Adam Di Carlo wrote:
> Martin Schulze <[EMAIL PROTECTED]> writes:
>
> > And an updated version is at
> > http://www.infodrom.north.de/~joey/GnuPG-Mini-HOWTO
>
> I've asked bma to submit this as a bug developers-reference for
> inclusion in that document? Do you agree that it should be adapted t
Martin Schulze <[EMAIL PROTECTED]> writes:
> And an updated version is at
> http://www.infodrom.north.de/~joey/GnuPG-Mini-HOWTO
I've asked bma to submit this as a bug developers-reference for
inclusion in that document? Do you agree that it should be adapted to
the Developer's Reference so it c
Jason Gunthorpe wrote:
> > > All it means is that GPG should be used in a mode where it will not
> > > interoperate with PGP 2.x. This is what Joey's HOWTO recommended more or
> > > less.
> >
> > So correct it.
>
> You seem to want to give it away rather strongly, so I'd be happy to pick
> it up
James Troup wrote:
> Eh, calm down, Joey. I not only can, but should and have decided that
> GnuPG keys must be verified before they enter the keyring, i.e. I'm
> not going to add a random key from a random developer without proof it
> comes from that developer. I'll hope you'll be so kind as to
At 10:55 -0400 1999-09-15, Chris Fearnley wrote:
How does one generate an RSA key using the gpg-rsaref package?
Why on earth would you want to do that?
--
Joel Klecker (aka Espy)Debian GNU/Linux Developer
mailto:[EMAIL PROTECTED]> mailto:[EMAIL PROTECTED]>
http:/
On Tue, Sep 14, 1999 at 03:38:34PM +0200, Marco d'Itri wrote:
> I signed my DSS key with the old RSA key and then asked people who
> signed the old key to sign the new one with their DSS key.
> This is easy and secure.
Not if you didn't ask in person...
--
Joseph Carter <[EMAIL PROTECTED]>
> > That higher level of confidence would be misplaced if I'd simply
> > mailed my key to all my old PGP signers, and they'd signed it.
>
> Sorry, I don't get this. Why is it a problem if one of my old signers signs
> my new key if I send it to them in a mail signed by my old key?
Lots of others
On Tue, Sep 14, 1999 at 12:14:42AM -0600, Jason Gunthorpe wrote:
> 8) Participants of 'signing parties' are encouraged to use OpenPGP keys
> (remember that a PGP 2.x key cannot be signed by an OpenPGP key
> [AFIAK])
I've got PGP keys with GPG sigs on them... Granted PGP can't even se
On Tue, Sep 14, 1999 at 03:13:19PM +0200, Wichert Akkerman wrote:
> > To help give another example of settings, here's what I have in my
> > ~/.gnupg/options:
>
> > # Screw PGP, let's be RFC compatible =>
> > openpgp
> [.. snip snip ..]
> >
> > ## Other fun options
>
On Wed, 15 Sep 1999, Chris Fearnley wrote:
> How does one generate an RSA key using the gpg-rsaref package?
It isn't possible. The gpg-rsaref does not have key generation code
included. Also, AFAIK gpg does not have an option to generate a PGP 2.x
key - it only creates OpenPGP keys.
> How does
Paul Slootman <[EMAIL PROTECTED]> writes:
> On Wed 15 Sep 1999, Philip Hands wrote:
> >
> > I know there is some pathetic kudos about how many signatures you have
>
> Is the "pathetic" part the reason why you don't have any? :-)
Ah, I'd not updated my key in the keyring since I joined. Well no
Paul Slootman <[EMAIL PROTECTED]> writes:
> How do you prove to whoever is able to erase the package that you
> are who you say you are? I.e. how do you convince them that they
> should in fact erase the package?
You do that by sending them a message signed with a new key, that you
have had sign
On Wed, Sep 15, 1999 at 01:19:34PM +0200, Paul Slootman wrote:
[...]
> > With dinstall a compromise is short lived and can be undone by erasing the
> > effected package. Creating a new key and getting people to sign it cannot
> > really be undone.
>
> How do you prove to whoever is able to erase
On Sun, Sep 12, 1999 at 05:43:21PM -0400, Brian Almeida wrote:
> How to switch to GnuPG for developers..a very brief mini-HOWTO
> --
Very nice mini-HOWTO. But I still have several questions:
How does one generate an RSA key using the gp
On Wed, 15 Sep 1999, Paul Slootman wrote:
> I'm sure that most people don't check with the central key servers
> every time they check a signature.
>
How should I do this? Is it automated? Can pine/mutt do it while I'm
online?
Flocsy
URL: http://flocsy.spedia.net MAIL:[EMAIL PROTECTED
On Sep 14, Michael Stone <[EMAIL PROTECTED]> wrote:
>> I signed my DSS key with the old RSA key and then asked people who
>> signed the old key to sign the new one with their DSS key.
>> This is easy and secure.
>Again, no it isn't. How do they know that someone didn't steal your pgp
>key?
On 14 Sep 1999, Philip Hands wrote:
> Obviously, if we're life-long friends, and I send you a new key signed
> with my old key, and then you phone me up and establish that I really
> did send it to you, and that your pretty certain that it is me on that
> answered the phone, then a face to face me
On Wed 15 Sep 1999, Philip Hands wrote:
>
> I know there is some pathetic kudos about how many signatures you have
Is the "pathetic" part the reason why you don't have any? :-)
Paul Slootman
--
home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/
work: [EMAIL PROTECTED] http:/
On Tue 14 Sep 1999, Jason Gunthorpe wrote:
> On 14 Sep 1999, Ben Pfaff wrote:
> > Michael Stone <[EMAIL PROTECTED]> writes:
> >
> >Again, no it isn't. How do they know that someone didn't steal your pgp
> >key?=20
>
> > How is this different from the question ``How does dinstall (or othe
On Wed, Sep 15, 1999 at 01:01:18PM +0200, Paul Slootman wrote:
> I think his point is that if you can't trust a pgp signature to
> sign a gpg key, why should trust a pgp signature to do anything
> at all, e.g. accept an uploaded package. Seems like a reasonable
> argument.
Because the real user c
On Tue 14 Sep 1999, Michael Stone wrote:
> On Tue, Sep 14, 1999 at 11:55:39PM +0200, Martin Schulze wrote:
> > Michael Stone wrote:
> > > Not really. What if the pgp key is compromised? The original owner can
> > > release a revocation certificate for the pgp key, but if someone creates
> > > a new
Michael Meskes <[EMAIL PROTECTED]> writes:
> On Tue, Sep 14, 1999 at 09:21:22AM +0100, Philip Hands wrote:
> > Are you saying that people should sign keys received via e-mail,
> > rather than face to face ?
> >
> > If so, I'm strongly against this.
>
> Why?
I'd have hoped that that was clear by
22 matches
Mail list logo
