FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-27-2008, 07:53 PM
Anne Wilson
 
Default PGP signatures.

On Tuesday 27 May 2008 18:24:01 Patrick O'Callaghan wrote:
> On Tue, 2008-05-27 at 12:37 -0400, Kevin J. Cummings wrote:
> > Dennis Gilmore wrote:
> > > On Tuesday 27 May 2008, Mike Chambers wrote:
> > >> On Tue, 2008-05-27 at 10:43 -0500, Mikkel L. Ellertson wrote:
> > >>> I wish people sign their messages using PGP would make sure to
> > >>> upload their public key to one of the key servers. While it does not
> > >>> prove you are who you say you are, it would indicate that all the
> > >>> signed messages are from the same person. Without your public key,
> > >>> we have no way to check.
> > >>
> > >> Accoring to evo (Unless it's not pointing to a correct place), yours
> > >> isn't public neither :P
> > >>
> > >> gpg: armor header: Version: GnuPG v1.4.7 (GNU/Linux)
> > >> gpg: Signature made Tue 27 May 2008 10:43:15 AM CDT using DSA key ID
> > >> 6DC9C8C4
> > >> gpg: Can't check signature: public key not found
> > >
> > > kmail says it cant be found either
> >
> > Surprising. Enigmail told me it was an "UNTRUSTED Good Signature from
> > Mikkel L. Ellertson"
>
> "Untrusted" just means you haven't decided to trust it. You probably
> need the gpg command line to do that (can't remember as I haven't used
> Enigmail in a while).
>
And it needs to be signed as a local trust, not uploadable, since you haven't
verified that Mikkel isn't actually Yul Brynner :-)

man gpg explains all.

Anne
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-27-2008, 08:04 PM
Todd Zullinger
 
Default PGP signatures.

Les wrote:
> I have a fresh load of f8, and it uses subkeys.gpg.net apparently by
> default.

And I just noticed that gnupg has changed the default keyserver to
keys.gnupg.net (as of 1.4.9). So my statement that subkeys.pgp.net is
the default is wrong F9 and later.

> It also has autosearch turned on to the same location using ldap.

Really? That's not a default in the F8 package. The option is
commented in the stock config (/usr/share/gnupg/options.skel -- which
was renamed to gpg-conf.skel in later gnupg versions).

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
The average woman would rather be beautiful than smart because the
average man can see better than he can think.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-27-2008, 08:49 PM
Aaron Konstam
 
Default PGP signatures.

On Tue, 2008-05-27 at 14:51 -0400, Todd Zullinger wrote:
> Dennis Gilmore wrote:
> > On Tuesday 27 May 2008, Mike Chambers wrote:
> >> Accoring to evo (Unless it's not pointing to a correct place),
> >> yours isn't public neither :P
> >>
> >> gpg: armor header: Version: GnuPG v1.4.7 (GNU/Linux)
> >> gpg: Signature made Tue 27 May 2008 10:43:15 AM CDT using DSA key ID 6DC9C8C4
> >> gpg: Can't check signature: public key not found
> >
> > kmail says it cant be found either
>
> Do you guys have "keyserver-options auto-key-retrieve" in
> ~/.gnupg/gpg.conf? (Or do evo and kmail ignore gpg.conf and retrieve
> keys automatically regarless?)
>
> Also, what keyserver are you using? The gnupg default these days is
> subkeys.pgp.net, which finds Mikkel's key no problem. Trying with
> pgp.mit.edu (which many people still use despite it being broken with
> subkeys and not support photo-packets) finds the key as well, but a
> bit slower.
I have the file set up as you indicate and evolution indicates the key
is invalid. Maybe its evolutions fault.
--
================================================== =====================
Immanuel Kant but Kubla Khan.
================================================== =====================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 02:10 AM
Todd Zullinger
 
Default PGP signatures.

Aaron Konstam wrote:
> I have the file set up as you indicate and evolution indicates the
> key is invalid. Maybe its evolutions fault.

The issue that I was responding to was getting the key automatically
retrieved from a keyserver. That is a separate issue from validating
the key. If evolution tells you that the key is invalid, it would
indicate to me that it did retrieve the key correctly. It then could
not find any trusted signatures on that key, thus the key is
"invalid."

For a key to be valid, it needs to be signed by a key to which you
have given sufficient trust. Your own key is ultimately trusted. You
can assign various levels of trust to other keys (once they have been
signed by a trusted key). By default, gpg will consider a key valid
if it signed by at least one fully or ultimately trusted key, or by 3
or more marginally trusted keys.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
Ambition is a poor excuse for not having enough sense to be lazy.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 09:32 AM
Tim
 
Default PGP signatures.

Mike Chambers:
>> gpg: Can't check signature: public key not found

Mikkel L. Ellertson:
> That is strange - It was sent a few years ago, as well as being
> published on my web page.

If you both used the same keyserver, I'd expect it to work straight
away. But if you were each using different servers, I'd expect there
might be some propagation delay.

I haven't used public keyservers for a long time. Back then, and
probably still now, someone was watching keyservers and spamming every
new contact added to them. I uploaded a key with more than one address
attached to it, and *straight* *away* all the associated addresses
started to receive spam, together. Did a test by adding yet another
address to the same key, and got the same results.

Not impressed!

--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 01:04 PM
Aaron Konstam
 
Default PGP signatures.

On Tue, 2008-05-27 at 22:10 -0400, Todd Zullinger wrote:
> Aaron Konstam wrote:
> > I have the file set up as you indicate and evolution indicates the
> > key is invalid. Maybe its evolutions fault.
>
> The issue that I was responding to was getting the key automatically
> retrieved from a keyserver. That is a separate issue from validating
> the key. If evolution tells you that the key is invalid, it would
> indicate to me that it did retrieve the key correctly. It then could
> not find any trusted signatures on that key, thus the key is
> "invalid."
>
> For a key to be valid, it needs to be signed by a key to which you
> have given sufficient trust. Your own key is ultimately trusted. You
> can assign various levels of trust to other keys (once they have been
> signed by a trusted key). By default, gpg will consider a key valid
> if it signed by at least one fully or ultimately trusted key, or by 3
> or more marginally trusted keys.
Ok, I agree with your analysis. It can't be ruled as invalid if had not
been retrieved. But I am ignorant. I do not know how to do the signing
processes you describe. Is there a simple explanation available?
--
================================================== =====================
Beware of the Turing Tar-pit in which everything is possible but nothing
of interest is easy.
================================================== =====================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@sbcglobal.net

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 01:36 PM
"Patrick O'Callaghan"
 
Default PGP signatures.

On Wed, 2008-05-28 at 08:04 -0500, Aaron Konstam wrote:
> On Tue, 2008-05-27 at 22:10 -0400, Todd Zullinger wrote:
> > Aaron Konstam wrote:
> > > I have the file set up as you indicate and evolution indicates the
> > > key is invalid. Maybe its evolutions fault.
> >
> > The issue that I was responding to was getting the key automatically
> > retrieved from a keyserver. That is a separate issue from validating
> > the key. If evolution tells you that the key is invalid, it would
> > indicate to me that it did retrieve the key correctly. It then could
> > not find any trusted signatures on that key, thus the key is
> > "invalid."
> >
> > For a key to be valid, it needs to be signed by a key to which you
> > have given sufficient trust. Your own key is ultimately trusted. You
> > can assign various levels of trust to other keys (once they have been
> > signed by a trusted key). By default, gpg will consider a key valid
> > if it signed by at least one fully or ultimately trusted key, or by 3
> > or more marginally trusted keys.
> Ok, I agree with your analysis. It can't be ruled as invalid if had not
> been retrieved. But I am ignorant. I do not know how to do the signing

gpg --sign-key <name>

See gpg(1).

poc

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 02:36 PM
"Bill Crawford"
 
Default PGP signatures.

2008/5/28 Patrick O'Callaghan <pocallaghan@gmail.com>:

> gpg --sign-key <name>

--lsign-key, please, unless you have met the person and seen their passport.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 02:42 PM
Mike Chambers
 
Default PGP signatures.

On Wed, 2008-05-28 at 15:36 +0100, Bill Crawford wrote:
> 2008/5/28 Patrick O'Callaghan <pocallaghan@gmail.com>:
>
> > gpg --sign-key <name>
>
> --lsign-key, please, unless you have met the person and seen their passport.

What is mean by "name"? Guess I am clueless to gpg and don't know my
way around it (viewing man gpg at the moment) and nto sure what to do
for example, when like someone's signature says invalid from evo on an
email to the list?

--
Mike Chambers
Fedora Project - Ambassador, Bug Zapper, Tester, User, etc..
mikec302@fedoraproject.org

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-28-2008, 02:56 PM
Anne Wilson
 
Default PGP signatures.

On Wednesday 28 May 2008 15:42:18 Mike Chambers wrote:
> On Wed, 2008-05-28 at 15:36 +0100, Bill Crawford wrote:
> > 2008/5/28 Patrick O'Callaghan <pocallaghan@gmail.com>:
> > > gpg --sign-key <name>
> >
> > --lsign-key, please, unless you have met the person and seen their
> > passport.
>
> What is mean by "name"? Guess I am clueless to gpg and don't know my
> way around it (viewing man gpg at the moment) and nto sure what to do
> for example, when like someone's signature says invalid from evo on an
> email to the list?
>
Bear in mind that sometimes minor changes can happen on route. I occasionally
see my posts as invalid, yet I can't see anything different about them.
Also, one particular list that I use routinely marks my signatures as
invalid. I know that that particular one is caused by something routinely
added by their server.

As usual, this is risk assessment. If you normally get OK messages from that
person and get the odd invalid one, look at whether there is anything
important, security-wise, and make a decision. If you are getting them all
the time then it may be worth deleting that key and asking the person in
question to send an .asc file direct to you, which can then be imported. At
least you'll know you are checking against a good key.

Just a few ideas :-)

Anne

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 06:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org