ely wrote:
>> Firstly, what is MUA? I hear that but am not sure what that means.
> 
> MUA = Mail User Agent, e.g. Thunderbird, Outlook, Apple Mail, etc.
> MTA = Mail Transfer Agent, e.g. Sendmail, Postfix, Exchange, etc.
> 
>> Secondly, I have disabled that in Thunderbird. I had no idea it
>> modified anything; I thought it was simply a text signature that did
>> not interfere with Enigmail and GnuPG. Thanks for enabling me to
>> understand the complication there.
> 
> If a signature is inserted before the message is signed then it will
> be included as part of the message body and will be part of the signed
> content.  This means it won't break the signature.  If it is inserted
> as the message is being sent, but after the message is signed then it
> will generate the error seen on the list.
> 
> To be sure that a text signature is appended without interfering with
> the digital signature, it should appear in the body of the message
> when you edit it.  Thunderbird is quite capable of doing this (I have
> one, but don't normally include it when posting to lists).
> 
> 
> Regards,
> Ben
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/8783e083/attachment.pgp>

From ben at adversary.org  Sun Mar 20 21:31:57 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 21 Mar 2011 07:31:57 +1100
Subject: Keyservers
In-Reply-To: <4D865A28.3030505@gmail.com>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>	<4D86436E.20404@gmail.com>	<4D8649AD.5070909@adversary.org>	<4D865162.1050504@gmail.com>	<4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
Message-ID: <4D86643D.1050201@adversary.org>

On 21/03/11 6:48 AM, Jonathan Ely wrote:
>
> I do not use the Gmail interface any more; I only use the
> Thunderbird client and typed the signature in the edit field found
> in the Tools | Account options | General dialogue. It always appears
> in the body, right under the point where I type. If this is the case
> it should not interfere with Enigmail or GnuPG, correct?

That's right, for the sake of testing I'm including mine this time to
be sure.  Is your signature included as a separate text file or in the
box provided?  For reference, mine is a separate file which is read in
every time I start a message or reply to one (but not when I forward a
message).


Regards,
Ben

-- 
Ben McGinnes  http://www.adversary.org/  Twitter: benmcginnes
    Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary OpenPGP/GPG key: 0xA04AE313
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x371AC5BFA04AE313


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/00ecf684/attachment.pgp>

From kgo at grant-olson.net  Sun Mar 20 21:41:31 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sun, 20 Mar 2011 16:41:31 -0400
Subject: Keyservers
In-Reply-To: <4D86643D.1050201@adversary.org>
References: <4D85F9CF.7080707@gmail.com>	<201103201643.53472@thufir.ingo-kloecker.de>	<4D8622C0.3010102@mac.com>	<201103201828.07200@thufir.ingo-kloecker.de>	<4D86436E.20404@gmail.com>	<4D8649AD.5070909@adversary.org>	<4D865162.1050504@gmail.com>	<4D8656FB.9060506@adversary.org>	<4D865A28.3030505@gmail.com>
	<4D86643D.1050201@adversary.org>
Message-ID: <4D86667B.1030907@grant-olson.net>

On 03/20/2011 04:31 PM, Ben McGinnes wrote:
> On 21/03/11 6:48 AM, Jonathan Ely wrote:
>>
>> I do not use the Gmail interface any more; I only use the
>> Thunderbird client and typed the signature in the edit field found
>> in the Tools | Account options | General dialogue. It always appears
>> in the body, right under the point where I type. If this is the case
>> it should not interfere with Enigmail or GnuPG, correct?
> 
> That's right, for the sake of testing I'm including mine this time to
> be sure.  Is your signature included as a separate text file or in the
> box provided?  For reference, mine is a separate file which is read in
> every time I start a message or reply to one (but not when I forward a
> message).
> 

Thunderbird sigs work just fine in any configuration.  If they don't,
I'd consider that a bug in enigmail, and let them know on the enigmail list.


-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/606ae9f2/attachment.pgp>

From kloecker at kde.org  Sun Mar 20 21:44:58 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Sun, 20 Mar 2011 21:44:58 +0100
Subject: Keyservers
In-Reply-To: <4D865A28.3030505@gmail.com>
References: <4D85F9CF.7080707@gmail.com> <4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
Message-ID: <201103202145.06001@thufir.ingo-kloecker.de>

On Sunday 20 March 2011, Jonathan Ely wrote:
> On 20/03/2011 03:35 PM, Ben McGinnes wrote:
> > To be sure that a text signature is appended without interfering
> > with the digital signature, it should appear in the body of the
> > message when you edit it.  Thunderbird is quite capable of doing
> > this (I have one, but don't normally include it when posting to
> > lists).
>
> I do not use the Gmail interface any more; I only use the Thunderbird
> client and typed the signature in the edit field found in the Tools |
> Account options | General dialogue. It always appears in the body,
> right under the point where I type. If this is the case it should
> not interfere with Enigmail or GnuPG, correct?
> 
> PS. I learnt my lesson about including any signature for a mailing
> list.

The next thing you might want to learn is not to top-post (i.e. write 
the reply above of the full quote of the message one replies to). Top-
posting is very common in corporate email exchange but it is uncommon on 
many mailing lists (including this one).


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110320/a1279aff/attachment.pgp>

From Mike_Acker at charter.net  Sun Mar 20 22:00:31 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sun, 20 Mar 2011 17:00:31 -0400
Subject: KEYSERVER
In-Reply-To: <4D865A87.8010907@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
Message-ID: <4D866AEF.7090807@charter.net>

On 03/20/2011 15:50, Jonathan Ely wrote:
> Just to let you know, your signature failed to validate and thus says
> 'bad'. Hope this helps.
added note: when i received your message THUNDERBIRD reported
"Unverified signature".  I selected the option to load your key from the
server ( hkp://keys.gnupg.net ) and this succeeded.

following that event THUNDERBIRD reported "untrusted good signature" --
as it should.  after I signed it TWICE with MARGINAL trust -- it turned
green ( GOOD Signature ) -- as it should.

I think there may be some confusion with the names we use -- related to

    * key validity
    * owner trust

As I currently understand things: the *owner trust* indicates whether I
trust a key to sign for other keys and this can be fully, marginally, or
not at all.

key valididity indicates whether i have properly vetted the actual owner
of a key-- again fully, marginal, or not at all.

    * when i first received your message THUNDERBIRD reported UNVERIFIED
      signature
    * when I downloaded your key from the server the message changed,
      showing UNTRUSTED signature
    * when I signed the key showing casual checking the UNTRUSTED
      message remained
    * when I signed you key a second time with a different master key
      then the status wento GREEN: Good Signature.
    * I then deleted your key and downloaded it again
    * when i signed your key ONCE will carefull checking the message
      status went to GREEN: Good Signature

I think this is all as it should be but the wording is all a little
difficult...

/MIKE


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110320/e943497c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/e943497c/attachment-0001.pgp>

From thajsta at gmail.com  Sun Mar 20 22:16:29 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 17:16:29 -0400
Subject: Keyservers
In-Reply-To: <201103202145.06001@thufir.ingo-kloecker.de>
References: <4D85F9CF.7080707@gmail.com>
	<4D8656FB.9060506@adversary.org>	<4D865A28.3030505@gmail.com>
	<201103202145.06001@thufir.ingo-kloecker.de>
Message-ID: <4D866EAD.9080807@gmail.com>

Really? For me, it is much easier to access the newest reply instead of
using the Down Arrow key to find it. Gmail always worked the same way
for me.

On 20/03/2011 04:44 PM, Ingo Kl?cker wrote:
> On Sunday 20 March 2011, Jonathan Ely wrote:
>> On 20/03/2011 03:35 PM, Ben McGinnes wrote:
>>> To be sure that a text signature is appended without interfering
>>> with the digital signature, it should appear in the body of the
>>> message when you edit it.  Thunderbird is quite capable of doing
>>> this (I have one, but don't normally include it when posting to
>>> lists).
>>
>> I do not use the Gmail interface any more; I only use the Thunderbird
>> client and typed the signature in the edit field found in the Tools |
>> Account options | General dialogue. It always appears in the body,
>> right under the point where I type. If this is the case it should
>> not interfere with Enigmail or GnuPG, correct?
>>
>> PS. I learnt my lesson about including any signature for a mailing
>> list.
> 
> The next thing you might want to learn is not to top-post (i.e. write 
> the reply above of the full quote of the message one replies to). Top-
> posting is very common in corporate email exchange but it is uncommon on 
> many mailing lists (including this one).
> 
> 
> Regards,
> Ingo
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/759d5cc7/attachment.pgp>

From kloecker at kde.org  Sun Mar 20 22:20:08 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Sun, 20 Mar 2011 22:20:08 +0100
Subject: Keyservers
In-Reply-To: <4D8649AD.5070909@adversary.org>
References: <4D85F9CF.7080707@gmail.com> <4D86436E.20404@gmail.com>
	<4D8649AD.5070909@adversary.org>
Message-ID: <201103202220.09853@thufir.ingo-kloecker.de>

On Sunday 20 March 2011, Ben McGinnes wrote:
> On 21/03/11 5:11 AM, Jonathan Ely wrote:
> > The attached .asc file causes problems? I have disabled that but
> > still enabled the header. Why would the .asc attachment option be
> > there if it causes problems?
> 
> The .asc file is the GPG signature and does not cause problems.

Are you sure that the ".asc file" is the signature and not the attached 
public key? Two of Jonathan's messages with bad signatures had his 
public key (as .asc attachment) attached. My bets are on this attached 
public key causing the problems.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110320/ed647fac/attachment.pgp>

From gollo at fsfe.org  Sun Mar 20 22:26:03 2011
From: gollo at fsfe.org (Martin Gollowitzer)
Date: Sun, 20 Mar 2011 22:26:03 +0100
Subject: Keyservers
In-Reply-To: <4D866EAD.9080807@gmail.com>
References: <4D85F9CF.7080707@gmail.com> <4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
Message-ID: <20110320212603.GA23088@wingback.gollo.at>

Hi,

* Jonathan Ely <thajsta at gmail.com> [110320 22:18, 
  mID <4D866EAD.9080807 at gmail.com>]:

> Really? For me, it is much easier to access the newest reply instead of
> using the Down Arrow key to find it. Gmail always worked the same way
> for me.

You might want to read [1,2,3].

[1] https://wiki.fsfe.org/Fellows/mk/EmailGuide
[2] http://en.wikipedia.org/wiki/Posting_style
[3] http://www.guckes.net/mail/editing.html

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110320/a28b377d/attachment.pgp>

From ben at adversary.org  Sun Mar 20 22:28:08 2011
From: ben at adversary.org (Ben McGinnes)
Date: Mon, 21 Mar 2011 08:28:08 +1100
Subject: Keyservers
In-Reply-To: <4D866EAD.9080807@gmail.com>
References: <4D85F9CF.7080707@gmail.com>	<4D8656FB.9060506@adversary.org>	<4D865A28.3030505@gmail.com>	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
Message-ID: <4D867168.9060307@adversary.org>

On 21/03/11 8:16 AM, Jonathan Ely wrote:
> Really? For me, it is much easier to access the newest reply instead of
> using the Down Arrow key to find it. Gmail always worked the same way
> for me.

It does make it easier to follow a conversation in context if multiple
sections of a conversation are quoted.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/89f75061/attachment.pgp>

From Mike_Acker at charter.net  Sun Mar 20 22:29:03 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Sun, 20 Mar 2011 17:29:03 -0400
Subject: KEYSERVER
In-Reply-To: <4D866F72.9050506@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
	<4D866AEF.7090807@charter.net> <4D866F72.9050506@gmail.com>
Message-ID: <4D86719F.3070007@charter.net>

On 03/20/2011 17:19, Jonathan Ely wrote:
> It can be complicated; it is for me since I am still new to this. I only
> ?trust fully? those keys who come from people who I think would not fake
> identity, or have no reason not to be trusted fully. Is it unwise to
> trust anybody's key fully even if you are confident they would never
> ?spoof? another's key? I never even thought of doing what you did; I
> just leave everything as ?untrusted good signature? unless if it is
> somebody with whom I am familiar.
thanks for the note!! have you tried to download my signature from the
server? it should work.... it ought to work...

i agree with you on the trust matter. it's fun to experiment though--
and-- it's how we learn!!

all i did was to simply delete your key from my keyring -- using the
excellent pgp/key manager that is built into THUNDERBIRD. following that
you go back to your original no key found condition and i can try
another test

but you are completely right: you have NO REASON to trust MY key --
unless somone YOU trust to VERIFY keys signs my key for you. this is
what a Certificate Authority is supposed to do but to this date I remain
concerned that most of the CA certificates in our browsers are just
loaded there by someone-- i have no clue why i would think they are valid.

thoughts?

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/7638f7dd/attachment.pgp>

From kgo at grant-olson.net  Sun Mar 20 22:35:41 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sun, 20 Mar 2011 17:35:41 -0400
Subject: Keyservers
In-Reply-To: <4D866EAD.9080807@gmail.com>
References: <4D85F9CF.7080707@gmail.com>	<4D8656FB.9060506@adversary.org>	<4D865A28.3030505@gmail.com>	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
Message-ID: <4D86732D.3040701@grant-olson.net>

On 03/20/2011 05:16 PM, Jonathan Ely wrote:
> Really? For me, it is much easier to access the newest reply instead of
> using the Down Arrow key to find it. Gmail always worked the same way
> for me.
> 

Ingo's talking about the body of the message.  Most mailing lists people
reply after the question, so it's in context when you find a thread
later, instead of before, at the top of the message.

Arguably, when reading a message out of context, it's easier when most
people see:

QUESTION: What is the secret to life, the universe and everything?
ANSWER: 42

Rather than:

ANSWER: 42
QUESTION: What is the secret to life, the universe and everything?

Which is what happens when you 'top-post' your answer at the top of the
message.

If it's hard to do compose an interleaved reply with your screen-reader,
that's fine, but you will get people complaining about it every now and
then.  If it's easy, you probably want do to reply after people's
comments, in context, instead of before, when you're on mailing lists.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/0be5d584/attachment.pgp>

From kgo at grant-olson.net  Sun Mar 20 22:39:41 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sun, 20 Mar 2011 17:39:41 -0400
Subject: KEYSERVER
In-Reply-To: <4D86719F.3070007@charter.net>
References: <4D8658A0.203@charter.net>
	<4D865A87.8010907@gmail.com>	<4D866AEF.7090807@charter.net>
	<4D866F72.9050506@gmail.com> <4D86719F.3070007@charter.net>
Message-ID: <4D86741D.1060505@grant-olson.net>

On 03/20/2011 05:29 PM, Mike Acker wrote:
> On 03/20/2011 17:19, Jonathan Ely wrote:
>> It can be complicated; it is for me since I am still new to this. I only
>> ?trust fully? those keys who come from people who I think would not fake
>> identity, or have no reason not to be trusted fully. Is it unwise to
>> trust anybody's key fully even if you are confident they would never
>> ?spoof? another's key? I never even thought of doing what you did; I
>> just leave everything as ?untrusted good signature? unless if it is
>> somebody with whom I am familiar.
> thanks for the note!! have you tried to download my signature from the
> server? it should work.... it ought to work...
> 
> i agree with you on the trust matter. it's fun to experiment though--
> and-- it's how we learn!!
> 
> all i did was to simply delete your key from my keyring -- using the
> excellent pgp/key manager that is built into THUNDERBIRD. following that
> you go back to your original no key found condition and i can try
> another test
> 
> but you are completely right: you have NO REASON to trust MY key --
> unless somone YOU trust to VERIFY keys signs my key for you. this is
> what a Certificate Authority is supposed to do but to this date I remain
> concerned that most of the CA certificates in our browsers are just
> loaded there by someone-- i have no clue why i would think they are valid.
> 
> thoughts?
> 

Hate to complain, but I'm only seeing one side of this conversation on
the mailing list.  I originally thought Mike posted the first message
accidentally.  Please keep it all on-list or all off-list, or it makes
no sense to the rest of us.

Thanks,

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/5d24cdee/attachment-0001.pgp>

From thajsta at gmail.com  Sun Mar 20 23:08:48 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Sun, 20 Mar 2011 18:08:48 -0400
Subject: Keyservers
In-Reply-To: <4D86732D.3040701@grant-olson.net>
References: <4D85F9CF.7080707@gmail.com>	<4D8656FB.9060506@adversary.org>	<4D865A28.3030505@gmail.com>	<201103202145.06001@thufir.ingo-kloecker.de>	<4D866EAD.9080807@gmail.com>
	<4D86732D.3040701@grant-olson.net>
Message-ID: <4D867AF0.2050309@gmail.com>

Something to think about that one. I guess I will experiment in the
future, but I understand what you mean and you do have a point with the
question > answer order rather than the reverse. Now I understand why
Thunderbird has that option.

On 20/03/2011 05:35 PM, Grant Olson wrote:
> On 03/20/2011 05:16 PM, Jonathan Ely wrote:
>> Really? For me, it is much easier to access the newest reply instead of
>> using the Down Arrow key to find it. Gmail always worked the same way
>> for me.
>>
> 
> Ingo's talking about the body of the message.  Most mailing lists people
> reply after the question, so it's in context when you find a thread
> later, instead of before, at the top of the message.
> 
> Arguably, when reading a message out of context, it's easier when most
> people see:
> 
> QUESTION: What is the secret to life, the universe and everything?
> ANSWER: 42
> 
> Rather than:
> 
> ANSWER: 42
> QUESTION: What is the secret to life, the universe and everything?
> 
> Which is what happens when you 'top-post' your answer at the top of the
> message.
> 
> If it's hard to do compose an interleaved reply with your screen-reader,
> that's fine, but you will get people complaining about it every now and
> then.  If it's easy, you probably want do to reply after people's
> comments, in context, instead of before, when you're on mailing lists.
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/fb9d2f1a/attachment.pgp>

From expires2011 at ymail.com  Mon Mar 21 00:40:03 2011
From: expires2011 at ymail.com (MFPA)
Date: Sun, 20 Mar 2011 23:40:03 +0000
Subject: hashed user IDs [was: Re: Security of the gpg private keyring?]
In-Reply-To: <4D864815.6020205@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<4D777C74.8010901@adversary.org> <4D778317.3020102@sixdemonbag.org>
	<201103100103.22525.mailinglisten@hauke-laging.de>
	<4D783E58.5090205@adversary.org>
	<1688705621.20110312193733@my_localhost>
	<4D7C5AC7.70903@adversary.org>
	<407588411.20110313133202@my_localhost>
	<4D7CF355.3050606@adversary.org>
	<18692048.20110320025234@my_localhost>
	<4D864815.6020205@adversary.org>
Message-ID: <1602481249.20110320234003@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 20 March 2011 at 6:31:49 PM, in
<mid:4D864815.6020205 at adversary.org>, Ben McGinnes wrote:


> On 20/03/11 1:52 PM, MFPA wrote:
>> Whether on a keyserver or on your local keyring, I see
>> little difference.

> Which just shows how your use differs with that of
> others.  I have a number of keys on my keyring and when
> I list them I like to see which key belongs to which
> identity/account (I don't care if it's a real name or
> not, just as long as I can see something that makes
> sense to me).  Hashed IDs, depending on how common they
> became, would make this and key management difficult.

All fair enough but the reason I see little difference between
personal information being on other people's local keyrings or on
keyservers is covered in the next sentence, which you agreed with.



>> Keys that exist on local keyrings sooner or later tend
>> to end up on keyservers.

> True.

>> The first two or three times I looked at PGP and
>> GnuPG, I found the apparent requirement to include
>> personal information in user IDs repulsive and
>> therefore moved on without any further study. A
>> feature such as this might have attracted me to study
>> further and maybe adopt sooner.

> No offence, but I think this is more a lack of
> imagination.  I think my second key ever used a
> pseudonym with no email address or comment and it was
> made the same day as my first one.

No offence taken. When I eventually looked into it I realised the
requirement for including the email address, although strongly
suggested by most descriptions and how-to articles I found, was not
real. One of the first keys I created was the one use to I sign these
messages; the <a at b.c> is because whatever PGP version I was using
wouldn't create a key without an "email address" of
string at string.string and I was unaware of example.net at the time.



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Is it bad luck to be superstitious?
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNhpBfnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pILYD/iCq
cplQC5D1+3RVeOO/w08C3haZyEOcCP7f8nQwZ8+qKczsWzpES6vUIKmy6NavawQZ
GFWAJv2paLAtoH8rNencYVx1w0pOooimGMZ7bLL7ShgiljkeUz1ESOvXO+V2iE2Y
wj8Re258FTkIVhvhWjjqQAF9UH8AQmXOEbyAip19
=meYo
-----END PGP SIGNATURE-----



From albert_waa at charter.net  Sun Mar 20 18:44:24 2011
From: albert_waa at charter.net (Bill Albert)
Date: Sun, 20 Mar 2011 13:44:24 -0400
Subject: 2.0.17
Message-ID: <4D863CF8.1060206@charter.net>

we are supposed to be on 2.0.17

if the user sent data and didn't click the PGP/MIME option this could be
trouble

if you don't have the key for the sender this will be trouble

check in Kleo/config, make sure you have the right keyserver.  i think
it should be

    hkp://keys.gnupg.net

if you had a virus in your 'puter "the results can be unpredictable". 
Try Malwarebytes on it; I've had some luck with that
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110320/e118835d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110320/e118835d/attachment.pgp>

From remco at webconquest.com  Mon Mar 21 07:33:08 2011
From: remco at webconquest.com (Remco Rijnders)
Date: Mon, 21 Mar 2011 07:33:08 +0100
Subject: Keyservers
In-Reply-To: <20110320212603.GA23088@wingback.gollo.at>
References: <4D85F9CF.7080707@gmail.com> <4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
	<20110320212603.GA23088@wingback.gollo.at>
Message-ID: <412.AD4C@winter.webconquest.com>

On Sun, Mar 20, 2011 at 10:26:03PM +0100, Martin Gollowitzer wrote:
>> Really? For me, it is much easier to access the newest reply instead of
>> using the Down Arrow key to find it. Gmail always worked the same way
>> for me.
>
>You might want to read [1,2,3].
>
>[1] https://wiki.fsfe.org/Fellows/mk/EmailGuide
>[2] http://en.wikipedia.org/wiki/Posting_style
>[3] http://www.guckes.net/mail/editing.html

Hi Martin,

While I fully agree on bottom posting being preferred, I wonder if it's 
not a lost battle already. People quoting 'properly' are in such a 
minority that I don't think this can be changed around anymore. Of course, 
some fora will still be the exception to this, but I fear they will become 
less and less in number. Most of the guides on proper netiquette date from 
the previous century too and people don't seem interested anymore in doing 
things properly.

Remco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110321/bd1d8ed4/attachment.pgp>

From gollo at fsfe.org  Mon Mar 21 07:46:55 2011
From: gollo at fsfe.org (Martin Gollowitzer)
Date: Mon, 21 Mar 2011 07:46:55 +0100
Subject: Keyservers
In-Reply-To: <412.AD4C@winter.webconquest.com>
References: <4D85F9CF.7080707@gmail.com> <4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
	<20110320212603.GA23088@wingback.gollo.at>
	<412.AD4C@winter.webconquest.com>
Message-ID: <20110321064655.GC4647@wingback.gollo.at>

Hi,

* Remco Rijnders <remco at webconquest.com> [110321 07:35, 
  mID <412.AD4C at winter.webconquest.com>]:

> While I fully agree on bottom posting being preferred, I wonder if it's 
> not a lost battle already. People quoting 'properly' are in such a 
> minority that I don't think this can be changed around anymore. Of course, 
> some fora will still be the exception to this, but I fear they will become 
> less and less in number. Most of the guides on proper netiquette date from 
> the previous century too and people don't seem interested anymore in doing 
> things properly.

This depends very much on the people you communicate with. People in the
Free Software are tend to do it "right" because when they start to use
e-mail regularly with others in this area, they are usually being asked
to use "proper" style :) I started with Free Software in the 21st
century and still learned to not use full quotes and top posting. The
first time I realized that proper e-mail style is useful was when I
started to read more mailinglists with rather high message volumes ? you
just can keep a better overview with "correct" quoting :)

Martin

p.s. Even some of my non-techie friends realized the advantage of this
     style after a short explanation ;) The real problem is actually MS
     Outlook and its default settings.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110321/0a1835aa/attachment.pgp>

From jerome at jeromebaum.com  Mon Mar 21 06:48:07 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 05:48:07 +0000
Subject: Deniability
Message-ID: <86bp15gh2g.fsf@jeromebaum.com>

Hi all,

I  am looking  into the  "plausible  deniability" issue  again that  was
discussed here in the past. My problem definition:

    Configure gpg  in such a way  that when I  encrypt a file, be  it to
    someone else or  to myself, the recipient(s) can  deny being able to
    decrypt the file in question.  An adversary should also be unable to
    derive information about the  recipient(s) -- including their number
    -- from  the encrypted  message. Assume  I like  encrypt-to-self and
    have it enabled.

The obvious way to start is with throw-keyids. Problems:

1. The number of recipients is revealed.

2. If I encrypt to only myself, this is revealed.

I could generate some bogus  keys and throw out the secrets, effectively
making them "encryption-only" keys. Then  to solve #2, I just encrypt to
such a  bogus key in  addition to  my actual key.  I could also  set the
encrypt-to option  for several bogus  keys to make the  adversary's life
more difficult in determining the number of recipients.

After seeing a number of encrypted messages, the adversary will know for
how many bogus keys I have  encrypt-to set. #1 appears again. This could
be solved by randomly picking a  subset of the bogus keys, possibly as a
wrapper around gpg.  So, both problems can be  solved this way, although
it would be annoying  to have to put randomly-pick-some-bogus-keys.sh in
place.

I can imagine  there are going to be  some relatively simple statistical
attacks on  this scheme (by looking  at algorithms and  key-sizes of the
recipients). What  do you  guys think? What  problems and  solutions are
there?

-- 
Jerome Baum <jerome at jeromebaum.com> 0xC58C753A
Key fingerprint = A0E4 B2D4 94E6 20EE 85BA  E45B 63E4 2BD8 C58C 753A
Jerome Baum 0x215236DA
Key fingerprint = 2C23 EBFF DF1A 840D 2351  F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/b1228b7e/attachment-0001.pgp>

From roam at ringlet.net  Mon Mar 21 09:17:42 2011
From: roam at ringlet.net (Peter Pentchev)
Date: Mon, 21 Mar 2011 10:17:42 +0200
Subject: Keyservers
In-Reply-To: <20110321064655.GC4647@wingback.gollo.at>
References: <4D85F9CF.7080707@gmail.com> <4D8656FB.9060506@adversary.org>
	<4D865A28.3030505@gmail.com>
	<201103202145.06001@thufir.ingo-kloecker.de>
	<4D866EAD.9080807@gmail.com>
	<20110320212603.GA23088@wingback.gollo.at>
	<412.AD4C@winter.webconquest.com>
	<20110321064655.GC4647@wingback.gollo.at>
Message-ID: <20110321081742.GC3487@straylight.ringlet.net>

On Mon, Mar 21, 2011 at 07:46:55AM +0100, Martin Gollowitzer wrote:
> Hi,
> 
> * Remco Rijnders <remco at webconquest.com> [110321 07:35, 
>   mID <412.AD4C at winter.webconquest.com>]:
> 
> > While I fully agree on bottom posting being preferred, I wonder if it's 
> > not a lost battle already. People quoting 'properly' are in such a 
> > minority that I don't think this can be changed around anymore. Of course, 
> > some fora will still be the exception to this, but I fear they will become 
> > less and less in number. Most of the guides on proper netiquette date from 
> > the previous century too and people don't seem interested anymore in doing 
> > things properly.
> 
> This depends very much on the people you communicate with. People in the
> Free Software are tend to do it "right" because when they start to use
> e-mail regularly with others in this area, they are usually being asked
> to use "proper" style :) I started with Free Software in the 21st
> century and still learned to not use full quotes and top posting. The
> first time I realized that proper e-mail style is useful was when I
> started to read more mailinglists with rather high message volumes ? you
> just can keep a better overview with "correct" quoting :)
> 
> Martin
> 
> p.s. Even some of my non-techie friends realized the advantage of this
>      style after a short explanation ;) The real problem is actually MS
>      Outlook and its default settings.

And (as pointed out even on this thread), lately, also GMail and
its default settings.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
because I didn't think of a good beginning of it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110321/86afa93d/attachment.pgp>

From Mike_Acker at charter.net  Mon Mar 21 11:08:17 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 06:08:17 -0400
Subject: KEYSERVER; Trust Model
In-Reply-To: <4D867A24.80608@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
	<4D866AEF.7090807@charter.net> <4D866F72.9050506@gmail.com>
	<4D86719F.3070007@charter.net> <4D867A24.80608@gmail.com>
Message-ID: <4D872391.1080204@charter.net>

On 03/20/2011 18:05, Jonathan Ely wrote:
> I thought it would automatically download your key, but I guess that is
> only for decrypting a message. I might be wrong on that too. I have
> never tried wownloading and importing your key but there is no harm in
> trying.
>
> The trust thing is really contradicting since you do not personally
> 'trust' those people, since you may have no idea who they are to begin
> with. I can go really deep, but the smart thing to do is familiarise
> one's self with the sender and only then set trust accordingly, or just
> leave things at their defaults. If people use the function procariously,
> there would really be no point having it at all.

"automatically download key:" mine doesn't: I have to click the DETAILS
switch and select the options to download your key from the server.  I
think this is quite acceptable as I only do it once.  It will be
interesting to see what happens if I upload a REVOCATION certificate to
the key server.  we will find out

have you tried downloading my key?  you can easily delete it later if
you like: the key management dialog that is part of Thunderbird/ENIGMAIL
-- is better than either GPA or Kleo. Key-ID:30ABC33A

you stated you were getting a "BAD KEY" message.  Has that resolved?
~~


        Trust Models


If you were going to use PGP only for communication between yourself and
a few friends in a manner in which you could personally exchange keys
there would be no need for trust models

but for example, suppose we are administering communication security for
a slightly larger group, 20 folks or more and we have members who come
and go...

when a new person, let's call him "Tom" joins the group he will meet
with the group security person (GSP).

The GSP will help Tom to setup his ENIGMAIL. after Tom has generated his
keypair he will provide the GSP with a copy of his new Public Key.  The
GSP will sign Tom's key and provide that to the other group members.

The other group members will recognize the GSP's signature on Tom's key
and this is the signal that it is OK to communicate with Tom.

But what if Tom leaves the group?  The GSP will issue a revoke certificate.

The caching of local certificates here concerns me though: how to we
make sure that: if the group members obtain Tom's key from the server:
each time Tom's key is referenced ENIGMAIL needs to check the server for
a possible revoke certificate.  I need to work through this process so I
understand it thoroughly.

/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110321/02d08dfd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/02d08dfd/attachment.pgp>

From Mike_Acker at charter.net  Mon Mar 21 12:55:51 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 07:55:51 -0400
Subject: KEYSERVER; Trust Model
In-Reply-To: <4D873881.6070907@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
	<4D866AEF.7090807@charter.net> <4D866F72.9050506@gmail.com>
	<4D86719F.3070007@charter.net> <4D867A24.80608@gmail.com>
	<4D872391.1080204@charter.net> <4D873881.6070907@gmail.com>
Message-ID: <4D873CC7.2050201@charter.net>

On 03/21/2011 07:37, Jonathan Ely wrote:
> I meant to not say automatic because you are right. I went inside the
> details and activate the import option. Now it says ?untrusted good
> signature? as it should. That is much easier than searching for a key
> and saves time.
>
> Why upload a revocation certificate to public servers? Does not that
> file render your public and secret key pair unuseable? I never heard of
> somebody uploading their revocation certificate anywhere.
btw, the gnupg user list would like you to add a cc to the list on these
messages. they can probably get all of it from the quoted text blocks
but nonetheless the list would like us to share properly

in answer to your question: if you are administering keys for a group,
say 20 or more people and you have members who come and go -- you may
need to revoke a signature

for example, let's say Tom Newguy joins our group. how do we tell the
current member of the group and provide them with a certified copy of
Tom's key?

what do we do when Tom leaves the group?

Let's start at the beginning: Tom is joining our group today. I have
signed for his key. I am going to use the send key by email option of
Thunderbird's OpenPGP Key management dialog to send his key. If this is
done right you will be able to accept his key directly from his e/mail.
Let me know how this goes. Alternately I could send his key to the
server but I don't want to clutter the server with a junk key.

let me know what happens

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/5a6ac8c7/attachment.pgp>

From jcruff at gmail.com  Mon Mar 21 13:21:22 2011
From: jcruff at gmail.com (Chris Ruff)
Date: Mon, 21 Mar 2011 08:21:22 -0400
Subject: libgcrypt git repository
Message-ID: <1300710082.24051.11.camel@silence>

Is this an error on my part.  I went to git pull on the latest trunk for
gnupg and during configure discovered a newer libgcrypt (>=1.5.0) &
libksba (>=1.2.0) was needed.  However a git pull resulted in the
following error:

$ git clone git://git.gnupg.org/libgcrypt/trunk libgcrypt
Initialized empty Git repository in /path/to/libgcrypt/.git/
fatal: The remote end hung up unexpectedly

$ git clone git://git.gnupg.org/libksba/trunk libksba
Initialized empty Git repository in /path/to/libksba/.git/
fatal: The remote end hung up unexpectedly

TIA
-- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0xDD55B6FC
gpg fgpr: 1BA1 71D7 ADA7 1E8B 1623
          A43D 283B 2F81 BDD5 B810



From Mike_Acker at charter.net  Mon Mar 21 13:52:31 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 08:52:31 -0400
Subject: KEYSERVER; Trust Model
In-Reply-To: <4D87463D.3090703@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
	<4D866AEF.7090807@charter.net> <4D866F72.9050506@gmail.com>
	<4D86719F.3070007@charter.net> <4D867A24.80608@gmail.com>
	<4D872391.1080204@charter.net> <4D873881.6070907@gmail.com>
	<4D873CC7.2050201@charter.net> <4D873F0F.9090308@gmail.com>
	<4D87463D.3090703@gmail.com>
Message-ID: <4D874A0F.8020004@charter.net>

On 03/21/2011 08:36, Jonathan Ely wrote:
> So I trust Tom Nuguy's key, marginally or fully?
Very good question.  If you apply trust to Tom Newguy's key you are
indicating whether you trus him to sign for other keys.

That's now what we want to do in this scenario: Tom Newguy is the new
person in the group and I'm acting as the Group Security Facilitator

As a result:

    * if you load my key and mark it fully trusted , and
    * you then receive Tom Newguys key with my signature attached, then
    * when you open Tom Newguy's message the system will show good signature

If, OTH you mark me MARGINALLY trusted Tom Newguy will need TWO
signatures on his key before he can go green

So what you would do: download my key from the server and set a trust
level.  accept Tom's key from the e/mail.  then read Tom's message.  Try
setting the trust level on my key to different levels and then re-read
Tom's message: see what affect the setting has.  Basically the question
you are playing with is: should I trust Tom because Mike signed for him?

-- 
/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110321/3692c1fc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/3692c1fc/attachment.pgp>

From mailinglisten at hauke-laging.de  Mon Mar 21 14:54:01 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Mon, 21 Mar 2011 14:54:01 +0100
Subject: Deniability
In-Reply-To: <86bp15gh2g.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
Message-ID: <201103211454.08087.mailinglisten@hauke-laging.de>

Am Montag 21 M?rz 2011 06:48:07 schrieb Jerome Baum:

> 2. If I encrypt to only myself, this is revealed.

How?
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110321/d67110f4/attachment-0001.pgp>

From rjh at sixdemonbag.org  Mon Mar 21 15:00:01 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 21 Mar 2011 10:00:01 -0400
Subject: Deniability
In-Reply-To: <86bp15gh2g.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
Message-ID: <4D8759E1.9080706@sixdemonbag.org>

On 3/21/2011 1:48 AM, Jerome Baum wrote:
> I can imagine  there are going to be  some relatively simple
> statistical attacks on  this scheme (by looking  at algorithms and
> key-sizes of the recipients). What  do you  guys think? What
> problems and  solutions are there?

I think you're trying to use a blender as a personal flotation device.

OpenPGP is not meant to provide deniable communications.  It is
concerned primarily with message confidentiality (encryption) and
message integrity (signing).  Just like blenders blend, PFDs float, and
it's unwise to try and make one do the other's job, I think it's unwise
to crowbar OpenPGP into being a deniable protocol.


From kgo at grant-olson.net  Mon Mar 21 15:44:15 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 21 Mar 2011 10:44:15 -0400
Subject: libgcrypt git repository
In-Reply-To: <1300710082.24051.11.camel@silence>
References: <1300710082.24051.11.camel@silence>
Message-ID: <4D87643F.1060003@grant-olson.net>

On 3/21/11 8:21 AM, Chris Ruff wrote:
> Is this an error on my part.  I went to git pull on the latest trunk for
> gnupg and during configure discovered a newer libgcrypt (>=1.5.0) &
> libksba (>=1.2.0) was needed.  However a git pull resulted in the
> following error:
> 
> $ git clone git://git.gnupg.org/libgcrypt/trunk libgcrypt
> Initialized empty Git repository in /path/to/libgcrypt/.git/
> fatal: The remote end hung up unexpectedly
> 
> $ git clone git://git.gnupg.org/libksba/trunk libksba
> Initialized empty Git repository in /path/to/libksba/.git/
> fatal: The remote end hung up unexpectedly
> 
> TIA

Run the commands without '/trunk'.  I'm guessing that's an artifact from
the subversion command.

git clone git://git.gnupg.org/libgcrypt libgcrypt

git clone git://git.gnupg.org/libksba libksba

-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."


From jerome at jeromebaum.com  Mon Mar 21 15:48:39 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 14:48:39 +0000
Subject: Deniability
In-Reply-To: <201103211454.08087.mailinglisten@hauke-laging.de>     (Hauke
	Laging's message of "Mon, 21 Mar 2011 09:54:01 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
Message-ID: <86r5a0edh4.fsf@jeromebaum.com>

Hauke Laging <mailinglisten at hauke-laging.de> writes:

> Am Montag 21 M?rz 2011 06:48:07 schrieb Jerome Baum:
>
>> 2. If I encrypt to only myself, this is revealed.
>
> How?

Only one recipient. Remember I use encrypt-to-self.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/52558bf0/attachment.pgp>

From jerome at jeromebaum.com  Mon Mar 21 15:58:02 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 14:58:02 +0000
Subject: Deniability
In-Reply-To: <4D8759E1.9080706@sixdemonbag.org> (Robert J. Hansen's message of
	"Mon, 21 Mar 2011 10:00:01 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
Message-ID: <86mxkoed1h.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> OpenPGP is not meant to provide deniable communications.  It is
> concerned primarily with message confidentiality (encryption) and
> message integrity (signing).  Just like blenders blend, PFDs float, and
> it's unwise to try and make one do the other's job, I think it's unwise
> to crowbar OpenPGP into being a deniable protocol.

Deniability is  "nice", but more  generally confusing Mallory is  a Good
Thing(tm) as she'll have more work to do. Providing deniability seems to
imply more work  on the part of  Mallory. Say the point is  not to prove
"Alice sent  Bob a  message", but  instead Mallory wants  to get  at the
plain-text. If she  can't know for sure that Clyde can  decrypt it -- or
any specific person -- then she'll have to steal several keys before she
finds the right one.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/35d56530/attachment.pgp>

From mailinglisten at hauke-laging.de  Mon Mar 21 16:02:04 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Mon, 21 Mar 2011 16:02:04 +0100
Subject: Deniability
In-Reply-To: <86r5a0edh4.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
Message-ID: <201103211602.05187.mailinglisten@hauke-laging.de>

Am Montag 21 M?rz 2011 15:48:39 schrieb Jerome Baum:

> >> 2. If I encrypt to only myself, this is revealed.
> >
> > How?
> 
> Only one recipient. Remember I use encrypt-to-self.

You know that. And the archive of this mailinglist now knows that you have 
once claimed to do that. So one may assume that the only recipient is you but 
that is not a strong technical conclusion from the message itself.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110321/e0c48656/attachment.pgp>

From wk at gnupg.org  Mon Mar 21 16:28:46 2011
From: wk at gnupg.org (Werner Koch)
Date: Mon, 21 Mar 2011 16:28:46 +0100
Subject: libgcrypt git repository
In-Reply-To: <4D87643F.1060003@grant-olson.net> (Grant Olson's message of
	"Mon, 21 Mar 2011 10:44:15 -0400")
References: <1300710082.24051.11.camel@silence>
	<4D87643F.1060003@grant-olson.net>
Message-ID: <87oc54ijbl.fsf@vigenere.g10code.de>

On Mon, 21 Mar 2011 15:44, kgo at grant-olson.net said:

> Run the commands without '/trunk'.  I'm guessing that's an artifact from
> the subversion command.

Ooops.  I only looked at the top of the page where it is okay.  I'll fix
the other places.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From vedaal at nym.hush.com  Mon Mar 21 16:38:14 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Mon, 21 Mar 2011 11:38:14 -0400
Subject: deniability
Message-ID: <20110321153814.2077310E2BD@smtp.hushmail.com>

Jerome Baum jerome at jeromebaum.com wrote on
Mon Mar 21 06:48:07 CET 2011 :

>   Configure gpg  in such a way  that when I  encrypt a file, be  
it to
    someone else or  to myself, the recipient(s) can  deny being 
able to
    decrypt the file in question.

Any adversary would question as to why the recipient continues to 
receive files undecryptable to him, and also why you are encrypting 
to additional keys, and to whom do they belong, etc.


>   An adversary should also be unable to
    derive information about the  recipient(s)


A simple way to do this using gnupg, would be something like the 
following:

[1] Don't send the file to any recipient who requires deniability.
[2] Instead of additionally encrypting the file to another key, 
additionally encrypt it symmetrically.
Gnupg allows this by simply typing:

gpg -e -c -a -r (your key) filename

[3] Use the throw-keyid option when you encrypt to your key.
[4] Post the encrypted file to a newsgroup like comp.pgp.test or 
other group that allows test postings.
[5] Your plausible reason for encrypting conventionally in addition 
to your key, is your concern that you might one day lose your 
keyring.
[7] Your plausible reason for posting it to a newsgroup, is that 
you are concerned that 'cloud' organizations might go out of 
business, and this is a simple inexpensive backup.
[8] Your plausible reason for using the throw-keyid option, is that 
since you are posting publicly, you prefer to remain anonymous.
[9] Use a *really good* passphrase (diceware 10 words, [ 7776^10 > 
2^128 ] ), and find a way to securely make it known to the 
recipient(s).
[10] Since you are using such a 'good' passphrase, it is entirely 
plausible that you could 'forget' it. ;-)

*CAVEAT*
Consider very carefully who your threat model adversary is. 
You don't want to do this with Three Letter Agencies or criminals, 
whereas it might be OK for decent university administrations.  :-)


vedaal




From Mike_Acker at charter.net  Mon Mar 21 17:09:59 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 12:09:59 -0400
Subject: KEYSERVER; Trust Model
In-Reply-To: <4D8773F0.3040605@gmail.com>
References: <4D8658A0.203@charter.net> <4D865A87.8010907@gmail.com>
	<4D866AEF.7090807@charter.net> <4D866F72.9050506@gmail.com>
	<4D86719F.3070007@charter.net> <4D867A24.80608@gmail.com>
	<4D872391.1080204@charter.net> <4D873881.6070907@gmail.com>
	<4D873CC7.2050201@charter.net> <4D873F0F.9090308@gmail.com>
	<4D87463D.3090703@gmail.com> <4D874A0F.8020004@charter.net>
	<4D874DCF.6050805@gmail.com>
	<BLU0-SMTP175E3FB65DE1CE3B7A23EF891B50@phx.gbl>
	<4D8773F0.3040605@gmail.com>
Message-ID: <4D877857.7040803@charter.net>

On 03/21/2011 11:51, Jonathan Ely wrote:
> I notice the difference. That is something how manipulating one's key
> trust influences another.
>
> On 21/03/2011 11:41 AM, Mike Acker wrote:
>> > On 03/21/2011 09:08, Jonathan Ely wrote:
>>> >> Ah OK, now I understand. That last question depends on the facilitator:
>>> >> can that person be trusted? Assuming that person [in this case you] is a
>>> >> trustworthy individual, that would mean Tom should be able to be
>>> >> trusted. On the flip side, if the facilitator is not the believable type
>>> >> trusting Tom through you would not be a good ?trust chain?.
>> > RIGHT!! we are not attempting to establish trust in this dialog, only
>> > trying to learn how to use the software
>> > 
>> > let me know if you get the right results on Tom's message by
>> > manipulating the trust level on my key
OK, Good!!

If you follow along you see: when Tom joins the group I get his key from
him and sign it. and then send it to the members of the group. If the
group members trust me to do this then they will get "good" signatures
from Tom.

Now: when Tom leaves the group I send you a certificate revoking my
signature from his key. this doesn't make his key dis-appear: it just
lets the group members know that Tom is no longer a group member.

I'm going to have to work on this a little though: because I have the
KEY PAIR on this machine when I try to generate the revoke certificate
it tries to revoke Tom's key rather than my signature from his key. VM
anyone? tee hee.

Kleo did let me export Tom's secret key. So what I'll do is: delete
Tom's key completely; import his public key and sign it and then
generate his revoke cert. theoretically then i can re-import is private
key and be back to square 1.

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/ef49c68f/attachment.pgp>

From jerome at jeromebaum.com  Mon Mar 21 17:13:40 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 16:13:40 +0000
Subject: Deniability
In-Reply-To: <201103211602.05187.mailinglisten@hauke-laging.de>     (Hauke
	Laging's message of "Mon, 21 Mar 2011 11:02:04 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
Message-ID: <86ipvce9jf.fsf@jeromebaum.com>

Hauke Laging <mailinglisten at hauke-laging.de> writes:

> You know that. And the archive of this mailinglist now knows that you have 
> once claimed to do that. So one may assume that the only recipient is you but 
> that is not a strong technical conclusion from the message itself.

When I throw-keyids,  what's actually left over? Would  there be any way
to match the keys from several messages, besides key size and type? Also
if one (size, type) appears in all messages, I'd say the conclusion that
I'm using encrypt-to-self is pretty safe.

Then again, I could  use that to my advantage if I  want to encrypt to a
public key of the same size and type! :)

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/10749e2d/attachment-0001.pgp>

From jerome at jeromebaum.com  Mon Mar 21 17:24:11 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 16:24:11 +0000
Subject: deniability
In-Reply-To: <20110321153814.2077310E2BD@smtp.hushmail.com>
	(vedaal@nym.hush.com's message of "Mon, 21 Mar 2011 11:38:14 -0400")
References: <20110321153814.2077310E2BD@smtp.hushmail.com>
Message-ID: <86ei60e91w.fsf@jeromebaum.com>

"vedaal at nym.hush.com" <vedaal at nym.hush.com> writes:

> Any adversary would question as to why the recipient continues to 
> receive files undecryptable to him, and also why you are encrypting 
> to additional keys, and to whom do they belong, etc.

So let's assume I'm not stupid enough to let that adversary know who I'm
sending the message to. Two options:

1. Use a newsgroup as you suggest below.

2. Randomly send  messages that can't be decrypted  to random recipients
   to obscure  matters. The adversary would  have to cope  with the fact
   that I have stuff to hide. :)

> A simple way to do this using gnupg, would be something like the 
> following:
>
> [1] Don't send the file to any recipient who requires deniability.

Yes, per above.

> [2] Instead of additionally encrypting the file to another key, 
> additionally encrypt it symmetrically.

Why would I do that? That together with [9] that's exactly what gpg does
when using asymmetric ciphers.

> [3] Use the throw-keyid option when you encrypt to your key.

Yes, per my original suggestion.

> [4] Post the encrypted file to a newsgroup like comp.pgp.test or 
> other group that allows test postings.

Yes, per above. But good idea to  not use an anonymous group -- this way
I can say I was testing stuff.

> [5] Your plausible reason for encrypting conventionally in addition 
> to your key, is your concern that you might one day lose your 
> keyring.

I don't  find that so  plausible but  yes, agreed that  I can make  up a
reason. Though  I don't see the  benefit in symmetric  encryption at all
for this.

> [7] Your plausible reason for posting it to a newsgroup, is that 
> you are concerned that 'cloud' organizations might go out of 
> business, and this is a simple inexpensive backup.

Yes that, or testing.

> [8] Your plausible reason for using the throw-keyid option, is that 
> since you are posting publicly, you prefer to remain anonymous.

I'd say  it's a plausible  reason to say  "I want my privacy".  But yes,
this is a good reason.

> [9] Use a *really good* passphrase (diceware 10 words, [ 7776^10 > 
> 2^128 ] ), and find a way to securely make it known to the 
> recipient(s).

Which is what would happen if I used asymmetric ciphers.

> [10] Since you are using such a 'good' passphrase, it is entirely 
> plausible that you could 'forget' it. ;-)

Couldn't I also forget who the  key encrypted to?  However I might still
be forced to  surrender the session key, so  maybe encrypt-to-self isn't
such a good default?

> Consider very carefully who your threat model adversary is. 
> You don't want to do this with Three Letter Agencies or criminals, 
> whereas it might be OK for decent university administrations.  :-)

For now just an abstract adverse adversary. :)

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/00df584d/attachment.pgp>

From jerome at jeromebaum.com  Mon Mar 21 18:06:07 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 17:06:07 +0000
Subject: deniability
In-Reply-To: <20110321164624.64C4633F3A@absinthe.tinho.net>  (dan@geer.org's
	message of "Mon, 21 Mar 2011 12:46:24 -0400")
References: <20110321164624.64C4633F3A@absinthe.tinho.net>
Message-ID: <86aagoe740.fsf@jeromebaum.com>

"dan at geer.org" <dan at geer.org> writes:

> Ah.  Spam as a covert channel.  Tell me that this isn't already done?

You make  a point,  I should have  been clearer. Randomly  send messages
that can't be decrypted to  random recipients _from a list of recipients
that have agreed to this_ to obscure matters.

It  would be  a lot  of work  to try  decrypting with  each key  but the
recipient could have  a designated "trial" key with  no pass-phrase that
is used to decrypt some kind  of outer layer.  The adversary would still
need to steal that key only  to verify that _with high probability_, the
message was intended for this specific recipient.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/b10ca64f/attachment.pgp>

From jerome at jeromebaum.com  Mon Mar 21 18:10:08 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Mon, 21 Mar 2011 17:10:08 +0000
Subject: deniability
In-Reply-To: <86aagoe740.fsf@jeromebaum.com>  (Jerome Baum's message  of "Mon, 
	21 Mar 2011 13:06:07 -0400")
References: <20110321164624.64C4633F3A@absinthe.tinho.net>
	<86aagoe740.fsf@jeromebaum.com>
Message-ID: <8662rce6xb.fsf@jeromebaum.com>

Jerome Baum <jerome at jeromebaum.com> writes:

> (snip talk about a potential solution)

At this point however, the  scheme gets complicated and impractical. Are
there   any   practical  solutions   that   don't   depend  on   complex
implementation on the receiving end?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110321/ae7a2f47/attachment.pgp>

From Mike_Acker at charter.net  Mon Mar 21 20:02:27 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 15:02:27 -0400
Subject: Revoke signature from key
Message-ID: <4D87A0C3.2060609@charter.net>

Scenario thus far:

    * Tom Newguy joined my group
    * Tom created a keypair and sent his PUBLIC key to me
    * I have approved his membership in the group
    * I have signed his key and sent his public key with my signature to
      other members of the group
    * now Tom has left the group

Object: to revoke my signature from Tom Newguy's key

In a Simple Case where everyone has Tom's key on their local keyring I
can simply send a memo to everyone specifying that Tom's key should be
deleted.

What if one of the group loaded Tom's key to the server with my
signature attached?

I need to circulate a revoke certificate to the active members of the
group revoking my signature from Tom's key

HOWEVER: If I have only Tom's public key on my keyring -- which would be
normal -- the software will not allow me to generate a revoke
certificate -- to revoke my signature from his key.

Group members could easily DELETE Tom's key based on a letter of
Instruction (LoI) -- but his key could easily return from a keyserver --
if a group member had uploaded it...

Alternatively Group Members could DISABLE Tom's key.  I will have to
test to find out if that would prevent a new download from a keyserver

*Does anyone have any recommendations for evicting Tom?*

-- 
/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110321/25d480f1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/25d480f1/attachment.pgp>

From dan at geer.org  Mon Mar 21 17:46:24 2011
From: dan at geer.org (dan at geer.org)
Date: Mon, 21 Mar 2011 12:46:24 -0400
Subject: deniability 
In-Reply-To: Your message of "Mon, 21 Mar 2011 16:24:11 -0000."
	<86ei60e91w.fsf@jeromebaum.com> 
Message-ID: <20110321164624.64C4633F3A@absinthe.tinho.net>


 | 
 | 2. Randomly send  messages that can't be decrypted  to random recipients
 |    to obscure  matters. The adversary would  have to cope  with the fact
 |    that I have stuff to hide. :)
 | 


Ah.  Spam as a covert channel.  Tell me that this isn't already done?

--dan



From dshaw at jabberwocky.com  Mon Mar 21 20:24:45 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 21 Mar 2011 15:24:45 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87A0C3.2060609@charter.net>
References: <4D87A0C3.2060609@charter.net>
Message-ID: <387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>

On Mar 21, 2011, at 3:02 PM, Mike Acker wrote:

> Scenario thus far:
> 	? Tom Newguy joined my group
> 	? Tom created a keypair and sent his PUBLIC key to me
> 	? I have approved his membership in the group
> 	? I have signed his key and sent his public key with my signature to other members of the group
> 	? now Tom has left the group
> Object: to revoke my signature from Tom Newguy's key

gpg --edit-key (newguyskey)
revsig
save

David



From gollo at fsfe.org  Mon Mar 21 20:46:10 2011
From: gollo at fsfe.org (Martin Gollowitzer)
Date: Mon, 21 Mar 2011 20:46:10 +0100
Subject: Revoke signature from key
In-Reply-To: <387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>
References: <4D87A0C3.2060609@charter.net>
	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>
Message-ID: <20110321194610.GA24160@wingback.gollo.at>

* David Shaw <dshaw at jabberwocky.com> [110321 20:28, 
  mID <387F8326-47AF-419E-A9A7-7C37D048A0A4 at jabberwocky.com>]:

> On Mar 21, 2011, at 3:02 PM, Mike Acker wrote:
> 
> > Scenario thus far:
> > 	? Tom Newguy joined my group
> > 	? Tom created a keypair and sent his PUBLIC key to me
> > 	? I have approved his membership in the group
> > 	? I have signed his key and sent his public key with my signature to other members of the group
> > 	? now Tom has left the group
> > Object: to revoke my signature from Tom Newguy's key
> 
> gpg --edit-key (newguyskey)
> revsig
> save

You forgot gpg --send-keys (newguyskey) and the fact that signatures on
a key are actually ment as a statement that the signer has checked the
key owner's identity and not as a sign that someone belongs to a group
or something...

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20110321/425679b3/attachment.pgp>

From dshaw at jabberwocky.com  Mon Mar 21 21:05:35 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 21 Mar 2011 16:05:35 -0400
Subject: Revoke signature from key
In-Reply-To: <20110321194610.GA24160@wingback.gollo.at>
References: <4D87A0C3.2060609@charter.net>
	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>
	<20110321194610.GA24160@wingback.gollo.at>
Message-ID: <919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>

On Mar 21, 2011, at 3:46 PM, Martin Gollowitzer wrote:

> * David Shaw <dshaw at jabberwocky.com> [110321 20:28, 
>  mID <387F8326-47AF-419E-A9A7-7C37D048A0A4 at jabberwocky.com>]:
> 
>> On Mar 21, 2011, at 3:02 PM, Mike Acker wrote:
>> 
>>> Scenario thus far:
>>> 	? Tom Newguy joined my group
>>> 	? Tom created a keypair and sent his PUBLIC key to me
>>> 	? I have approved his membership in the group
>>> 	? I have signed his key and sent his public key with my signature to other members of the group
>>> 	? now Tom has left the group
>>> Object: to revoke my signature from Tom Newguy's key
>> 
>> gpg --edit-key (newguyskey)
>> revsig
>> save
> 
> You forgot gpg --send-keys (newguyskey) and the fact that signatures on
> a key are actually ment as a statement that the signer has checked the
> key owner's identity and not as a sign that someone belongs to a group
> or something...

While the common usage for regular users is to sign based on checking identity, signatures can be just as well used as a token to indicate membership.   For example, the PGP product has the concept of a "Corporate Signing Key", which is used to sign employee keys to indicate they are genuine (and their keyserver can actually enforce this).  They are not signing to say that Alice is Alice, they are signing to say that Alice is Alice, and works for Company X (i.e. they would not sign Alice's personal key).

If I was going to do this with a group, like above, I'd probably make a special Group Signing Key to issue the membership signatures to avoid confusing my personal signatures with the group membership ones, though.

David



From dkg at fifthhorseman.net  Mon Mar 21 21:18:09 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 21 Mar 2011 16:18:09 -0400
Subject: Revoke signature from key
In-Reply-To: <919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>
	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>
Message-ID: <4D87B281.4050801@fifthhorseman.net>

On 03/21/2011 04:05 PM, David Shaw wrote:
> While the common usage for regular users is to sign based on checking identity, signatures can be just as well used as a token to indicate membership.   For example, the PGP product has the concept of a "Corporate Signing Key", which is used to sign employee keys to indicate they are genuine (and their keyserver can actually enforce this).  They are not signing to say that Alice is Alice, they are signing to say that Alice is Alice, and works for Company X (i.e. they would not sign Alice's personal key).
> 
> If I was going to do this with a group, like above, I'd probably make a special Group Signing Key to issue the membership signatures to avoid confusing my personal signatures with the group membership ones, though.

If i was going to try to indicate more than a simple identity binding
with an OpenPGP signature, i'd define an OpenPGP notation [0] and
include the relevant subpacket in my signature.

This way, the same signing key is capable of making identity
certifications *and* identity+metadata certifications.

For example, to indicate that the holder of $keyid will be employed by
the technical support department of Example Corp for the next year:

 gpg --sign-key --cert-notation 'department at example.com=tech-support' \
    --default-cert-expire 1y "$keyid"

(and proceed with the usual identity checks as well)

	--dkg

[0] https://tools.ietf.org/html/rfc4880#section-5.2.3.16

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/ba0afd99/attachment.pgp>

From kgo at grant-olson.net  Mon Mar 21 21:19:59 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 21 Mar 2011 16:19:59 -0400
Subject: deniability
In-Reply-To: <86ei60e91w.fsf@jeromebaum.com>
References: <20110321153814.2077310E2BD@smtp.hushmail.com>
	<86ei60e91w.fsf@jeromebaum.com>
Message-ID: <4D87B2EF.9060509@grant-olson.net>

On 03/21/2011 12:24 PM, Jerome Baum wrote:
> "vedaal at nym.hush.com" <vedaal at nym.hush.com> writes:
>> [4] Post the encrypted file to a newsgroup like comp.pgp.test or 
>> other group that allows test postings.
> 
> Yes, per above. But good idea to  not use an anonymous group -- this way
> I can say I was testing stuff.
> 

If you want to get really paranoid, post to http://www.pgpboard.com/ via
a TOR connection.  That makes it difficult to show the message even
originated from you.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/b8ad354e/attachment.pgp>

From malte.gell at gmx.de  Mon Mar 21 21:42:30 2011
From: malte.gell at gmx.de (Malte Gell)
Date: Mon, 21 Mar 2011 21:42:30 +0100
Subject: No changing of expiry of openPGP card?
Message-ID: <20110321214230.00001f43.malte.gell_gmx.de@unknown>

Hi there,

I just wanted to change the expiry of the key on my openPGP card. But
GnuPG did not let me do this, it still shows the old expiry date.

Can the expiry of the openPGP card not be changed!?

Regards
Malte


From kgo at grant-olson.net  Mon Mar 21 21:51:12 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 21 Mar 2011 16:51:12 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87B281.4050801@fifthhorseman.net>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>
	<4D87B281.4050801@fifthhorseman.net>
Message-ID: <4D87BA40.7000503@grant-olson.net>

On 03/21/2011 04:18 PM, Daniel Kahn Gillmor wrote:
> On 03/21/2011 04:05 PM, David Shaw wrote:
>> While the common usage for regular users is to sign based on checking identity, signatures can be just as well used as a token to indicate membership.   For example, the PGP product has the concept of a "Corporate Signing Key", which is used to sign employee keys to indicate they are genuine (and their keyserver can actually enforce this).  They are not signing to say that Alice is Alice, they are signing to say that Alice is Alice, and works for Company X (i.e. they would not sign Alice's personal key).
>>
>> If I was going to do this with a group, like above, I'd probably make a special Group Signing Key to issue the membership signatures to avoid confusing my personal signatures with the group membership ones, though.
> 
> If i was going to try to indicate more than a simple identity binding
> with an OpenPGP signature, i'd define an OpenPGP notation [0] and
> include the relevant subpacket in my signature.
> 
> This way, the same signing key is capable of making identity
> certifications *and* identity+metadata certifications.
> 

But that doesn't provide any easy way for me to only trust your
identity+metadata certifications, if, for example, I trust you to sign
in your role for a company, but don't trust or care about your
personally-issued sigs.  Instead of signing your key, I need to manually
inspect any and all keys that may have your signature.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/6a130c93/attachment.pgp>

From malte.gell at gmx.de  Mon Mar 21 21:53:27 2011
From: malte.gell at gmx.de (Malte Gell)
Date: Mon, 21 Mar 2011 21:53:27 +0100
Subject: No changing of expiry of openPGP card?
In-Reply-To: <20110321214230.00001f43.malte.gell_gmx.de@unknown>
References: <20110321214230.00001f43.malte.gell_gmx.de@unknown>
Message-ID: <20110321215327.00006f87.malte.gell_gmx.de@unknown>

Am Mon, 21 Mar 2011 21:42:30 +0100
schrieb Malte Gell <malte.gell at gmx.de>:

> Can the expiry of the openPGP card not be changed!?

My fault... I have forgotten to change the subkey?s expiry too......


From dkg at fifthhorseman.net  Mon Mar 21 22:17:50 2011
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 21 Mar 2011 17:17:50 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87BA40.7000503@grant-olson.net>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>	<4D87B281.4050801@fifthhorseman.net>
	<4D87BA40.7000503@grant-olson.net>
Message-ID: <4D87C07E.8070903@fifthhorseman.net>

On 03/21/2011 04:51 PM, Grant Olson wrote:
> On 03/21/2011 04:18 PM, Daniel Kahn Gillmor wrote:
>> If i was going to try to indicate more than a simple identity binding
>> with an OpenPGP signature, i'd define an OpenPGP notation [0] and
>> include the relevant subpacket in my signature.
>>
>> This way, the same signing key is capable of making identity
>> certifications *and* identity+metadata certifications.
> 
> But that doesn't provide any easy way for me to only trust your
> identity+metadata certifications, if, for example, I trust you to sign
> in your role for a company, but don't trust or care about your
> personally-issued sigs.

You are free to disregard any of my certifications you like.  It would
not be unreasonable of you to say "i will disregard all certifications
by dkg that lack a department at example.com notation." if that's what
you're trying to do.

> Instead of signing your key, I need to manually
> inspect any and all keys that may have your signature.

Why is this a manual process?  You would not be inspecting the keys --
you'd be inspecting my signatures, which you have to do anyway (at least
in order to cryptographically verify them).

I grant that GnuPG doesn't have a straightforward way to filter
certifications based on notation.  I think that's a missing feature,
though -- not necessarily a reason to create entirely new keys that will
themselves need to be integrated into the web of trust, and which have
entirely different semantics for their OpenPGP certifications.

Using a separate key for this scenario creates other problems with
GnuPG's existing WoT resolution mechanism as well.

For example, consider Bob an admin of the tech support dept. at Example
Corp.  Bob has his own personal key B, and manages a department key with
alternate certification semantics, D.

If Alice works for Example Corp, she might decide to set marginal
ownertrust on D to increase her WoT into the tech support department.
But if she knows Bob personally as well, she may want to grant marginal
ownertrust to B.

If Alice's trust model says "3 certifications by marginally ownertrusted
keys -> full key+userid validity" (the gpg default), then Bob's keys now
have the ability to provide 2/3 of a full certification instead of
Alice's expected 1/3.  If Bob also happens to manage the department key
for the Billing department of Example Corp, and Alice applies marginal
ownertrust to that, then Bob can forge key+userID combinations that will
be fully accepted by Alice, despite her having never granted him more
than marginal ownertrust.

In short: if your goal is to represent something in addition to identity
information in an OpenPGP certification, i think it's a good idea to
represent that metadata explicitly.  Notations are a reasonable way to
do that.  If GnuPG doesn't provide a reasonable way to solve your use
case, let's fix GnuPG to make it better.

Note that I am *not* actually recommending putting anything other than
identity information in an OpenPGP certification in most real-world use
cases.  There are significant drawbacks (e.g. surveillance by social
graph trawling) to representing non-identity metadata in certificates,
and the tradeoffs should be weighed carefully.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/7e874ecf/attachment.pgp>

From kgo at grant-olson.net  Mon Mar 21 22:41:33 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 21 Mar 2011 17:41:33 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87C07E.8070903@fifthhorseman.net>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>	<4D87B281.4050801@fifthhorseman.net>	<4D87BA40.7000503@grant-olson.net>
	<4D87C07E.8070903@fifthhorseman.net>
Message-ID: <4D87C60D.9000708@grant-olson.net>

On 03/21/2011 05:17 PM, Daniel Kahn Gillmor wrote:
> On 03/21/2011 04:51 PM, Grant Olson wrote:
>>
>> But that doesn't provide any easy way for me to only trust your
>> identity+metadata certifications, if, for example, I trust you to sign
>> in your role for a company, but don't trust or care about your
>> personally-issued sigs.
> 
> You are free to disregard any of my certifications you like.  It would
> not be unreasonable of you to say "i will disregard all certifications
> by dkg that lack a department at example.com notation." if that's what
> you're trying to do.
> 
>> Instead of signing your key, I need to manually
>> inspect any and all keys that may have your signature.
> 
> Why is this a manual process?  You would not be inspecting the keys --
> you'd be inspecting my signatures, which you have to do anyway (at least
> in order to cryptographically verify them).
> 

It's manual because now I can't just sign your key, let the WoT and gpg
do it's job, and get on with my life.  I need to manually run
--list-sigs on any new keys.

Regarding your other points, I don't have any semantic problems with
what you're proposing, I just don't think it's a workable solution
today.  It seems like we're in agreement on that.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/f57314d3/attachment.pgp>

From Mike_Acker at charter.net  Mon Mar 21 22:51:18 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Mon, 21 Mar 2011 17:51:18 -0400
Subject: Group Signing
Message-ID: <4D87C856.3030405@charter.net>

="While the common usage for regular users is to sign based on checking
identity, signatures can be just as well used as a token to indicate
membership."

="You forgot gpg --send-keys (newguyskey) and the fact that signatures on
 a key are actually meant as a statement that the signer has checked the
 key owner's identity and not as a sign that someone belongs to a group
 or something..."
~~~

these are very good points!!

consistency is important.  if there are glitches and gotchas and don't
forget tos in the system it will be more likely for well intending
people to make errors

it is entirely possible that Tom could leave the group yet I would want
to maintain secure communication with him.

i will stress to the group that the key authenticates the sender but
does not indicate group membership.

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110321/3de390a9/attachment-0001.pgp>

From dshaw at jabberwocky.com  Mon Mar 21 23:04:24 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 21 Mar 2011 18:04:24 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87B281.4050801@fifthhorseman.net>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>
	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>
	<4D87B281.4050801@fifthhorseman.net>
Message-ID: <E0381F61-8600-431D-B8DD-402C53E3C6F7@jabberwocky.com>

On Mar 21, 2011, at 4:18 PM, Daniel Kahn Gillmor wrote:

> On 03/21/2011 04:05 PM, David Shaw wrote:
>> While the common usage for regular users is to sign based on checking identity, signatures can be just as well used as a token to indicate membership.   For example, the PGP product has the concept of a "Corporate Signing Key", which is used to sign employee keys to indicate they are genuine (and their keyserver can actually enforce this).  They are not signing to say that Alice is Alice, they are signing to say that Alice is Alice, and works for Company X (i.e. they would not sign Alice's personal key).
>> 
>> If I was going to do this with a group, like above, I'd probably make a special Group Signing Key to issue the membership signatures to avoid confusing my personal signatures with the group membership ones, though.
> 
> If i was going to try to indicate more than a simple identity binding
> with an OpenPGP signature, i'd define an OpenPGP notation [0] and
> include the relevant subpacket in my signature.
> 
> This way, the same signing key is capable of making identity
> certifications *and* identity+metadata certifications.
> 
> For example, to indicate that the holder of $keyid will be employed by
> the technical support department of Example Corp for the next year:
> 
> gpg --sign-key --cert-notation 'department at example.com=tech-support' \
>    --default-cert-expire 1y "$keyid"
> 
> (and proceed with the usual identity checks as well)

I think this is more flexible of an answer, but it requires client support that doesn't currently exist.  Without the client support, users will have to check such signatures by hand and their web of trust cannot be automatically built by the client.

Having a corporate signing key addresses the issue on current clients in two steps: import and then (l)sign the CSK.  The PGP product actually does this sort of thing automatically (new users can be configured to automatically import and lsign the CSK whenever they generate a key, so this "just works" for them).

David



From dshaw at jabberwocky.com  Mon Mar 21 23:33:00 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 21 Mar 2011 18:33:00 -0400
Subject: Revoke signature from key
In-Reply-To: <4D87C07E.8070903@fifthhorseman.net>
References: <4D87A0C3.2060609@charter.net>	<387F8326-47AF-419E-A9A7-7C37D048A0A4@jabberwocky.com>	<20110321194610.GA24160@wingback.gollo.at>	<919899E4-3CE9-4D58-B85A-9B01305FC868@jabberwocky.com>	<4D87B281.4050801@fifthhorseman.net>
	<4D87BA40.7000503@grant-olson.net>
	<4D87C07E.8070903@fifthhorseman.net>
Message-ID: <AD3ECCF6-CE66-4A87-86E8-AEE60E00D277@jabberwocky.com>

On Mar 21, 2011, at 5:17 PM, Daniel Kahn Gillmor wrote:

> For example, consider Bob an admin of the tech support dept. at Example
> Corp.  Bob has his own personal key B, and manages a department key with
> alternate certification semantics, D.
> 
> If Alice works for Example Corp, she might decide to set marginal
> ownertrust on D to increase her WoT into the tech support department.
> But if she knows Bob personally as well, she may want to grant marginal
> ownertrust to B.
> 
> If Alice's trust model says "3 certifications by marginally ownertrusted
> keys -> full key+userid validity" (the gpg default), then Bob's keys now
> have the ability to provide 2/3 of a full certification instead of
> Alice's expected 1/3.  If Bob also happens to manage the department key
> for the Billing department of Example Corp, and Alice applies marginal
> ownertrust to that, then Bob can forge key+userID combinations that will
> be fully accepted by Alice, despite her having never granted him more
> than marginal ownertrust.

I think in this situation, you wouldn't want the classic trust model with Alice setting marginal ownertrust on D.   Rather (and I believe this is the more common use of a CSK), you'd use the CSK as a fully trusted introducer (via trust signatures, and the domain restriction).

So a single trust signature from the Example Corp CSK would cause any key matching xxxx at example.com to become fully valid, but Bob or whoever is the administrator of the key (CSKs are commonly shared keys, requiring a few people to agree on their use) could only forge userIDs within @example.com.

There is no real web of trust inside example.com using a CSK in this way - the CSK dictates (in a very top-down way), which example.com keys are valid and which, by omission, are not.  This makes sense in the corporate world, as it's not up to Alice to decide which corporate keys are valid.  It *is* up to Alice to decide which non-example.com keys are valid, of course.

David



From mailinglisten at hauke-laging.de  Tue Mar 22 01:44:10 2011
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Tue, 22 Mar 2011 01:44:10 +0100
Subject: hashed user IDs
In-Reply-To: <4D864815.6020205@adversary.org>
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<18692048.20110320025234@my_localhost>
	<4D864815.6020205@adversary.org>
Message-ID: <201103220144.17169.mailinglisten@hauke-laging.de>

Am Sonntag 20 M?rz 2011 19:31:49 schrieb Ben McGinnes:

> I have a
> number of keys on my keyring and when I list them I like to see which
> key belongs to which identity/account (I don't care if it's a real
> name or not, just as long as I can see something that makes sense to
> me).  Hashed IDs, depending on how common they became, would make this
> and key management difficult.

They would probably not.

1) A good implementation of such a feature would allow the storage of 
additional data (like in trustdb.gpg). In listings this info would be shown 
(probably with a hint) instead of the hash.

2) If you search for a key on a keyserver then gpg would know what you have 
searched for. You want the key for hashid at hauke-laging.de. Then gpg first 
seaches for this string but without success. The it seaches for 
3dcfba2bd001d14b56b8341965cdaa85 which results in a match. So gpg would 
download this key and automatically write "hashid at hauke-laging.de" as 
additional UID information info hashiddb.gpg or whatever.

3) If a key file with haded UIDs is imported as a file (not from a keyserver) 
then the user should be asked to add some comment. He need not do that, of 
course, but in that case he should not complain later about that.


> It would be too
> easy for people just discovering it to believe that it provides
> greater security than it really does.

That is true for gnupg as a whole. Or does anyone really claim that a relevant 
amount of new gnupg users has a clue about the need of protection the secret 
keys which are usually stored in rather unsafe environments? I assume that 
most new users believe: "Great technology. Now my data is really safe."

Being consequent gpg without --expert should ask during each key generation:

1) Are you REALLY sure you don't want to create this key on a smartcard?

2) You are running Windows / X / have network access / a kernel older than 
four days. Are you REALLY sure you want to create a key in THIS environment?


Think about appropriate warnings for entering a passphrase in an obviously 
unsafe environment.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110322/f0a03a51/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 03:08:29 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 21 Mar 2011 22:08:29 -0400
Subject: Deniability
In-Reply-To: <86mxkoed1h.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com>
Message-ID: <4D88049D.5090403@sixdemonbag.org>

On 3/21/2011 10:58 AM, Jerome Baum wrote:
> Deniability is  "nice", but more  generally confusing Mallory is  a Good
> Thing(tm) as she'll have more work to do. Providing deniability seems to
> imply more work  on the part of  Mallory. Say the point is  not to prove
> "Alice sent  Bob a  message", but  instead Mallory wants  to get  at the
> plain-text. If she  can't know for sure that Clyde can  decrypt it -- or
> any specific person -- then she'll have to steal several keys before she
> finds the right one.

Or she'll just have to kidnap Alice or Bob and beat them senseless with
a lead pipe until they confess.  Deniability is not as useful of a tool
as it is often made out to be.

There is also a flip side: deniable communications put parties in
increased jeopardy.  Imagine Mallory kidnaps Charlene, who is
uninvolved, because she thinks Charlene is involved.  (This sort of
thing happens quite a lot in the real world: for instance, in the '70s
the Israeli Mossad murdered an innocent Norwegian waiter because they
mistakenly identified him as a terrorist.)

Charlene declares her innocence.  Mallory beats her senseless with a
lead pipe.  "I know you're using a deniable system!  Stop denying things
and tell me the truth!"  Charlene tries to prove she didn't receive the
message -- but she can't, because it's a deniable system.  Mallory keeps
on beating her senseless with a lead pipe.  Sooner or later, Charlene
confesses to anything Mallory suggests, just to make the torture stop.

Deniable communications are neat, but there are two huge eight hundred
pound gorillas lurking in the room:

        1.  Deniability doesn't work well against sadists with
            lead pipes.
        2.  Deniability means you can't give the sadists a reason
            to stop.

If this is a thought experiment in how to crowbar deniability into
OpenPGP, I wish you luck.  :)  If you're looking at actually using a
deniable OpenPGP, or recommending others use one, I hope you'll give
serious thought to these two things.



From dshaw at jabberwocky.com  Tue Mar 22 04:39:27 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 21 Mar 2011 23:39:27 -0400
Subject: Deniability
In-Reply-To: <86ipvce9jf.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
Message-ID: <FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>

On Mar 21, 2011, at 12:13 PM, Jerome Baum wrote:

> Hauke Laging <mailinglisten at hauke-laging.de> writes:
> 
>> You know that. And the archive of this mailinglist now knows that you have 
>> once claimed to do that. So one may assume that the only recipient is you but 
>> that is not a strong technical conclusion from the message itself.
> 
> When I throw-keyids,  what's actually left over? Would  there be any way
> to match the keys from several messages, besides key size and type? Also
> if one (size, type) appears in all messages, I'd say the conclusion that
> I'm using encrypt-to-self is pretty safe.

In addition to the size and type information, there is also an interesting attack that can be done against speculative key IDs.  It doesn't (directly) help a third party know who the recipients are, but it does let any recipient try to confirm a guess as to who another recipient might be.

Let's say you encrypt a message to Alice and Baker and hide the key IDs.  Alice gets the message and knows there is one other recipient aside from herself.  She considers who the message came from and what the message was about and makes an educated guess that the other recipient is Baker.  To confirm her guess, all Alice needs to do send a specially rigged speculative key ID message to Baker.  If Baker responds, then Alice knows he was the other recipient.

Throw-keyids has some good usages (posting a message for pickup in a public place, for example), but it's just a tool.  It's important not to rely solely on it.

David



From Mike_Acker at charter.net  Tue Mar 22 10:34:39 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 05:34:39 -0400
Subject: Controlling Group Membership with PGP Keys
Message-ID: <4D886D2F.8070104@charter.net>

VM Anyone?

Clearly the design of the PGP key and its trust model does not apprehend
indicating Group membership

it occurs to me that controlling group membership is going to need:

   1. a Group Keyserver under the control of the Group Administrator
   2. Option to use the Group Keyserver exclusively for access to Public
      Keys

the 2d point could be related to an e/mail address and implemented in
THUNDERBIRD, or, perhaps better to set up a VM with a THUNDERBIRD
installed for Secure Group Communication Only.

Perhaps we need Windows7 to become more like MVS

The administrator could set an expiration date on his key-- which should
cause his authentications to expire,-- but what time frame?  30 days? 
That might be decent as far as getting rid of Tom but would cause
another problem: all the members of the group would have to get all the
keys re-certified every 30 days

Note: the 'group' might not be a corporation where everyone wil be using
an email address of a predictable pattern such as (e.g.) tom_newguy at acme.org

-- 
/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110322/10552807/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/10552807/attachment.pgp>

From gayamantra at yahoo.com  Mon Mar 21 07:15:04 2011
From: gayamantra at yahoo.com (gayamantra)
Date: Sun, 20 Mar 2011 23:15:04 -0700 (PDT)
Subject: Using GNUPG as a standalone client
Message-ID: <31198015.post@talk.nabble.com>


Hi,

We are intending to use GNUPG to encrypt a file before we FTP it to an
external party. 

Is it possible to use GNUPG as a standalone client without having to install
in on our servers?

Appreciate your replies. Thanks.
-- 
View this message in context: http://old.nabble.com/Using-GNUPG-as-a-standalone-client-tp31198015p31198015.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From Lists.gnupg at mephisto.fastmail.net  Tue Mar 22 15:19:56 2011
From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net)
Date: Tue, 22 Mar 2011 10:19:56 -0400
Subject: what are the sub keys
In-Reply-To: <4D857659.8040404@sixdemonbag.org>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
Message-ID: <20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>

On Sat, Mar 19, 2011 at 11:36:57PM -0400 Also sprach Robert J. Hansen:
>On 3/19/11 10:34 PM, Jonathan Ely wrote:
>
>> but be sure to set your preferences and choose a 4096 over 2048.
>
>Why?  This is like saying, "I like the bank vault on my front door, but
>I wish it was thicker: I want the extra security."  Key length is only a
>small part (arguably the smallest part) of communications security.
>

I agree that 4096 may seem like overkill, but I think the recommendation
to max out one's RSA key size is defensible. Here's why:

1. Modern computers are fast; it costs us almost nothing in terms of
    computation time to use a 4096-bit key.

2. Modern computers are fast, and getting faster all the time; remember
    that your security margin may need to be good not just today, but
    against all the attacks that are possible in the future, for as long
    as your data needs to remain secure (decades, for some people). Once
    upon a time, 1024-bit keys were considered perfectly adequate; most
    experts urge against generating keys today with that strength.

I agree that an awful lot of fuss is made over key length, sometimes to
the exclusion of other, much more likely attack vectors. However, until
someone describes for me a compelling reason NOT to bump key length up
to 4096, my view remains: "Why not?"

Special case, relating to this thread's original question:

Some software which is designed to interface with GnuPG, or otherwise
implement PGP keys, may not support arbitrary key lengths.
E.G. Evolution used to have a 160-bit hash hard-coded into it's gnupg
integration (it may still--I haven't used Evolution in a while), which
meant that to remain DSS-compliant, you could only sign email with a
1024-bit DSA key. DSA-2 keys could not be supported directly by
Evolution. You could circumvent the key-stregth limit by using an RSA
key as long as you liked. However, in cases when a particular piece of
software may require use of a key which does not meet your general-use
criteria, for whatever reason, generating a sub-key which meets the
requirements can allow you to use the specific feature you need, while
still enabling you to use other sub-keys for less restrictive
applications.

-- 
"Le hasard favorise l'esprit pr?par?."
                       --Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 670 bytes
Desc: not available
URL: </pipermail/attachments/20110322/4bfacabf/attachment-0001.pgp>

From Mike_Acker at charter.net  Tue Mar 22 15:34:04 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 10:34:04 -0400
Subject: usin g GnuPG to encrypt before FTP
Message-ID: <4D88B35C.4030305@charter.net>

Hi,="We are intending to use GNUPG to encrypt a file before we FTP it to an
external party. 

Is it possible to use GNUPG as a standalone client without having to install
in on our servers?

Appreciate your replies. Thanks."

===> use S/FTP
it makes it much less likely for someone to have an accident and send a file in the clear
and it's much easier to use


-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/9df1a254/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 15:37:16 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 14:37:16 +0000
Subject: Deniability
In-Reply-To: <4D88049D.5090403@sixdemonbag.org> (Robert J. Hansen's message of
	"Mon, 21 Mar 2011 22:08:29 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
Message-ID: <86wrjrcjc3.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> If this is a thought experiment in how to crowbar deniability into
> OpenPGP, I wish you luck.  :)  If you're looking at actually using a
> deniable OpenPGP, or recommending others use one, I hope you'll give
> serious thought to these two things.

Part thought  experiment, part practical  usage. I was thinking  more in
terms of  a German court  asking me to  turn over evidence --  but then,
there still might  be a lead pipe involved outside the  scope of a court
case. I'll keep  it in mind when  it comes to practical usage,  but I do
want to keep up the thought experiment. :)

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/092916a3/attachment.pgp>

From thajsta at gmail.com  Tue Mar 22 15:38:02 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Tue, 22 Mar 2011 10:38:02 -0400
Subject: what are the sub keys
In-Reply-To: <20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
Message-ID: <4D88B44A.1070708@gmail.com>

Exactly. Computation time is nothing nowadays. If that was the case,
those who use 1024 bit keys I would think still use the SHA1 hash
algorithm. But now people such as myself use SHA512 and 4096 bit RSA
keys, and if I could use a 8192 bit RSA key and the new SHA512/256
algorithm that I think was published just this past 02 February I would.

On 22/03/2011 10:19 AM, Lists.gnupg at mephisto.fastmail.net wrote:
> On Sat, Mar 19, 2011 at 11:36:57PM -0400 Also sprach Robert J. Hansen:
>> On 3/19/11 10:34 PM, Jonathan Ely wrote:
>>
>>> but be sure to set your preferences and choose a 4096 over 2048.
>>
>> Why?  This is like saying, "I like the bank vault on my front door, but
>> I wish it was thicker: I want the extra security."  Key length is only a
>> small part (arguably the smallest part) of communications security.
>>
> 
> I agree that 4096 may seem like overkill, but I think the recommendation
> to max out one's RSA key size is defensible. Here's why:
> 
> 1. Modern computers are fast; it costs us almost nothing in terms of
>    computation time to use a 4096-bit key.
> 
> 2. Modern computers are fast, and getting faster all the time; remember
>    that your security margin may need to be good not just today, but
>    against all the attacks that are possible in the future, for as long
>    as your data needs to remain secure (decades, for some people). Once
>    upon a time, 1024-bit keys were considered perfectly adequate; most
>    experts urge against generating keys today with that strength.
> 
> I agree that an awful lot of fuss is made over key length, sometimes to
> the exclusion of other, much more likely attack vectors. However, until
> someone describes for me a compelling reason NOT to bump key length up
> to 4096, my view remains: "Why not?"
> 
> Special case, relating to this thread's original question:
> 
> Some software which is designed to interface with GnuPG, or otherwise
> implement PGP keys, may not support arbitrary key lengths.
> E.G. Evolution used to have a 160-bit hash hard-coded into it's gnupg
> integration (it may still--I haven't used Evolution in a while), which
> meant that to remain DSS-compliant, you could only sign email with a
> 1024-bit DSA key. DSA-2 keys could not be supported directly by
> Evolution. You could circumvent the key-stregth limit by using an RSA
> key as long as you liked. However, in cases when a particular piece of
> software may require use of a key which does not meet your general-use
> criteria, for whatever reason, generating a sub-key which meets the
> requirements can allow you to use the specific feature you need, while
> still enabling you to use other sub-keys for less restrictive
> applications.
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/0c266fb6/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 15:41:54 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 14:41:54 +0000
Subject: deniability
In-Reply-To: <4D87B2EF.9060509@grant-olson.net> (Grant Olson's message of
	"Mon, 21 Mar 2011 16:19:59 -0400")
References: <20110321153814.2077310E2BD@smtp.hushmail.com>
	<86ei60e91w.fsf@jeromebaum.com> <4D87B2EF.9060509@grant-olson.net>
Message-ID: <86sjufcj4d.fsf@jeromebaum.com>

Grant Olson <kgo at grant-olson.net> writes:

> On 03/21/2011 12:24 PM, Jerome Baum wrote:
>> Yes, per above. But good idea to  not use an anonymous group -- this way
>> I can say I was testing stuff.
>> 
>
> If you want to get really paranoid, post to http://www.pgpboard.com/ via
> a TOR connection.  That makes it difficult to show the message even
> originated from you.

Couldn't I just post to a test  group via tor?  Posting to that board is
like signing a  statement "yes I am guilty" (to some  at least).  As for
tor,  I was  thinking in  terms of  measuring some  kind  of correlation
between messages  appearing on  the board and  my computer  pulling more
power (think increased  CPU, etc.) -- or something like  that -- all not
proof, but given time to collect  the data, you can probably get a "high
chance" reading. So I think there are so many channels where you can get
this information once you have a  suspect, that it isn't worth trying to
hide "it's me who posted this", and instead just post lots of stuff.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/cef7204a/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 15:44:14 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 14:44:14 +0000
Subject: Deniability
In-Reply-To: <FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>   (David
	Shaw's message of "Mon, 21 Mar 2011 23:39:27 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
Message-ID: <86oc53cj0h.fsf@jeromebaum.com>

David Shaw <dshaw at jabberwocky.com> writes:

> In  addition  to the  size  and type  information,  there  is also  an
> interesting attack that  can be done against speculative  key IDs.  It
> doesn't (directly) help a third party know who the recipients are, but
> it does  let any recipient  try to confirm  a guess as to  who another
> recipient might be.

> Let's say  you encrypt a message to  Alice and Baker and  hide the key
> IDs.  Alice  gets the message and  knows there is  one other recipient
> aside from herself.  She considers  who the message came from and what
> the  message was  about and  makes an  educated guess  that  the other
> recipient is Baker.  To confirm her  guess, all Alice needs to do send
> a  specially rigged  speculative key  ID message  to Baker.   If Baker
> responds, then Alice knows he was the other recipient.

Would that be by reusing the  session key? Or are there other properties
that we can mess with?

How about, say  I know the session key and the  public encryption key of
the suspect, can't I just encrypt the session key to that public key and
see if it comes out the same?

> Throw-keyids has some  good usages (posting a message  for pickup in a
> public place, for example), but  it's just a tool.  It's important not
> to rely solely on it.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/936900cb/attachment.pgp>

From lopaki at gmail.com  Tue Mar 22 15:45:21 2011
From: lopaki at gmail.com (Scott Lambdin)
Date: Tue, 22 Mar 2011 10:45:21 -0400
Subject: what are the sub keys
In-Reply-To: <20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
Message-ID: <AANLkTinkf5dcS=v3vhZ4=eqUMKELBU4JO+DTcnZfYVRh@mail.gmail.com>

On Tue, Mar 22, 2011 at 10:19 AM, <Lists.gnupg at mephisto.fastmail.net> wrote:

> 2. Modern computers are fast, and getting faster all the time; remember
>   that your security margin may need to be good not just today, but
>   against all the attacks that are possible in the future, for as long
>   as your data needs to remain secure (decades, for some people). Once
>   upon a time, 1024-bit keys were considered perfectly adequate; most
>   experts urge against generating keys today with that strength.
>
> OMG - This will get Robert going!

------------------===============--------------------

Pat the skin dry to avoid chapping.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110322/65929bb6/attachment.htm>

From jerome at jeromebaum.com  Tue Mar 22 16:01:42 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 15:01:42 +0000
Subject: Controlling Group Membership with PGP Keys
In-Reply-To: <4D886D2F.8070104@charter.net> (Mike  Acker's message of "Tue, 22
	Mar 2011 05:34:39 -0400")
References: <4D886D2F.8070104@charter.net>
Message-ID: <86k4frci7d.fsf@jeromebaum.com>

Mike Acker <Mike_Acker at charter.net> writes:

> Clearly  the design  of  the PGP  key  and its  trust  model does  not
> apprehend indicating Group membership

How about adding an identity: "Member of group X"?

pub   4096R/C58C753A 2010-12-28
uid                  Jerome Baum <jerome at jeromebaum.com>
uid                  Member of gnupg-users

You'd still have  to manually check _who_ signed my  member uid, to make
sure it's a group administrator, and timely revocation is an issue.

1.  Group  admin:  Maybe we  could  add  a  config  item that  sets  the
    administrative  key for a  domain (by  email part  of uid)  and only
    trust signatures  of that  key when it  comes to those  domains? How
    about  a  fake  uid  like  those  PayPal  clones,  e.g.  "Member  of
    gnupg-users <jerome at gnpg-users>"? Why can't  we use the WoT for this
    kind of  stuff (do I trust Alice  to check before she  signs a group
    uid)?

2. Revocation:  At least now  the revocation is semantically  correct. I
   revoke the signature stating "Jerome is a member of gnupg-users", but
   I keep  the signature stating  "this key is really  Jerome's". Timely
   revocation is still  an issue. I don't think you  can set a preferred
   key-server in a  signature, can you?  So we  can use a (non-standard)
   notation to designate that.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/ecb676f9/attachment-0001.pgp>

From jerome at jeromebaum.com  Tue Mar 22 16:08:36 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 15:08:36 +0000
Subject: hashed user IDs
In-Reply-To: <201103220144.17169.mailinglisten@hauke-laging.de>     (Hauke
	Laging's message of "Mon, 21 Mar 2011 20:44:10 -0400")
References: <AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk@mail.gmail.com>
	<18692048.20110320025234@my_localhost> <4D864815.6020205@adversary.org>
	<201103220144.17169.mailinglisten@hauke-laging.de>
Message-ID: <86fwqfchvv.fsf@jeromebaum.com>

Hauke Laging <mailinglisten at hauke-laging.de> writes:

> Or does anyone really claim that  a relevant amount of new gnupg users
> has a  clue about  the need  of protection the  secret keys  which are
> usually stored in  rather unsafe environments? I assume  that most new
> users believe: "Great technology. Now my data is really safe."

I agree with this mostly, however:

> Being consequent gpg without --expert should ask during each key generation:

> 1) Are you REALLY sure you don't want to create this key on a smartcard?

> 2) You are running Windows / X / have network access / a kernel older than 
> four days. Are you REALLY sure you want to create a key in THIS environment?

That's a  bad exaggeration.  We shouldn't  be the ones  choosing what is
"secure enough" and we shouldn't  nag the user either (what hindrance to
adoption). I could be REALLY sure I don't want to create _this_ key on a
smart-card if a smart-card is overkill in my context.

Would you consider the ability to  create a key on-disk to be a feature?
A  lot of  people  (myself included)  would.   Forcing people  to use  a
smart-card wouldn't  be accepted, and  neither should forcing  people to
not use hashed uids.  It's a feature  -- whether you choose to use it or
not, that's up to you.

Now if you were sarcastic,  that's a different matter altogether. I also
like pink elephants!

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/9e0e4762/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 16:13:17 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 15:13:17 +0000
Subject: Using GNUPG as a standalone client
In-Reply-To: <31198015.post@talk.nabble.com> (gayamantra@yahoo.com's message
	of "Mon, 21 Mar 2011 02:15:04 -0400")
References: <31198015.post@talk.nabble.com>
Message-ID: <86bp13cho2.fsf@jeromebaum.com>

gayamantra <gayamantra at yahoo.com> writes:

> Is it possible to use GNUPG as a standalone client without having to install
> in on our servers?

Do you mean  you don't want to  modify system files? I see  no reason it
shouldn't be possible (how do  you think the developers try patches?) --
but you'll have to hunt down the dependencies yourself.

Download         the        gnupg        source         code        from
<http://www.gnupg.org/download/index.en.html>  and try it.  There should
be a README or INSTALL file to get you started.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/1c111ab9/attachment.pgp>

From Mike_Acker at charter.net  Tue Mar 22 16:17:37 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 11:17:37 -0400
Subject: Controlling Group Membership with PGP Keys
In-Reply-To: <86k4frci7d.fsf@jeromebaum.com>
References: <4D886D2F.8070104@charter.net> <86k4frci7d.fsf@jeromebaum.com>
Message-ID: <4D88BD91.1070602@charter.net>

On 03/22/2011 11:01, Jerome Baum wrote:
> Mike Acker <Mike_Acker at charter.net> writes:
>
>> > Clearly  the design  of  the PGP  key  and its  trust  model does  not
>> > apprehend indicating Group membership
> How about adding an identity: "Member of group X"?
>
> pub   4096R/C58C753A 2010-12-28
> uid                  Jerome Baum <jerome at jeromebaum.com>
> uid                  Member of gnupg-users
>
> You'd still have  to manually check _who_ signed my  member uid, to make
> sure it's a group administrator, and timely revocation is an issue.
>
> 1.  Group  admin:  Maybe we  could  add  a  config  item that  sets  the
>     administrative  key for a  domain (by  email part  of uid)  and only
>     trust signatures  of that  key when it  comes to those  domains? How
>     about  a  fake  uid  like  those  PayPal  clones,  e.g.  "Member  of
>     gnupg-users <jerome at gnpg-users>"? Why can't  we use the WoT for this
>     kind of  stuff (do I trust Alice  to check before she  signs a group
>     uid)?
>
> 2. Revocation:  At least now  the revocation is semantically  correct. I
>    revoke the signature stating "Jerome is a member of gnupg-users", but
>    I keep  the signature stating  "this key is really  Jerome's". Timely
>    revocation is still  an issue. I don't think you  can set a preferred
>    key-server in a  signature, can you?  So we  can use a (non-standard)
>    notation to designate that.
>
> -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23
> EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
in thinking about this it is clear that PGP ( and thus GnuPG ) wasn't
intended to verify group membership.  this could be an up-coming RFC

but for today i'm going to advise my group that the authentication
simply indicates the sender is who he(she) says he(she) is, nothing more.

when i receive a message from Tom Newguy I can look at my Group Mailing
List to see if he's a member,  or not.  the group administrator will
need to send messages when there are adds, changes, or deletes to the
group membership list and this can be done in the ordinary manner. i'll
recommend DEACTIVATING obsolete keys rather than deletes -- this should
prevent folks from accidentally downloading a key that has been dropped
( i need to test this yet ) .

the RFC would allow Thunderbird to associate a key server with an e/mail
account and would provide for the group administrator to maintain the
keys in that server.  this would recommend folks to use a dedicated
e/mail account for the access controlled group but i don't see that as
horrible issue -- not like asking folks to set up VM --

/MIKE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110322/abdd7172/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/abdd7172/attachment.pgp>

From dshaw at jabberwocky.com  Tue Mar 22 16:28:25 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 22 Mar 2011 11:28:25 -0400
Subject: Deniability
In-Reply-To: <86oc53cj0h.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
Message-ID: <B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>

On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote:

> David Shaw <dshaw at jabberwocky.com> writes:
> 
>> In  addition  to the  size  and type  information,  there  is also  an
>> interesting attack that  can be done against speculative  key IDs.  It
>> doesn't (directly) help a third party know who the recipients are, but
>> it does  let any recipient  try to confirm  a guess as to  who another
>> recipient might be.
> 
>> Let's say  you encrypt a message to  Alice and Baker and  hide the key
>> IDs.  Alice  gets the message and  knows there is  one other recipient
>> aside from herself.  She considers  who the message came from and what
>> the  message was  about and  makes an  educated guess  that  the other
>> recipient is Baker.  To confirm her  guess, all Alice needs to do send
>> a  specially rigged  speculative key  ID message  to Baker.   If Baker
>> responds, then Alice knows he was the other recipient.
> 
> Would that be by reusing the  session key? Or are there other properties
> that we can mess with?

Sorry, yes, that's re-using the session key (didn't mean to be mysterious).  Since Alice, as a recipient, can find the session key, she can encrypt a new message to Baker with that session key, prefix it with the unknown recipient's encrypted session key, and send the whole message to Baker.  If Baker can read it, then it reveals who the unknown recipient is.

Of course, if Baker can't read it, it might tip him off that Alice is probing him...

> How about, say  I know the session key and the  public encryption key of
> the suspect, can't I just encrypt the session key to that public key and
> see if it comes out the same?

Unfortunately there is random data in the encrypted session key format, so the test encryption would not match Baker's encrypted session key.

David



From rjh at sixdemonbag.org  Tue Mar 22 16:28:57 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 08:28:57 -0700
Subject: what are the sub keys
In-Reply-To: <20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
Message-ID: <94d82d0c525e9bfd2245426796fbce2d@localhost>

> I agree that 4096 may seem like overkill, but I think the recommendation
> to max out one's RSA key size is defensible. Here's why:

"Defensibility" really doesn't enter into it.  My purpose isn't to
persuade someone not to use a 4k key: my purpose is to suggest that people
think critically about why they want a 4k key and what they think it will
give them that a 2k key does not.

> I agree that an awful lot of fuss is made over key length, sometimes to
> the exclusion of other, much more likely attack vectors. However, until
> someone describes for me a compelling reason NOT to bump key length up
> to 4096, my view remains: "Why not?"

And this is where I part ways with you.  There is no reason not to bump
key length up to 4096.  There is also no reason not to use SHA512 with a
DSA-1k key, for instance.  Sure, only 160 bits of SHA512 will be used, but
that's not a reason not to use it.  It's not as if you're making the system
weaker.

IME, engineering starting from a base maxim of, "why not?", ultimately
leads to curious things that leave you scratching your head (like the
aforementioned, "why are you using SHA512 with DSA-1K?").  This is why I
would much rather start from a base maxim of, "why?"  I'd much rather be
accused of favoring minimalism than maximalism.



From Mike_Acker at charter.net  Tue Mar 22 16:29:20 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 11:29:20 -0400
Subject: Controlling Group Membership with PGP Keys
In-Reply-To: <86k4frci7d.fsf@jeromebaum.com>
References: <4D886D2F.8070104@charter.net> <86k4frci7d.fsf@jeromebaum.com>
Message-ID: <4D88C050.4090900@charter.net>

On 03/22/2011 11:01, Jerome Baum wrote:
> You'd still have  to manually check _who_ signed my  member uid, to make
> sure it's a group administrator, and timely revocation is an issue.
Quick and Dirty solution: If I have each member of the group set up an
address book for the group then it will be straight forward for the
group administrator to send adds, deletes, and changes pertaining to the
content of that book.

and folks can set up a filter rule in THUNDERBIRD to move messages from
non members into a junk folder and this can pertain to their group
e/mail account only.

this will provide the sort of active regulation that i am looking for
and go a long way to helping to prevent careless errors ( which are a
huge security risk ) .

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/9a4fa2de/attachment-0001.pgp>

From jerome at jeromebaum.com  Tue Mar 22 16:41:57 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 15:41:57 +0000
Subject: Controlling Group Membership with PGP Keys
In-Reply-To: <4D88C050.4090900@charter.net> (Mike  Acker's message of "Tue, 22
	Mar 2011 11:29:20 -0400")
References: <4D886D2F.8070104@charter.net>   <86k4frci7d.fsf@jeromebaum.com>
	<4D88C050.4090900@charter.net>
Message-ID: <867hbrcgca.fsf@jeromebaum.com>

Mike Acker <Mike_Acker at charter.net> writes:

> On 03/22/2011 11:01, Jerome Baum wrote:
>> You'd still have  to manually check _who_ signed my  member uid, to make
>> sure it's a group administrator, and timely revocation is an issue.
> Quick and Dirty solution: If I have each member of the group set up an
> address book for the group then it will be straight forward for the
> group administrator to send adds, deletes, and changes pertaining to the
> content of that book.

Actually  thinking   about  this,  use  gpgv  and   maintain  a  trusted
keyring. Sign the  keyring with the admin key and  mail out updates. Say
it's called ~/.gnupg-members.gpg, this is the update procedure:

curl -o ~/.gnupg-updated-members-gpg.gpg <URL-of-keyring>
gpg ~/.gnupg-updated-members-gpg.gpg  #  it's a signature containing the
                                      # original, so we get the file for
                                      # the next step
# assuming the signature was okay/"good enough"
mv ~/.gnupg{-updated,}-members.gpg

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/5eaf694b/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 16:49:55 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 08:49:55 -0700
Subject: Deniability
In-Reply-To: <86wrjrcjc3.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
Message-ID: <0ffe0940715ba720b1869d346dbf1504@localhost>

On Tue, 22 Mar 2011 14:37:16 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> Part thought  experiment, part practical  usage. I was thinking  more in
> terms of  a German court  asking me to  turn over evidence --  but then,
> there still might  be a lead pipe involved outside the  scope of a court
> case.

The amount of lead pipe a court can swing at you in many ways exceeds the
amount of lead pipe organized crime can throw at you.  Let's do this
thought experiment again, but this time with a zealous prosecutor who is
sincerely doing what she believes to be her job.  Further, assume you have
a deniable cryptosystem: you can't deny you received the message, but you
can neither prove nor disprove having the ability to read it.

Alice and Bob are plotting a heinous crime -- terrorism, narcotics
trafficking, child exploitation, whatever.  They know their communications
are being monitored and they are using a deniable cryptosystem.  They have
also made plans for what to do if either of them ever gets arrested: they
will do their best to incriminate someone else, so that the surviving
conspirator will have time to go to ground and continue their plans of
skulduggery.

Alice gets picked up by the cops.  Paula Prosecutor interrogates her. 
Alice says, "my co-conspirator was Jerome Baum."  This is a lie, of course,
but all Alice needs to do is give the police someone to chase after for a
few days while Bob goes into hiding.  Alice has sent you some innocuous
messages through a deniable system in order to make you a good candidate
for being made their patsy.

Paula hauls you in.  "Tell us all about your role in $nefarious_crime." 
You tell Paula that you don't have any role in it.  "Prove it.  Show me
those messages."  Um... well, you see, it's like this: it's a deniable
system, which means there's no way I can prove or disprove ever having the
ability to read it.  

Paula is *not* going to say, "oh, well then, I guess I'm out of luck." 
No, Paula is going to assume you're playing games and Paula's going to
start playing hardball the way only a government prosecutor can.  "Okay. 
In that case, we're going to have a forensic accountant crawl over your
bank accounts and tax records, have a squad of detectives crawling over
your personal life, we're going to talk to the media and name you as a
subject of the investigation, and you're going to be racking up a thousand
euros a day of legal fees.  But you can make it stop any time.  Just show
me those messages."

And when you scream, *I CAN'T DO WHAT YOU'RE ASKING ME TO DO!*, Paula will
just look at you and say, "That's not my problem."

Prosecutors play hardball.  I would much rather face a gangster in an
alleyway who wanted to get my secrets via a lead pipe than I would ever
want to face a government prosecutor.  I have better odds with the
gangster.



From Mike_Acker at charter.net  Tue Mar 22 16:50:14 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 11:50:14 -0400
Subject: Controlling Group Membership with PGP Keys
In-Reply-To: <867hbrcgca.fsf@jeromebaum.com>
References: <4D886D2F.8070104@charter.net>
	<86k4frci7d.fsf@jeromebaum.com>	<4D88C050.4090900@charter.net>
	<867hbrcgca.fsf@jeromebaum.com>
Message-ID: <4D88C536.2080907@charter.net>

On 03/22/2011 11:41, Jerome Baum wrote:
> Actually  thinking   about  this,  use  gpgv  and   maintain  a  trusted
> keyring. Sign the  keyring with the admin key and  mail out updates. Say
> it's called ~/.gnupg-members.gpg, this is the update procedure:
>
> curl -o ~/.gnupg-updated-members-gpg.gpg <URL-of-keyring>
> gpg ~/.gnupg-updated-members-gpg.gpg  #  it's a signature containing the
>                                       # original, so we get the file for
>                                       # the next step
> # assuming the signature was okay/"good enough"
> mv ~/.gnupg{-updated,}-members.gpg
that idea has a lot of merit: it allows the group administrator to
distribute the access list -- which i what is needed in maintaining
group security.  i'll have to experiment.

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/0503bfe2/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 17:01:15 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 09:01:15 -0700
Subject: what are the sub keys
In-Reply-To: <AANLkTinkf5dcS=v3vhZ4=eqUMKELBU4JO+DTcnZfYVRh@mail.gmail.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<AANLkTinkf5dcS=v3vhZ4=eqUMKELBU4JO+DTcnZfYVRh@mail.gmail.com>
Message-ID: <b558faa5126f5f1200fe499c50847d7d@localhost>

On Tue, 22 Mar 2011 10:45:21 -0400, Scott Lambdin <lopaki at gmail.com>
wrote:
> OMG - This will get Robert going!

Why would it?  I think the obsession with key length is bikeshedding. 
Find a level of security that's appropriate for your needs, use that level,
and stop worrying about it.  If you're one of the (very few) who has a
30-year need for security, then yes, a 4K RSA key is useful insurance
against the future.



From jerome at jeromebaum.com  Tue Mar 22 17:01:33 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 16:01:33 +0000
Subject: Deniability
In-Reply-To: <B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>   (David
	Shaw's message of "Tue, 22 Mar 2011 11:28:25 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
	<B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>
Message-ID: <86y647b0v7.fsf@jeromebaum.com>

David Shaw <dshaw at jabberwocky.com> writes:

> On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote:
>
>> Would that be by reusing the  session key? Or are there other properties
>> that we can mess with?
>
> Sorry,  yes,  that's re-using  the  session  key  (didn't mean  to  be
> mysterious).  Since Alice,  as a recipient, can find  the session key,
> she can encrypt  a new message to Baker with  that session key, prefix
> it with  the unknown recipient's  encrypted session key, and  send the
> whole message to Baker.  If Baker can read it, then it reveals who the
> unknown recipient is.

Is there anything  that can be done to  mitigate that attack? Obviously,
we can't save  a list of past  session keys, I wouldn't even  say we can
save  the hashes  of past  session keys  (with their  random data  -- as
_both_ are unlikely to appear ever again).

Actually  thinking about  it  myself, if  the  message turns  out to  be
unsigned, and we agreed to _always_  sign our messages (even with just a
throw-away key  previously agreed on), then  it would be  a good tip-off
and Baker wouldn't  answer but instead alert me. How  would you go about
doing that? I can see three options:

1.  Include a  secret  token  -- any  way  to make  GPG  aware of  this?
   Otherwise, prone to error.

2. Symmetrically encrypt  the original message first, with  a known key,
   and  if   asymmetric  decryption  yields  an  actual   text,  it's  a
   tip-off. Pretty prone to error, and very tedious.

3. Sign the message using a real key. No deniability for sender.

4. Sign the  message using a fake key. If you  have the original message
   signing the fake key as being "okay", no deniability for sender.

5. Sign  the message using a  new fake key every  time.  Deniability for
   sender, and you just check whether  the uid is correct. This is a bit
   like #1/secret token, but it would  be more obvious when the token is
   missing (no signature). Still, a bit prone to error.

Now, a those were either not  deniable or prone to error. Looking at how
OTR operates, IIRC it uses a MAC -- right? So just adapt #4 to yield:

6. Sign  the message using a fake  key that both parties  have. The only
   other  person   with  the  "this   key  is  okay"  message   is  your
   correspondent, and they can't "tell on you" as they could have signed
   the message themselves.

Any more problems with this method?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/c1dffbd3/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 17:07:47 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 16:07:47 +0000
Subject: Deniability
In-Reply-To: <0ffe0940715ba720b1869d346dbf1504@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 11:49:55 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
Message-ID: <86sjufb0ks.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On Tue, 22 Mar 2011 14:37:16 +0000, Jerome Baum <jerome at jeromebaum.com>
> wrote:
>> Part thought  experiment, part practical  usage. I was thinking  more in
>> terms of  a German court  asking me to  turn over evidence --  but then,
>> there still might  be a lead pipe involved outside the  scope of a court
>> case.
>
> The amount of lead pipe a court can swing at you in many ways exceeds the
> amount of lead pipe organized crime can throw at you.  Let's do this
> thought experiment again, but this time with a zealous prosecutor who is
> sincerely doing what she believes to be her job.  Further, assume you have
> a deniable cryptosystem: you can't deny you received the message, but you
> can neither prove nor disprove having the ability to read it.
>
> Alice and Bob are plotting a heinous crime -- terrorism, narcotics
> trafficking, child exploitation, whatever.  They know their communications
> are being monitored and they are using a deniable cryptosystem.  They have
> also made plans for what to do if either of them ever gets arrested: they
> will do their best to incriminate someone else, so that the surviving
> conspirator will have time to go to ground and continue their plans of
> skulduggery.
>
> Alice gets picked up by the cops.  Paula Prosecutor interrogates her. 
> Alice says, "my co-conspirator was Jerome Baum."  This is a lie, of course,
> but all Alice needs to do is give the police someone to chase after for a
> few days while Bob goes into hiding.  Alice has sent you some innocuous
> messages through a deniable system in order to make you a good candidate
> for being made their patsy.

What stops her from sending me  real messages with this kind of content?
Even  non-encrypted? I  could reply  "I don't  know what  you're talking
about", but how  does the prosecutor care? The only way  I could get out
of it is to show I don't have any connection with Alice, but there is no
way I could ever do that -- as Sven mention off-list, the mere existence
of deniable systems gives me this danger.

In fact the existence of criminals  gives me the danger of being accused
-- it does not make deniable systems a problem.

Also, when did Alice turn evil? :)

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/d8beace0/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 17:13:03 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 16:13:03 +0000
Subject: what are the sub keys
In-Reply-To: <94d82d0c525e9bfd2245426796fbce2d@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 11:28:57 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
Message-ID: <86lj07b0c0.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> And this is where I part ways with you.  There is no reason not to bump
> key length up to 4096.  There is also no reason not to use SHA512 with a
> DSA-1k key, for instance.  Sure, only 160 bits of SHA512 will be used, but
> that's not a reason not to use it.  It's not as if you're making the system
> weaker.

Correct me if I'm  wrong on this one, but it does  make your key weaker,
right?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/2f93824c/attachment-0001.pgp>

From thajsta at gmail.com  Tue Mar 22 17:17:20 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Tue, 22 Mar 2011 12:17:20 -0400
Subject: what are the sub keys
In-Reply-To: <86lj07b0c0.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
Message-ID: <4D88CB90.40304@gmail.com>

Would not it be 4096 with RSA, or is DSA in conjunction with a 4096 bit
key still popular? I have never used DSA so does what Robert said
pertaining to my used combination apply here?

On 22/03/2011 12:13 PM, Jerome Baum wrote:
> "Robert J. Hansen" <rjh at sixdemonbag.org> writes:
> 
>> And this is where I part ways with you.  There is no reason not to bump
>> key length up to 4096.  There is also no reason not to use SHA512 with a
>> DSA-1k key, for instance.  Sure, only 160 bits of SHA512 will be used, but
>> that's not a reason not to use it.  It's not as if you're making the system
>> weaker.
> 
> Correct me if I'm  wrong on this one, but it does  make your key weaker,
> right?
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/539ee08c/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 18:13:32 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 10:13:32 -0700
Subject: Deniability
In-Reply-To: <86sjufb0ks.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
Message-ID: <aad88fe64325e58dc8127157e97a9b00@localhost>

> What stops her from sending me  real messages with this kind of content?
> Even  non-encrypted? I  could reply  "I don't  know what  you're talking
> about", but how  does the prosecutor care?

If the prosecutor has plaintext of the emails, it makes your claims of
innocence much easier to believe.  It's when the prosecutor cannot know
what the plaintext is that the prosecutor has an incentive to ramp up the
pressure immensely.

> The only way  I could get out
> of it is to show I don't have any connection with Alice

Not at all.  Imagine if you were using a non-deniable system, such as
plain-vanilla OpenPGP.  "This message was sent via a non-deniable system. 
There, see?  That's a correct signature from Alice, and it was encrypted
with my certificate.  There!  See?  She was just sending me a recipe for
potato chip dip for my Super Bowl party!"

The prosecutor is going to be afraid of what she can't see.  She has
Alice, saying you're in it up to your eyeballs: she has you, claiming
innocence: she has a bunch of messages which you say are deniable and you
can't prove anything but which Alice says "he's lying to you."  Really, I
feel sympathy for Paula: she's in a terrible spot.  Being able to present
your messages is a good way of breaking that logjam: suddenly, Paula's
wrath turns on Alice for her deceptiveness and deceit.

> way I could ever do that -- as Sven mention off-list, the mere existence
> of deniable systems gives me this danger.

Not as much as you might think.  You could also say that the evidence of
disk wiping programs makes it hard for you to claim, "but I never had that
data in the first place!"  In reality, if the cops search your hard drive
and see Evidence Eliminator, they're going to strongly suspect you of
trying to destroy something important: but if the forensicist comes back
and says, "nope, no evidence he ever downloaded a file wiper," it gives
your claims of innocence more weight.

> Also, when did Alice turn evil? :)

She and Bob have been overthrowing governments, committing securities
fraud, carrying on a torrid affair without their spouses' knowledge, etc.,
for a very long time, all despite the fact they've never met face to face,
they don't trust each other, and know they're under surveillance by the
secret police.

As one wag said, "a cryptographer is someone who doesn't think Alice and
Bob are crazy."



From rjh at sixdemonbag.org  Tue Mar 22 18:14:51 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 10:14:51 -0700
Subject: what are the sub keys
In-Reply-To: <86lj07b0c0.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
Message-ID: <fed467317aec7849940640c57691fd5c@localhost>

On Tue, 22 Mar 2011 16:13:03 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> Correct me if I'm  wrong on this one, but it does  make your key weaker,
> right?

No.  Using SHA512 with a DSA-1K system is just as secure as, say, using
RIPEMD160 with a DSA-1K system.  There are no known attacks against either
hash algorithm, and when used with DSA-1K each provides 160 bits of hash.



From rjh at sixdemonbag.org  Tue Mar 22 18:50:55 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 10:50:55 -0700
Subject: Deniability
In-Reply-To: <aad88fe64325e58dc8127157e97a9b00@localhost>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
Message-ID: <9bfee49954c98274348fbfd189e7180c@localhost>

> In reality, if the cops search your hard drive and see Evidence
> Eliminator...

I should add: this is tongue-in-cheek.  Please don't take it as a
recommendation, suggestion, or anything of the sort.  I used EE only for
its infamy.



From jerome at jeromebaum.com  Tue Mar 22 19:07:23 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 18:07:23 +0000
Subject: Deniability
In-Reply-To: <aad88fe64325e58dc8127157e97a9b00@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 13:13:32 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
Message-ID: <86aagnav1g.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> The prosecutor is going to be afraid of what she can't see.  She has
> Alice, saying you're in it up to your eyeballs: she has you, claiming
> innocence: she has a bunch of messages which you say are deniable and you
> can't prove anything but which Alice says "he's lying to you."  Really, I
> feel sympathy for Paula: she's in a terrible spot.  Being able to present
> your messages is a good way of breaking that logjam: suddenly, Paula's
> wrath turns on Alice for her deceptiveness and deceit.

I'm saying what if Alice sends me incriminating messages? Like "burglary
happens at 5am"? I can respond "I don't know what you're talking about",
but how does that help me? I could report her, but I might choose not to
bother. (Hmm, is it a requirement if I don't think she's serious?)

> Not as much as you might think.  You could also say that the evidence of
> disk wiping programs makes it hard for you to claim, "but I never had that
> data in the first place!"  In reality, if the cops search your hard drive
> and see Evidence Eliminator, they're going to strongly suspect you of
> trying to destroy something important: but if the forensicist comes back
> and says, "nope, no evidence he ever downloaded a file wiper," it gives
> your claims of innocence more weight.

See this  is exactly  the problem.  I agree it's  true but  it shouldn't
be -- why is it incriminating that I care about my privacy?

>> Also, when did Alice turn evil? :)

> She and Bob have been overthrowing governments, committing securities
> fraud, carrying on a torrid affair without their spouses' knowledge, etc.,
> for a very long time, all despite the fact they've never met face to face,
> they don't trust each other, and know they're under surveillance by the
> secret police.

I like to  think of Alice and  Bob as nice fellas, employed  at Big Corp
and Acme Corp,  respectively (just to confuse people,  Alice is employed
at Big Corp,  and Bob at Acme Corp). The only  thing they might exchange
is messages about  Mallice, who is evil anyway and  it doesn't matter if
we hurt her feelings.

In  any case  I'd love  to see  that reference  to securities  fraud.  I
haven't seen that one before.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/6fd8a28a/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 19:11:37 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 18:11:37 +0000
Subject: what are the sub keys
In-Reply-To: <fed467317aec7849940640c57691fd5c@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 13:14:51 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
Message-ID: <8662rbauue.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On Tue, 22 Mar 2011 16:13:03 +0000, Jerome Baum <jerome at jeromebaum.com>
> wrote:
>> Correct me if I'm  wrong on this one, but it does  make your key weaker,
>> right?
>
> No.  Using SHA512 with a DSA-1K system is just as secure as, say, using
> RIPEMD160 with a DSA-1K system.  There are no known attacks against either
> hash algorithm, and when used with DSA-1K each provides 160 bits of hash.

Okay so  let's try again. Correct  me if I'm  wrong on this one,  but it
does  make  your key  weaker  _compared  with  using an  algorithm  that
supports 512 bits of hash, all else being equal_, right?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/c0031e8c/attachment.pgp>

From dan at geer.org  Tue Mar 22 19:47:44 2011
From: dan at geer.org (dan at geer.org)
Date: Tue, 22 Mar 2011 14:47:44 -0400
Subject: Deniability 
In-Reply-To: Your message of "Mon, 21 Mar 2011 22:08:29 EDT."
	<4D88049D.5090403@sixdemonbag.org> 
Message-ID: <20110322184744.A08F733DBF@absinthe.tinho.net>


I don't think anyone was suggesting that adroit use of
PGP/GPG is a talisman against those who wield lead pipes
and want what they want.  Not that there isn't a movie
script in that line of thought...

--dan



From rjh at sixdemonbag.org  Tue Mar 22 19:51:24 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 11:51:24 -0700
Subject: what are the sub keys
In-Reply-To: <8662rbauue.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
Message-ID: <843df7866055e65c798ccf256cfdb9a6@localhost>

On Tue, 22 Mar 2011 18:11:37 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> Okay so  let's try again. Correct  me if I'm  wrong on this one,  but it
> does  make  your key  weaker  _compared  with  using an  algorithm  that
> supports 512 bits of hash, all else being equal_, right?

If such an algorithm existed in GnuPG, then yes.  You'd need about RSA-16K
to get your money's worth out of SHA512, though.


From dshaw at jabberwocky.com  Tue Mar 22 20:05:02 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 22 Mar 2011 15:05:02 -0400
Subject: Deniability
In-Reply-To: <86y647b0v7.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
	<B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>
	<86y647b0v7.fsf@jeromebaum.com>
Message-ID: <BB5D3FB4-D322-4438-ADCF-BEAE40386A50@jabberwocky.com>

On Mar 22, 2011, at 12:01 PM, Jerome Baum wrote:

> David Shaw <dshaw at jabberwocky.com> writes:
> 
>> On Mar 22, 2011, at 10:44 AM, Jerome Baum wrote:
>> 
>>> Would that be by reusing the  session key? Or are there other properties
>>> that we can mess with?
>> 
>> Sorry,  yes,  that's re-using  the  session  key  (didn't mean  to  be
>> mysterious).  Since Alice,  as a recipient, can find  the session key,
>> she can encrypt  a new message to Baker with  that session key, prefix
>> it with  the unknown recipient's  encrypted session key, and  send the
>> whole message to Baker.  If Baker can read it, then it reveals who the
>> unknown recipient is.
> 
> Is there anything  that can be done to  mitigate that attack? Obviously,
> we can't save  a list of past  session keys, I wouldn't even  say we can
> save  the hashes  of past  session keys  (with their  random data  -- as
> _both_ are unlikely to appear ever again).
> 
> Actually  thinking about  it  myself, if  the  message turns  out to  be
> unsigned, and we agreed to _always_  sign our messages (even with just a
> throw-away key  previously agreed on), then  it would be  a good tip-off
> and Baker wouldn't  answer but instead alert me.

Hmm.  I'm not sure you and I are on the same page with this attack.  I don't think that Alice's rigged message to Baker necessarily needs to be forged to come from the original sender.  Alice can send the message to Baker as herself, with no special signing or other trickery to fool Baker about the origin of the message.  She can even sign it (as herself) if she wants.  The contents of the message just need to be something Baker would naturally reply to.

David



From rjh at sixdemonbag.org  Tue Mar 22 20:05:28 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 12:05:28 -0700
Subject: Deniability
In-Reply-To: <86aagnav1g.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
Message-ID: <03aa4ec32835886760887fa38bfeda25@localhost>

On Tue, 22 Mar 2011 18:07:23 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> I'm saying what if Alice sends me incriminating messages? Like "burglary
> happens at 5am"? I can respond "I don't know what you're talking about",

Or just fail to respond.  If I received a message saying "the burglary
happens at 5:00am," I would be certain to have a rock-solid alibi for
5:00am, and I might even go to the police with it.

> but how does that help me? I could report her, but I might choose not to
> bother. (Hmm, is it a requirement if I don't think she's serious?)

The general rule in the United States is that no one has a duty to help
the police, but there are a lot of caveats.  There's a fine line between
"no duty to help the police" and "accomplice to a crime."

> See this  is exactly  the problem.  I agree it's  true but  it shouldn't
> be -- why is it incriminating that I care about my privacy?

In the United States there are several different thresholds for evidence. 
Simplified a lot, there are the kinds of evidence the police can use to
justify investigating you, and the kinds of evidence that can be offered in
court to convict you.

If the police have cause to investigate you and they see a counterforensic
tool on your hard drive, that can be justification for further
investigation -- in exactly the same way that if I was being investigated
for murder and they discovered I owned the exact kind of weapon that was
used in the killing, that fact could justify further investigation.

However, the fact you had a counterforensic tool, *by itself*, would
probably not rise to the level of something that would be admissible at
trial -- the same way that, if I was charged with stabbing someone to
death, the fact I own a shotgun would be inadmissible.  There would need to
be evidence of it being used unlawfully, like for instance, evidence
spoilation.

Again, this is extremely quick and dirty.  The Federal Rules of Evidence
are big, confusing, clunky, ungainly, and difficult to understand.  If
you're concerned about United States law regarding the admissibility of
evidence, you really need to consult with a lawyer.

> In  any case  I'd love  to see  that reference  to securities  fraud.  I
> haven't seen that one before.

http://downlode.org/Etext/alicebob.html


From jerome at jeromebaum.com  Tue Mar 22 20:08:56 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 19:08:56 +0000
Subject: what are the sub keys
In-Reply-To: <843df7866055e65c798ccf256cfdb9a6@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 14:51:24 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
Message-ID: <86y6479dmf.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On Tue, 22 Mar 2011 18:11:37 +0000, Jerome Baum <jerome at jeromebaum.com>
> wrote:
>> Okay so  let's try again. Correct  me if I'm  wrong on this one,  but it
>> does  make  your key  weaker  _compared  with  using an  algorithm  that
>> supports 512 bits of hash, all else being equal_, right?
>
> If such an algorithm existed in GnuPG, then yes.  You'd need about RSA-16K
> to get your money's worth out of SHA512, though.

Ah, see that's what I was hoping  for. So, there is indeed no reason not
to use  DSA-1024 with  SHA-512. Just as  there is  no reason not  to use
RSA-4096 with SHA-512.  But the  OP was talking about RSA-2048 (with any
hash), and there  is a reason not  to use that. I was  assuming that the
mention  of  DSA-1024   with  SHA-512  was  meant  as   an  analogue  to
RSA-2048. Apparently it wasn't.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/cb36a8e2/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 20:14:20 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 19:14:20 +0000
Subject: Deniability
In-Reply-To: <03aa4ec32835886760887fa38bfeda25@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 15:05:28 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
Message-ID: <86sjuf9ddf.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> However, the fact you had a counterforensic tool, *by itself*, would
> probably not rise to the level of something that would be admissible at
> trial -- the same way that, if I was charged with stabbing someone to
> death, the fact I own a shotgun would be inadmissible.  There would need to
> be evidence of it being used unlawfully, like for instance, evidence
> spoilation.

Wasn't  there that case  where the  fact that  someone (a  now convicted
child molester nonetheless, but let's ignore that fact) had some OpenPGP
implementation  on their  computer  was  admitted into  a  US court  and
appeals didn't overturn that admission?

Anyway, we're  getting off-topic. We've already determined  that using a
deniable system might be a bad idea. The thought experiment continues...

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/337d8515/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 20:16:08 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 12:16:08 -0700
Subject: what are the sub keys
In-Reply-To: <86y6479dmf.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
Message-ID: <38eb55f8b709b658a3d458a5e8965eaa@localhost>

On Tue, 22 Mar 2011 19:08:56 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> But the  OP was talking about RSA-2048 (with any
> hash), and there  is a reason not  to use that.

There may be particular users who have reasons not to use RSA-2K, but as
far as general advice goes, I don't see any reason to go beyond RSA-2K.  If
someone breaks RSA-2K it will be via a breakthrough of such Gaussian
proportions[*] that our proper response will be to migrate to different
schemes altogether, not to tack on another few bits and consider ourselves
safe.  

If you're concerned for 30+-year security and you have to use RSA and you
can't use anything else, then yes, use the largest RSA key you can find. 
The rest of us are better suited by realizing "if RSA-2K ever falls we
should move for the exits, regardless of how large our keys are."


[*] Yes, it's a _Sneakers_ ref.  Seemed appropriate, given the talk of
breaking RSA...



From jerome at jeromebaum.com  Tue Mar 22 20:17:35 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 19:17:35 +0000
Subject: Deniability
In-Reply-To: <BB5D3FB4-D322-4438-ADCF-BEAE40386A50@jabberwocky.com>   (David
	Shaw's message of "Tue, 22 Mar 2011 15:05:02 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
	<B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>
	<86y647b0v7.fsf@jeromebaum.com>
	<BB5D3FB4-D322-4438-ADCF-BEAE40386A50@jabberwocky.com>
Message-ID: <86mxkn9d80.fsf@jeromebaum.com>

David Shaw <dshaw at jabberwocky.com> writes:

> Hmm.  I'm not sure you and I are on the same page with this attack.  I
> don't think that Alice's rigged  message to Baker necessarily needs to
> be  forged to  come  from the  original  sender.  Alice  can send  the
> message to Baker as herself, with no special signing or other trickery
> to fool Baker  about the origin of the message.  She  can even sign it
> (as herself) if  she wants.  The contents of the  message just need to
> be something Baker would naturally reply to.

Yeah I got a bit carried off  there. So any way to counter that, besides
keeping a list  of (hash(cryptd-text), hash(session-key | random-parts))
to warn you if one is reused? Obviously that is a pretty dumb way, so is
there any way at all to counter a session-key-reuse attack?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/02ac07fa/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 20:20:59 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 12:20:59 -0700
Subject: Deniability
In-Reply-To: <86sjuf9ddf.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
Message-ID: <1af4381f560480656e49ea2843098672@localhost>

On Tue, 22 Mar 2011 19:14:20 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> Wasn't  there that case  where the  fact that  someone (a  now convicted
> child molester nonetheless, but let's ignore that fact) had some OpenPGP
> implementation  on their  computer  was  admitted into  a  US court  and
> appeals didn't overturn that admission?

Several of them.  In all cases I'm aware of, it was alleged the
individuals were using OpenPGP to conceal their activity in a crime. 
Covering up a criminal offense is, itself, almost always a criminal
offense.  If the government alleges, "this person used OpenPGP to cover up
the crime and make life difficult on the FBI," the government must do two
things: (a) enter into evidence the fact the accused has access to OpenPGP,
and (b) convince the jury the accused used OpenPGP in an attempt to foil a
police investigation.



From jerome at jeromebaum.com  Tue Mar 22 20:33:33 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 19:33:33 +0000
Subject: what are the sub keys
In-Reply-To: <38eb55f8b709b658a3d458a5e8965eaa@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 15:16:08 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
Message-ID: <86ipvb9che.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> If you're concerned for 30+-year security and you have to use RSA and you
> can't use anything else,

So you're admitting there exists a reason not to use RSA-2048?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/53d11b97/attachment.pgp>

From dshaw at jabberwocky.com  Tue Mar 22 20:37:08 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 22 Mar 2011 15:37:08 -0400
Subject: Deniability
In-Reply-To: <86mxkn9d80.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
	<B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>
	<86y647b0v7.fsf@jeromebaum.com>
	<BB5D3FB4-D322-4438-ADCF-BEAE40386A50@jabberwocky.com>
	<86mxkn9d80.fsf@jeromebaum.com>
Message-ID: <5AC503C8-1FC5-4365-862C-00F62D931DE5@jabberwocky.com>


On Mar 22, 2011, at 3:17 PM, Jerome Baum wrote:

> David Shaw <dshaw at jabberwocky.com> writes:
> 
>> Hmm.  I'm not sure you and I are on the same page with this attack.  I
>> don't think that Alice's rigged  message to Baker necessarily needs to
>> be  forged to  come  from the  original  sender.  Alice  can send  the
>> message to Baker as herself, with no special signing or other trickery
>> to fool Baker  about the origin of the message.  She  can even sign it
>> (as herself) if  she wants.  The contents of the  message just need to
>> be something Baker would naturally reply to.
> 
> Yeah I got a bit carried off  there. So any way to counter that, besides
> keeping a list  of (hash(cryptd-text), hash(session-key | random-parts))
> to warn you if one is reused? Obviously that is a pretty dumb way, so is
> there any way at all to counter a session-key-reuse attack?

Probably the easiest way is to not send messages with speculative key IDs encrypted to more than one recipient. :)

That ensures that Alice knows as little as possible about the other recipients (including whether there are any in the first place).  It does put an additional burden on the sender, though, as they now need to send out more messages (which might be hard for some senders).

David


From Lists.gnupg at mephisto.fastmail.net  Tue Mar 22 20:43:23 2011
From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net)
Date: Tue, 22 Mar 2011 15:43:23 -0400
Subject: what are the sub keys
In-Reply-To: <94d82d0c525e9bfd2245426796fbce2d@localhost>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
Message-ID: <20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>

On Tue, Mar 22, 2011 at 08:28:57AM -0700 Also sprach Robert J. Hansen:
>
>IME, engineering starting from a base maxim of, "why not?", ultimately
>leads to curious things that leave you scratching your head (like the
>aforementioned, "why are you using SHA512 with DSA-1K?").  This is why I
>would much rather start from a base maxim of, "why?"  I'd much rather be
>accused of favoring minimalism than maximalism.
>

I agree that "Why Not?" by itself is not an argument in favor of doing
something, unless it is balanced by a "Why?" 

So, one can compare the pros and cons of using a longer key, with some
items ending up in the "Why do it" column, and some ending up in "Why not."

My point is that in the "Why use 4096-bit RSA?" column, we have a few
items, including a much longer lifetime for the key and encrypted data,
as factoring attacks get better in the future (they never get worse),
whereas in the "why not" column, we have--so far as I can see--nothing
(apart from special usage scenarios, as I exeplified above).

There is a greater margin of security in a 4096-bit key over a 2048-bit
key (all other factors being equal), even if it is only theoretical. 
Sure, there are other, more important security considerations; perhaps
not in spite of them, but because of them, one can say "Use the maximum
key length supported, and move on to more important considerations." 

-- 
"Le hasard favorise l'esprit pr?par?."
                       --Louis Pasteur


From rjh at sixdemonbag.org  Tue Mar 22 20:55:20 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 12:55:20 -0700
Subject: what are the sub keys
In-Reply-To: <86ipvb9che.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
Message-ID: <a29fbbe35df95319decf279196177f0a@localhost>

On Tue, 22 Mar 2011 19:33:33 +0000, Jerome Baum <jerome at jeromebaum.com>
wrote:
> So you're admitting there exists a reason not to use RSA-2048?

I've never said there is *no* reason to ever go past RSA-2048.  There
clearly are special cases where more is necessary.  However, for the
overwhelming majority of users I see no reason to go past RSA-2048.



From rjh at sixdemonbag.org  Tue Mar 22 20:57:11 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 12:57:11 -0700
Subject: what are the sub keys
In-Reply-To: <20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
Message-ID: <85bb0d9b0f44b19aa40c463789c11fbd@localhost>

On Tue, 22 Mar 2011 15:43:23 -0400, Lists.gnupg at mephisto.fastmail.net
wrote:
> Sure, there are other, more important security considerations; perhaps
> not in spite of them, but because of them, one can say "Use the maximum
> key length supported, and move on to more important considerations."

Or, one can say as I do, "unless you know what you're doing and why, stick
with the defaults."

I would much rather skip all discussion of key lengths and have people
just use the defaults unless they know for a fact the defaults are
insufficient for their purposes.  Then move on to, as you say, more
important considerations.



From federalhillrent at yahoo.com  Tue Mar 22 19:59:46 2011
From: federalhillrent at yahoo.com (FederalHill)
Date: Tue, 22 Mar 2011 11:59:46 -0700 (PDT)
Subject: Deniability
In-Reply-To: <20110322184744.A08F733DBF@absinthe.tinho.net>
Message-ID: <186904.17206.qm@web36306.mail.mud.yahoo.com>

Sure it is, we practice encryption and the people with lead pipes magically disappear.? We don't know why. We just know they do. That is deniability. I dont know what you are talking about.


DISCLAIMER: This email and any files transmitted with it may be privileged, confidential, and contain health information that is legally protected. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party unless permitted to do so by law or regulation. If you are not the intended recipient, you are hereby notified that any use, disclosure, copying, or distribution, is strictly prohibited. If you have received this information in error, please notify the sender immediately and arrange for the return or destruction of these documents.
?
Frank Spruill
1701 Light Street
Baltimore MD 21230


--- On Tue, 3/22/11, dan at geer.org <dan at geer.org> wrote:


From: dan at geer.org <dan at geer.org>
Subject: Re: Deniability
To: "Robert J. Hansen" <rjh at sixdemonbag.org>
Cc: "gnupg-users at gnupg.org" <gnupg-users at gnupg.org>
Date: Tuesday, March 22, 2011, 2:47 PM



I don't think anyone was suggesting that adroit use of
PGP/GPG is a talisman against those who wield lead pipes
and want what they want.? Not that there isn't a movie
script in that line of thought...

--dan


_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110322/27e9925e/attachment.htm>

From jerome at jeromebaum.com  Tue Mar 22 21:05:09 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 20:05:09 +0000
Subject: what are the sub keys
In-Reply-To: <a29fbbe35df95319decf279196177f0a@localhost> (Robert J. Hansen's
	message of "Tue, 22 Mar 2011 15:55:20 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
	<a29fbbe35df95319decf279196177f0a@localhost>
Message-ID: <86ei5yapl6.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On Tue, 22 Mar 2011 19:33:33 +0000, Jerome Baum <jerome at jeromebaum.com>
> wrote:
>> So you're admitting there exists a reason not to use RSA-2048?
>
> I've never said there is *no* reason to ever go past RSA-2048.  There
> clearly are special cases where more is necessary.  However, for the
> overwhelming majority of users I see no reason to go past RSA-2048.

Would you say those users would  be "just fine" with RSA-4096? So now if
those users are fine with 2048  and 4096 for their key length, and there
exist some users who are fine only with 4096, and some who are fine only
with 2048,  the recommended  default should be  that which has  a bigger
total group size, no? So, if we  can give no reasons not to use RSA-4096
(which includes reasons  to prefer RSA-2048 over -4096),  then we have a
larger total  group size for  -4096 users than -2048  users. Concluding,
the default should be 4096.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/ed6efdfc/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 21:07:32 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 20:07:32 +0000
Subject: Deniability
In-Reply-To: <5AC503C8-1FC5-4365-862C-00F62D931DE5@jabberwocky.com>   (David
	Shaw's message of "Tue, 22 Mar 2011 15:37:08 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com>
	<201103211454.08087.mailinglisten@hauke-laging.de>
	<86r5a0edh4.fsf@jeromebaum.com>
	<201103211602.05187.mailinglisten@hauke-laging.de>
	<86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
	<86oc53cj0h.fsf@jeromebaum.com>
	<B1557812-2FB1-42AC-BCF6-916EF1B9A7AC@jabberwocky.com>
	<86y647b0v7.fsf@jeromebaum.com>
	<BB5D3FB4-D322-4438-ADCF-BEAE40386A50@jabberwocky.com>
	<86mxkn9d80.fsf@jeromebaum.com>
	<5AC503C8-1FC5-4365-862C-00F62D931DE5@jabberwocky.com>
Message-ID: <86aagmaph7.fsf@jeromebaum.com>

David Shaw <dshaw at jabberwocky.com> writes:

> Probably the easiest way is  to not send messages with speculative key
> IDs encrypted to more than one recipient. :)

> That ensures  that Alice knows as  little as possible  about the other
> recipients (including whether  there are any in the  first place).  It
> does put an additional burden on  the sender, though, as they now need
> to send out more messages (which might be hard for some senders).

So assuming that's done, or assuming that _Mallory_ ;) is not in CC, are
there  other problems?   Obviously, from  the perspective  of  a thought
experiment and assuming a world-wide destruction of lead pipes.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/9d025d93/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 21:56:56 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 16:56:56 -0400
Subject: what are the sub keys
In-Reply-To: <86ei5yapl6.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<86lj07b0c0.fsf@jeromebaum.com>	<fed467317aec7849940640c57691fd5c@localhost>	<8662rbauue.fsf@jeromebaum.com>	<843df7866055e65c798ccf256cfdb9a6@localhost>	<86y6479dmf.fsf@jeromebaum.com>	<38eb55f8b709b658a3d458a5e8965eaa@localhost>	<86ipvb9che.fsf@jeromebaum.com>	<a29fbbe35df95319decf279196177f0a@localhost>
	<86ei5yapl6.fsf@jeromebaum.com>
Message-ID: <4D890D18.1030903@sixdemonbag.org>

On 3/22/11 4:05 PM, Jerome Baum wrote:
> Would you say those users would  be "just fine" with RSA-4096?

No.  As I said, large default keys have problems in the embedded space:
particularly, they do not work with smart cards, which are getting
increasingly important.  The previous generation of cards were generally
RSA-1K devices.  The current generation is moving towards RSA-2K.

I don't think changing the defaults to something that's incompatible
with smart cards is particularly wise.


From noloader at gmail.com  Tue Mar 22 22:00:22 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Tue, 22 Mar 2011 17:00:22 -0400
Subject: OT: BA jihadist relied on Jesus-era encryption
Message-ID: <AANLkTi=0A3um-HgT6QAQPRDpKAEQOhk6WXdvwh0opmVX@mail.gmail.com>

An IT worker from British Airways jailed for 30 years for terrorism
offences used encryption techniques that pre-date the birth of
Jesus.... Woolwich Crown Court was told that Bangladeshi Islamic
activists who were in touch with Karim had rejected the use of common
modern systems such as PGP or TrueCrypt in favour of a system which
used Excel transposition tables, which they had invented themselves.

http://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/


From Mike_Acker at charter.net  Tue Mar 22 22:14:27 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Tue, 22 Mar 2011 17:14:27 -0400
Subject: 4096 bit keys
Message-ID: <4D891133.3010602@charter.net>

with chip makers playing with chips having 64 cores printed in silicon...

someplace i read the ratios on this,-- if you make the key a little
longer the key gets much harder to break.  in public key encryption
though you have to factor the product of the two large prime numbers --
which i'm told is no easy task.  i've often wondered about this as lists
of large prime numbers are not hard to come by... so-- start someplace
and start running divides... trouble is though you can't use the
hardware instruction set: the numbers are way to large

what does an x64 chip do? divide a 64 bit integer into a 128 bit
dividend to yield a 64 but quotient and a 64 bit remainder? dunno but
you have to do the same thing but using what? a 2048 or 4096 bit dividend?

(I'm not a mathematician)

what if they put 8192 cores on a chip? who would have such a machine?
NSA.  the smart money would bet they would have it

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/7fbc5125/attachment.pgp>

From expires2011 at ymail.com  Tue Mar 22 22:17:56 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 22 Mar 2011 21:17:56 +0000
Subject: what are the sub keys
In-Reply-To: <20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
References: <4D8565E1.7080608@charter.net> <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
Message-ID: <888609513.20110322211756@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 22 March 2011 at 7:43:23 PM, in
<mid:20110322194323.GA1021 at imac-6g2p.mgh.harvard.edu>,
Lists.gnupg at mephisto.fastmail.net wrote:


> There is a greater margin of security in a 4096-bit key
> over a 2048-bit key (all other factors being equal)

Is there any particular reason to jump from 2048 to 4096 rather than
use an intermediate value? 3072 maybe?


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Greater than being great is being grateful.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNiRIMnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pC3UD/i3a
PhWnw/+r2bz0cDu0NEymDxwIiwryWAJyzkR3Dwmw1BuytsU3j3xHv8xs1yAK2h56
mZElupJQcnMwDwOT1jf9InU7TAvoQeJntd4e8lATau5CkWk1/khby4lFpanxIQYg
c4U+ClJluu3kRhsIvf/8h95x/9sBB0yfPS+GTy/b
=FjYY
-----END PGP SIGNATURE-----



From jerome at jeromebaum.com  Tue Mar 22 22:22:24 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 21:22:24 +0000
Subject: what are the sub keys
In-Reply-To: <4D890D18.1030903@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 16:56:56 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
	<a29fbbe35df95319decf279196177f0a@localhost>
	<86ei5yapl6.fsf@jeromebaum.com> <4D890D18.1030903@sixdemonbag.org>
Message-ID: <86zkom97fz.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/22/11 4:05 PM, Jerome Baum wrote:
>> Would you say those users would  be "just fine" with RSA-4096?
>
> No.  As I said, large default keys have problems in the embedded space:
> particularly, they do not work with smart cards, which are getting
> increasingly important.  The previous generation of cards were generally
> RSA-1K devices.  The current generation is moving towards RSA-2K.
>
> I don't think changing the defaults to something that's incompatible
> with smart cards is particularly wise.

Are  you talking  about the  option of  moving a  key to  a  smart card?
Because  if  I  generate  it   on-card,  I  won't  have  the  option  of
RSA-4096. And will "average Joe" really  move his key to a smart card if
he  generated  it off  card?   And does  that  actually  make any  sense
considering it wasn't originally generated on-card?

So considering  that the "smart card"  argument only makes  sense when I
generate  on-card,  and considering  that  gpg  wouldn't offer  RSA-4096
anyway in that case,  how does this make it a bad  idea to have RSA-4096
as the (recommended) default?

Obviously, if  I am not using  a smart card  and doing other stuff  on a
device  that can't cope  with RSA-4096  keys, then  I am  probably smart
enough to ignore the default, right?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/b02c11a1/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 22:23:46 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 17:23:46 -0400
Subject: what are the sub keys
In-Reply-To: <888609513.20110322211756@my_localhost>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
	<888609513.20110322211756@my_localhost>
Message-ID: <4D891362.5080203@sixdemonbag.org>

On 3/22/11 5:17 PM, MFPA wrote:
> Is there any particular reason to jump from 2048 to 4096 rather than
> use an intermediate value? 3072 maybe?

Not really.  A 3K key is roughly a factor of 50,000 times harder to
brute force.  This is such a slender improvement that it's really not
worth talking about.  If 112 bits of effective security aren't enough
for you, it's quite likely the 128 bits of effective security provided
by RSA-3K aren't enough for you either.

Honestly, I see more sense in RSA-15K than I do in RSA-4K.


From thajsta at gmail.com  Tue Mar 22 22:24:25 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Tue, 22 Mar 2011 17:24:25 -0400
Subject: what are the sub keys
In-Reply-To: <888609513.20110322211756@my_localhost>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<20110322194323.GA1021@imac-6g2p.mgh.harvard.edu>
	<888609513.20110322211756@my_localhost>
Message-ID: <4D891389.2020505@gmail.com>

Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
but even still I would personally choose the largest key for the time
being till RSA becomes obsolete. Is there anything larger than 4096
since you mentioned values unknown to me?

On 22/03/2011 05:17 PM, MFPA wrote:
> Hi
> 
> 
> On Tuesday 22 March 2011 at 7:43:23 PM, in
> <mid:20110322194323.GA1021 at imac-6g2p.mgh.harvard.edu>,
> Lists.gnupg at mephisto.fastmail.net wrote:
> 
> 
>> There is a greater margin of security in a 4096-bit key
>> over a 2048-bit key (all other factors being equal)
> 
> Is there any particular reason to jump from 2048 to 4096 rather than
> use an intermediate value? 3072 maybe?
> 
> 

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/249c9dae/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 22:30:56 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 17:30:56 -0400
Subject: what are the sub keys
In-Reply-To: <86zkom97fz.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<86lj07b0c0.fsf@jeromebaum.com>	<fed467317aec7849940640c57691fd5c@localhost>	<8662rbauue.fsf@jeromebaum.com>	<843df7866055e65c798ccf256cfdb9a6@localhost>	<86y6479dmf.fsf@jeromebaum.com>	<38eb55f8b709b658a3d458a5e8965eaa@localhost>	<86ipvb9che.fsf@jeromebaum.com>	<a29fbbe35df95319decf279196177f0a@localhost>	<86ei5yapl6.fsf@jeromebaum.com>
	<4D890D18.1030903@sixdemonbag.org> <86zkom97fz.fsf@jeromebaum.com>
Message-ID: <4D891510.7040902@sixdemonbag.org>

On 3/22/11 5:22 PM, Jerome Baum wrote:
> So considering  that the "smart card"  argument only makes  sense
> when I generate  on-card,  and considering  that  gpg  wouldn't offer
> RSA-4096 anyway in that case,  how does this make it a bad  idea to
> have RSA-4096 as the (recommended) default?

Simplicity.  Otherwise you get a ton of people screaming, "GnuPG only
lets me generate a 2K key on my smart card!  The default is *4*K!  Why
am I getting only half the bits that GnuPG thinks I need to be safe?!"

And yes, those questions would occur.  Lots.  In order to reduce
confusion, 2K keys seem to be the best bet.  They are safe enough for
the overwhelming majority of users, are the most compatible with
embedded devices, and cause the least confusion.

> Obviously, if  I am not using  a smart card  and doing other stuff
> on a device  that can't cope  with RSA-4096  keys, then  I am
> probably smart enough to ignore the default, right?

This is a rudely-phrased question.  I either have to grant that you are,
or have to say that you're not smart enough to ignore the default.

I am going to ignore this question and tell you: unless you need 30+
years of security, use the defaults.  They're defaults for a reason:
they're perfectly sufficient for the overwhelming majority of uses.
Stop trying to justify putting an additional foot of height on your
10,000-foot fence, and start thinking about the folks who are trying to
tunnel underneath it.

And honestly, that's all that I have to say on this.


From expires2011 at ymail.com  Tue Mar 22 22:42:33 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 22 Mar 2011 21:42:33 +0000
Subject: Deniability
In-Reply-To: <1af4381f560480656e49ea2843098672@localhost>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
Message-ID: <938918350.20110322214233@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 22 March 2011 at 7:20:59 PM, in
<mid:1af4381f560480656e49ea2843098672 at localhost>, Robert J. Hansen
wrote:


> If the government alleges, "this person used OpenPGP to
> cover up the crime and make life difficult on the FBI,"
> the government must do two things: (a) enter into
> evidence the fact the accused has access to OpenPGP,
> and (b) convince the jury the accused used OpenPGP in
> an attempt to foil a police investigation.

Assuming you have nothing illegal to hide, there is nothing wrong with
using whatever tools may be at your disposal to keep your personal
affairs away from investigators. Maybe ill-advised in certain
circumstances but definitely not wrong. There is no requirement to
prove your innocence.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Never trust a dog with orange eyebrows
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNiRfSnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pEewD/21E
t5OjFlLwDMUeDg4C/3F5OQqvQJn0ce8YlRDOmklt/0HzaeLkwy3qkBw7lTLtCIUB
vDEWozktHThJj74/kr8VVd9b9gwBmXRQz3644ZsC6Ud0POtyTggGGQuprLRmuzj5
sGn36etbaDs8q7C7orzb7IZll2KyuC4FNjtGqpeY
=ILt4
-----END PGP SIGNATURE-----



From jerome at jeromebaum.com  Tue Mar 22 22:50:26 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 21:50:26 +0000
Subject: 4096 bit keys
In-Reply-To: <4D891133.3010602@charter.net> (Mike  Acker's message of "Tue, 22
	Mar 2011 17:14:27 -0400")
References: <4D891133.3010602@charter.net>
Message-ID: <86vcza9659.fsf@jeromebaum.com>

Mike Acker <Mike_Acker at charter.net> writes:

> with chip makers playing with chips having 64 cores printed in silicon...
>
> someplace i read the ratios on this,-- if you make the key a little
> longer the key gets much harder to break.  in public key encryption
> though you have to factor the product of the two large prime numbers --
> which i'm told is no easy task.  i've often wondered about this as lists
> of large prime numbers are not hard to come by... so-- start someplace
> and start running divides... trouble is though you can't use the
> hardware instruction set: the numbers are way to large
>
> what does an x64 chip do? divide a 64 bit integer into a 128 bit
> dividend to yield a 64 but quotient and a 64 bit remainder? dunno but
> you have to do the same thing but using what? a 2048 or 4096 bit dividend?

Actually none of  this is that important. If you can  do the division in
half a second instead of one, that  only halves the time you need. All I
have to  do is  add one bit  to my  key size and  you're back  to square
one. The problem  is the number of divisions you  have to perform O(2^n)
for RSA-n. Actually it's a lot less, O(2^(n/2)) for the simple fact that
you have  to divide only up  to the square  root, as one factor  must be
smaller than  that. But the kind of  magnitude is still the  same and it
grows pretty fast with key size.

> what if they put 8192 cores on a chip? who would have such a machine?
> NSA.  the smart money would bet they would have it

It's not so much about the number  of cores. If you have two cores, that
doesn't account  for double the length  in the key. The  scale is linear
(double the computing power, half the time required to crack), while the
key  length  scale  is   exponential  (double  the  length,  square  the
size/difficulty).

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/73989bf9/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 22:52:39 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 17:52:39 -0400
Subject: Deniability
In-Reply-To: <938918350.20110322214233@my_localhost>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
Message-ID: <4D891A27.4000605@sixdemonbag.org>

On 3/22/11 5:42 PM, MFPA wrote:
> Assuming you have nothing illegal to hide

And in the context of that conversation it was clear that there was, in
fact, something illegal to hide.  Quoting: "if the government alleges,
'this person used OpenPGP to cover up the crime...'"


From jerome at jeromebaum.com  Tue Mar 22 22:54:27 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 21:54:27 +0000
Subject: what are the sub keys
In-Reply-To: <4D891510.7040902@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 17:30:56 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
	<a29fbbe35df95319decf279196177f0a@localhost>
	<86ei5yapl6.fsf@jeromebaum.com> <4D890D18.1030903@sixdemonbag.org>
	<86zkom97fz.fsf@jeromebaum.com> <4D891510.7040902@sixdemonbag.org>
Message-ID: <86r59y95yk.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/22/11 5:22 PM, Jerome Baum wrote:
>> Obviously, if  I am not using  a smart card  and doing other stuff
>> on a device  that can't cope  with RSA-4096  keys, then  I am
>> probably smart enough to ignore the default, right?
>
> This is a rudely-phrased question.  I either have to grant that you are,
> or have to say that you're not smart enough to ignore the default.

Actually, I would have used "one" (German: "man"), but then people would
have screamed about my use of language. I don't do this kind of stuff on
such a device. :)

In any case your advice on simplicity is a very sound argument. I really
hadn't  considered that it  might cause  confusion. See,  that's getting
carried  off on  the technical  side. Ladies  and gentlemen,  Mr. Conway
Twitty!

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/3450a4ee/attachment.pgp>

From thajsta at gmail.com  Tue Mar 22 23:06:30 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Tue, 22 Mar 2011 18:06:30 -0400
Subject: 4096 bit keys
In-Reply-To: <4D891133.3010602@charter.net>
References: <4D891133.3010602@charter.net>
Message-ID: <4D891D66.1090205@gmail.com>

I really wish 8192 would become available. Not that it would be the end
all/be all of key security but according to your theory it sounds much
more difficult to crack.

On 22/03/2011 05:14 PM, Mike Acker wrote:
> with chip makers playing with chips having 64 cores printed in silicon...
> 
> someplace i read the ratios on this,-- if you make the key a little
> longer the key gets much harder to break.  in public key encryption
> though you have to factor the product of the two large prime numbers --
> which i'm told is no easy task.  i've often wondered about this as lists
> of large prime numbers are not hard to come by... so-- start someplace
> and start running divides... trouble is though you can't use the
> hardware instruction set: the numbers are way to large
> 
> what does an x64 chip do? divide a 64 bit integer into a 128 bit
> dividend to yield a 64 but quotient and a 64 bit remainder? dunno but
> you have to do the same thing but using what? a 2048 or 4096 bit dividend?
> 
> (I'm not a mathematician)
> 
> what if they put 8192 cores on a chip? who would have such a machine?
> NSA.  the smart money would bet they would have it
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/a610862f/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 23:11:57 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 22:11:57 +0000
Subject: Deniability
In-Reply-To: <4D891A27.4000605@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 17:52:39 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
Message-ID: <86mxkm955e.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/22/11 5:42 PM, MFPA wrote:
>> Assuming you have nothing illegal to hide
>
> And in the context of that conversation it was clear that there was, in
> fact, something illegal to hide.  Quoting: "if the government alleges,
> 'this person used OpenPGP to cover up the crime...'"

So, if the goverment alleges I  have something to hide, then it is clear
that I do? Boy am I happy I don't live in the U.S.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/94ec97d2/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 23:14:41 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 22:14:41 +0000
Subject: 4096 bit keys
In-Reply-To: <4D891D66.1090205@gmail.com> (Jonathan  Ely's message of "Tue, 22
	Mar 2011 18:06:30 -0400")
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
Message-ID: <86ipva950u.fsf@jeromebaum.com>

Jonathan Ely <thajsta at gmail.com> writes:

> I really wish 8192 would become available. Not that it would be the end
> all/be all of key security but according to your theory it sounds much
> more difficult to crack.

Take that  a few steps further. Why  not use 99999999999999999999999-bit
keys? Because they are much more difficult to compute. In fact if you go
above a certain key size, since  IIRC the exponent e is standardized and
thus limited, your discrete logarithm  is no longer discrete and so your
key security just vanishes.

In any  case, 4096 bits will  be secure for  some time to come,  and yes
8192 bits would be even more secure.  We can take that as far as we wish
but  there are  limits in  the standard,  in compatibility,  and  in the
current implementation.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/b8d3267d/attachment.pgp>

From rjh at sixdemonbag.org  Tue Mar 22 23:18:47 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 18:18:47 -0400
Subject: 4096 bit keys
In-Reply-To: <86vcza9659.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net> <86vcza9659.fsf@jeromebaum.com>
Message-ID: <4D892047.9060601@sixdemonbag.org>

On 3/22/11 5:50 PM, Jerome Baum wrote:
> Actually none of  this is that important. If you can  do the division in
> half a second instead of one, that  only halves the time you need. All I
> have to  do is  add one bit  to my  key size and  you're back  to square
> one.

You have to add one bit to your *effective* key size.  Remember, the
primes are not evenly distributed: the larger you go, the more they are
spread out.  This is why for very small keys each additional bit gives
you quite a lot of security, but as keys grow very large more and more
bits have to be added to get that additional boost.

As an example, there are 25 primes under 100: of all the possible
values, you have to check 25% of them.  But there are only 78,498 primes
under one million: you only have to check 7.9% of those numbers.

> The problem  is the number of divisions you  have to perform O(2^n)
> for RSA-n. Actually it's a lot less, O(2^(n/2)) for the simple fact that
> you have  to divide only up  to the square  root, as one factor  must be
> smaller than  that. But the kind of  magnitude is still the  same and it
> grows pretty fast with key size.

You might want to look into the General Number Field Sieve (GNFS), which
is a much more efficient way of breaking RSA keys than by simple trial
division.


From noloader at gmail.com  Tue Mar 22 23:26:43 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Tue, 22 Mar 2011 18:26:43 -0400
Subject: Deniability
In-Reply-To: <86mxkm955e.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
Message-ID: <AANLkTinZ3BZbgs4WzyUxNArC0bUj6p6F=zzXiY5AYZnK@mail.gmail.com>

On Tue, Mar 22, 2011 at 6:11 PM, Jerome Baum <jerome at jeromebaum.com> wrote:
> "Robert J. Hansen" <rjh at sixdemonbag.org> writes:
>
>> On 3/22/11 5:42 PM, MFPA wrote:
>>> Assuming you have nothing illegal to hide
>>
>> And in the context of that conversation it was clear that there was, in
>> fact, something illegal to hide. ?Quoting: "if the government alleges,
>> 'this person used OpenPGP to cover up the crime...'"
>
> So, if the goverment alleges I ?have something to hide, then it is clear
> that I do? Boy am I happy I don't live in the U.S.
You don't have to live in the US to be subject to its arm and partial
justice. Just ask some of the folks at Guant?namo Bay.

Jeff


From kgo at grant-olson.net  Tue Mar 22 23:28:12 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 18:28:12 -0400
Subject: what are the sub keys
In-Reply-To: <86zkom97fz.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<86lj07b0c0.fsf@jeromebaum.com>	<fed467317aec7849940640c57691fd5c@localhost>	<8662rbauue.fsf@jeromebaum.com>	<843df7866055e65c798ccf256cfdb9a6@localhost>	<86y6479dmf.fsf@jeromebaum.com>	<38eb55f8b709b658a3d458a5e8965eaa@localhost>	<86ipvb9che.fsf@jeromebaum.com>	<a29fbbe35df95319decf279196177f0a@localhost>	<86ei5yapl6.fsf@jeromebaum.com>
	<4D890D18.1030903@sixdemonbag.org> <86zkom97fz.fsf@jeromebaum.com>
Message-ID: <4D89227C.1060806@grant-olson.net>

On 03/22/2011 05:22 PM, Jerome Baum wrote:
> 
> Are  you talking  about the  option of  moving a  key to  a  smart card?
> Because  if  I  generate  it   on-card,  I  won't  have  the  option  of
> RSA-4096. And will "average Joe" really  move his key to a smart card if
> he  generated  it off  card?   And does  that  actually  make any  sense
> considering it wasn't originally generated on-card?
> 

Plenty of people move existing keys to smart cards.  Generating a key
on-board is more secure, but then you're left dealing with two keys.
The old software one, and the new smart card one.  And if you've still
got an old software key to deal with, then what's the benefit of a smart
card anyway?  And the new key doesn't have any of your existing signatures.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 564 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/6df869d4/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 23:28:31 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 22:28:31 +0000
Subject: 4096 bit keys
In-Reply-To: <4D892047.9060601@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 18:18:47 -0400")
References: <4D891133.3010602@charter.net>   <86vcza9659.fsf@jeromebaum.com>
	<4D892047.9060601@sixdemonbag.org>
Message-ID: <86ei5y94ds.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> You have to add one bit to your *effective* key size.  Remember, the
> primes are not evenly distributed: the larger you go, the more they are
> spread out.  This is why for very small keys each additional bit gives
> you quite a lot of security, but as keys grow very large more and more
> bits have to be added to get that additional boost.
>
> As an example, there are 25 primes under 100: of all the possible
> values, you have to check 25% of them.  But there are only 78,498 primes
> under one million: you only have to check 7.9% of those numbers.

Yeah,  sorry. They  go  up with  O(log(n))  where n  is  the number,  or
something like it, right? In any case the point remains -- I have to add
"a few bits" while you have to  figure out a whole new means of division
that is much faster.

>> The problem  is the number of divisions you  have to perform O(2^n)
>> for RSA-n. Actually it's a lot less, O(2^(n/2)) for the simple fact that
>> you have  to divide only up  to the square  root, as one factor  must be
>> smaller than  that. But the kind of  magnitude is still the  same and it
>> grows pretty fast with key size.
>
> You might want to look into the General Number Field Sieve (GNFS), which
> is a much more efficient way of breaking RSA keys than by simple trial
> division.

That's why  I said "actually  it's a lot  less, ... for the  simple fact
that ..." --  my point remains, the kind of magnitude  is still the same
and it grows pretty fast with key size. GNFS is also exponential in some
multiple of the key size, at least IIRC.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/31ef2a17/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 23:34:10 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 22:34:10 +0000
Subject: Deniability
In-Reply-To: <AANLkTinZ3BZbgs4WzyUxNArC0bUj6p6F=zzXiY5AYZnK@mail.gmail.com>
	(Jeffrey Walton's message of "Tue, 22 Mar 2011 18:26:43 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
	<AANLkTinZ3BZbgs4WzyUxNArC0bUj6p6F=zzXiY5AYZnK@mail.gmail.com>
Message-ID: <861v1y944d.fsf@jeromebaum.com>

Jeffrey Walton <noloader at gmail.com> writes:

> On Tue, Mar 22, 2011 at 6:11 PM, Jerome Baum <jerome at jeromebaum.com> wrote:
>> "Robert J. Hansen" <rjh at sixdemonbag.org> writes:
>>
>>> On 3/22/11 5:42 PM, MFPA wrote:
>>>> Assuming you have nothing illegal to hide
>>>
>>> And in the context of that conversation it was clear that there was, in
>>> fact, something illegal to hide. ?Quoting: "if the government alleges,
>>> 'this person used OpenPGP to cover up the crime...'"
>>
>> So, if the goverment alleges I ?have something to hide, then it is clear
>> that I do? Boy am I happy I don't live in the U.S.
> You don't have to live in the US to be subject to its arm and partial
> justice. Just ask some of the folks at Guant?namo Bay.

Err, this is not the kind of direction I wanted this to take.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/0d8278ee/attachment.pgp>

From jerome at jeromebaum.com  Tue Mar 22 23:37:21 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 22:37:21 +0000
Subject: what are the sub keys
In-Reply-To: <4D89227C.1060806@grant-olson.net> (Grant Olson's message of
	"Tue, 22 Mar 2011 18:28:12 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
	<a29fbbe35df95319decf279196177f0a@localhost>
	<86ei5yapl6.fsf@jeromebaum.com> <4D890D18.1030903@sixdemonbag.org>
	<86zkom97fz.fsf@jeromebaum.com> <4D89227C.1060806@grant-olson.net>
Message-ID: <86wrjq7pem.fsf@jeromebaum.com>

Grant Olson <kgo at grant-olson.net> writes:

> On 03/22/2011 05:22 PM, Jerome Baum wrote:
>> 
>> Are  you talking  about the  option of  moving a  key to  a  smart card?
>> Because  if  I  generate  it   on-card,  I  won't  have  the  option  of
>> RSA-4096. And will "average Joe" really  move his key to a smart card if
>> he  generated  it off  card?   And does  that  actually  make any  sense
>> considering it wasn't originally generated on-card?
>> 
>
> Plenty of people move existing keys to smart cards.  Generating a key
> on-board is more secure, but then you're left dealing with two keys.
> The old software one, and the new smart card one.  And if you've still
> got an old software key to deal with, then what's the benefit of a smart
> card anyway?  And the new key doesn't have any of your existing signatures.

So, I move  my key to a smart  card to gain the illusion  that it's more
secure, while it practically isn't (at least not much more).

Personally,  I'd generate  one  on-card  and sign  it  with my  off-card
key. Then collect new signatures on the on-card key.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/f810caa9/attachment.pgp>

From kgo at grant-olson.net  Tue Mar 22 23:47:49 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 18:47:49 -0400
Subject: what are the sub keys
In-Reply-To: <86wrjq7pem.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<4D8567C1.5040507@gmail.com>	<4D857659.8040404@sixdemonbag.org>	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>	<94d82d0c525e9bfd2245426796fbce2d@localhost>	<86lj07b0c0.fsf@jeromebaum.com>	<fed467317aec7849940640c57691fd5c@localhost>	<8662rbauue.fsf@jeromebaum.com>	<843df7866055e65c798ccf256cfdb9a6@localhost>	<86y6479dmf.fsf@jeromebaum.com>	<38eb55f8b709b658a3d458a5e8965eaa@localhost>	<86ipvb9che.fsf@jeromebaum.com>	<a29fbbe35df95319decf279196177f0a@localhost>	<86ei5yapl6.fsf@jeromebaum.com>
	<4D890D18.1030903@sixdemonbag.org>	<86zkom97fz.fsf@jeromebaum.com>
	<4D89227C.1060806@grant-olson.net> <86wrjq7pem.fsf@jeromebaum.com>
Message-ID: <4D892715.5030106@grant-olson.net>

On 03/22/2011 06:37 PM, Jerome Baum wrote:
> 
> So, I move  my key to a smart  card to gain the illusion  that it's more
> secure, while it practically isn't (at least not much more).
> 

Why wouldn't it be more secure?  Before my key was encrypted but
available on disk, and available unencrypted in system memory.  Now it's
on a specialized smart-card, completely inaccessible to the OS.

History of my key.

1) Normal key for a few months.

2) Moved the primary key offline, only used subkeys on networked
computers, and did that for a few more months.

3) Moved the subkeys to a dedicated smart card.

Sure, I can't guarantee that the NSA or a Chinese Hacker didn't
compromise my keys a year ago, but I'm still much more secure now than I
was then.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 564 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/139d9f3a/attachment.pgp>

From kgo at grant-olson.net  Tue Mar 22 23:53:15 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 18:53:15 -0400
Subject: 4096 bit keys
In-Reply-To: <4D891D66.1090205@gmail.com>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
Message-ID: <4D89285B.7050905@grant-olson.net>

On 03/22/2011 06:06 PM, Jonathan Ely wrote:
> I really wish 8192 would become available. Not that it would be the end
> all/be all of key security but according to your theory it sounds much
> more difficult to crack.
> 

The actual cutting edge solution is to move from RSA to ECC.  Even a
8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
SECRET materials, but ECC-521 is.

ECC actually is up-and-running in the beta for gpg 2.1, but
realistically it'll be (at least) a few years before it gets mainstream
adoption.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 564 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/533b4a61/attachment-0001.pgp>

From expires2011 at ymail.com  Wed Mar 23 00:04:36 2011
From: expires2011 at ymail.com (MFPA)
Date: Tue, 22 Mar 2011 23:04:36 +0000
Subject: Deniability
In-Reply-To: <4D891A27.4000605@sixdemonbag.org>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
Message-ID: <242824723.20110322230436@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 22 March 2011 at 9:52:39 PM, in
<mid:4D891A27.4000605 at sixdemonbag.org>, Robert J. Hansen wrote:


> On 3/22/11 5:42 PM, MFPA wrote:
>> Assuming you have nothing illegal to hide

> And in the context of that conversation it was clear
> that there was, in fact, something illegal to hide.
> Quoting: "if the government alleges, 'this person used
> OpenPGP to cover up the crime...'"

Oops. Mea culpa; I misread it as "... to cover up _a_ crime..."


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

The truth is rarely pure and never simple
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNiSsRnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pCN8EAK83
b/YneYjUiIqm8OjBTm8bv87kHCeVXZgbn36TkDfOsvMfHwNRjC88N0e16MMH5IC0
3imYU40lQtyUyuiH1DHxUD7o+6hBXgbXiN+DlIEhuU7ykVPOlfl1N7AjfxM+aq5m
9SnlWZ0OxJaY95HPoynu4CeL17OL0NQPA+BPXxnm
=x+Cn
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Wed Mar 23 00:18:11 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 19:18:11 -0400
Subject: Deniability
In-Reply-To: <86mxkm955e.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<4D8759E1.9080706@sixdemonbag.org>	<86mxkoed1h.fsf@jeromebaum.com>
	<4D88049D.5090403@sixdemonbag.org>	<86wrjrcjc3.fsf@jeromebaum.com>	<0ffe0940715ba720b1869d346dbf1504@localhost>	<86sjufb0ks.fsf@jeromebaum.com>	<aad88fe64325e58dc8127157e97a9b00@localhost>	<86aagnav1g.fsf@jeromebaum.com>	<03aa4ec32835886760887fa38bfeda25@localhost>	<86sjuf9ddf.fsf@jeromebaum.com>	<1af4381f560480656e49ea2843098672@localhost>	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
Message-ID: <4D892E33.4010705@sixdemonbag.org>

On 3/22/2011 6:11 PM, Jerome Baum wrote:
> So, if the goverment alleges I  have something to hide, then it is clear
> that I do? Boy am I happy I don't live in the U.S.

This is cheap ad-hominem.  I said nothing of the sort.  If the
government *alleges* that you *committed a crime*, the government needs
to enter into evidence *how you committed that crime*.

If the crime is evidence spoilation, then yes, the government can enter
into evidence the fact you possessed the tools required to spoil
evidence.  It doesn't mean you're guilty of evidence spoilation: it only
means the jury might find that fact to be interesting and relevant, and
for that reason it should be presented to them.

If I'm accused of stabbing someone to death, the government gets to
enter into evidence the fact I own a knife exactly like the one they
allege was used to murder someone.  This is no different.

I honestly do not understand where you're coming from.  It seems as if
you're deliberately trying to twist around what I'm saying.


From rjh at sixdemonbag.org  Wed Mar 23 00:29:00 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 19:29:00 -0400
Subject: 4096 bit keys
In-Reply-To: <4D89285B.7050905@grant-olson.net>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net>
Message-ID: <4D8930BC.70304@sixdemonbag.org>

On 3/22/2011 6:53 PM, Grant Olson wrote:
> The actual cutting edge solution is to move from RSA to ECC.  Even a
> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
> SECRET materials, but ECC-521 is.

Do you have a cite for that?  I know ECC is approved, but I've never
been able to find confirmation one way or another that ECC is the *only*
publicly-acknowledged asymmetric algorithm approved for TS.  Any
heads-up you could give would be appreciated.


From thajsta at gmail.com  Wed Mar 23 00:32:38 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Tue, 22 Mar 2011 19:32:38 -0400
Subject: 4096 bit keys
In-Reply-To: <4D89285B.7050905@grant-olson.net>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net>
Message-ID: <4D893196.30904@gmail.com>

What is ECC? Now I want that haha.

On 22/03/2011 06:53 PM, Grant Olson wrote:
> On 03/22/2011 06:06 PM, Jonathan Ely wrote:
>> I really wish 8192 would become available. Not that it would be the end
>> all/be all of key security but according to your theory it sounds much
>> more difficult to crack.
>>
> 
> The actual cutting edge solution is to move from RSA to ECC.  Even a
> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
> SECRET materials, but ECC-521 is.
> 
> ECC actually is up-and-running in the beta for gpg 2.1, but
> realistically it'll be (at least) a few years before it gets mainstream
> adoption.
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/7200fcd0/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 00:34:27 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 23:34:27 +0000
Subject: Deniability
In-Reply-To: <4D892E33.4010705@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 19:18:11 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
	<86mxkm955e.fsf@jeromebaum.com> <4D892E33.4010705@sixdemonbag.org>
Message-ID: <86mxkm7mrg.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/22/2011 6:11 PM, Jerome Baum wrote:
>> So, if the goverment alleges I  have something to hide, then it is clear
>> that I do? Boy am I happy I don't live in the U.S.
>
> This is cheap ad-hominem.  I said nothing of the sort.  If the
> government *alleges* that you *committed a crime*, the government needs
> to enter into evidence *how you committed that crime*.

>>> And in the context of that conversation it was clear that there was, in
>>> fact, something illegal to hide.  Quoting: "if the government alleges,
>>> 'this person used OpenPGP to cover up the crime...'"

Let's rephrase what you said: "From the government alleging 'this person
used a  OpenPGP to hide evidence of  his crime' it was  clear that there
was, in fact, evidence of his crime."

One  step  further: "From  the  government  alleging  'this person  used
OpenPGP to  hide evidence of his  crime' it was clear  that he committed
the crime."

And another step: "From the  government alleging something, it was clear
that he committed the crime."

Where were  you involved? Quoting  dictionary.reference.com: ad hominem:
"attacking an opponent's character rather than answering his argument."

> If the crime is evidence spoilation, then yes, the government can enter
> into evidence the fact you possessed the tools required to spoil
> evidence.  It doesn't mean you're guilty of evidence spoilation: it only
> means the jury might find that fact to be interesting and relevant, and
> for that reason it should be presented to them.
>
> If I'm accused of stabbing someone to death, the government gets to
> enter into evidence the fact I own a knife exactly like the one they
> allege was used to murder someone.  This is no different.
>
> I honestly do not understand where you're coming from.  It seems as if
> you're deliberately trying to twist around what I'm saying.

I guess  we are  talking about  different trials. I  am talking  about a
trial pertaining to the original crime (child abuse), into which "he has
gpg  installed" was  entered as  evidence, under  the argument  that "he
might have encrypted his pictures with gpg -- we don't have the picture,
but he  might have done  this".

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/3f6b2f70/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 00:38:39 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 23:38:39 +0000
Subject: what are the sub keys
In-Reply-To: <4D892715.5030106@grant-olson.net> (Grant Olson's message of
	"Tue, 22 Mar 2011 18:47:49 -0400")
References: <4D8565E1.7080608@charter.net>    <4D8567C1.5040507@gmail.com>
	<4D857659.8040404@sixdemonbag.org>
	<20110322141955.GA7495@imac-6g2p.mgh.harvard.edu>
	<94d82d0c525e9bfd2245426796fbce2d@localhost>
	<86lj07b0c0.fsf@jeromebaum.com>
	<fed467317aec7849940640c57691fd5c@localhost>
	<8662rbauue.fsf@jeromebaum.com>
	<843df7866055e65c798ccf256cfdb9a6@localhost>
	<86y6479dmf.fsf@jeromebaum.com>
	<38eb55f8b709b658a3d458a5e8965eaa@localhost>
	<86ipvb9che.fsf@jeromebaum.com>
	<a29fbbe35df95319decf279196177f0a@localhost>
	<86ei5yapl6.fsf@jeromebaum.com> <4D890D18.1030903@sixdemonbag.org>
	<86zkom97fz.fsf@jeromebaum.com> <4D89227C.1060806@grant-olson.net>
	<86wrjq7pem.fsf@jeromebaum.com> <4D892715.5030106@grant-olson.net>
Message-ID: <86ipva7mkg.fsf@jeromebaum.com>

Grant Olson <kgo at grant-olson.net> writes:

> On 03/22/2011 06:37 PM, Jerome Baum wrote:
>> 
>> So, I move  my key to a smart  card to gain the illusion  that it's more
>> secure, while it practically isn't (at least not much more).

> Why wouldn't it be more secure?  Before my key was encrypted but
> available on disk, and available unencrypted in system memory.  Now it's
> on a specialized smart-card, completely inaccessible to the OS.

"(at least not much more)" -- but agreed, much is a subjective this. I'm
just saying I think people will  have the illusion of "this is as secure
as  if I had  generated it  right on  the card"  -- we're  talking about
average Joe  who uses only  the defaults, doesn't  read up on  what they
mean, and has "heard somewhere" that smart cards are double plus good.

> Sure, I can't guarantee that the NSA or a Chinese Hacker didn't
> compromise my keys a year ago, but I'm still much more secure now than I
> was then.

Absolutely agreed. We were just talking past each other.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/e22039f5/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 00:44:24 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Tue, 22 Mar 2011 23:44:24 +0000
Subject: 4096 bit keys
In-Reply-To: <4D89285B.7050905@grant-olson.net> (Grant Olson's message of
	"Tue, 22 Mar 2011 18:53:15 -0400")
References: <4D891133.3010602@charter.net>    <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net>
Message-ID: <86ei5y7mav.fsf@jeromebaum.com>

Grant Olson <kgo at grant-olson.net> writes:

> On 03/22/2011 06:06 PM, Jonathan Ely wrote:
>> I really wish 8192 would become available. Not that it would be the end
>> all/be all of key security but according to your theory it sounds much
>> more difficult to crack.
>> 
>
> The actual cutting edge solution is to move from RSA to ECC.  Even a
> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
> SECRET materials, but ECC-521 is.

Isn't ECDSA really vulnerable  to reused and predictable signature seeds
(don't know what they're called, I'm talking about "k")?

> ECC actually is up-and-running in the beta for gpg 2.1, but
> realistically it'll be (at least) a few years before it gets mainstream
> adoption.

You loose any interoperability as  it's not OpenPGP, right? It certainly
isn't in the commercial PGP. OT but  does anyone know how I can make PGP
stop trying to access my  (not plugged-in) smart-card reader? I have one
of those DATEV smart cards and PGP  seems to think "hey! I see there may
or may not possible be something available or temporarily unavailable or
not available at all  on this system that we like to  refer to as 'smart
card', and it may or may not be convenient for my user to use that thing
that we like  to refer to as 'smart card'. Instead  of bothering my user
with questions  about this so-called  'smart card' and whether  I should
use  it,  I'll  just call  the  API.  In  fact,  because my  user  might
accidentally click 'don't  use smart card (i.e. cancel)',  I'll run that
API call 5 times -- just to be sure."

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/0ee30993/attachment-0001.pgp>

From rjh at sixdemonbag.org  Wed Mar 23 00:51:36 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 19:51:36 -0400
Subject: 4096 bit keys
In-Reply-To: <86ei5y7mav.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com>
Message-ID: <4D893608.8040903@sixdemonbag.org>

On 3/22/2011 7:44 PM, Jerome Baum wrote:
> Isn't ECDSA really vulnerable  to reused and predictable signature
> seeds (don't know what they're called, I'm talking about "k")?

No moreso than many other algorithms.  If the algorithm says "this value
must be random" and you don't use a random value, then yes, you're going
to have a very bad day.

> You loose any interoperability as  it's not OpenPGP, right?

ECC is being introduced into the OpenPGP standard.  Pretty much everyone
in the working group wants it to be added: they just want to make sure
it gets added in the right way.

I'll eat my own hat if PGP Corporation doesn't already have an internal
testing branch that supports ECC.


From kgo at grant-olson.net  Wed Mar 23 01:04:24 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 20:04:24 -0400
Subject: 4096 bit keys
In-Reply-To: <4D8930BC.70304@sixdemonbag.org>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<4D8930BC.70304@sixdemonbag.org>
Message-ID: <4D893908.3000704@grant-olson.net>

On 03/22/2011 07:29 PM, Robert J. Hansen wrote:
> On 3/22/2011 6:53 PM, Grant Olson wrote:
>> The actual cutting edge solution is to move from RSA to ECC.  Even a
>> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
>> SECRET materials, but ECC-521 is.
> 
> Do you have a cite for that?  I know ECC is approved, but I've never
> been able to find confirmation one way or another that ECC is the *only*
> publicly-acknowledged asymmetric algorithm approved for TS.  Any
> heads-up you could give would be appreciated.
> 

I suppose in the sense I can't prove a negative, I don't have a cite.
There could be another recommendation out there, but I was going off of
NSA Suite B.  (Link and text follow.)   It says that RSA 2048 bit keys
can be used while transitioning to ECC, but for SECRET level only.  It
also says ECC-384 is good enough for TOP SECRET.  I just mis-remembered
that as ECC-521.

http://www.nsa.gov/ia/programs/suiteb_cryptography/

"""
AES with 128-bit keys provides adequate protection for classified
information up to the SECRET level. Similarly, ECDH and ECDSA using the
256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and
SHA-256 provide adequate protection for classified information up to the
SECRET level. During the transition to the use of elliptic curve
cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a
2048-bit modulus to protect classified information up to the SECRET level.

AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the
384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and
SHA-384 are required to protect classified information at the TOP SECRET
level. Since some products approved to protect classified information up
to the TOP SECRET level will only contain algorithms with these
parameters, algorithm interoperability between various products can only
be guaranteed by having these parameters as options.

"""


-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/299e7fb8/attachment.pgp>

From kgo at grant-olson.net  Wed Mar 23 01:14:53 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 20:14:53 -0400
Subject: 4096 bit keys
In-Reply-To: <4D893196.30904@gmail.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<4D893196.30904@gmail.com>
Message-ID: <4D893B7D.4060400@grant-olson.net>

On 03/22/2011 07:32 PM, Jonathan Ely wrote:
> What is ECC? Now I want that haha.
> 

Elliptic Curve Cryptography

https://secure.wikimedia.org/wikipedia/en/wiki/Elliptic_curve_cryptography

Since it isn't based on prime numbers, it 'scales' better than RSA or
DSA, and keys of similar security levels are much smaller.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/46a3c3aa/attachment.pgp>

From kgo at grant-olson.net  Wed Mar 23 01:29:08 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 22 Mar 2011 20:29:08 -0400
Subject: 4096 bit keys
In-Reply-To: <86ei5y7mav.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com>
Message-ID: <4D893ED4.9040503@grant-olson.net>

On 03/22/2011 07:44 PM, Jerome Baum wrote:
> Grant Olson <kgo at grant-olson.net> writes:
>> ECC actually is up-and-running in the beta for gpg 2.1, but
>> realistically it'll be (at least) a few years before it gets mainstream
>> adoption.
> 
> You loose any interoperability as  it's not OpenPGP, right? It certainly
> isn't in the commercial PGP.

That's why I said "but
realistically it'll be (at least) a few years before it gets mainstream
adoption." ;-)

Even if the draft standard got approved today, and both gpg and pgp corp
had working production implementations, it'll be years before it gets to
the point where you can assume random users will be able to support ECC.

But if you just wanted to use it with your inner circle, be it an
eco-terrorist cell or a fantasy football league, you actually could
start using it today.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/8a3a7741/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 01:39:29 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 00:39:29 +0000
Subject: 4096 bit keys
In-Reply-To: <4D893ED4.9040503@grant-olson.net> (Grant Olson's message of
	"Tue, 22 Mar 2011 20:29:08 -0400")
References: <4D891133.3010602@charter.net>    <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net> <86ei5y7mav.fsf@jeromebaum.com>
	<4D893ED4.9040503@grant-olson.net>
Message-ID: <86aagm7jr2.fsf@jeromebaum.com>

Grant Olson <kgo at grant-olson.net> writes:

> On 03/22/2011 07:44 PM, Jerome Baum wrote:
>> Grant Olson <kgo at grant-olson.net> writes:
>>> ECC actually is up-and-running in the beta for gpg 2.1, but
>>> realistically it'll be (at least) a few years before it gets mainstream
>>> adoption.
>> 
>> You loose any interoperability as  it's not OpenPGP, right? It certainly
>> isn't in the commercial PGP.
>
> That's why I said "but
> realistically it'll be (at least) a few years before it gets mainstream
> adoption." ;-)

Right,  and everything  you wrote  below.  I was  just re-enforcing  the
strong  suggestion that  people not  use it.  Thing about  some innocent
average  Joe (while  I put  big trust  in Alice  and Bob,  I am  not too
confident in  Joe) reading  the archives, fetching  the gpg  beta (where
necessary switching on expert mode) in  an attempt to use ECC because it
sounds cool to use.

Might be that my level of confidence  in Joe is a bit screwed, but then,
pink elephants!

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/9cb5fd18/attachment.pgp>

From larry-lists at maxqe.com  Wed Mar 23 00:38:36 2011
From: larry-lists at maxqe.com (Larry Brower)
Date: Tue, 22 Mar 2011 18:38:36 -0500
Subject: 4096 bit keys
In-Reply-To: <4D893196.30904@gmail.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<4D893196.30904@gmail.com>
Message-ID: <4D8932FC.2070306@maxqe.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 03/22/2011 06:32 PM, Jonathan Ely wrote:
> What is ECC? Now I want that haha.

Elliptic curve cryptography



http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJNiTL8AAoJEPXCUD/44PWqF5EQAL+WCIFd0ylULGW9LacvRS84
5tXtYQxShj2onusspDfMQdiFJoUYAA1MIVrFe1S8IXBOG4PSnNkZuos9arPgPFz4
Vt2epmtd0fF1hcbi7kfJrftyMW4F4j0HO+XWgM6l2EKxWYHzDKnxO7aDzwddpcyc
9VWXz0B8eMJWhfcQjW7K9XZJJrCuijzXcejD3ObXbOcTjIhBrcl30xKtyPt4aJPt
ekuMl7rgM0lMP2uXXHzGgOaU4c21f0kAOlcfF8VQ9uorZEK8ngRovyyoNwYcGKw8
VqrW5WGgZb1so8hGMgaK6/nRcsEDW5HFWX4lNV5md46oddldMuKbh64Bvc0OBFC+
0zT/pSb60DhTuomDKj7M15Z2ezVWA1179zwFAcpi0M/2xMSmx/PiuD7y/mdNggka
bo72eyh9kttNwuX6+8QIi6wVn0CgEoY5lXUGUjaDkwlzswqnn3PCZN1dYVZRVSWW
NIPOgGG0N2cuH4pwCQQ9I17sD+xLHbDV11ddphe3ect95LP2/Ope5fDOvNeMS2KF
E8U1m4ON40PW3jIYg72OhoRSHHQzp9JVFjRCczDtMmMsJPk5YD2Njg+4RaUkjSw1
NKZbpa0UJD0gwB3zyWI+goxwICWsrD6LveqlZBtg1F48/qx6NTcb0HIou29dYBSs
lu74QTku+2rNvYWnZi0j
=hTLX
-----END PGP SIGNATURE-----


From david at systemoverlord.com  Wed Mar 23 00:25:20 2011
From: david at systemoverlord.com (David Tomaschik)
Date: Tue, 22 Mar 2011 19:25:20 -0400
Subject: 4096 bit keys
In-Reply-To: <4D891133.3010602@charter.net>
References: <4D891133.3010602@charter.net>
Message-ID: <AANLkTikOcQycprZVwkeQsUbfDKzkMOZx0DwaEmYT3sf3@mail.gmail.com>

On Tue, Mar 22, 2011 at 5:14 PM, Mike Acker <Mike_Acker at charter.net> wrote:
> with chip makers playing with chips having 64 cores printed in silicon...
>
> someplace i read the ratios on this,-- if you make the key a little
> longer the key gets much harder to break. ?in public key encryption
> though you have to factor the product of the two large prime numbers --
> which i'm told is no easy task. ?i've often wondered about this as lists
> of large prime numbers are not hard to come by... so-- start someplace
> and start running divides... trouble is though you can't use the
> hardware instruction set: the numbers are way to large
>
> what does an x64 chip do? divide a 64 bit integer into a 128 bit
> dividend to yield a 64 but quotient and a 64 bit remainder? dunno but
> you have to do the same thing but using what? a 2048 or 4096 bit dividend?
>
> (I'm not a mathematician)
>
> what if they put 8192 cores on a chip? who would have such a machine?
> NSA. ?the smart money would bet they would have it
>
> --
> /MIKE

So, AMD sells Opterons with 12 cores in a single CPU.  It has a street
price of $770.  In 2007, the TILE64 was released (a CPU with 64 cores,
but not x86-compatible).  It's a safe assumption that the NSA *could*
have a NUMA supercomputer or a cluster with 8000+ cores TODAY, but
even with those resources, it's unlikely they could get your key, or
would invest the time to do so.

RSA-768 (a 768-bit modulus) was factored in December 2009, in a
process that took hundreds of computers two years to complete. [1]
The authors of [1] estimate that a 1024-bit RSA modulus would be 1000
times as difficult to factor, but would be achievable in a fashion
similar to theirs within a decade.  That being said, I believe (but
have no solid numbers to back) that 2048 is probably about 1,000,000
TIMES as difficult to factor as RSA-1024.  (I base this on a 1000 time
number from 768 to 1024, and the decreasing incidence of prime numbers
as we get larger values.)

The reality is, for the NSA to even invest the computing time that was
involved in the RSA-768 effort, you'd have to have done (or they would
need to believe that you have done or will do) something REALLY BIG.
Probably on the order of importing CBRN-type weaponry into the US.
And if they believe you're that bad, they will find a way to get at
your key (or rather, your plaintexts).

The ability to "casually" decrypt even 1024-bit keys is nowhere near.
(And by "casually", I mean a difficulty similarly to what it takes to
wiretap a phone.)

[1] http://eprint.iacr.org/2010/006

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


From JPClizbe at tx.rr.com  Wed Mar 23 03:03:13 2011
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Tue, 22 Mar 2011 21:03:13 -0500
Subject: Using GNUPG as a standalone client
In-Reply-To: <31198015.post@talk.nabble.com>
References: <31198015.post@talk.nabble.com>
Message-ID: <4D8954E1.1020301@tx.rr.com>

gayamantra wrote:
> 
> Hi,
> 
> We are intending to use GNUPG to encrypt a file before we FTP it to an
> external party. 
> 
> Is it possible to use GNUPG as a standalone client without having to install
> in on our servers?

Yes, GnuPG may be installed on a workstation and accessed at the command line,
BUT sftp or scp (part of SSH) are probably better solutions. They're easier to
use and eliminate the chance of users transferring files in the clear. I'd most
likely only encrypt with GnuPG if the external party needed to restrict access
to the file on their end.

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/db8e1811/attachment-0001.pgp>

From dan at geer.org  Wed Mar 23 03:16:02 2011
From: dan at geer.org (dan at geer.org)
Date: Tue, 22 Mar 2011 22:16:02 -0400
Subject: Deniability 
In-Reply-To: Your message of "Tue, 22 Mar 2011 22:34:10 -0000."
	<861v1y944d.fsf@jeromebaum.com> 
Message-ID: <20110323021602.A85E633CCD@absinthe.tinho.net>


 > Err, this is not the kind of direction I wanted this to take.

Even as a 99.44% pure lurker, me neither.

Might I suggest to those who want to argue what the plusses
and minuses are of hiding that it might be good to read Daniel
Solove's (new) Yale Press book, _Nothing to Hide_, or the paper
of the same name which preceded it?

Personally, I do think privacy and security are a zero sum
game in the main, i.e., I agree with Ed Giorgio's commentary
in the New Yorker ("The Spymaster," January 21, 2008) to that
effect.  I don't like it, but what I like is irrelevant.  If
zero-summed-ness is an actual fact of nature, then I'll choose
more privacy and less security as the Internet-of-Things approaches.

--dan

A conservative is a socialist who worships order.
A liberal is a socialist who worships safety. 
                        -- Victor Milan', 1999



From rjh at sixdemonbag.org  Wed Mar 23 03:23:06 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 22:23:06 -0400
Subject: Deniability
In-Reply-To: <86mxkm7mrg.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<4D8759E1.9080706@sixdemonbag.org>	<86mxkoed1h.fsf@jeromebaum.com>
	<4D88049D.5090403@sixdemonbag.org>	<86wrjrcjc3.fsf@jeromebaum.com>	<0ffe0940715ba720b1869d346dbf1504@localhost>	<86sjufb0ks.fsf@jeromebaum.com>	<aad88fe64325e58dc8127157e97a9b00@localhost>	<86aagnav1g.fsf@jeromebaum.com>	<03aa4ec32835886760887fa38bfeda25@localhost>	<86sjuf9ddf.fsf@jeromebaum.com>	<1af4381f560480656e49ea2843098672@localhost>	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>	<86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org> <86mxkm7mrg.fsf@jeromebaum.com>
Message-ID: <4D89598A.2060300@sixdemonbag.org>

On 3/22/2011 7:34 PM, Jerome Baum wrote:
> Let's rephrase what you said: "From the government alleging 'this person
> used a  OpenPGP to hide evidence of  his crime' it was  clear that there
> was, in fact, evidence of his crime."

Yes: it's a tautology.  A prosecutor is not allowed to make an
allegation in court for which they do not have evidence.  If the
prosecutor says, "this person used OpenPGP to hide evidence of his
crime," the prosecutor must be able to present the spoiled evidence and
demonstrate it was connected to a crime: otherwise that allegation is
barred from the courtroom.

How that evidence should be interpreted, how much weight it should be
given, etc., is solely the purview of the jury.  But if the government
says, "this person used a bloody knife to murder someone," then yes,
that's evidence there's a dead body that was killed with a knife,
because otherwise no judge would allow the prosecutor to make that claim.

> Where were  you involved? Quoting  dictionary.reference.com: ad hominem:
> "attacking an opponent's character rather than answering his argument."

It's everything-the-government-does-is-evil claptrap that I have no
patience for.  I am no particular fan of the government, but to think
that it would so nakedly act in such a way is ridiculous.

> I guess  we are  talking about  different trials. I  am talking  about a
> trial pertaining to the original crime (child abuse), into which "he has
> gpg  installed" was  entered as  evidence

To repeat what I told you earlier: *there was no such trial*.  This is
an urban legend in the community.  No one has ever been able to produce
a citation for me.  I've asked, quite a lot of times, and I've done my
own digging in Westlaw trying to find it.  To the best of my knowledge,
it doesn't exist.  What exist instead are different trials for evidence
spoilation and related charges, in which the defendant's possession of
those tools is directly related to the charge.


From jerome at jeromebaum.com  Wed Mar 23 03:29:24 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 02:29:24 +0000
Subject: Deniability
In-Reply-To: <4D89598A.2060300@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 22:23:06 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
	<86mxkm955e.fsf@jeromebaum.com> <4D892E33.4010705@sixdemonbag.org>
	<86mxkm7mrg.fsf@jeromebaum.com> <4D89598A.2060300@sixdemonbag.org>
Message-ID: <86wrjq603f.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> To repeat what I told you earlier: *there was no such trial*.

When did you tell me this?

> This is an  urban legend in the community.  No one  has ever been able
> to produce a  citation for me.  I've asked, quite a  lot of times, and
> I've done my own digging in Westlaw trying to find it.  To the best of
> my  knowledge, it  doesn't exist.   What exist  instead  are different
> trials  for evidence  spoilation  and related  charges,  in which  the
> defendant's  possession of  those  tools is  directly  related to  the
> charge.

http://news.cnet.com/Minnesota-court-takes-dim-view-of-encryption/2100-1030_3-5718978.html

"We find that evidence of  appellant's Internet use and the existence of
an encryption program on his  computer was at least somewhat relevant to
the state's case against him,"

The Internet use  might be, but "the existence  of an encryption program
on  his computer",  considering there  was absolutely  _no_  evidence of
encrypted imagery, was certainly not relevant to the case.

The guy  was convicted,  and for the  right reasons, but  the encryption
software shouldn't have been allowed.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/75f253dc/attachment.pgp>

From JPClizbe at tx.rr.com  Wed Mar 23 03:33:54 2011
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Tue, 22 Mar 2011 21:33:54 -0500
Subject: 4096 bit keys
In-Reply-To: <86ei5y7mav.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com>
Message-ID: <4D895C12.3080909@tx.rr.com>

Jerome Baum wrote:
> Grant Olson <kgo at grant-olson.net> writes:
> 
>> On 03/22/2011 06:06 PM, Jonathan Ely wrote:
>>> I really wish 8192 would become available. Not that it would be the end
>>> all/be all of key security but according to your theory it sounds much
>>> more difficult to crack.
>>> 
>>
>> The actual cutting edge solution is to move from RSA to ECC.  Even a
>> 8192 bit or 16k bit RSA key isn't approved by the NSA or NIST for TOP
>> SECRET materials, but ECC-521 is.
> 
> Isn't ECDSA really vulnerable  to reused and predictable signature seeds
> (don't know what they're called, I'm talking about "k")?

Depends more on the quality of your PRNG.

>> ECC actually is up-and-running in the beta for gpg 2.1, but
>> realistically it'll be (at least) a few years before it gets mainstream
>> adoption.

Could be in OpenPGP later this year. Camellia was fairly fast.

As I recall, there is some coordination among the OpenPGP ECC author and the
maintainers of other FOSS crypto software so they implement things in a
compatible manner. I believe they may be waiting for a SHA-3 algorithm to be
picked. It was discussed on the IETF-OpenPGP list late last year.

> 
> You loose any interoperability as  it's not OpenPGP, right? It certainly
> isn't in the commercial PGP. 

"It certainly isn't in the commercial PGP." Not Yet, although as Rob said, I'd
be surprised if PGP (symantec) didn't already have an ECC-enabled branch waiting
to release once the ECC OpenPGP Draft is adopted. Two reasons:

  1) One of the main initiatives of Suite B is the use of COTS,
     and the USG represents a VERY large market for PGP.

  2) The ECC-OpenPGP draft itself. Andrey Jivsov, the author,
     is with Symantec Corp (read PGP Corp).
     https://sites.google.com/site/brainhub/draft-jivsov-openpgp-ecc-07.txt

-- 
John P. Clizbe                      Inet:   John (a) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/12fc0f64/attachment.pgp>

From rjh at sixdemonbag.org  Wed Mar 23 03:34:27 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 22:34:27 -0400
Subject: Deniability
In-Reply-To: <20110323021602.A85E633CCD@absinthe.tinho.net>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
Message-ID: <4D895C33.5010402@sixdemonbag.org>

On 3/22/2011 10:16 PM, dan at geer.org wrote:
> Personally, I do think privacy and security are a zero sum
> game in the main, i.e., I agree with Ed Giorgio's commentary
> in the New Yorker ("The Spymaster," January 21, 2008) to that
> effect.

I think the best counterargument to this is that it's very easy to come
up with massive invasions of privacy that really do little to nothing
for our security.  The airport security examples more or less write
themselves...

My own dark suspicion is that what we have always thought of as
"privacy" is nothing more than an inefficiency in information exchange.
 So long as information exchange has a certain cost threshold, it's not
worth my time or effort to share information about you.  As that cost
threshold diminishes, so too does our privacy.  If it cost a penny to
leave a YouTube comment, Rebecca Black would have twelve people
scattered across the world who had said something bad about her.  Since
it's free, though... well, she has no privacy anymore, and I feel very
sorry for her.

If I'm right, then the only way to restore privacy is to raise the price
of information transfer in some way.  OpenPGP can be thought of as this:
to recover a message the attacker has to undertake actions that involve
at least some measure of expense.


From dan at geer.org  Wed Mar 23 03:59:24 2011
From: dan at geer.org (dan at geer.org)
Date: Tue, 22 Mar 2011 22:59:24 -0400
Subject: Deniability 
In-Reply-To: Your message of "Tue, 22 Mar 2011 22:34:27 EDT."
	<4D895C33.5010402@sixdemonbag.org> 
Message-ID: <20110323025924.E6D5733E3A@absinthe.tinho.net>


> If I'm right, then the only way to restore privacy is to raise the price
> of information transfer in some way.  OpenPGP can be thought of as this:
> to recover a message the attacker has to undertake actions that involve
> at least some measure of expense.

Perhaps you are correct.

My own definition of privacy evolves, but as of now is this:

   Privacy is the effective capacity to misrepresent oneself.

and, semi-orthogonally,

   Security is the absence of unmitigatable surprise.


YMMV,

--dan



From rjh at sixdemonbag.org  Wed Mar 23 04:11:46 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 23:11:46 -0400
Subject: Deniability
In-Reply-To: <86wrjq603f.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<4D8759E1.9080706@sixdemonbag.org>	<86mxkoed1h.fsf@jeromebaum.com>
	<4D88049D.5090403@sixdemonbag.org>	<86wrjrcjc3.fsf@jeromebaum.com>	<0ffe0940715ba720b1869d346dbf1504@localhost>	<86sjufb0ks.fsf@jeromebaum.com>	<aad88fe64325e58dc8127157e97a9b00@localhost>	<86aagnav1g.fsf@jeromebaum.com>	<03aa4ec32835886760887fa38bfeda25@localhost>	<86sjuf9ddf.fsf@jeromebaum.com>	<1af4381f560480656e49ea2843098672@localhost>	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>	<86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org>	<86mxkm7mrg.fsf@jeromebaum.com>
	<4D89598A.2060300@sixdemonbag.org> <86wrjq603f.fsf@jeromebaum.com>
Message-ID: <4D8964F2.9080103@sixdemonbag.org>

On 3/22/2011 10:29 PM, Jerome Baum wrote:
>> To repeat what I told you earlier: *there was no such trial*.
> 
> When did you tell me this?

Quoting:

        > Wasn't there that case where the fact that someone ...
        > had some OpenPGP implementation on their computer was
        > admitted into a US court and appeals didn't overturn
        > that admission?

        In all cases I'm aware of, it was alleged the individuals
        were using OpenPGP to conceal their activity in a crime.
        Covering up a criminal offense is, itself, almost always a
        criminal offense.

Written today.  I've done a fair bit of digging into this: no such case
has ever been presented in a United States court.  The case you cited
below was not a United States court: it was state court.

The phrase, "a United States court" means, "a court operating under
federal law passed by Congress."  The phrase, "a state court" means, "a
court operating under state law passed by a state legislature."

I suspect you meant, "a court somewhere in the United States," which
could mean either.

> "We find that evidence of  appellant's Internet use and the existence of
> an encryption program on his  computer was at least somewhat relevant to
> the state's case against him,"

Imagine this: I'm being accused of premeditated murder.  Apparently, I
ran over a man with a car with the specific intent of killing him.  When
the police arrest me, they discover in my apartment I have a sniper
rifle, a hangman's noose, a straight razor, some food that has ground
glass mixed into it, and a how-to manual for committing murders with all
of those tools.  (Note that generally speaking none of these are illegal
in the United States.)  The state wants to enter all of those things
into evidence to support the claim that I committed my crime with
extreme premeditation, that I had the specific and deliberate intent to
kill.

Under your theory, that should be barred.  Me, I think that's kind of
weird.  Seems to me like this is the sort of thing the jury should be
allowed to hear and decide for themselves.  Likewise, in this case the
prosecution was alleging something.  The judge believed -- and the
appellate court agreed -- that the presence of PGP was relevant to those
allegations.

If you don't know what specific fact this evidence was presented to
demonstrate, then you can't say the evidence shouldn't have been
admitted.  We know it was connected to a criminal trial, but we don't
know specifically what the evidence was introduced to prove.  It
could've been something as simple as, "the defendant is technically
sophisticated, as evidenced by...".

> The guy  was convicted,  and for the  right reasons, but  the encryption
> software shouldn't have been allowed.

I can't argue against this.  This is your emotional reaction to the
situation, and nobody can argue against emotions.  All that I can say is
that, as a matter of law, the decision makes sense and seems rational.


From rjh at sixdemonbag.org  Wed Mar 23 04:13:44 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 22 Mar 2011 23:13:44 -0400
Subject: Deniability
In-Reply-To: <20110323025924.E6D5733E3A@absinthe.tinho.net>
References: <20110323025924.E6D5733E3A@absinthe.tinho.net>
Message-ID: <4D896568.2060504@sixdemonbag.org>

On 3/22/2011 10:59 PM, dan at geer.org wrote:
> Perhaps you are correct.

Unlikely, but you're kind to say so.  I'll be happy if my mistakes can
just be interesting.  :)

> My own definition of privacy evolves, but as of now is this:

This is very good: I need to think on this.  May I borrow this and
present it to others (with attribution)?


From jerome at jeromebaum.com  Wed Mar 23 04:50:01 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 03:50:01 +0000
Subject: Deniability
In-Reply-To: <4D8964F2.9080103@sixdemonbag.org> (Robert J. Hansen's message of
	"Tue, 22 Mar 2011 23:11:46 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
	<86mxkm955e.fsf@jeromebaum.com> <4D892E33.4010705@sixdemonbag.org>
	<86mxkm7mrg.fsf@jeromebaum.com> <4D89598A.2060300@sixdemonbag.org>
	<86wrjq603f.fsf@jeromebaum.com> <4D8964F2.9080103@sixdemonbag.org>
Message-ID: <86mxkm5wd2.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> Imagine this: I'm being accused of premeditated murder.  Apparently, I
> ran over a man with a car with the specific intent of killing him.  When
> the police arrest me, they discover in my apartment I have a sniper
> rifle, a hangman's noose, a straight razor, some food that has ground
> glass mixed into it, and a how-to manual for committing murders with all
> of those tools.  (Note that generally speaking none of these are illegal
> in the United States.)  The state wants to enter all of those things
> into evidence to support the claim that I committed my crime with
> extreme premeditation, that I had the specific and deliberate intent to
> kill.

> Under your theory, that should be barred.  Me, I think that's kind of
> weird.  Seems to me like this is the sort of thing the jury should be
> allowed to hear and decide for themselves.  Likewise, in this case the
> prosecution was alleging something.  The judge believed -- and the
> appellate court agreed -- that the presence of PGP was relevant to those
> allegations.

Actually, I didn't say those tools  being in your home should be barred.
I  agree with  what you  write  below --  there are  reasons to  include
evidence and  in this case  it would be  to describe your  character (be
that   technical  sophistication   or  intent   to  murder).    I  would
differentiate between what's actually  relevant (and would help the jury
make a better decision), and what's not. A guy with a handbook on murder
likely has a higher chance  of murdering. A guy with encryption software
hopefully doesn't have a higher chance of molesting a child.

Plus, I  am arguing that a  court in the  U.S.  (thanks for the  note on
wording  btw) made  a bad  decision. How  does the  fact that  the judge
believed his  decision was  right support your  argument that  the court
(i.e.  judge)  made the  correct decision? As  for the appeals  court, I
have  heard (obviously  no  first-hand experience)  that  they are  very
conservative when  it comes to turning  over a court's  decision, and in
this matter I  would be as well -- when the  evidence wasn't relevant to
the conviction and likely didn't influence the jury.

> If you don't know what specific fact this evidence was presented to
> demonstrate, then you can't say the evidence shouldn't have been
> admitted.  We know it was connected to a criminal trial, but we don't
> know specifically what the evidence was introduced to prove.  It
> could've been something as simple as, "the defendant is technically
> sophisticated, as evidenced by...".

So, how does technical sophistication have to do with whether or not the
guy molested the  child? One connection I can see is  "he could have hid
that  information from us,  so we  don't have  it" --  but then,  how is
that  kind of  no-evidence speculation  relevant? Of  course, this  is a
straw man. To justify it, while  I didn't read any first-hand source, if
you  follow the  discussion there  are  some references  to the  appeals
court's decision which mention  that the prosecution was suggesting what
I said ("he could have ...").

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/2608fa22/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 05:13:36 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 04:13:36 +0000
Subject: Deniability
In-Reply-To: <86mxkm5wd2.fsf@jeromebaum.com>  (Jerome Baum's message  of "Tue, 
	22 Mar 2011 23:50:01 -0400")
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>
	<86mxkm955e.fsf@jeromebaum.com> <4D892E33.4010705@sixdemonbag.org>
	<86mxkm7mrg.fsf@jeromebaum.com> <4D89598A.2060300@sixdemonbag.org>
	<86wrjq603f.fsf@jeromebaum.com> <4D8964F2.9080103@sixdemonbag.org>
	<86mxkm5wd2.fsf@jeromebaum.com>
Message-ID: <86ipva5v9r.fsf@jeromebaum.com>

> (snip big discussion that should have stopped long ago)

We've gone  way too  far off-topic I  think.  I'll happily  continue the
debate  off-list, but  otherwise I  suggest we  "close" this  thread and
agree to disagree, probably to the relief of other gnupg-users readers.

Feel free  to have a final  word if you  want, but I'll post  no further
messages about this on gnupg-users.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/bce054f8/attachment.pgp>

From rjh at sixdemonbag.org  Wed Mar 23 06:02:31 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 23 Mar 2011 01:02:31 -0400
Subject: Deniability
In-Reply-To: <86mxkm5wd2.fsf@jeromebaum.com>
References: <86bp15gh2g.fsf@jeromebaum.com>
	<4D8759E1.9080706@sixdemonbag.org>	<86mxkoed1h.fsf@jeromebaum.com>
	<4D88049D.5090403@sixdemonbag.org>	<86wrjrcjc3.fsf@jeromebaum.com>	<0ffe0940715ba720b1869d346dbf1504@localhost>	<86sjufb0ks.fsf@jeromebaum.com>	<aad88fe64325e58dc8127157e97a9b00@localhost>	<86aagnav1g.fsf@jeromebaum.com>	<03aa4ec32835886760887fa38bfeda25@localhost>	<86sjuf9ddf.fsf@jeromebaum.com>	<1af4381f560480656e49ea2843098672@localhost>	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org>	<86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org>	<86mxkm7mrg.fsf@jeromebaum.com>
	<4D89598A.2060300@sixdemonbag.org>	<86wrjq603f.fsf@jeromebaum.com>
	<4D8964F2.9080103@sixdemonbag.org> <86mxkm5wd2.fsf@jeromebaum.com>
Message-ID: <4D897EE7.6040004@sixdemonbag.org>

On 3/22/2011 11:50 PM, Jerome Baum wrote:
> A guy with encryption software hopefully doesn't have a higher
> chance of molesting a child.

Except that *you don't know what that was entered to prove*.  It's quite
possible it was not entered to prove he molested a child.  If I was a
prosecutor, I'd want to argue that he was technically proficient, and
enter the existence of PGP to support that claim.

If the jury then decides, "well, he had PGP on his hard drive, therefore
he's probably guilty," then that's the jury being idiots.  That doesn't
mean the U.S. system is unjust: every nation with a jury system has to
deal with juries being idiots.

The fact he used PGP was entered into a trial about the abuse of a
child: but that doesn't mean that fact was entered into evidence to
prove he abused the child -- it could have (and quite likely was)
entered for something else.  Unless you're looking at the court record,
you don't know.

> How  does the  fact that  the judge believed his  decision was
> right support your  argument that  the court (i.e.  judge)  made the 
> correct decision?

Because it means four judges, who were quite likely appointed by
different governors and have different political beliefs, came to the
same opinion about the law.  When four judges who don't like each other
and squabble constantly unanimously say, "the law says this," well, I
tend to give that a lot of credit.

> As  for the appeals  court, I have  heard (obviously  no  first-hand 
> experience)  that  they are  very conservative when  it comes to 
> turning  over a court's  decision

I can't talk about the Minnesota state courts: I haven't studied their
system.  At the federal level, appellate judges give the trial judge's
decisions a great deal of deference when it comes to findings of fact --
the rule of thumb is a factual finding must be "as offensive to the
senses as a three-day-old mackerel" for a factual finding to be
overturned -- but zero deference for findings of law.  Literally, zero
deference.

> So, how does technical sophistication have to do with whether or not 
> the guy molested the  child?

You're asking me to demonstrate psychic powers by telling you about a
transcript I haven't read.

However, as a guess, Minnesota may very well have an enhanced penalty
for the use of counterforensic software and/or encryption in the
commission of a crime.  That's an example of something that wouldn't
have any effect on whether the accused committed the abuse, but would be
relevant to how harshly he was sentenced -- and it could be entered into
evidence on those grounds.

That's just a guess.  There are many, many, *many* other ways it
could've happened.



From wk at gnupg.org  Wed Mar 23 09:25:38 2011
From: wk at gnupg.org (Werner Koch)
Date: Wed, 23 Mar 2011 09:25:38 +0100
Subject: 4096 bit keys
In-Reply-To: <4D895C12.3080909@tx.rr.com> (John Clizbe's message of "Tue, 22
	Mar 2011 21:33:54 -0500")
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net> <86ei5y7mav.fsf@jeromebaum.com>
	<4D895C12.3080909@tx.rr.com>
Message-ID: <87bp12i6pp.fsf@vigenere.g10code.de>

On Wed, 23 Mar 2011 03:33, JPClizbe at tx.rr.com said:

> Could be in OpenPGP later this year. Camellia was fairly fast.

It is not required to be in in OpenPGP (technically a new RFC to extend
rfc4880).  We have always added new features to OpenPGP before we had an
RFC for it.  It is basically, that the WG agrees upon it and we have two
compatible implementations.  This was the case for AES, MDC, the new
secret key protection mechanism and now for ECC.

>   2) The ECC-OpenPGP draft itself. Andrey Jivsov, the author,
>      is with Symantec Corp (read PGP Corp).
>      https://sites.google.com/site/brainhub/draft-jivsov-openpgp-ecc-07.txt

He wrote this draft while he worked at PGP.  He also contributed the ECC
code for GnuPG.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From johanw at vulcan.xs4all.nl  Wed Mar 23 10:12:10 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 23 Mar 2011 10:12:10 +0100
Subject: Deniability
Message-ID: <t5N1vYHtYkhF.1Cl0YXsb@vulcan.xs4all.nl>

Robert J Hansen wrote:

> The amount of lead pipe a court can swing at you in many ways exceeds the
amount of lead pipe organized crime can throw at you.

I think the OP was talking about the legal system of civilized countries, not those in Iran, North Korea or the USA.

-- 
Met vriendelijke groet,
Johan Wevers




From johanw at vulcan.xs4all.nl  Wed Mar 23 11:21:26 2011
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 23 Mar 2011 11:21:26 +0100
Subject: Deniability
Message-ID: <cNtfm0Jfndkp.g0j9Mdly@vulcan.xs4all.nl>

Robert J Hansen wrote:

> If the
government *alleges* that you *committed a crime*, the government needs
to enter into evidence *how you committed that crime*.

The problem is of course the fact that hiding evidence for some crime you commit is itself a crime in the USA. It makes having to prove your innocence via this trick possible.

-- 
Met vriendelijke groet,
Johan Wevers




From dan at geer.org  Wed Mar 23 12:31:20 2011
From: dan at geer.org (dan at geer.org)
Date: Wed, 23 Mar 2011 07:31:20 -0400
Subject: Deniability 
In-Reply-To: Your message of "Tue, 22 Mar 2011 23:13:44 EDT."
	<4D896568.2060504@sixdemonbag.org> 
Message-ID: <20110323113120.2FA23340CE@absinthe.tinho.net>


 | > Perhaps you are correct.
 | 
 | Unlikely, but you're kind to say so.  I'll be happy if my mistakes
 | can just be interesting.  :)

I'm with you on that.


 | > My own definition of privacy evolves, but as of now is this:
 | 
 | This is very good: I need to think on this.  May I borrow this and
 | present it to others (with attribution)?


Yes, of course.

--dan



From gnupg.user at seibercom.net  Wed Mar 23 13:06:29 2011
From: gnupg.user at seibercom.net (Jerry)
Date: Wed, 23 Mar 2011 08:06:29 -0400
Subject: Deniability
In-Reply-To: <cNtfm0Jfndkp.g0j9Mdly@vulcan.xs4all.nl>
References: <cNtfm0Jfndkp.g0j9Mdly@vulcan.xs4all.nl>
Message-ID: <20110323080629.62b18c78@scorpio>

On Wed, 23 Mar 2011 11:21:26 +0100
Johan Wevers <johanw at vulcan.xs4all.nl> articulated:

> Robert J Hansen wrote:
> 
> > If the
> government *alleges* that you *committed a crime*, the government
> needs to enter into evidence *how you committed that crime*.

Not true. The government only need show that a crime was committed.
Exactly how the crime was committed is not a legal requirement;
although, it is usually something that a jury wants to hear about. It
is the same as charging an individual with murder even though a body
cannot be produced. If the government can show that the individual(s)
can reasonably be viewed as responsible for the death of another, even
without the body, they can be charged with the crime. This again,
pertains to USA law.

> The problem is of course the fact that hiding evidence for some crime
> you commit is itself a crime in the USA. It makes having to prove
> your innocence via this trick possible.

You have over simplified this. As the defendant in a criminal case you
are never required to submit any evidence; however, failure to do say
may lead jurors to question your innocents such as when a defendant
takes the 5th. ( avails him/her self of the fifth amendment rights
against self incrimination) multiple times during a court proceeding.
The act of hiding or failing to produce evidence is not a crime if
committed by the defendant. This pertains to USA law. How it is
adjudicated in other countries is beyond my scope of knowledge.


-- 
Jerry ?
GNUPG.user at seibercom.net
_____________________________________________________________________
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.



From Mike_Acker at charter.net  Wed Mar 23 13:27:57 2011
From: Mike_Acker at charter.net (Mike Acker)
Date: Wed, 23 Mar 2011 08:27:57 -0400
Subject: Group Membership Keyring
In-Reply-To: <87bp12i6pp.fsf@vigenere.g10code.de>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com>	<4D895C12.3080909@tx.rr.com>
	<87bp12i6pp.fsf@vigenere.g10code.de>
Message-ID: <4D89E74D.5000603@charter.net>

I really liked the idea of having the Membership Secretary sign a Public
Keyring for the Group Members and then to circulate that keyring to the
membership.

How to implement though, as members will need an additional keyring for
each group they have a membership with.

Ideally the keyring would be used in place of an address book and
associated with an e/mail account.  this thinking is based on the idea
that a Secure Group would expect its members to have a dedicated e/mail
account reserved for the use only by the members of the secure group.

i'll have to try some poking around and run some tests.  I don't see
making VM a requirement as a workable solution.

-- 
/MIKE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110323/27285056/attachment.pgp>

From one.jsim at gmail.com  Wed Mar 23 19:01:04 2011
From: one.jsim at gmail.com (One Jsim)
Date: Wed, 23 Mar 2011 18:01:04 +0000
Subject: usin g GnuPG to encrypt before FTP
In-Reply-To: <4D88B35C.4030305@charter.net>
References: <4D88B35C.4030305@charter.net>
Message-ID: <AANLkTi=3mNGMJq5o7-Zqx+2T6tJ10RWhKQe2sy4H8HbA@mail.gmail.com>

Sending a file encrypted over vanilla FTP does not protect the FTP
password (if any). Worse if the FTP password is the account password.

Jose Simoes

2011/3/22 Mike Acker <Mike_Acker at charter.net>:
> Hi,="We are intending to use GNUPG to encrypt a file before we FTP it to an
> external party.
>
> Is it possible to use GNUPG as a standalone client without having to install
> in on our servers?
>
> Appreciate your replies. Thanks."
>
> ===> use S/FTP
> it makes it much less likely for someone to have an accident and send a file in the clear
> and it's much easier to use
>
>
> --
> /MIKE
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


From kloecker at kde.org  Wed Mar 23 19:59:29 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 19:59:29 +0100
Subject: 4096 bit keys
In-Reply-To: <4D892047.9060601@sixdemonbag.org>
References: <4D891133.3010602@charter.net> <86vcza9659.fsf@jeromebaum.com>
	<4D892047.9060601@sixdemonbag.org>
Message-ID: <201103231959.33895@thufir.ingo-kloecker.de>

On Tuesday 22 March 2011, Robert J. Hansen wrote:
> On 3/22/11 5:50 PM, Jerome Baum wrote:
> > Actually none of  this is that important. If you can  do the
> > division in half a second instead of one, that  only halves the
> > time you need. All I have to  do is  add one bit  to my  key size
> > and  you're back  to square one.
> 
> You have to add one bit to your *effective* key size.  Remember, the
> primes are not evenly distributed: the larger you go, the more they
> are spread out.  This is why for very small keys each additional bit
> gives you quite a lot of security, but as keys grow very large more
> and more bits have to be added to get that additional boost.
> 
> As an example, there are 25 primes under 100: of all the possible
> values, you have to check 25% of them.  But there are only 78,498
> primes under one million: you only have to check 7.9% of those
> numbers.

Well, that's only true if you have previously enumerated all primes 
which is impossible for the bit sizes we are speaking about. So, 
effectively, the scarcity of primes does not give the attacker any 
advantage.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/4cf41dfc/attachment.pgp>

From kloecker at kde.org  Wed Mar 23 20:04:57 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 20:04:57 +0100
Subject: 4096 bit keys
In-Reply-To: <86ipva950u.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<86ipva950u.fsf@jeromebaum.com>
Message-ID: <201103232004.58563@thufir.ingo-kloecker.de>

On Tuesday 22 March 2011, Jerome Baum wrote:
> Jonathan Ely <thajsta at gmail.com> writes:
> > I really wish 8192 would become available. Not that it would be the
> > end all/be all of key security but according to your theory it
> > sounds much more difficult to crack.
> 
> Take that  a few steps further. Why  not use
> 99999999999999999999999-bit keys? Because they are much more
> difficult to compute. In fact if you go above a certain key size,
> since  IIRC the exponent e is standardized and thus limited, your
> discrete logarithm  is no longer discrete and so your key security
> just vanishes.
> 
> In any  case, 4096 bits will  be secure for  some time to come,  and
> yes 8192 bits would be even more secure.  We can take that as far as
> we wish but  there are  limits in  the standard,  in compatibility, 
> and  in the current implementation.

Most importantly, there are limits to the size of keys current hardware 
(in particular all of those smart phone and tablet CPUs) can handle in 
finite time. You surely do not want to wait tens of seconds to verify a 
single RSA 8192 signature.


Regards,
Ingo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/193b2282/attachment.pgp>

From mwood at IUPUI.Edu  Wed Mar 23 20:06:41 2011
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Wed, 23 Mar 2011 15:06:41 -0400
Subject: Deniability
In-Reply-To: <4D895C33.5010402@sixdemonbag.org>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
	<4D895C33.5010402@sixdemonbag.org>
Message-ID: <20110323190641.GC17671@IUPUI.Edu>

On Tue, Mar 22, 2011 at 10:34:27PM -0400, Robert J. Hansen wrote:
[snip]
> My own dark suspicion is that what we have always thought of as
> "privacy" is nothing more than an inefficiency in information exchange.
>  So long as information exchange has a certain cost threshold, it's not
> worth my time or effort to share information about you.  As that cost
> threshold diminishes, so too does our privacy.  If it cost a penny to
> leave a YouTube comment, Rebecca Black would have twelve people
> scattered across the world who had said something bad about her.  Since
> it's free, though... well, she has no privacy anymore, and I feel very
> sorry for her.

An interesting thought.  I'm going to keep this one.

My suspicion is that we never had anywhere near as much privacy as
many believe.  A hundred years ago, when nobody had computers or
databases or Internets, everyone in town knew your name, your address,
your occupation, your family, your approximate economic status, your
(ir)religion, your circle of friends, and many past deeds you'd rather
have forgotten.  We may actually have *more* privacy these days, when
so much can be done in secret and only the machines know until someone
thinks to ask the right one in the right way.

> If I'm right, then the only way to restore privacy is to raise the price
> of information transfer in some way.  OpenPGP can be thought of as this:
> to recover a message the attacker has to undertake actions that involve
> at least some measure of expense.

We can also raise the cost of improper use of information.  I don't
think there's been enough attention to this.  If Alice draws
insupportable or downright illogical conclusions about my character or
status from my online presence, and on the basis of those conclusions
makes decisions on my employment or my insurance premiums or whether I
ought to be prosecuted for something, can I punish her *enough to make
her stop*?  If she's following company policy, can I punish the
company *enough to make it stop*?  Enough power can make privacy
irrelevant.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20110323/c2338416/attachment.pgp>

From noloader at gmail.com  Wed Mar 23 20:14:22 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Wed, 23 Mar 2011 15:14:22 -0400
Subject: Deniability
In-Reply-To: <20110323190641.GC17671@IUPUI.Edu>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
	<4D895C33.5010402@sixdemonbag.org>
	<20110323190641.GC17671@IUPUI.Edu>
Message-ID: <AANLkTin8mEoxv+SNjeafDEzC46cF=N9wm6pmeBujw3oU@mail.gmail.com>

On Wed, Mar 23, 2011 at 3:06 PM, Mark H. Wood <mwood at iupui.edu> wrote:
> On Tue, Mar 22, 2011 at 10:34:27PM -0400, Robert J. Hansen wrote:
> [snip]
>> My own dark suspicion is that what we have always thought of as
>> "privacy" is nothing more than an inefficiency in information exchange.
>> ?So long as information exchange has a certain cost threshold, it's not
>> worth my time or effort to share information about you. ?As that cost
>> threshold diminishes, so too does our privacy. ?If it cost a penny to
>> leave a YouTube comment, Rebecca Black would have twelve people
>> scattered across the world who had said something bad about her. ?Since
>> it's free, though... well, she has no privacy anymore, and I feel very
>> sorry for her.
>
> An interesting thought. ?I'm going to keep this one.
>
> My suspicion is that we never had anywhere near as much privacy as
> many believe.
Agreed

> A hundred years ago, when nobody had computers or
> databases or Internets, everyone in town knew your name, your address,
> your occupation, your family, your approximate economic status, your
> (ir)religion, your circle of friends, and many past deeds you'd rather
> have forgotten. ?We may actually have *more* privacy these days, when
> so much can be done in secret and only the machines know until someone
> thinks to ask the right one in the right way.
>
>> If I'm right, then the only way to restore privacy is to raise the price
>> of information transfer in some way. ?OpenPGP can be thought of as this:
>> to recover a message the attacker has to undertake actions that involve
>> at least some measure of expense.
>
> We can also raise the cost of improper use of information. ?I don't
> think there's been enough attention to this. ?If Alice draws
> insupportable or downright illogical conclusions about my character or
> status from my online presence, and on the basis of those conclusions
> makes decisions on my employment or my insurance premiums or whether I
> ought to be prosecuted for something, can I punish her *enough to make
> her stop*? ?If she's following company policy, can I punish the
> company *enough to make it stop*? ?Enough power can make privacy
> irrelevant.
Not politically feasible. In the US, corporations ensures that
legislation favors corporate via bribes (err, PAC contributions). The
first step to remediate the problem is disgorging politicians from
their money, which probably will not happen in our lifetime.

Jeff


From kloecker at kde.org  Wed Mar 23 20:32:05 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 20:32:05 +0100
Subject: Deniability
In-Reply-To: <FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
References: <86bp15gh2g.fsf@jeromebaum.com> <86ipvce9jf.fsf@jeromebaum.com>
	<FBF75BEF-872C-4FB6-AB96-61E83A76CF87@jabberwocky.com>
Message-ID: <201103232032.05627@thufir.ingo-kloecker.de>

On Tuesday 22 March 2011, David Shaw wrote:
> On Mar 21, 2011, at 12:13 PM, Jerome Baum wrote:
> > Hauke Laging <mailinglisten at hauke-laging.de> writes:
> >> You know that. And the archive of this mailinglist now knows that
> >> you have once claimed to do that. So one may assume that the only
> >> recipient is you but that is not a strong technical conclusion
> >> from the message itself.
> > 
> > When I throw-keyids,  what's actually left over? Would  there be
> > any way to match the keys from several messages, besides key size
> > and type? Also if one (size, type) appears in all messages, I'd
> > say the conclusion that I'm using encrypt-to-self is pretty safe.
> 
> In addition to the size and type information, there is also an
> interesting attack that can be done against speculative key IDs.  It
> doesn't (directly) help a third party know who the recipients are,
> but it does let any recipient try to confirm a guess as to who
> another recipient might be.
> 
> Let's say you encrypt a message to Alice and Baker and hide the key
> IDs.  Alice gets the message and knows there is one other recipient
> aside from herself.  She considers who the message came from and
> what the message was about and makes an educated guess that the
> other recipient is Baker.  To confirm her guess, all Alice needs to
> do send a specially rigged speculative key ID message to Baker.  If
> Baker responds, then Alice knows he was the other recipient.
> 
> Throw-keyids has some good usages (posting a message for pickup in a
> public place, for example), but it's just a tool.  It's important
> not to rely solely on it.

Exactly. The obvious solution to this problem would be to send n copies 
of the message to the n recipients each time encrypted to exactly one 
recipient. In fact, that's exactly what KMail does for all BCC'd 
recipients of an encrypted message.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/4d66f409/attachment-0001.pgp>

From rjh at sixdemonbag.org  Wed Mar 23 20:32:16 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 23 Mar 2011 15:32:16 -0400
Subject: Deniability
In-Reply-To: <20110323190641.GC17671@IUPUI.Edu>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>	<4D895C33.5010402@sixdemonbag.org>
	<20110323190641.GC17671@IUPUI.Edu>
Message-ID: <4D8A4AC0.3030805@sixdemonbag.org>

On 3/23/11 3:06 PM, Mark H. Wood wrote:
> My suspicion is that we never had anywhere near as much privacy as
> many believe.  A hundred years ago...

I grew up in a small town of under 5,000, where the nearest city of more
than 20,000 was an hour's drive away.  Forget "a hundred years ago":
having been back there recently for a funeral, I can tell you small
towns are still that same way today.

In a sense, I think this validates my thesis.  In a small town the cost
of sharing information about people within the town, to people within
the town, is just about nil: you wind up having these conversations
while you're at the service station filling up your tank, when you're in
line at the grocery store, when you're ... etc.  But having these same
conversations with people outside the town involves effort, which in
turn means that you can travel 100 miles and be reasonably confident
nobody there has heard of you.

I agree that the small-town phenomenon argues against the idea of an
idyllic privacy past.  I just think modern communications means the
entire world is turning into a small-town phenomena.


From jerome at jeromebaum.com  Wed Mar 23 20:47:51 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 19:47:51 +0000
Subject: Deniability
In-Reply-To: <4D8A4AC0.3030805@sixdemonbag.org> (Robert J. Hansen's message of
	"Wed, 23 Mar 2011 15:32:16 -0400")
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
	<4D895C33.5010402@sixdemonbag.org> <20110323190641.GC17671@IUPUI.Edu>
	<4D8A4AC0.3030805@sixdemonbag.org>
Message-ID: <86ei5x62l4.fsf@jeromebaum.com>

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/23/11 3:06 PM, Mark H. Wood wrote:
>> My suspicion is that we never had anywhere near as much privacy as
>> many believe.  A hundred years ago...
>
> I grew up in a small town of under 5,000, where the nearest city of more
> than 20,000 was an hour's drive away.  Forget "a hundred years ago":
> having been back there recently for a funeral, I can tell you small
> towns are still that same way today.
>
> In a sense, I think this validates my thesis.  In a small town the cost
> of sharing information about people within the town, to people within
> the town, is just about nil: you wind up having these conversations
> while you're at the service station filling up your tank, when you're in
> line at the grocery store, when you're ... etc.  But having these same
> conversations with people outside the town involves effort, which in
> turn means that you can travel 100 miles and be reasonably confident
> nobody there has heard of you.
>
> I agree that the small-town phenomenon argues against the idea of an
> idyllic privacy past.  I just think modern communications means the
> entire world is turning into a small-town phenomena.

Also consider there is a cost of storing the information. Say we brought
the cost of  information sharing with anybody down to  zero.  You end up
with the  phenomena we can  observe with "activity streams"  on Facebook
and Twitter -- people start  filtering for what's interesting.  There is
no  way I will  remember stuff  about 7  billion people  world-wide, but
people in my "small town" would be much more interesting.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/bc35de4a/attachment.pgp>

From vedaal at nym.hush.com  Wed Mar 23 20:57:06 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Wed, 23 Mar 2011 15:57:06 -0400
Subject: 4096 bit keys
Message-ID: <20110323195706.D49EEE66FE@smtp.hushmail.com>

Jerome Baum jerome at jeromebaum.com wrote on
Tue Mar 22 23:28:31 CET 2011 :

>They  go  up with  O(log(n))  where n  is  the number,  or
something like it, right? 


The Prime Number Theorem:

Pi(x) ~ x/ln(x)
(Pi(x) refers to the number of primes up to and including the 
integer x
 
~ means approximately.


Formally, the proof is for Lim x-->infinity  Pi(x)/[x/ln(x)] = 1

There is an interesting related Prime Number theorem that might 
help you eliminate which intervals of numbers need to be factored:

For any positive integer n, there exists an integer a, such that 
the n consecutive integers:
[ a, a+1, a+2, ..., a+(n-1)] 
are all composite.

a = (n+1)! + 2

(For anyone interested, the proof is in a free and easily readable, 
downloadable text on Elementary Number Theory by W. Edwin Clark
http://shell.cas.usf.edu/~wclark/  )

Now, while there is no simple formula that can generate all primes, 
it is very simple to generate factorials for all n up to the point 
where n! is less than the square root of 2^4096.

So, in your spare time, ;-)  you can eliminate a large amount of 
intervals where factoring is unnessary.

(But even after all that, you may find that a 4096 bit key is still 
pretty much unfactorable for the not-too-near future. ;-)  )


vedaal




From dshaw at jabberwocky.com  Wed Mar 23 21:50:39 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 23 Mar 2011 16:50:39 -0400
Subject: Deniability
In-Reply-To: <20110323190641.GC17671@IUPUI.Edu>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
	<4D895C33.5010402@sixdemonbag.org>
	<20110323190641.GC17671@IUPUI.Edu>
Message-ID: <A31F3B5E-1A57-41F3-91F4-60CFE0AE857E@jabberwocky.com>

On Mar 23, 2011, at 3:06 PM, Mark H. Wood wrote:

> On Tue, Mar 22, 2011 at 10:34:27PM -0400, Robert J. Hansen wrote:
> [snip]
>> My own dark suspicion is that what we have always thought of as
>> "privacy" is nothing more than an inefficiency in information exchange.
>> So long as information exchange has a certain cost threshold, it's not
>> worth my time or effort to share information about you.  As that cost
>> threshold diminishes, so too does our privacy.  If it cost a penny to
>> leave a YouTube comment, Rebecca Black would have twelve people
>> scattered across the world who had said something bad about her.  Since
>> it's free, though... well, she has no privacy anymore, and I feel very
>> sorry for her.
> 
> An interesting thought.  I'm going to keep this one.
> 
> My suspicion is that we never had anywhere near as much privacy as
> many believe.  A hundred years ago, when nobody had computers or
> databases or Internets, everyone in town knew your name, your address,
> your occupation, your family, your approximate economic status, your
> (ir)religion, your circle of friends, and many past deeds you'd rather
> have forgotten.  We may actually have *more* privacy these days, when
> so much can be done in secret and only the machines know until someone
> thinks to ask the right one in the right way.

Yes.  My concern with this is that the ability (if not the desire) to "ask the right one" is growing so rapidly, and the cost of asking is dropping.

For example, I do genealogy as a hobby, and figuring out how person A was related to person B 100 years ago would involve trips to the town in question, and poring over a hand-kept records book in the town hall.  These days, there are a number of websites that have brought that sort of information online.  The information from old town record book is essentially unchanged, but the ability to access it is dramatically easier.  Such easy access enables all sorts of cross-referencing and data mining across multiple databases that were (strictly speaking) possible a hundred years ago, but also extremely unrealistic.

David



From kloecker at kde.org  Wed Mar 23 21:55:54 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 21:55:54 +0100
Subject: what are the sub keys
In-Reply-To: <4D891389.2020505@gmail.com>
References: <4D8565E1.7080608@charter.net>
	<888609513.20110322211756@my_localhost> <4D891389.2020505@gmail.com>
Message-ID: <201103232155.55241@thufir.ingo-kloecker.de>

On Tuesday 22 March 2011, Jonathan Ely wrote:
> Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
> but even still I would personally choose the largest key for the time
> being till RSA becomes obsolete. Is there anything larger than 4096
> since you mentioned values unknown to me?

Let's see. There's 4097, 4098 and even 4099. And then there's 4100. ;-p

IMHO all those discussions about key sizes are really pathetic. Stick 
with the defaults or educate yourself by reading the appropriate 
literature instead of starting one non-sensical discussion after the 
other on this mailing list. It should be rather obvious by now that key 
sizes above 2048 are mostly a matter of personal taste and bad 
judgement.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/aa2893c2/attachment.pgp>

From noloader at gmail.com  Wed Mar 23 22:05:11 2011
From: noloader at gmail.com (Jeffrey Walton)
Date: Wed, 23 Mar 2011 17:05:11 -0400
Subject: what are the sub keys
In-Reply-To: <201103232155.55241@thufir.ingo-kloecker.de>
References: <4D8565E1.7080608@charter.net>
	<888609513.20110322211756@my_localhost>
	<4D891389.2020505@gmail.com>
	<201103232155.55241@thufir.ingo-kloecker.de>
Message-ID: <AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>

2011/3/23 Ingo Kl?cker <kloecker at kde.org>:
> On Tuesday 22 March 2011, Jonathan Ely wrote:
>> Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
>> but even still I would personally choose the largest key for the time
>> being till RSA becomes obsolete. Is there anything larger than 4096
>> since you mentioned values unknown to me?
>
> Let's see. There's 4097, 4098 and even 4099. And then there's 4100. ;-p
>
> IMHO all those discussions about key sizes are really pathetic. Stick
> with the defaults or educate yourself by reading the appropriate
> literature instead of starting one non-sensical discussion after the
> other on this mailing list. It should be rather obvious by now that key
> sizes above 2048 are mostly a matter of personal taste and bad
> judgement.
Bad judgement or best practice? Some folks must use a key with a 128
bit security level.

NIST SP 800-57:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
ECRYPT2 Key Recommendations: http://www.ecrypt.eu.org/documents/D.SPA.13.pdf

Jeff


From rjh at sixdemonbag.org  Wed Mar 23 22:17:10 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 23 Mar 2011 17:17:10 -0400
Subject: what are the sub keys
In-Reply-To: <AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
References: <4D8565E1.7080608@charter.net>	<888609513.20110322211756@my_localhost>	<4D891389.2020505@gmail.com>	<201103232155.55241@thufir.ingo-kloecker.de>
	<AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
Message-ID: <4D8A6356.40004@sixdemonbag.org>

On 3/23/2011 5:05 PM, Jeffrey Walton wrote:
> Bad judgement or best practice? Some folks must use a key with a 128
> bit security level.

Some do, yes: but your citations don't seem to support that.  NIST says
that for unclassified purposes, 112 effective bits of security is enough
until 2030 (page 65).

Your ECRYPT ref says 80-bit keys are secure until 2012.  128-bit crypto
is defined as "long-term security", for three decades or more (page 32).

Given most people stipulate the need for longer keys for multi-decade
use, I don't see that the authorities you cited suggest "best practice"
is to use, effective today, 3072-bit keys to provide 128 effective bits
of security.


From kloecker at kde.org  Wed Mar 23 22:39:05 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 22:39:05 +0100
Subject: 4096 bit keys
In-Reply-To: <20110323195706.D49EEE66FE@smtp.hushmail.com>
References: <20110323195706.D49EEE66FE@smtp.hushmail.com>
Message-ID: <201103232239.06140@thufir.ingo-kloecker.de>

On Wednesday 23 March 2011, vedaal at nym.hush.com wrote:
> Jerome Baum jerome at jeromebaum.com wrote on
> 
> Tue Mar 22 23:28:31 CET 2011 :
> >They  go  up with  O(log(n))  where n  is  the number,  or
> 
> something like it, right?
> 
> 
> The Prime Number Theorem:
> 
> Pi(x) ~ x/ln(x)
> (Pi(x) refers to the number of primes up to and including the
> integer x
> 
> ~ means approximately.
> 
> 
> Formally, the proof is for Lim x-->infinity  Pi(x)/[x/ln(x)] = 1
> 
> There is an interesting related Prime Number theorem that might
> help you eliminate which intervals of numbers need to be factored:
> 
> For any positive integer n, there exists an integer a, such that
> the n consecutive integers:
> [ a, a+1, a+2, ..., a+(n-1)]
> are all composite.
> 
> a = (n+1)! + 2
> 
> (For anyone interested, the proof is in a free and easily readable,
> downloadable text on Elementary Number Theory by W. Edwin Clark
> http://shell.cas.usf.edu/~wclark/  )
> 
> Now, while there is no simple formula that can generate all primes,
> it is very simple to generate factorials for all n up to the point
> where n! is less than the square root of 2^4096.
> 
> So, in your spare time, ;-)  you can eliminate a large amount of
> intervals where factoring is unnessary.

Pretty much exactly 300 since 300! < 2^2048 < 301!.

So, out of 2^2048 candidates you eliminate 1+2+...+300 = 300*301/2 = 
45150 candidates which lie in those intervals. Impressive!


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/9e417362/attachment-0001.pgp>

From JPClizbe at tx.rr.com  Wed Mar 23 22:54:29 2011
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Wed, 23 Mar 2011 16:54:29 -0500
Subject: Group Membership Keyring
In-Reply-To: <4D89E74D.5000603@charter.net>
References: <4D891133.3010602@charter.net>	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>	<86ei5y7mav.fsf@jeromebaum.com>	<4D895C12.3080909@tx.rr.com>	<87bp12i6pp.fsf@vigenere.g10code.de>
	<4D89E74D.5000603@charter.net>
Message-ID: <4D8A6C15.6060407@tx.rr.com>

Mike Acker wrote:
> I really liked the idea of having the Membership Secretary sign a Public
> Keyring for the Group Members and then to circulate that keyring to the
> membership.

That's just super-neato great, but what does it have to do with the message
thread you replied to dealing with 4096-bit keys? Oh right, not a damned thing.

If you wish to start a new thread, then post a new message to the list.
DO NOT just reply to an existing thread and change the subject -- that is known
politely as "hijacking a thread."

Also, please do not add people to a post if they have no prior involvement. You
changed the subject, you also started with an empty slate of people interested
in it.

> 
> How to implement though, as members will need an additional keyring for
> each group they have a membership with.
> 
> Ideally the keyring would be used in place of an address book and
> associated with an e/mail account.  this thinking is based on the idea
> that a Secure Group would expect its members to have a dedicated e/mail
> account reserved for the use only by the members of the secure group.
> 
> i'll have to try some poking around and run some tests.  I don't see
> making VM a requirement as a workable solution.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110323/89126ff6/attachment.pgp>

From kloecker at kde.org  Wed Mar 23 22:58:38 2011
From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=)
Date: Wed, 23 Mar 2011 22:58:38 +0100
Subject: what are the sub keys
In-Reply-To: <AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
References: <4D8565E1.7080608@charter.net>
	<201103232155.55241@thufir.ingo-kloecker.de>
	<AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
Message-ID: <201103232258.39184@thufir.ingo-kloecker.de>

On Wednesday 23 March 2011, Jeffrey Walton wrote:
> 2011/3/23 Ingo Kl?cker <kloecker at kde.org>:
> > On Tuesday 22 March 2011, Jonathan Ely wrote:
> >> Enigmail allows only 1024, 2048 and 4096. I have never heard of
> >> that, but even still I would personally choose the largest key
> >> for the time being till RSA becomes obsolete. Is there anything
> >> larger than 4096 since you mentioned values unknown to me?
> > 
> > Let's see. There's 4097, 4098 and even 4099. And then there's 4100.
> > ;-p
> > 
> > IMHO all those discussions about key sizes are really pathetic.
> > Stick with the defaults or educate yourself by reading the
> > appropriate literature instead of starting one non-sensical
> > discussion after the other on this mailing list. It should be
> > rather obvious by now that key sizes above 2048 are mostly a
> > matter of personal taste and bad judgement.
> 
> Bad judgement or best practice? Some folks must use a key with a 128
> bit security level.
> 
> NIST SP 800-57:
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revi
> sed2_Mar08-2007.pdf ECRYPT2 Key Recommendations:
> http://www.ecrypt.eu.org/documents/D.SPA.13.pdf

That's why I wrote "mostly".

I claim that of all 4096 keys that can be found on the public keyservers 
most have been created by people who just went for the highest number. 
Because bigger must be better, right?

http://xkcd.com/538/


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110323/782cc971/attachment.pgp>

From nicholas.cole at gmail.com  Wed Mar 23 22:12:13 2011
From: nicholas.cole at gmail.com (Nicholas Cole)
Date: Wed, 23 Mar 2011 21:12:13 +0000
Subject: Group Membership Keyring
In-Reply-To: <4D89E74D.5000603@charter.net>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net> <86ei5y7mav.fsf@jeromebaum.com>
	<4D895C12.3080909@tx.rr.com> <87bp12i6pp.fsf@vigenere.g10code.de>
	<4D89E74D.5000603@charter.net>
Message-ID: <AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>

On Wed, Mar 23, 2011 at 12:27 PM, Mike Acker <Mike_Acker at charter.net> wrote:
> I really liked the idea of having the Membership Secretary sign a Public
> Keyring for the Group Members and then to circulate that keyring to the
> membership.
>
> How to implement though, as members will need an additional keyring for
> each group they have a membership with.


Just to comment on this aspect of your proposal:

Debian, for example, does circulate a keyring file in this way.  But
managing multiple keyrings is not easy, and can lead to some nasty
corner-cases.  What if you are using multiple keyrings and different
versions of the same key exist on more than one keyring?

[ as an aside, I think there is a fairly good case that multiple
public keyring files are a menace rather than a help in most cases
because of this problem....  ]

It would probably be better for the membership secretary to circulate
a keyblock (i.e. the results of an --armor --export) containing the
members keys, which you could then import onto your own keyring.
Unless the group features many hundreds of members you should not
experience any noticeable slow-down at all.

Depending on the nature of your group there are two potential models:

- If memberships are renewed at regular intervals, the secretary can
simply sign all keys with signatures valid for the standard period of
membership and circulate the keyblock.

- If members enter and leave at different times, the membership
secretary will have to sign and revoke keys as appropriate (I'd still
put an expiry date on the signatures to be on the safe side) and
circulate the keys of all members who are current *or  former members*
(so that the revoked signatures are also circulated).

- As a refinement of the second option, if you make the signatures
only valid for a year, you would only need to circulate the keys of
former members for the period during which the original signature was
ever valid.

Best wishes,

Nicholas


From jerome at jeromebaum.com  Wed Mar 23 23:08:59 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 22:08:59 +0000
Subject: what are the sub keys
In-Reply-To: <201103232258.39184@thufir.ingo-kloecker.de>  ("Ingo
	=?utf-8?Q?Kl=C3=B6cker=22's?=
	message of "Wed, 23 Mar 2011 17:58:38 -0400")
References: <4D8565E1.7080608@charter.net>
	<201103232155.55241@thufir.ingo-kloecker.de>
	<AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
	<201103232258.39184@thufir.ingo-kloecker.de>
Message-ID: <86ipv94hhg.fsf@jeromebaum.com>

Ingo Kl?cker <kloecker at kde.org> writes:

> [2. This is a digitally signed message part.asc --- application/pgp-signature; signature.asc]...

Hey is that a  KMail feature? I really like that idea,  mind if I rip it
off, and if successful publish the code to make this work in gnus?  Much
better than a "noname" attachment.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/52291092/attachment.pgp>

From thajsta at gmail.com  Wed Mar 23 23:19:28 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Wed, 23 Mar 2011 18:19:28 -0400
Subject: what are the sub keys
In-Reply-To: <201103232155.55241@thufir.ingo-kloecker.de>
References: <4D8565E1.7080608@charter.net>	<888609513.20110322211756@my_localhost>
	<4D891389.2020505@gmail.com>
	<201103232155.55241@thufir.ingo-kloecker.de>
Message-ID: <4D8A71F0.8000904@gmail.com>

Well excuse me for not knowing it all. I only know what Enigmail allows
through its user interface, and bad judgement is sometimes a method of
learning for better decision making. I have only begun using both GnuPG
and Enigmail this month along with Thunderbird, and this list educated
me a lot since I have been subscribed. Anything else you would like to
point out? I apologise if I come off mean in any way.

On 23/03/2011 04:55 PM, Ingo Kl?cker wrote:
> On Tuesday 22 March 2011, Jonathan Ely wrote:
>> Enigmail allows only 1024, 2048 and 4096. I have never heard of that,
>> but even still I would personally choose the largest key for the time
>> being till RSA becomes obsolete. Is there anything larger than 4096
>> since you mentioned values unknown to me?
> 
> Let's see. There's 4097, 4098 and even 4099. And then there's 4100. ;-p
> 
> IMHO all those discussions about key sizes are really pathetic. Stick 
> with the defaults or educate yourself by reading the appropriate 
> literature instead of starting one non-sensical discussion after the 
> other on this mailing list. It should be rather obvious by now that key 
> sizes above 2048 are mostly a matter of personal taste and bad 
> judgement.
> 
> 
> Regards,
> Ingo
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110323/d6195e33/attachment.pgp>

From jerome at jeromebaum.com  Wed Mar 23 23:21:28 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Wed, 23 Mar 2011 22:21:28 +0000
Subject: Group Membership Keyring
In-Reply-To: <AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>
	(Nicholas Cole's message of "Wed, 23 Mar 2011 17:12:13 -0400")
References: <4D891133.3010602@charter.net>    <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net> <86ei5y7mav.fsf@jeromebaum.com>
	<4D895C12.3080909@tx.rr.com> <87bp12i6pp.fsf@vigenere.g10code.de>
	<4D89E74D.5000603@charter.net>
	<AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>
Message-ID: <86ei5x4gwn.fsf@jeromebaum.com>

Nicholas Cole <nicholas.cole at gmail.com> writes:

> It would probably be better for the membership secretary to circulate
> a keyblock (i.e. the results of an --armor --export) containing the
> members keys, which you could then import onto your own keyring.
> Unless the group features many hundreds of members you should not
> experience any noticeable slow-down at all.

I'd like  to mention that  you'd probably want  to give the  secretary a
trust signature  limited to  the respective domain,  so while  you trust
them fully for that group, you  can assign marginal or no trust in other
contexts. Just tsign and it'll ask for all that information.

As for the  imports, this does sound like a good  idea because you don't
need to validate  the keyblock (after all, there's no  way to "delete" a
key  through  a  keyblock,  besides   revoking  it  which  is  a  signed
operation). Just  set it to merge  only and you'll  always be up-to-date
when it comes to revocation, without the risk of adding new keys.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/1ce395a7/attachment.pgp>

From expires2011 at ymail.com  Wed Mar 23 23:57:08 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 23 Mar 2011 22:57:08 +0000
Subject: Deniability
In-Reply-To: <4D8964F2.9080103@sixdemonbag.org>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org> <86mxkm7mrg.fsf@jeromebaum.com>
	<4D89598A.2060300@sixdemonbag.org> <86wrjq603f.fsf@jeromebaum.com>
	<4D8964F2.9080103@sixdemonbag.org>
Message-ID: <1618639381.20110323225708@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 23 March 2011 at 3:11:46 AM, in
<mid:4D8964F2.9080103 at sixdemonbag.org>, Robert J. Hansen wrote:


> Written today.  I've done a fair bit of digging into
> this: no such case has ever been presented in a United
> States court.  The case you cited below was not a
> United States court: it was state court.

> The phrase, "a United States court" means, "a court
> operating under federal law passed by Congress."  The
> phrase, "a state court" means, "a court operating under
> state law passed by a state legislature."

A matter of semantics that would be lost on most people in the world.
Generally speaking, if I saw a media reference to "a U.S court" or "an
American court" I would neither know nor care which government body
ran that court nor which government body had passed the law that had
allegedly been transgressed.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

What's another word for synonym?
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNinrJnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pXbYD/3Za
Wu7l80AwMHmAKTiZ8OwiMSvVGKa9g69zhWdgTFL7fxZcD/ZOtMbewdVZ2k+qz8RD
uLrzRot/Ey3iPdZhGIC0SeYBvvdTzoD534ut40NVFK/s4pHtyaHrJ2ShjOVjFMbR
ne3DOTCMvGKdAOhIIGwYYCDk+ZEZNyRo3tAnxki2
=jbRQ
-----END PGP SIGNATURE-----



From JPClizbe at tx.rr.com  Thu Mar 24 00:08:28 2011
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Wed, 23 Mar 2011 18:08:28 -0500
Subject: Group Membership Keyring
In-Reply-To: <86ei5x4gwn.fsf@jeromebaum.com>
References: <4D891133.3010602@charter.net>
	<4D891D66.1090205@gmail.com>	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com>	<4D895C12.3080909@tx.rr.com>
	<87bp12i6pp.fsf@vigenere.g10code.de>	<4D89E74D.5000603@charter.net>	<AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>
	<86ei5x4gwn.fsf@jeromebaum.com>
Message-ID: <4D8A7D6C.9040807@tx.rr.com>

Jerome Baum wrote:
> Nicholas Cole <nicholas.cole at gmail.com> writes:

Please remove my name from future replies on this thread.

I did not ask to be included nor do I wish to be included.

Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110323/ae90ab79/attachment.pgp>

From expires2011 at ymail.com  Thu Mar 24 00:09:23 2011
From: expires2011 at ymail.com (MFPA)
Date: Wed, 23 Mar 2011 23:09:23 +0000
Subject: Deniability
In-Reply-To: <AANLkTin8mEoxv+SNjeafDEzC46cF=N9wm6pmeBujw3oU@mail.gmail.com>
References: <20110323021602.A85E633CCD@absinthe.tinho.net>
	<4D895C33.5010402@sixdemonbag.org>
	<20110323190641.GC17671@IUPUI.Edu>
	<AANLkTin8mEoxv+SNjeafDEzC46cF=N9wm6pmeBujw3oU@mail.gmail.com>
Message-ID: <1021612479.20110323230923@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 23 March 2011 at 7:14:22 PM, in
<mid:AANLkTin8mEoxv+SNjeafDEzC46cF=N9wm6pmeBujw3oU at mail.gmail.com>,
Jeffrey Walton wrote:


>  The
> first step to remediate the problem is disgorging politicians from
> their money, which probably will not happen in our lifetime.


Presumably it would require politicians to vote it in...


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Two wrongs don't make a right. But three lefts do.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNin2pnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pu/UEAKqd
xbQGvh9C4XQEC2meEHUvXCMdJ49HOboKFZmHigNg8lgBkMU9fqXtVS8ux1oy1XQP
FyKS187V4ROYZY8W5GDpaNUZscWoVZ1Zdicr8NsyMwUQTQnhtvmYfvNdpDy/Qr7A
PclkwQnB5d8WvuFT/Btyie9L+KK8TCaF+6uOeGYE
=d/Xv
-----END PGP SIGNATURE-----



From rjh at sixdemonbag.org  Thu Mar 24 00:11:40 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 23 Mar 2011 19:11:40 -0400
Subject: Deniability
In-Reply-To: <1618639381.20110323225708@my_localhost>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org> <86mxkm7mrg.fsf@jeromebaum.com>
	<4D89598A.2060300@sixdemonbag.org> <86wrjq603f.fsf@jeromebaum.com>
	<4D8964F2.9080103@sixdemonbag.org>
	<1618639381.20110323225708@my_localhost>
Message-ID: <4D8A7E2C.40808@sixdemonbag.org>

On 3/23/2011 6:57 PM, MFPA wrote:
> A matter of semantics that would be lost on most people in the world.

Perhaps that should be taken as a good reason for people who are not
familiar with courts in the United States to forego commentary on how
they operate.  I don't know beans about, say, the United Kingdom court
system beyond the broadest possible facts, and so I make it a point not
to comment on the relative justice or injustice of the UK's system.
That practice has served me well so far.

> Generally speaking, if I saw a media reference to "a U.S court" or "an
> American court" I would neither know nor care which government body
> ran that court nor which government body had passed the law that had
> allegedly been transgressed.

Confusing a state-level court for a federal-level court is kind of like
confusing Malaysia with Uganda: they are potentially that much
different.  For instance, the state of Louisiana operates under a Civil
Law (Napoleonic) system, while the federal courts operate under the
English Common Law system.  This means the two have as much in common,
legally speaking, as the United Kingdom and France.

The rest of the world tends to massively underestimate the amount of
judicial diversity within the United States.  We're quite a bit larger
than Europe: we also have quite a few more different kinds of legal systems.


From dan at geer.org  Thu Mar 24 00:13:20 2011
From: dan at geer.org (dan at geer.org)
Date: Wed, 23 Mar 2011 19:13:20 -0400
Subject: Deniability 
In-Reply-To: Your message of "Wed, 23 Mar 2011 16:50:39 EDT."
	<A31F3B5E-1A57-41F3-91F4-60CFE0AE857E@jabberwocky.com> 
Message-ID: <20110323231320.F1B2633EBF@absinthe.tinho.net>


 > For example, I do genealogy as a hobby, and figuring out how person A was re
 > lated to person B 100 years ago would involve trips to the town in question
 > , and poring over a hand-kept records book in the town hall.  These days, t
 > here are a number of websites that have brought that sort of information on
 > line.  The information from old town record book is essentially unchanged, 
 > but the ability to access it is dramatically easier.  Such easy access enab
 > les all sorts of cross-referencing and data mining across multiple database
 > s that were (strictly speaking) possible a hundred years ago, but also extr
 > emely unrealistic.


The "23andme.com" folks claim that their genetic screening
thing is liberating people by connecting them to relatives
that they did not know they had.

I, for one, have a lot of relatives that I don't want to know.


--dan

--------
This message is certified orthogonal to the topic of gnupg



From expires2011 at ymail.com  Thu Mar 24 02:10:42 2011
From: expires2011 at ymail.com (MFPA)
Date: Thu, 24 Mar 2011 01:10:42 +0000
Subject: Deniability
In-Reply-To: <4D8A7E2C.40808@sixdemonbag.org>
References: <86bp15gh2g.fsf@jeromebaum.com> <4D8759E1.9080706@sixdemonbag.org>
	<86mxkoed1h.fsf@jeromebaum.com> <4D88049D.5090403@sixdemonbag.org>
	<86wrjrcjc3.fsf@jeromebaum.com>
	<0ffe0940715ba720b1869d346dbf1504@localhost>
	<86sjufb0ks.fsf@jeromebaum.com>
	<aad88fe64325e58dc8127157e97a9b00@localhost>
	<86aagnav1g.fsf@jeromebaum.com>
	<03aa4ec32835886760887fa38bfeda25@localhost>
	<86sjuf9ddf.fsf@jeromebaum.com>
	<1af4381f560480656e49ea2843098672@localhost>
	<938918350.20110322214233@my_localhost>
	<4D891A27.4000605@sixdemonbag.org> <86mxkm955e.fsf@jeromebaum.com>
	<4D892E33.4010705@sixdemonbag.org> <86mxkm7mrg.fsf@jeromebaum.com>
	<4D89598A.2060300@sixdemonbag.org> <86wrjq603f.fsf@jeromebaum.com>
	<4D8964F2.9080103@sixdemonbag.org>
	<1618639381.20110323225708@my_localhost>
	<4D8A7E2C.40808@sixdemonbag.org>
Message-ID: <464200923.20110324011042@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 23 March 2011 at 11:11:40 PM, in
<mid:4D8A7E2C.40808 at sixdemonbag.org>, Robert J. Hansen wrote:


> This means the
> two have as much in common, legally speaking, as the
> United Kingdom and France.

Not forgetting that Scottish law supposedly has more in common with
France than English law.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

All generalizations are dangerous, even this one.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNipobnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pDwsD/jTc
vEr3TrwvQ6PU5+5kVYiukDtB8iFjykyW1/B9TXeXe2PDFNC7nDkpOO42rHjlvxq4
BZvNX7uwz+a6W6KDwdOOD1iyZg8PkpS7/l0hS/mjIJ4ZgtxZXs/jdVbA2uErMjoS
UKdKAh+q1Drjlo4WQvRCmiQcTqassmj4haPmcuCR
=ahM+
-----END PGP SIGNATURE-----



From expires2011 at ymail.com  Thu Mar 24 02:19:28 2011
From: expires2011 at ymail.com (MFPA)
Date: Thu, 24 Mar 2011 01:19:28 +0000
Subject: Group Membership Keyring
In-Reply-To: <AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>
References: <4D891133.3010602@charter.net> <4D891D66.1090205@gmail.com>
	<4D89285B.7050905@grant-olson.net>
	<86ei5y7mav.fsf@jeromebaum.com> <4D895C12.3080909@tx.rr.com>
	<87bp12i6pp.fsf@vigenere.g10code.de> <4D89E74D.5000603@charter.net>
	<AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV@mail.gmail.com>
Message-ID: <1966461336.20110324011928@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 23 March 2011 at 9:12:13 PM, in
<mid:AANLkTin24P5g5_f=GdiaZkG4dmBLJgDxr30YFw1DAtAV at mail.gmail.com>,
Nicholas Cole wrote:


> It would probably be better for the membership
> secretary to circulate a keyblock (i.e. the results of
> an --armor --export) containing the members keys, which
> you could then import onto your own keyring.

A little bit like PGPNET. http://tech.groups.yahoo.com/group/PGPNET/
No certifications added to keys. An updated key block every time
somebody joins or leaves. A roll-call every 6 months (since people
tend to drift away rather than announce their departure).



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Ballerinas are always on their toes.  We need taller ballerinas!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNipwnnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5poFYD/3Dp
q6D/4cOReHR5PBAZz7gewQ9NG5yoesOoYekgR3YIJvW5W3fzu7uRKa4yAdRu7ePB
z3B8AxRajeJlLl1H3XTXKOWWOmyaI8yMSXlCkYpUP7TtTwUX0NOcAIWWSv5FArwK
7/ExViVNg+HK2H/pXq8wmvxubAv3R+jhtRB6wQv5
=24LE
-----END PGP SIGNATURE-----



From vedaal at nym.hush.com  Thu Mar 24 05:44:12 2011
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Thu, 24 Mar 2011 00:44:12 -0400
Subject: 4096 bit keys
Message-ID: <20110324044412.D295610E2BB@smtp.hushmail.com>

Ingo Kl?cker kloecker at kde.org wrote on
Wed Mar 23 22:39:05 CET 2011 :

>So, out of 2^2048 candidates you eliminate 1+2+...+300 = 300*301/2 
= 
45150 candidates which lie in those intervals. Impressive!

lol!

like I said,

4096 bit keys will remain secure for the not-too-near future


vedaal






From johnathan.barbett at elephant.com  Wed Mar 23 21:29:38 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Wed, 23 Mar 2011 13:29:38 -0700 (PDT)
Subject: empty file generated when running GPG batch
Message-ID: <31223498.post@talk.nabble.com>


Hi, this is running in a batch.  It creates a .pgp file, however that file is
empty.  Any ideas?

SETLOCAL
PATH=C:\Program
Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
PUSHD "C:\outgoingdropfolder"
pause
FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
pause
IF EXIST %%F (
pause
ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
"C:\encryptedfiles\%%F.pgp"
pause
IF ERRORLEVEL == 0 DEL "%%F"
)
)
POPD
DEL "%TMP%\~encryptlist.*"
ENDLOCAL
-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31223498.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From jerome at jeromebaum.com  Thu Mar 24 11:53:23 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Thu, 24 Mar 2011 10:53:23 +0000
Subject: empty file generated when running GPG batch
In-Reply-To: <31223498.post@talk.nabble.com> (jb's message of "Wed, 23 Mar
	2011 16:29:38 -0400")
References: <31223498.post@talk.nabble.com>
Message-ID: <86oc5023j0.fsf@jeromebaum.com>

jb1111 <johnathan.barbett at elephant.com> writes:

> Hi, this is running in a batch.  It creates a .pgp file, however that file is
> empty.  Any ideas?
>
> SETLOCAL
> PATH=C:\Program
> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
> PUSHD "C:\outgoingdropfolder"
> pause
> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
> pause
> IF EXIST %%F (
> pause
> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
> "C:\encryptedfiles\%%F.pgp"
> pause
> IF ERRORLEVEL == 0 DEL "%%F"
> )
> )
> POPD
> DEL "%TMP%\~encryptlist.*"
> ENDLOCAL

What does it output? Also, sure you want to echo in the password? Seems
like it's not necessary.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110324/3c56335a/attachment.pgp>

From Lists.gnupg at mephisto.fastmail.net  Thu Mar 24 15:26:03 2011
From: Lists.gnupg at mephisto.fastmail.net (Lists.gnupg at mephisto.fastmail.net)
Date: Thu, 24 Mar 2011 10:26:03 -0400
Subject: what are the sub keys
In-Reply-To: <201103232258.39184@thufir.ingo-kloecker.de>
References: <4D8565E1.7080608@charter.net>
	<201103232155.55241@thufir.ingo-kloecker.de>
	<AANLkTin7eE-qEb-1rqybUWv6HZWAg94Upu6Z3UF9=Leb@mail.gmail.com>
	<201103232258.39184@thufir.ingo-kloecker.de>
Message-ID: <20110324142603.GA3299@imac-6g2p.mgh.harvard.edu>

On Wed, Mar 23, 2011 at 10:58:38PM +0100 Also sprach Ingo Kl?cker:
>
>I claim that of all 4096 keys that can be found on the public keyservers
>most have been created by people who just went for the highest number.
>Because bigger must be better, right?
>

I cannot resist offering the following quote from Neil Stephenson's
Cryptonomicon, which makes a similar observation:

> So the length of the key that you use is, in and of itself, a code of
> sorts. A knowledgeable government eavesdropper, noting Randy's and
> Avi's use of a 4096-bit key, will conclude one of the following:
>   --Avi doesn't know what he's talking about. This can be ruled out
>     with a bit of research into his past accomplishments. Or,
>   --Avi is clinically paranoid. This can also be ruled out with some
>     research. Or,
>   --Avi is extremely optimistic about the future development of
>     computer technology, or pessimistic about the political climate, or
>     both. Or,
>   --Avi has a planning horizon that extends over a period of at least
>     a century.



From l_elcocks at hotmail.co.uk  Thu Mar 24 16:26:08 2011
From: l_elcocks at hotmail.co.uk (Lee Elcocks)
Date: Thu, 24 Mar 2011 15:26:08 +0000
Subject: empty file generated when running GPG batch
In-Reply-To: <86oc5023j0.fsf@jeromebaum.com>
References: <31223498.post@talk.nabble.com>,<86oc5023j0.fsf@jeromebaum.com>
Message-ID: <SNT115-W611AEC68EAF2FFE88BAF78DFB60@phx.gbl>


Your out put should look like this.
 
"C:\encryptedfiles\%%F.pgp" %%F
 
From: jerome at jeromebaum.com
To: johnathan.barbett at elephant.com
Subject: Re: empty file generated when running GPG batch
Date: Thu, 24 Mar 2011 10:53:23 +0000
CC: gnupg-users at gnupg.org

jb1111 <johnathan.barbett at elephant.com> writes:
 
> Hi, this is running in a batch.  It creates a .pgp file, however that file is
> empty.  Any ideas?
>
> SETLOCAL
> PATH=C:\Program
> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
> PUSHD "C:\outgoingdropfolder"
> pause
> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
> pause
> IF EXIST %%F (
> pause
> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
> "C:\encryptedfiles\%%F.pgp"
> pause
> IF ERRORLEVEL == 0 DEL "%%F"
> )
> )
> POPD
> DEL "%TMP%\~encryptlist.*"
> ENDLOCAL
 
What does it output? Also, sure you want to echo in the password? Seems
like it's not necessary.
 
-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA

_______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110324/80ca49e0/attachment.htm>

From kapetr at mizera.cz  Thu Mar 24 18:40:30 2011
From: kapetr at mizera.cz (kapetr)
Date: Thu, 24 Mar 2011 18:40:30 +0100 (CET)
Subject: gpg-agent troubles
Message-ID: <d516a10dd4a46371ae3ac6279ad51c03@mail1.volny.cz>

Hello

1. gpg-agent ignores changed values in ~/.gnupg/gpg-agent.conf after
SIGHUP. I have to kill/restart him ?!
2. gpg-agent ignores "ignore-cache-for-signing" in config file. I
had to set "default-cache-ttl 0"  (which is for all) ?
3. pinentry do not drag mouse(keyboard yes) even if there is no
"no-grab". With pinentry dialog open I can still work with mouse
- switch windows, copy/paste text, ... I'm not sure, if it is any
security risk, but ...

Please Help

--kapetr

P.S.
I Use Ubuntu 10.10 - gpg (GnuPG) 1.4.10
gpg-agent cmdline:
"usr/bin/gpg-agent --daemon --sh
--write-env-file=/home/hugo/.gnupg/gpg-agent-info-duron650
/usr/bin/dbus-launch --exit-with-session gnome-session"






From wellknown at gmx.net  Thu Mar 24 19:16:35 2011
From: wellknown at gmx.net (Tom Mayer)
Date: Thu, 24 Mar 2011 19:16:35 +0100
Subject: export a public subkey isolated
Message-ID: <1499F9B2D0C344D2A8C3F5F0A3B9C358@tomlaptop>

Hi List,

there was no success in googling this question:

Is it possible to export the public part of a subkey isolated? There should be nothing of the masterkey or other subkeys in the exported keyblock.


Situation:

www.ripe.net database is not supporting signing with subkeys. They only accept a single key in certificate block.

I have an openpgp card containing my secret subkeys for signing/encryption/authenticating and am only able to export the subkeys with the corresponding masterkey in one block.



Many thanks for your answers!

Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110324/d5e9d556/attachment.htm>

From dshaw at jabberwocky.com  Thu Mar 24 20:29:00 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 24 Mar 2011 15:29:00 -0400
Subject: export a public subkey isolated
In-Reply-To: <1499F9B2D0C344D2A8C3F5F0A3B9C358@tomlaptop>
References: <1499F9B2D0C344D2A8C3F5F0A3B9C358@tomlaptop>
Message-ID: <442D85C0-B5A0-4B07-B4F6-FC29AA486B45@jabberwocky.com>

On Mar 24, 2011, at 2:16 PM, Tom Mayer wrote:

> Hi List,
>  
> there was no success in googling this question:
>  
> Is it possible to export the public part of a subkey isolated? There should be nothing of the masterkey or other subkeys in the exported keyblock.

I'm afraid this is not possible.  An isolated subkey is not a valid OpenPGP "key".
 
> Situation:
>  
> www.ripe.net database is not supporting signing with subkeys. They only accept a single key in certificate block.
>  
> I have an openpgp card containing my secret subkeys for signing/encryption/authenticating and am only able to export the subkeys with the corresponding masterkey in one block.

You might be able to do byte-surgery on the keyblock to turn your subkey into a primary key (and then get it to sign a user ID since your current user ID wouldn't be signed by the right key).  That would probably cause as many headaches as it solves.

Why not talk to the RIPE people and ask them to support subkeys?  They're a standard part of OpenPGP and have been for a long time.

David



From kloecker at kde.org  Thu Mar 24 20:49:15 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Thu, 24 Mar 2011 20:49:15 +0100
Subject: what are the sub keys
In-Reply-To: <86ipv94hhg.fsf@jeromebaum.com>
References: <4D8565E1.7080608@charter.net>
	<201103232258.39184@thufir.ingo-kloecker.de>
	<86ipv94hhg.fsf@jeromebaum.com>
Message-ID: <201103242049.16286@thufir.ingo-kloecker.de>

On Wednesday 23 March 2011, Jerome Baum wrote:
> Ingo Kl?cker <kloecker at kde.org> writes:
> > [2. This is a digitally signed message part.asc ---
> > application/pgp-signature; signature.asc]...
> 
> Hey is that a  KMail feature? I really like that idea,  mind if I rip
> it off, and if successful publish the code to make this work in
> gnus?  Much better than a "noname" attachment.

Be our guest. KMail is Free Software. :-)


Regards,
Ingo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110324/db0a6837/attachment.pgp>

From kloecker at kde.org  Thu Mar 24 20:59:17 2011
From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=)
Date: Thu, 24 Mar 2011 20:59:17 +0100
Subject: what are the sub keys
In-Reply-To: <4D8A71F0.8000904@gmail.com>
References: <4D8565E1.7080608@charter.net>
	<201103232155.55241@thufir.ingo-kloecker.de>
	<4D8A71F0.8000904@gmail.com>
Message-ID: <201103242059.18628@thufir.ingo-kloecker.de>

On Wednesday 23 March 2011, Jonathan Ely wrote:
> On 23/03/2011 04:55 PM, Ingo Kl?cker wrote:
> > On Tuesday 22 March 2011, Jonathan Ely wrote:
> >> Enigmail allows only 1024, 2048 and 4096. I have never heard of
> >> that, but even still I would personally choose the largest key
> >> for the time being till RSA becomes obsolete. Is there anything
> >> larger than 4096 since you mentioned values unknown to me?
> > 
> > Let's see. There's 4097, 4098 and even 4099. And then there's 4100.
> > ;-p
> > 
> > IMHO all those discussions about key sizes are really pathetic.
> > Stick with the defaults or educate yourself by reading the
> > appropriate literature instead of starting one non-sensical
> > discussion after the other on this mailing list. It should be
> > rather obvious by now that key sizes above 2048 are mostly a
> > matter of personal taste and bad judgement.
>
> Well excuse me for not knowing it all. I only know what Enigmail
> allows through its user interface, and bad judgement is sometimes a
> method of learning for better decision making. I have only begun
> using both GnuPG and Enigmail this month along with Thunderbird, and
> this list educated me a lot since I have been subscribed. Anything
> else you would like to point out? I apologise if I come off mean in
> any way.

Well, as I already said: Stick with the defaults unless you know exactly 
that the defaults are not good enough for you. You can trust the 
developers of GnuPG and Enigmail to have chosen sensible defaults.

Last, but not least: Have fun learning more about and playing around 
with cryptography!


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110324/346b7235/attachment-0001.pgp>

From wk at gnupg.org  Thu Mar 24 21:00:17 2011
From: wk at gnupg.org (Werner Koch)
Date: Thu, 24 Mar 2011 21:00:17 +0100
Subject: gpg-agent troubles
In-Reply-To: <d516a10dd4a46371ae3ac6279ad51c03@mail1.volny.cz>
	(kapetr@mizera.cz's message of "Thu, 24 Mar 2011 18:40:30 +0100
	(CET)")
References: <d516a10dd4a46371ae3ac6279ad51c03@mail1.volny.cz>
Message-ID: <87oc50ffvy.fsf@vigenere.g10code.de>

On Thu, 24 Mar 2011 18:40, kapetr at mizera.cz said:

> 1. gpg-agent ignores changed values in ~/.gnupg/gpg-agent.conf after
> SIGHUP. I have to kill/restart him ?!

Depends on the option you want to change.  Most are re-read after a HUP
or with "gpgconf --reload gpg-agent" (which of course sends a HUP on
Unix platforms)

> 2. gpg-agent ignores "ignore-cache-for-signing" in config file. I
> had to set "default-cache-ttl 0"  (which is for all) ?

Using GPG?  Right, it is ignored if using GPG 1.4 or GPG 2.0.  The
reason is that those GPG version use the agent only for passphrase
caching and don't let gpg-agent do the actual signing.  The option works
only if gpg-agent performs the signing (e.g. using gpgsm).

With GnuPG 2.1 this changed, here GPG uses gpg-agent for the actual
signing and thus the option should work.

> 3. pinentry do not drag mouse(keyboard yes) even if there is no
> "no-grab". With pinentry dialog open I can still work with mouse

Depends on you pinentry.  At least for the GTK pinentry this was fixed
May 2010 and released with 0.8.1 in December.

> I Use Ubuntu 10.10 - gpg (GnuPG) 1.4.10
> gpg-agent cmdline:

There is no gpg-agent 1.4.x.  Run gpg-agent --version to see the version
of gpg-agent.  I also suggest to use gpg2 instead of gpg.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From jerome at jeromebaum.com  Fri Mar 25 01:58:57 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Fri, 25 Mar 2011 00:58:57 +0000
Subject: what are the sub keys
In-Reply-To: <201103242049.16286@thufir.ingo-kloecker.de> ("Ingo
	=?utf-8?Q?Kl=C3=B6cker=22's?=
	message of "Thu, 24 Mar 2011 15:49:15 -0400")
References: <4D8565E1.7080608@charter.net>
	<201103232258.39184@thufir.ingo-kloecker.de>
	<86ipv94hhg.fsf@jeromebaum.com>
	<201103242049.16286@thufir.ingo-kloecker.de>
Message-ID: <86ipv810dq.fsf@jeromebaum.com>

Ingo Kl?cker <kloecker at kde.org> writes:

> On Wednesday 23 March 2011, Jerome Baum wrote:
>> Ingo Kl?cker <kloecker at kde.org> writes:
>> > [2. This is a digitally signed message part.asc ---
>> > application/pgp-signature; signature.asc]...
>> 
>> Hey is that a  KMail feature? I really like that idea,  mind if I rip
>> it off, and if successful publish the code to make this work in
>> gnus?  Much better than a "noname" attachment.
>
> Be our guest. KMail is Free Software. :-)

Right. I was referring to your naming choice. However, it seems "not so
easy" in gnus. I'll let you guys know if my investigation leads anywhere
though.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110325/4463a854/attachment.pgp>

From kapetr at mizera.cz  Thu Mar 24 12:31:03 2011
From: kapetr at mizera.cz (kapetr)
Date: Thu, 24 Mar 2011 12:31:03 +0100 (CET)
Subject: gpg-agent troubles
Message-ID: <60aaa5601ad6a35805d5f812223170e9@mail2.volny.cz>

Hello

1. gpg-agent ignores changed values in ~/.gnupg/gpg-agent.conf after
SIGHUP. I have to kill/restart him ?!
2. gpg-agent ignores "ignore-cache-for-signing" in config file. I
had to set "default-cache-ttl 0"  (for all) ?
3. pinentry do not drag mouse(keyboard yes) even if there is no
"no-grab" ?!  With pinentry dialog open I can still work with mouse
- switch windows, copy/paste text, ...

Please Help

--kapetr

P.S.
I Use Ubuntu 10.10
gpg-agent cmdline:
"usr/bin/gpg-agent --daemon --sh
--write-env-file=/home/hugo/.gnupg/gpg-agent-info-duron650
/usr/bin/dbus-launch --exit-with-session gnome-session"




From johnathan.barbett at elephant.com  Thu Mar 24 13:24:42 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Thu, 24 Mar 2011 05:24:42 -0700 (PDT)
Subject: empty file generated when running GPG batch
In-Reply-To: <86oc5023j0.fsf@jeromebaum.com>
References: <31223498.post@talk.nabble.com> <86oc5023j0.fsf@jeromebaum.com>
Message-ID: <31228406.post@talk.nabble.com>


Hi.  It outputs a same named .pgp file.  When decrypted, it's empty.  I tried
removing the echo before, "Password" and that breaks the process.  Sorry, I
haven't done batch in years and gpg is a new thing for me.  Result:

C:\outgoingdropfolder>FOR /F "delims=" %F IN ('MORE <
"C:\Users\myprofile\AppData\Local\Temp\~encryptlist.txt"') DO (
IF EXIST %F (
Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r 131FDA81 -o
"C:\encryptedfiles\%F.pgp"
IF ERRORLEVEL 0 DEL "%F"
)
)
C:\outgoingdropfolder>(
 IF EXIST test345.txt (
 Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
"C:\encryptedfiles\test345.txt.pgp"
 IF ERRORLEVEL 0 DEL "test345.txt"


Jerome Baum-2 wrote:
> 
> jb1111 <johnathan.barbett at elephant.com> writes:
> 
>> Hi, this is running in a batch.  It creates a .pgp file, however that
>> file is
>> empty.  Any ideas?
>>
>> SETLOCAL
>> PATH=C:\Program
>> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
>> PUSHD "C:\outgoingdropfolder"
>> pause
>> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
>> pause
>> IF EXIST %%F (
>> pause
>> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
>> "C:\encryptedfiles\%%F.pgp"
>> pause
>> IF ERRORLEVEL == 0 DEL "%%F"
>> )
>> )
>> POPD
>> DEL "%TMP%\~encryptlist.*"
>> ENDLOCAL
> 
> What does it output? Also, sure you want to echo in the password? Seems
> like it's not necessary.
> 
> -- 
> PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
> PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
> 
>  
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31228406.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From johnathan.barbett at elephant.com  Thu Mar 24 13:25:58 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Thu, 24 Mar 2011 05:25:58 -0700 (PDT)
Subject: empty file generated when running GPG batch
Message-ID: <31228406.post@talk.nabble.com>


Hi.  It outputs a same named .pgp file.  When decrypted, it's empty.  I tried
removing the echo before, "Password" and that breaks the process.  Sorry, I
haven't done batch in years and gpg is a new thing for me.  Result:

C:\outgoingdropfolder>FOR /F "delims=" %F IN ('MORE <
"C:\Users\myprofile\AppData\Local\Temp\~encryptlist.txt"') DO (
IF EXIST %F (
Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
"C:\encryptedfiles\%F.pgp"
IF ERRORLEVEL 0 DEL "%F"
)
)
C:\outgoingdropfolder>(
 IF EXIST test345.txt (
 Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
"C:\encryptedfiles\test345.txt.pgp"
 IF ERRORLEVEL 0 DEL "test345.txt"


Jerome Baum-2 wrote:
> 
> jb1111 <johnathan.barbett at elephant.com> writes:
> 
>> Hi, this is running in a batch.  It creates a .pgp file, however that
>> file is
>> empty.  Any ideas?
>>
>> SETLOCAL
>> PATH=C:\Program
>> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
>> PUSHD "C:\outgoingdropfolder"
>> pause
>> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
>> pause
>> IF EXIST %%F (
>> pause
>> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
>> "C:\encryptedfiles\%%F.pgp"
>> pause
>> IF ERRORLEVEL == 0 DEL "%%F"
>> )
>> )
>> POPD
>> DEL "%TMP%\~encryptlist.*"
>> ENDLOCAL
> 
> What does it output? Also, sure you want to echo in the password? Seems
> like it's not necessary.
> 
> -- 
> PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
> PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
> 
>  
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31228406.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From johnathan.barbett at elephant.com  Thu Mar 24 15:07:00 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Thu, 24 Mar 2011 07:07:00 -0700 (PDT)
Subject: empty file generated when running GPG batch
In-Reply-To: <86oc5023j0.fsf@jeromebaum.com>
References: <31223498.post@talk.nabble.com> <86oc5023j0.fsf@jeromebaum.com>
Message-ID: <31228406.post@talk.nabble.com>


Hi.  It outputs a same named .pgp file.  When decrypted, it's empty.  I tried
removing the echo before, "Password" and that breaks the process.  Sorry, I
haven't done batch in years and gpg is a new thing for me.  Result:

C:\outgoingdropfolder>FOR /F "delims=" %F IN ('MORE <
"C:\Users\myprofile\AppData\Local\Temp\~encryptlist.txt"') DO (
IF EXIST %F (
Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
"C:\encryptedfiles\%F.pgp"
IF ERRORLEVEL 0 DEL "%F"
)
)
C:\outgoingdropfolder>(
 IF EXIST test345.txt (
 Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
"C:\encryptedfiles\test345.txt.pgp"
 IF ERRORLEVEL 0 DEL "test345.txt"


Jerome Baum-2 wrote:
> 
> jb1111 <johnathan.barbett at elephant.com> writes:
> 
>> Hi, this is running in a batch.  It creates a .pgp file, however that
>> file is
>> empty.  Any ideas?
>>
>> SETLOCAL
>> PATH=C:\Program
>> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
>> PUSHD "C:\outgoingdropfolder"
>> pause
>> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
>> pause
>> IF EXIST %%F (
>> pause
>> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
>> "C:\encryptedfiles\%%F.pgp"
>> pause
>> IF ERRORLEVEL == 0 DEL "%%F"
>> )
>> )
>> POPD
>> DEL "%TMP%\~encryptlist.*"
>> ENDLOCAL
> 
> What does it output? Also, sure you want to echo in the password? Seems
> like it's not necessary.
> 
> -- 
> PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
> PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
> 
>  
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31228406.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From johnathan.barbett at elephant.com  Thu Mar 24 18:23:04 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Thu, 24 Mar 2011 10:23:04 -0700 (PDT)
Subject: empty file generated when running GPG batch
In-Reply-To: <SNT115-W611AEC68EAF2FFE88BAF78DFB60@phx.gbl>
References: <31223498.post@talk.nabble.com> <86oc5023j0.fsf@jeromebaum.com>
	<SNT115-W611AEC68EAF2FFE88BAF78DFB60@phx.gbl>
Message-ID: <31231071.post@talk.nabble.com>


You have saved the day yet again Lee!  Thanks a lot.

Lee Elcocks wrote:
> 
> 
> Your out put should look like this.
>  
> "C:\encryptedfiles\%%F.pgp" %%F
>  
> From: jerome at jeromebaum.com
> To: johnathan.barbett at elephant.com
> Subject: Re: empty file generated when running GPG batch
> Date: Thu, 24 Mar 2011 10:53:23 +0000
> CC: gnupg-users at gnupg.org
> 
> jb1111 <johnathan.barbett at elephant.com> writes:
>  
>> Hi, this is running in a batch.  It creates a .pgp file, however that
>> file is
>> empty.  Any ideas?
>>
>> SETLOCAL
>> PATH=C:\Program
>> Files\GNU\GnuPG;c:\encryptedfiles;c:\outgoingdropfolder;%PATH%
>>>"%TMP%\~encryptlist.txt" DIR /B "C:\outgoingdropfolder"
>> PUSHD "C:\outgoingdropfolder"
>> pause
>> FOR /F "delims=" %%F IN ('MORE ^< "%TMP%\~encryptlist.txt"') DO (
>> pause
>> IF EXIST %%F (
>> pause
>> ECHO Password|GPG --batch --encrypt --passphrase-fd 0 -r Publickey -o
>> "C:\encryptedfiles\%%F.pgp"
>> pause
>> IF ERRORLEVEL == 0 DEL "%%F"
>> )
>> )
>> POPD
>> DEL "%TMP%\~encryptlist.*"
>> ENDLOCAL
>  
> What does it output? Also, sure you want to echo in the password? Seems
> like it's not necessary.
>  
> -- 
> PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
> PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
> 
> _______________________________________________ Gnupg-users mailing list
> Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users 		 	   		  
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
=)
-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31231071.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From shammah_mg at yahoo.com  Thu Mar 24 18:38:31 2011
From: shammah_mg at yahoo.com (Mizana ;))
Date: Thu, 24 Mar 2011 10:38:31 -0700 (PDT)
Subject: Enquiries about GnuPG
Message-ID: <749945.66524.qm@web30707.mail.mud.yahoo.com>






Dear?Sir or Madam 
? 
? 
Good-day. I am enquiring about the GnuPG Encryption Software. 
I hope you are can assist. 
? 
I am interested to learn about: 
1.??????? the functionality of the software 
2.??????? the licensing structure(s) of the software and associated prices for licensing 
3.??????? the hardware, software and other requirements for implementation of the software 
4.??????? the implementation procedure of the software 
5.??????? The cost for the software, and any other additional cost(s) including support maintenance and upgrade fees. 
? 
? 
Thank you for assistance. 
? 
? 
With kind regards 
? 
Mizana Gonsalves 



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110324/f8ecc5b9/attachment-0001.htm>

From jerome at jeromebaum.com  Fri Mar 25 11:57:26 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Fri, 25 Mar 2011 10:57:26 +0000
Subject: empty file generated when running GPG batch
In-Reply-To: <31228406.post@talk.nabble.com> (jb's message of "Thu, 24 Mar
	2011 08:24:42 -0400")
References: <31223498.post@talk.nabble.com> <86oc5023j0.fsf@jeromebaum.com>
	<31228406.post@talk.nabble.com>
Message-ID: <86fwqbxyax.fsf@jeromebaum.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

jb1111 <johnathan.barbett at elephant.com> writes:

> Hi.  It outputs a same named .pgp file.  When decrypted, it's empty.  I tried
> removing the echo before, "Password" and that breaks the process.  Sorry, I
> haven't done batch in years and gpg is a new thing for me.  Result:
>
> C:\outgoingdropfolder>FOR /F "delims=" %F IN ('MORE <
> "C:\Users\myprofile\AppData\Local\Temp\~encryptlist.txt"') DO (
> IF EXIST %F (
> Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r 131FDA81 -o
> "C:\encryptedfiles\%F.pgp"
> IF ERRORLEVEL 0 DEL "%F"
> )
> )
> C:\outgoingdropfolder>(
>  IF EXIST test345.txt (
>  Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid -o
> "C:\encryptedfiles\test345.txt.pgp"
>  IF ERRORLEVEL 0 DEL "test345.txt"

Can you try removing both the echo and the "passphrase-fd 0" argument?
Sorry for not mentioning that. Here's what my command looks like:

gpg --batch --encrypt -r jerome -o temp.gpg crontab.txt

Can you try running just a single command like that one and get that to
work first, before you do it in a batch file?

- -- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iQI+BAEBCgAoBQJNjHUXIRhodHRwOi8vamVyb21lYmF1bS5jb20vamVyb21lLmFz
YwAKCRBj5CvYxYx1OqjGEACiPZNfaz1jzDMhaVaZ4ZXhmBVrOQYttYbM3ka1Vykn
D1BpO5/XqmyfWgaVWmfQN2s5qpWqZawBAv7L1os0PRSPowS3bIbdX17HmYYU8ONA
C7UDXj1ETHgIK1iVJI1/hyNXemIB957tBJG6qpQLKw9oIBBy6b62jwlGv2VzFNNj
rqPinIOJ/f6HIvUGjj2yADcfWiYcnfNVeED1Nn+jLP+qy97l5UVhvYEDUMzCaF4l
8zih60I5yPZORJGFHPNApF9lTWs+I/7M9Gx5kNaDsc65O55auzo8UmfhMT2Lc3cm
xZ5P9Zs9eehjvOdaSDYhOW7N/MTPdEkU7yXgxTEaezIfF8gEsv1cUeOGeTa3wc5G
cK519BvDJ8B/ms5nHmhKj2qfAAdJkEMl+EeFbYUNngA6C/NnGi4ZjvUFsyPEMjX5
2aubk4VakPvTRkfFvCF8BQsdBRLKh/hwsbdE2BGxjGvgCxXe5lBDaJwcUBtGnjD8
7UeiLtfWbQKIAzUFpKDSj4NPlzzQdYZxHYJKX2VpufeZ+K6zBqrCWjuITytQIV+d
c+G3RdtgZXeT0TCx2QGb6qNSKH/zZXD65wYI0SiAyCizoDjuqO7yZf2gVxg+F3To
Oy4ttD50bVSKolJ03wMy/PCUIm5KHiBwi4X963O3Gs+afxzgq4Ac6+kAuHYCiuRg
xg==
=tLRw
-----END PGP SIGNATURE-----



From richard at r-selected.de  Fri Mar 25 12:21:10 2011
From: richard at r-selected.de (Richard)
Date: Fri, 25 Mar 2011 12:21:10 +0100
Subject: Enquiries about GnuPG
In-Reply-To: <749945.66524.qm@web30707.mail.mud.yahoo.com>
References: <749945.66524.qm@web30707.mail.mud.yahoo.com>
Message-ID: <AANLkTi==_q=1J9V-ud87YpfP9_hUJZFvuVioyyP_SgQm@mail.gmail.com>

Hello,

your questions have already been answered a couple weeks ago, please
see the thread at

http://lists.gnupg.org/pipermail/gnupg-users/2011-March/040942.html


Best,

    Richard


From rjh at sixdemonbag.org  Fri Mar 25 13:59:32 2011
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 25 Mar 2011 08:59:32 -0400
Subject: Enquiries about GnuPG
In-Reply-To: <749945.66524.qm@web30707.mail.mud.yahoo.com>
References: <749945.66524.qm@web30707.mail.mud.yahoo.com>
Message-ID: <4D8C91B4.7040101@sixdemonbag.org>

On 3/24/2011 1:38 PM, Mizana ;) wrote:
> Dear Sir or Madam

Your questions were already answered in detail a couple of weeks ago,
the last time you asked this question.  Check the archives.  You might
want to start at:

http://lists.gnupg.org/pipermail/gnupg-users/2011-March/040945.html



From johnathan.barbett at elephant.com  Fri Mar 25 13:50:50 2011
From: johnathan.barbett at elephant.com (jb1111)
Date: Fri, 25 Mar 2011 05:50:50 -0700 (PDT)
Subject: empty file generated when running GPG batch
In-Reply-To: <86fwqbxyax.fsf@jeromebaum.com>
References: <31223498.post@talk.nabble.com> <86oc5023j0.fsf@jeromebaum.com>
	<31228406.post@talk.nabble.com> <86fwqbxyax.fsf@jeromebaum.com>
Message-ID: <31237605.post@talk.nabble.com>


Hi Jerome thanks for the response.  Lee had the solution (add %%F to end of
line).  I appreciate all the suggests.

Jerome Baum-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> jb1111 <johnathan.barbett at elephant.com> writes:
> 
>> Hi.  It outputs a same named .pgp file.  When decrypted, it's empty.  I
>> tried
>> removing the echo before, "Password" and that breaks the process.  Sorry,
>> I
>> haven't done batch in years and gpg is a new thing for me.  Result:
>>
>> C:\outgoingdropfolder>FOR /F "delims=" %F IN ('MORE <
>> "C:\Users\myprofile\AppData\Local\Temp\~encryptlist.txt"') DO (
>> IF EXIST %F (
>> Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r 131FDA81 -o
>> "C:\encryptedfiles\%F.pgp"
>> IF ERRORLEVEL 0 DEL "%F"
>> )
>> )
>> C:\outgoingdropfolder>(
>>  IF EXIST test345.txt (
>>  Echo Password  | GPG --batch --encrypt --passphrase-fd 0 -r Publickeyuid
>> -o
>> "C:\encryptedfiles\test345.txt.pgp"
>>  IF ERRORLEVEL 0 DEL "test345.txt"
> 
> Can you try removing both the echo and the "passphrase-fd 0" argument?
> Sorry for not mentioning that. Here's what my command looks like:
> 
> gpg --batch --encrypt -r jerome -o temp.gpg crontab.txt
> 
> Can you try running just a single command like that one and get that to
> work first, before you do it in a batch file?
> 
> - -- 
> PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
> PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> 
> iQI+BAEBCgAoBQJNjHUXIRhodHRwOi8vamVyb21lYmF1bS5jb20vamVyb21lLmFz
> YwAKCRBj5CvYxYx1OqjGEACiPZNfaz1jzDMhaVaZ4ZXhmBVrOQYttYbM3ka1Vykn
> D1BpO5/XqmyfWgaVWmfQN2s5qpWqZawBAv7L1os0PRSPowS3bIbdX17HmYYU8ONA
> C7UDXj1ETHgIK1iVJI1/hyNXemIB957tBJG6qpQLKw9oIBBy6b62jwlGv2VzFNNj
> rqPinIOJ/f6HIvUGjj2yADcfWiYcnfNVeED1Nn+jLP+qy97l5UVhvYEDUMzCaF4l
> 8zih60I5yPZORJGFHPNApF9lTWs+I/7M9Gx5kNaDsc65O55auzo8UmfhMT2Lc3cm
> xZ5P9Zs9eehjvOdaSDYhOW7N/MTPdEkU7yXgxTEaezIfF8gEsv1cUeOGeTa3wc5G
> cK519BvDJ8B/ms5nHmhKj2qfAAdJkEMl+EeFbYUNngA6C/NnGi4ZjvUFsyPEMjX5
> 2aubk4VakPvTRkfFvCF8BQsdBRLKh/hwsbdE2BGxjGvgCxXe5lBDaJwcUBtGnjD8
> 7UeiLtfWbQKIAzUFpKDSj4NPlzzQdYZxHYJKX2VpufeZ+K6zBqrCWjuITytQIV+d
> c+G3RdtgZXeT0TCx2QGb6qNSKH/zZXD65wYI0SiAyCizoDjuqO7yZf2gVxg+F3To
> Oy4ttD50bVSKolJ03wMy/PCUIm5KHiBwi4X963O3Gs+afxzgq4Ac6+kAuHYCiuRg
> xg==
> =tLRw
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://old.nabble.com/empty-file-generated-when-running-GPG-batch-tp31223498p31237605.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From jerome at jeromebaum.com  Sat Mar 26 16:50:53 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Sat, 26 Mar 2011 15:50:53 +0000
Subject: [PGPNET] Jerome
In-Reply-To: <1978034411.20110326152311@my_localhost> (MFPA's message of "Sat, 
	26 Mar 2011 11:23:11 -0400")
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>
	<86vcz7zwev.fsf@jeromebaum.com> <4D8C1C60.4080602@gmail.com>
	<86ipv7zti7.fsf@jeromebaum.com> <4D8C33E7.8090102@gmail.com>
	<4D8CAC73.3050109@TheHaverkamps.net> <86tyerw7qk.fsf@jeromebaum.com>
	<4D8CBB70.9070803@TheHaverkamps.net> <4D8CC5E5.5010804@gmail.com>
	<4D8CCAAB.5080105@TheHaverkamps.net> <4D8CCF67.2070102@gmail.com>
	<4D8CD7C1.7000604@grant-olson.net> <86lj02wk96.fsf@jeromebaum.com>
	<4D8DFDFA.4080509@TheHaverkamps.net> <86k4flsywn.fsf@jeromebaum.com>
	<1978034411.20110326152311@my_localhost>
Message-ID: <86bp0xswwy.fsf@jeromebaum.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

MFPA <expires2011 at ymail.com> writes:

>> Are you implying something? Also, while I can't try
>> this myself (using gpg1), would be good if someone
>> would file a bug report.
>
> And maybe discus it on GnuPG-Users...

Good point. CC'ing them so we can continue the discussion there. To
summarize: gpg-agent seems to have problems handling thrown keyids.

- -- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iQI+BAEBCgAoBQJNjgtfIRhodHRwOi8vamVyb21lYmF1bS5jb20vamVyb21lLmFz
YwAKCRBj5CvYxYx1OsjCD/9NYbClVfgvasu4Tp4wdgiHbLMVX7Xvzksx77iNtUea
z1w9ADSqbmQCsfFRd1QdWJb2qDtuEof4W9EbQJpu+ZFdOGSnvrbmpLUub2GYTmcx
LAliISVCc5vmQWooO0BmBaOZUv7I+in8neSu9G1sh0+EGKLulDgNvRmZjpyaliAS
qdg10KLjkfEIv1WQCk+1DA1yPvM5Yug3w5XrMa33tUZ6FWd2bR8NkcX+S1M1w75g
x49cSmEIbnJMMGVWgjL1Vhsn10SMd3r4C5skL/l1svvL/HbdoHl01NWuoesi3wn/
5YwjyKIY7PZoqs0DdgWlki2C7bJNXa2dWvlZZmRmcpW/5OgAtbtrAeda698RPQ/m
qWB5O+V9QTNPVAQWQk9kahYu/ANjtRwbLDxEYaCfyWGiignoIsii7dMdpaCmFT8Z
OauZ16LhRnXMe54XG5/jTa8f/lreNON3J5amJWH/hTp07FL8j7HxxLiHPY0aldgh
obdOuFcjeOefuhjdL5V7PvsNrBYoT8+zDyV7PVkXyJb7/B6f9qA0rNAJ3x5xLtKZ
DttiYopZ0AIk594m36qtKvg6vV/1m9xEY4VelI7Z6AQS3h73w+hLjSuXl4rNGS3b
gb89GcB1Ub5QiBGpyvKZObm0op+Od8tqLfkSYbtMRRDYI56+YtvnU9EAbBFJVFJm
Nw==
=pR1O
-----END PGP SIGNATURE-----



From wk at gnupg.org  Sat Mar 26 18:07:55 2011
From: wk at gnupg.org (Werner Koch)
Date: Sat, 26 Mar 2011 18:07:55 +0100
Subject: [PGPNET] Jerome
In-Reply-To: <86bp0xswwy.fsf@jeromebaum.com> (Jerome Baum's message of "Sat,
	26 Mar 2011 15:50:53 +0000")
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>
	<86vcz7zwev.fsf@jeromebaum.com> <4D8C1C60.4080602@gmail.com>
	<86ipv7zti7.fsf@jeromebaum.com> <4D8C33E7.8090102@gmail.com>
	<4D8CAC73.3050109@TheHaverkamps.net> <86tyerw7qk.fsf@jeromebaum.com>
	<4D8CBB70.9070803@TheHaverkamps.net> <4D8CC5E5.5010804@gmail.com>
	<4D8CCAAB.5080105@TheHaverkamps.net> <4D8CCF67.2070102@gmail.com>
	<4D8CD7C1.7000604@grant-olson.net> <86lj02wk96.fsf@jeromebaum.com>
	<4D8DFDFA.4080509@TheHaverkamps.net> <86k4flsywn.fsf@jeromebaum.com>
	<1978034411.20110326152311@my_localhost>
	<86bp0xswwy.fsf@jeromebaum.com>
Message-ID: <87pqpdero4.fsf@vigenere.g10code.de>

On Sat, 26 Mar 2011 16:50, jerome at jeromebaum.com said:

> summarize: gpg-agent seems to have problems handling thrown keyids.

You mean the current development version?  Quite possible; that is for
what development versions are for.

For 2.0.x there can't be a problem because gpg-agent does not know
anything about keyids because it is only used as a passphrase caching
agent.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From jerome at jeromebaum.com  Sat Mar 26 18:23:35 2011
From: jerome at jeromebaum.com (Jerome Baum)
Date: Sat, 26 Mar 2011 17:23:35 +0000
Subject: [PGPNET] Jerome
In-Reply-To: <87pqpdero4.fsf@vigenere.g10code.de> (Werner Koch's message of
	"Sat, 26 Mar 2011 13:07:55 -0400")
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>
	<86vcz7zwev.fsf@jeromebaum.com> <4D8C1C60.4080602@gmail.com>
	<86ipv7zti7.fsf@jeromebaum.com> <4D8C33E7.8090102@gmail.com>
	<4D8CAC73.3050109@TheHaverkamps.net> <86tyerw7qk.fsf@jeromebaum.com>
	<4D8CBB70.9070803@TheHaverkamps.net> <4D8CC5E5.5010804@gmail.com>
	<4D8CCAAB.5080105@TheHaverkamps.net> <4D8CCF67.2070102@gmail.com>
	<4D8CD7C1.7000604@grant-olson.net> <86lj02wk96.fsf@jeromebaum.com>
	<4D8DFDFA.4080509@TheHaverkamps.net> <86k4flsywn.fsf@jeromebaum.com>
	<1978034411.20110326152311@my_localhost>
	<86bp0xswwy.fsf@jeromebaum.com>
	<87pqpdero4.fsf@vigenere.g10code.de>
Message-ID: <86y641re20.fsf@jeromebaum.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Werner Koch <wk at gnupg.org> writes:

> On Sat, 26 Mar 2011 16:50, jerome at jeromebaum.com said:
>
>> summarize: gpg-agent seems to have problems handling thrown keyids.
>
> You mean the current development version?  Quite possible; that is for
> what development versions are for.

I don't know which version -- some guys in PGPNET are reporting this.

> For 2.0.x there can't be a problem because gpg-agent does not know
> anything about keyids because it is only used as a passphrase caching
> agent.

Again, I don't know anything about this. As you can see in my original
email (the part where I quoted myself), I use gpg1.

- -- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iQI+BAEBCgAoBQJNjiEZIRhodHRwOi8vamVyb21lYmF1bS5jb20vamVyb21lLmFz
YwAKCRBj5CvYxYx1Ok6ND/9WUe92J60gGbTvTj7wWBAeQ59wCgnrOaN316v3XYZT
YxVCkZFaocFVlU8PAEaeqr+RU2I6W5i4Abu7GQIlJrC+HC4vrb/rSWpbD/58v7jq
Vzom51/BTUBVznbXR+USQxoxbezcQrtTUHHAH+qRp2oWfK+JYOO6MmPaIzuRAKU1
cnhgw7pdGj7vVeNuypbwF1x/X+fXRN48jKb+DxdbmMW/aQ+4JEU9exKRPOh3p3Pw
OelQjGC0wYHLFjCvKFLn4nQ5CTJUEeDTx/A2vpyXmIUmuw3nVJWju4IGyOkAq2Im
+yThWWx5BdWAl802e7Z4mtAAWs5tApuQhilOdgnInzSp+1QRmZQcm2Jth0wnGYKX
gDwpnLf+ljMZv8z0bYR3fpZ+K6EaLGpRcNl3QaNNz/zpc6opJWqiWimGj9fLwc1D
wKNJZGJ3cKLotVCXDr3ZkKBVuHq9+b1KT6Zloon30oPVlhrIfZ21NYPgAkxntvI5
ZReTmZ7jZuxxc2fx0mCNK+dsPxb7BRxbYkkIXGVpQtVz83Dv6XaZrVTEdfp06FZj
IcOC3/vIzOKzLa6VKvQED+F5cBk9eSEmIzwY9nnHUgITa+ERvxPPdu04PnSsjzNP
3SKiIYg4IXPcQhSEknAtv+9OkUfMUQNgRhFmFuJv/G9rzuPWtZSeO4K5K79o0IOC
Xw==
=YT4l
-----END PGP SIGNATURE-----



From ben at adversary.org  Sat Mar 26 19:06:36 2011
From: ben at adversary.org (Ben McGinnes)
Date: Sun, 27 Mar 2011 05:06:36 +1100
Subject: gpg-agent throw-id issue (was: [PGPNET] Jerome)
In-Reply-To: <87pqpdero4.fsf@vigenere.g10code.de>
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>	<86vcz7zwev.fsf@jeromebaum.com>
	<4D8C1C60.4080602@gmail.com>	<86ipv7zti7.fsf@jeromebaum.com>
	<4D8C33E7.8090102@gmail.com>	<4D8CAC73.3050109@TheHaverkamps.net>
	<86tyerw7qk.fsf@jeromebaum.com>	<4D8CBB70.9070803@TheHaverkamps.net>
	<4D8CC5E5.5010804@gmail.com>	<4D8CCAAB.5080105@TheHaverkamps.net>
	<4D8CCF67.2070102@gmail.com>	<4D8CD7C1.7000604@grant-olson.net>
	<86lj02wk96.fsf@jeromebaum.com>	<4D8DFDFA.4080509@TheHaverkamps.net>
	<86k4flsywn.fsf@jeromebaum.com>	<1978034411.20110326152311@my_localhost>	<86bp0xswwy.fsf@jeromebaum.com>
	<87pqpdero4.fsf@vigenere.g10code.de>
Message-ID: <4D8E2B2C.4040904@adversary.org>

On 27/03/11 4:07 AM, Werner Koch wrote:
> On Sat, 26 Mar 2011 16:50, jerome at jeromebaum.com said:
> 
>> summarize: gpg-agent seems to have problems handling thrown keyids.
> 
> You mean the current development version?  Quite possible; that is
> for what development versions are for.
> 
> For 2.0.x there can't be a problem because gpg-agent does not know
> anything about keyids because it is only used as a passphrase
> caching agent.

The behaviour I saw was with the gpg-agent from version 2.0.16 (yet
still working with GPG 1.4.11; the gpg-agent from GPG2 stopped working
with 1.4.11 when I installed 2.0.17 and I haven't played with it
since).  Even when my passphrase had been cached for my default key,
every time a message using the throw-id option was encountered, I
would be prompted through a cycle of every secret key I had
indefinitely.  When just using 1.4.11 and using the passphrase cache
in Enigmail, this does not occur and the messages with throw-id behave
themselves as intended.

I have not tested whether this is just with gpg-agent in conjunction
with TB/Enigmail or any file encrypted with that option.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110327/c3dbf76d/attachment-0001.pgp>

From lance at thehaverkamps.net  Sat Mar 26 19:16:04 2011
From: lance at thehaverkamps.net (Lance W. Haverkamp)
Date: Sat, 26 Mar 2011 12:16:04 -0600
Subject: [PGPNET] Jerome
In-Reply-To: <86y641re20.fsf@jeromebaum.com>
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>	<86vcz7zwev.fsf@jeromebaum.com>
	<4D8C1C60.4080602@gmail.com>	<86ipv7zti7.fsf@jeromebaum.com>
	<4D8C33E7.8090102@gmail.com>	<4D8CAC73.3050109@TheHaverkamps.net>
	<86tyerw7qk.fsf@jeromebaum.com>	<4D8CBB70.9070803@TheHaverkamps.net>
	<4D8CC5E5.5010804@gmail.com>	<4D8CCAAB.5080105@TheHaverkamps.net>
	<4D8CCF67.2070102@gmail.com>	<4D8CD7C1.7000604@grant-olson.net>
	<86lj02wk96.fsf@jeromebaum.com>	<4D8DFDFA.4080509@TheHaverkamps.net>
	<86k4flsywn.fsf@jeromebaum.com>	<1978034411.20110326152311@my_localhost>
	<86bp0xswwy.fsf@jeromebaum.com>	<87pqpdero4.fsf@vigenere.g10code.de>
	<86y641re20.fsf@jeromebaum.com>
Message-ID: <4D8E2D64.2010706@TheHaverkamps.net>

On 03/26/2011 11:23 AM, Jerome Baum wrote:
> Werner Koch <wk at gnupg.org> writes:
> 
>> On Sat, 26 Mar 2011 16:50, jerome at jeromebaum.com said:
> 
>>> summarize: gpg-agent seems to have problems handling thrown keyids.
> 
>> You mean the current development version?  Quite possible; that is for
>> what development versions are for.
> 
> I don't know which version -- some guys in PGPNET are reporting this.
> 
>> For 2.0.x there can't be a problem because gpg-agent does not know
>> anything about keyids because it is only used as a passphrase caching
>> agent.
> 
> Again, I don't know anything about this. As you can see in my original
> email (the part where I quoted myself), I use gpg1.
> 


Pretty simple:

Receiving messages with GPG 2.0.14 (Ubuntu Maverick, via Mint Linux):
When messages to multiple recipients have the key ID's thrown, gpg-agent
(?) sequentially requests passwords for all secret key many, many, many
times, but fails to decrypt with any key---even the correct one.




-- 



Thanks!
Lance W. Haverkamp
719-357-5745 (office)
Lance at TheHaverkamps.net

Contact & encryption info:
http://thehaverkamps.net/?Lance:Contact_Me
http://facebook.com/LanceHaverkamp

<>< <>< <><


From kgo at grant-olson.net  Sat Mar 26 20:44:47 2011
From: kgo at grant-olson.net (Grant Olson)
Date: Sat, 26 Mar 2011 15:44:47 -0400
Subject: [PGPNET] Jerome
In-Reply-To: <4D8E2D64.2010706@TheHaverkamps.net>
References: <AANLkTinY5FQuCk641pQO5LHFsAB2vWgF3fLPE2JMpCZ0@mail.gmail.com>	<86vcz7zwev.fsf@jeromebaum.com>
	<4D8C1C60.4080602@gmail.com>	<86ipv7zti7.fsf@jeromebaum.com>
	<4D8C33E7.8090102@gmail.com>	<4D8CAC73.3050109@TheHaverkamps.net>
	<86tyerw7qk.fsf@jeromebaum.com>	<4D8CBB70.9070803@TheHaverkamps.net>
	<4D8CC5E5.5010804@gmail.com>	<4D8CCAAB.5080105@TheHaverkamps.net>
	<4D8CCF67.2070102@gmail.com>	<4D8CD7C1.7000604@grant-olson.net>
	<86lj02wk96.fsf@jeromebaum.com>	<4D8DFDFA.4080509@TheHaverkamps.net>
	<86k4flsywn.fsf@jeromebaum.com>	<1978034411.20110326152311@my_localhost>
	<86bp0xswwy.fsf@jeromebaum.com>	<87pqpdero4.fsf@vigenere.g10code.de>
	<86y641re20.fsf@jeromebaum.com>
	<4D8E2D64.2010706@TheHaverkamps.net>
Message-ID: <4D8E422F.2040708@grant-olson.net>

On 03/26/2011 02:16 PM, Lance W. Haverkamp wrote:
> On 03/26/2011 11:23 AM, Jerome Baum wrote:
>> Werner Koch <wk at gnupg.org> writes:
>>
>>> On Sat, 26 Mar 2011 16:50, jerome at jeromebaum.com said:
>>
>>>> summarize: gpg-agent seems to have problems handling thrown keyids.
>>
>>> You mean the current development version?  Quite possible; that is for
>>> what development versions are for.
>>
>> I don't know which version -- some guys in PGPNET are reporting this.
>>
>>> For 2.0.x there can't be a problem because gpg-agent does not know
>>> anything about keyids because it is only used as a passphrase caching
>>> agent.
>>
>> Again, I don't know anything about this. As you can see in my original
>> email (the part where I quoted myself), I use gpg1.
>>
> 
> 
> Pretty simple:
> 
> Receiving messages with GPG 2.0.14 (Ubuntu Maverick, via Mint Linux):
> When messages to multiple recipients have the key ID's thrown, gpg-agent
> (?) sequentially requests passwords for all secret key many, many, many
> times, but fails to decrypt with any key---even the correct one.
> 

Can you create an easy reproducible?  Does something like this exhibit
the same broken behavior on your system?

grant at johnyaya:~$ echo foo | gpg2 --throw-keyids -r kgo at grant-olson.net
-r Lance at TheHaverkamps.net --encrypt --armor | gpg2 --decrypt -vvvv
gpg: using character set `utf-8'
gpg: armor: BEGIN PGP MESSAGE
Version: GnuPG v2.0.18-git1226772 (GNU/Linux)
:pubkey enc packet: version 3, algo 16, keyid 0000000000000000
	data: [4095 bits]
	data: [4096 bits]
gpg: armor header:
gpg: public key is 00000000
:pubkey enc packet: version 3, algo 1, keyid 0000000000000000
	data: [2048 bits]
gpg: public key is 00000000
gpg: anonymous recipient; trying secret key 6A8F7CF6 ...
gpg: okay, we are the anonymous recipient.
gpg: public key encrypted data: good DEK
:encrypted data packet:
	length: 63
	mdc_method: 2
gpg: encrypted with ELG key, ID 00000000
gpg: encrypted with RSA key, ID 00000000
gpg: AES256 encrypted data
:compressed packet: algo=2
:literal data packet:
	mode b (62), created 1301168561, name="",
	raw data: 4 bytes
gpg: original file name=''
foo
gpg: decryption okay



-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110326/5609496d/attachment.pgp>

From kapetr at mizera.cz  Sat Mar 26 21:23:16 2011
From: kapetr at mizera.cz (kapetr)
Date: Sat, 26 Mar 2011 21:23:16 +0100 (CET)
Subject: =?iso-8859-2?Q?Re:_gpg-agent_troubles?=
In-Reply-To: <87oc50ffvy.fsf@vigenere.g10code.de>
References: <d516a10dd4a46371ae3ac6279ad51c03@mail1.volny.cz>
	<87oc50ffvy.fsf@vigenere.g10code.de>
Message-ID: <c20e4bff0f6621d76c0ce4e3968d2896@mail1.volny.cz>

Thanks for replay and explanation:



----- P?VODN? ZPR?VA -----
Od: "Werner Koch" <wk at gnupg.org>
Komu: "kapetr" <kapetr at mizera.cz>
P?edm?t: Re: gpg-agent troubles
Datum: 24.3.2011 - 21:00:17

> On Thu, 24 Mar 2011 18:40, kapetr at mizera.cz said:
> 
> > 1. gpg-agent ignores changed values in
> > ~/.gnupg/gpg-agent.conf after
> > > SIGHUP. I have to kill/restart him ?!
> 
> Depends on the option you want to change.  Most
> are re-read after a HUP
> or with "gpgconf --reload gpg-agent" (which of
> course sends a HUP on
> Unix platforms)

The option not reloaded after HUP is "default-cache-ttl".
Why not ?

Maybe would help to update man page - to get more detailed
informations.

> 
> > 2. gpg-agent ignores "ignore-cache-for-signing"
> > in config file. I
> > > had to set "default-cache-ttl 0"  (which is for
> > all) ?
> > 
> Using GPG?  Right, it is ignored if using GPG 1.4
> or GPG 2.0.  The
> reason is that those GPG version use the agent
> only for passphrase
> caching and don't let gpg-agent do the actual
> signing.  The option works
> only if gpg-agent performs the signing (e.g. using
> gpgsm).


It sounds logical. Again ... man page.

> 
> With GnuPG 2.1 this changed, here GPG uses
> gpg-agent for the actual
> signing and thus the option should work.
> 
> > 3. pinentry do not drag mouse(keyboard yes) even
> > if there is no
> > > "no-grab". With pinentry dialog open I can still
> > work with mouse
> > 
> Depends on you pinentry.  At least for the GTK
> pinentry this was fixed
> May 2010 and released with 0.8.1 in December.

Yes - I have pinentry-gtk2 0.8.0

> 
> > I Use Ubuntu 10.10 - gpg (GnuPG) 1.4.10
> > gpg-agent cmdline:
> 
> There is no gpg-agent 1.4.x.  Run gpg-agent
> --version to see the version
> of gpg-agent.  I also suggest to use gpg2 instead
> of gpg.

gpg-agent (GnuPG) 2.0.14

> 
> 
> Salam-Shalom,
> 
> Werner

Thank you once again.

--kapetr




From l_elcocks at hotmail.co.uk  Thu Mar 31 16:27:51 2011
From: l_elcocks at hotmail.co.uk (Lee Elcocks)
Date: Thu, 31 Mar 2011 08:27:51 -0600
Subject: Hi
Message-ID: <BLU0-SMTP54A039E2A8B1BD0D349DADDFBF0@phx.gbl>

hi  it's in your best interests to start this right away http://bit.ly/gntBne


From thajsta at gmail.com  Thu Mar 31 13:25:00 2011
From: thajsta at gmail.com (Jonathan Ely)
Date: Thu, 31 Mar 2011 07:25:00 -0400
Subject: Hi
In-Reply-To: <BLU0-SMTP54A039E2A8B1BD0D349DADDFBF0@phx.gbl>
References: <BLU0-SMTP54A039E2A8B1BD0D349DADDFBF0@phx.gbl>
Message-ID: <4D94648C.8040508@gmail.com>


The first spammer I have seen thus far. Did not know they existed here.
On 31/03/2011 10:27 AM, Lee Elcocks wrote:
> hi  it's in your best interests to start this right away http://bit.ly/gntBne
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110331/2ac61d42/attachment.pgp>

From gpgikaros at armax.se  Thu Mar 31 15:51:50 2011
From: gpgikaros at armax.se (Astrakan)
Date: Thu, 31 Mar 2011 15:51:50 +0200
Subject: Public keys on smartcard
Message-ID: <4D9486F6.5080100@armax.se>

Hello!

Just a quick question to clarify things. I've been playing with gpg/gpg2
and g10 openPGP smart cards v2.0 now a bit.
As I understand there is no way to keep the private _and_ the public
keys solely on the card?
Gpg always uses the public key/pubring.gpg on the harddrive.
So suppose if I wanted to have public and private keys on the card (to
be able to use it on computers which doesn't have
my pubring.gpg/secring.gpg) I must also have a card containing the
trustdb-file and perhaps even a gpg.conf file?

Thanx in advance,
/Astrakan
/gpgikaros at armax.se




From wk at gnupg.org  Thu Mar 31 16:52:49 2011
From: wk at gnupg.org (Werner Koch)
Date: Thu, 31 Mar 2011 16:52:49 +0200
Subject: Public keys on smartcard
In-Reply-To: <4D9486F6.5080100@armax.se> (Astrakan's message of "Thu, 31 Mar
	2011 15:51:50 +0200")
References: <4D9486F6.5080100@armax.se>
Message-ID: <8739m3cpfi.fsf@vigenere.g10code.de>

On Thu, 31 Mar 2011 15:51, gpgikaros at armax.se said:

> my pubring.gpg/secring.gpg) I must also have a card containing the
> trustdb-file and perhaps even a gpg.conf file?

No, you don't need the internal stuff like trustdb and pubring.  Take
the public key from a keyserver or another resource and import it.  The
card has a convenient field to store an URL to retrieve the public key
(actually the keyblock with user ids and signatures).  Use the "fetch"
sub command of the --card-edit command.

Cards are way too small to store a non-simple OpenPGP keyblock; many of
them are over 100k in size.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From l_elcocks at hotmail.co.uk  Thu Mar 31 19:06:27 2011
From: l_elcocks at hotmail.co.uk (Lee Elcocks)
Date: Thu, 31 Mar 2011 18:06:27 +0100
Subject: Hi
In-Reply-To: <4D94648C.8040508@gmail.com>
References: <BLU0-SMTP54A039E2A8B1BD0D349DADDFBF0@phx.gbl>,
	<4D94648C.8040508@gmail.com>
Message-ID: <SNT115-W626830838D34C6D91CCEFDFBF0@phx.gbl>


Im sorry, this email was not sent by me, ive been "hacked" should not happen again (fingers crossed)
 
apologies to all
 
Lee
 
> Date: Thu, 31 Mar 2011 07:25:00 -0400
> From: thajsta at gmail.com
> To: l_elcocks at hotmail.co.uk
> CC: gnupg-users at gnupg.org
> Subject: Re: Hi
> 
> 
> The first spammer I have seen thus far. Did not know they existed here.
> On 31/03/2011 10:27 AM, Lee Elcocks wrote:
> > hi it's in your best interests to start this right away http://bit.ly/gntBne
> > 
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> > 
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110331/2ba596e0/attachment-0001.htm>

From gpgikaros at armax.se  Thu Mar 31 21:06:37 2011
From: gpgikaros at armax.se (Astrakan)
Date: Thu, 31 Mar 2011 21:06:37 +0200
Subject: Public keys on smartcard
In-Reply-To: <8739m3cpfi.fsf@vigenere.g10code.de>
References: <4D9486F6.5080100@armax.se> <8739m3cpfi.fsf@vigenere.g10code.de>
Message-ID: <4D94D0BD.6090806@armax.se>

Thank you for your quick response.

A couple of follow-up questions:
Im noticing that in an "empty" gpg-installation, when I run the
--card-edit command, gpg creates the
keyring files (0 bytes in size) in the homedir. When I then run the
generate command to create keys on the
card the keyring-files grow to a couple of bytes in size (secring
containing stubs that point to the card, right?) and
pubring.gpg containing the public key (since I can encrypt only when the
card is not inserted).

So even if I generate the keys directly on the smartcard, using
--card-edit and generate commands, do
the actual public key key mass populate the smart card?


Follow-up question 2:
If I "fetch" the public key from a keyserver, on a computer with an
empty gpg installation, and import it,
does that store the public key on the card or is pubring.gpg created and
populated?

/Astrakan


On 2011-03-31 16:52, Werner Koch wrote:
> On Thu, 31 Mar 2011 15:51, gpgikaros at armax.se said:
>
>> my pubring.gpg/secring.gpg) I must also have a card containing the
>> trustdb-file and perhaps even a gpg.conf file?
> No, you don't need the internal stuff like trustdb and pubring.  Take
> the public key from a keyserver or another resource and import it.  The
> card has a convenient field to store an URL to retrieve the public key
> (actually the keyblock with user ids and signatures).  Use the "fetch"
> sub command of the --card-edit command.
>
> Cards are way too small to store a non-simple OpenPGP keyblock; many of
> them are over 100k in size.
>
>
> Salam-Shalom,
>
>    Werner
>



From gpgikaros at armax.se  Thu Mar 31 21:29:39 2011
From: gpgikaros at armax.se (Astrakan)
Date: Thu, 31 Mar 2011 21:29:39 +0200
Subject: Public keys on smartcard
In-Reply-To: <AANLkTins27nnTLQE_zPvzFKQMZZVvTJJwqkSdqMK6oAZ@mail.gmail.com>
References: <4D9486F6.5080100@armax.se>	<8739m3cpfi.fsf@vigenere.g10code.de>	<4D94D0BD.6090806@armax.se>
	<AANLkTins27nnTLQE_zPvzFKQMZZVvTJJwqkSdqMK6oAZ@mail.gmail.com>
Message-ID: <4D94D623.6040706@armax.se>

Thank you very much. Now things are perfectly clear.

Regards,
/Astrakan

On 2011-03-31 21:23, David Tomaschik wrote:
> On Thu, Mar 31, 2011 at 3:06 PM, Astrakan <gpgikaros at armax.se> wrote:
>> Thank you for your quick response.
>>
>> A couple of follow-up questions:
>> Im noticing that in an "empty" gpg-installation, when I run the
>> --card-edit command, gpg creates the
>> keyring files (0 bytes in size) in the homedir. When I then run the
>> generate command to create keys on the
>> card the keyring-files grow to a couple of bytes in size (secring
>> containing stubs that point to the card, right?) and
>> pubring.gpg containing the public key (since I can encrypt only when the
>> card is not inserted).
>>
>> So even if I generate the keys directly on the smartcard, using
>> --card-edit and generate commands, do
>> the actual public key key mass populate the smart card?
> When you --card-edit and generate, the card generates the key
> internally and stores the (private) key on the card.  secring contains
> the stubs and pubring contains your public key data, trust data, etc.
>
>> Follow-up question 2:
>> If I "fetch" the public key from a keyserver, on a computer with an
>> empty gpg installation, and import it,
>> does that store the public key on the card or is pubring.gpg created and
>> populated?
>>
>> /Astrakan
> Even doing gpg --card-status generates keyrings, as that imports the
> private key stubs.  Fetching downloads the key to the pubring file.
>
> The public key is NEVER stored on the card -- as Werner points out,
> the storage space on a smart card is orders of magnitude smaller than
> many user's public keys.
>
>
>



From dshaw at jabberwocky.com  Thu Mar 31 21:39:34 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 31 Mar 2011 15:39:34 -0400
Subject: Public keys on smartcard
In-Reply-To: <4D94D0BD.6090806@armax.se>
References: <4D9486F6.5080100@armax.se> <8739m3cpfi.fsf@vigenere.g10code.de>
	<4D94D0BD.6090806@armax.se>
Message-ID: <4479E3FE-CD81-47A5-AF3E-D362A36C4478@jabberwocky.com>

On Mar 31, 2011, at 3:06 PM, Astrakan wrote:

> Thank you for your quick response.
> 
> A couple of follow-up questions:
> Im noticing that in an "empty" gpg-installation, when I run the
> --card-edit command, gpg creates the
> keyring files (0 bytes in size) in the homedir. When I then run the
> generate command to create keys on the
> card the keyring-files grow to a couple of bytes in size (secring
> containing stubs that point to the card, right?) and
> pubring.gpg containing the public key (since I can encrypt only when the
> card is not inserted).
> 
> So even if I generate the keys directly on the smartcard, using
> --card-edit and generate commands, do
> the actual public key key mass populate the smart card?

The card stores the parameters from the RSA algorithm (i.e. a series of numbers).  Some of these numbers are considered public (and can be retrieved from the card), but this is not the same as what people generally call a "public key" in the OpenPGP/GnuPG sense.  The OpenPGP public key contains those numbers in a particular format, plus the user ID(s), plus a signature for each user ID, etc.

Basically, the answer to your question is strictly speaking yes, but for practical purposes no.

> Follow-up question 2:
> If I "fetch" the public key from a keyserver, on a computer with an
> empty gpg installation, and import it,
> does that store the public key on the card or is pubring.gpg created and
> populated?

That just stores the fetched key in your pubring.  The card is not modified.

David



From dshaw at jabberwocky.com  Thu Mar 31 21:55:07 2011
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 31 Mar 2011 15:55:07 -0400
Subject: Public keys on smartcard
In-Reply-To: <8739m3cpfi.fsf@vigenere.g10code.de>
References: <4D9486F6.5080100@armax.se> <8739m3cpfi.fsf@vigenere.g10code.de>
Message-ID: <C819FCB1-DF77-4FC9-AFD6-57CAAC5E96C4@jabberwocky.com>

On Mar 31, 2011, at 10:52 AM, Werner Koch wrote:

> On Thu, 31 Mar 2011 15:51, gpgikaros at armax.se said:
> 
>> my pubring.gpg/secring.gpg) I must also have a card containing the
>> trustdb-file and perhaps even a gpg.conf file?
> 
> No, you don't need the internal stuff like trustdb and pubring.  Take
> the public key from a keyserver or another resource and import it.  The
> card has a convenient field to store an URL to retrieve the public key
> (actually the keyblock with user ids and signatures).  Use the "fetch"
> sub command of the --card-edit command.
> 
> Cards are way too small to store a non-simple OpenPGP keyblock; many of
> them are over 100k in size.

I've sometimes thought it would be nice to be able to keep the pubring with the smartcard, and since it can't be on the card, it could be on the reader.  There is at least one reader out there (SCM MAXX lite) that combines a SIM-sized reader with 2GB of flash storage in a single USB stick.  I haven't tried it, but it would seem to be a reasonable solution to have everything together in one place.  2GB could store a lot more than just your public keyring, too.

David



From geek at blystone.net  Thu Mar 31 21:07:00 2011
From: geek at blystone.net (Scott Blystone)
Date: Thu, 31 Mar 2011 15:07:00 -0400
Subject: [PGPNET] Jerome
In-Reply-To: <mailman.18847.1301592328.2574.gnupg-users@gnupg.org>
References: <mailman.18847.1301592328.2574.gnupg-users@gnupg.org>
Message-ID: <781A05C0-4022-4F3A-A452-06293D103A5E@blystone.net>

On Mar 31, 2011, at 1:25 PM, gnupg-users-request at gnupg.org wrote:

...

> 
> Pretty simple:
> 
> Receiving messages with GPG 2.0.14 (Ubuntu Maverick, via Mint Linux):
> When messages to multiple recipients have the key ID's thrown, gpg-agent
> (?) sequentially requests passwords for all secret key many, many, many
> times, but fails to decrypt with any key---even the correct one.
> 
> -- 
> 
> Thanks!
> Lance W. Haverkamp

All,

I can confirm the exact same problem when running under Mac 10.6.7.

-- 
Scott Blystone
Rochester, New York

Gossamer Spider WoT Introducer (see http://www.gswot.org)
Start SSL Notary (see http://www.startssl.com)
CA Cert Assurer (see http://www.cacert.org)


From aaron.toponce at gmail.com  Thu Mar 31 23:41:57 2011
From: aaron.toponce at gmail.com (Aaron Toponce)
Date: Thu, 31 Mar 2011 15:41:57 -0600
Subject: Hi
In-Reply-To: <SNT115-W626830838D34C6D91CCEFDFBF0@phx.gbl>
References: <BLU0-SMTP54A039E2A8B1BD0D349DADDFBF0@phx.gbl>
	<4D94648C.8040508@gmail.com>
	<SNT115-W626830838D34C6D91CCEFDFBF0@phx.gbl>
Message-ID: <20110331214157.GO17219@poseidon.cocyt.us>

On Thu, Mar 31, 2011 at 06:06:27PM +0100, Lee Elcocks wrote:
>    Im sorry, this email was not sent by me, ive been "hacked" should not
>    happen again (fingers crossed)

http://passwordcard.org will fix that. :)

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110331/18d49a72/attachment.pgp>