Problem with faked-system-time option

MFPA expires2011 at ymail.com
Sun Jun 26 16:37:02 CEST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 26 June 2011 at 1:16:04 PM, in
<mid:20110626121604.D99C814DBD4 at smtp.hushmail.com>, Hugo Seifert
wrote:


>   "In that case you have nothing to fear from your
> timestamp"???   Then why use encryption at all,

We were actually talking about signature timestamps; if the
message/data is encrypted but not signed, does it even have a
timestamp?



> when
> we're always honest, don't  plan evil things and have
> nothing to hide, nothing to fear?  And  there arises
> the question who is privileged to determine what's
> evil and what isn't?

And also the question about being seeking privacy and/or anonymity to
try and hide from another party who is "evil."



>   Protection only to those who comply with your rules
> sounds like  censorship.

Very much so.




>   I read most of this lengthy thread and wondered why
> for some it  is so hard to accept that there are
> negative implications of exact  timestamps, which is
> why I venture one further example.

>   Have you ever heard of OmniMix
> (http://www.danner-net.de/om.htm)?   That's a tool
> aiming at freedom of speech by making it very easy  to
> address onion remailers with your mail and news client
> software.   I use it when posting anonymously to the
> Usenet, which means with  almost all of my newsgroup
> contributions.

I have bookmarked that URL and will read another time.
Is it easier than using anonymous remailers, etc.? They always looked
like a good idea but quite some hassle, so I never got around to
trying them.




>   No less than 4 years ago in gnupg-devel, message
> <84uor29d9cc2r9ilnvt5bc16non5elup05 at domain.is.invalid>,
> its author  complained about security risks for not
> having a chance to alter  key and signature timestamps
> and argued the case for a GnuPG 1.4 -- creation-date
> option.

>   He wrote

> : Is there a chance to get an additional GPG option
> that allows to  set : the creation date of keys and
> signatures? :  :
[snipped]
>   If that's no valid reason to add such an option, what
> else would  be?  In
> <87lkjkp7pz.fsf at wheatstone.g10code.de> Werner kindly
> promised to act, but four years have passed and nothing
> happened.

- --faked-system-time doesn't work, at least in GnuPG 1.4.11 under
Windows XP. You can create keys in batch mode and specify the creation
and self-signature timestamps but can only create one subkey; as far
as I can tell, there is no option to specify the creation time of
subsequent signatures or additional subkeys.




> Or is the agenda behind GnuPG to provide
> privacy but forget about  or even prevent anonymity
> ignoring the fact that we're living in a  world where
> escaping ubiquitous surveillance becomes harder and
> harder.

I can't comment about anybody's "agenda" but in previous discussions,
suggestions for hashed UIDs have certainly had a rough ride (for
example, see the lengthy thread on this list starting on 28 February
2011 with Message-ID:
<AANLkTimSnQbCstUrV9DiAafg0JkELZiVJRFE1VNtwqtk at mail.gmail.com>).


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Ultimate consistency lies in being consistently inconsistent
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJOB0QYnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pX2MEALQF
NIJZ8PRC5A61RcWBKjZzrvAgjoBLwe3Aoxh0QBBAT6gWFau+QtqkXRbmkvYYRu/D
UX+z3BD4+6mtBiVPz/jjmXV3h0DA5VdpIzhtFkoUsYwZ5IajMU/bTCzvFQ6prKNA
kxr91WaMQuM8Ijb1nUwr+N/CQurNBCMlvsJ1050S
=CPXU
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list