Mail Archives: cygwin/2017/07/15/16:35:08

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/07/15/16:35:08

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; q=dns; s=default; b=h5n7owW

0qvjPuh+jgMLsbbL+4M5pGDfKbl3MclooBFpjWTtuikIq0OZ2W7f9FLfUtQxamqp

FWb53yNhL6xkEEzhfvL8bIXFuizLhU7IIW31bYihlFS1xF2/WiOfFONqKe92XHIV

H9aaIvWjhHAhY2w+aQE1OMOGbYnzTnwjbKlE=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:content-type; s=default; bh=EjbwzLw58lSN7

zlsQ5uJrd3x7EA=; b=gZFtbaatIKpQSM5CP1bMvviAAvOPq4I/eRrJIXz4rvN5C

bb+FS/66glreF4m6dSUBgc1N79cE+c2IfWbeHn7pExHMnAG+EHwvdtRMTStTV9hf

z7q9h+5YKN/yn17hsaVXBffjFpNmA326n+c+an9P9/MQLvxgKea45Qw80VB/6o=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=UD:torproject.org, checkcert, check-cert, sk:keyserv

X-HELO: mail-vk0-f41.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=fjkfopPQKHsDPEirqSEbTW2XYTCavxySS0mYsPNigOs=; b=QwwCqYqmnDXTebzfzaw29v2sWrDmZ0PolVesPwNUEqttG+YQwMgKJtRv7F7V86wRrl 54gIc/PJjc5+xEj1mYtwVIlf9SUL7063ddXsW5rajqNgla/+WGiG9qNrQSkgVi3kJtrF H5ew252+Q+nQ5LZTMtAiw6rSRt31KPkLcdHPLUAQsaDmwzkq6DYJ+o97XcExgxV+aHJ0 1/1+GTzAKoV4CqNlvzsP9HXX0SyljxvBTy37BbpJ9dWkD8keP6wX006YiZmmFxd+7qed 9T4srH8Cm8w2zRjTlm21jvOxG7rCIXbuZ3w1XS2OmRmosgXaCNFTtnOr60CAKbFTpV25 PECA==

X-Gm-Message-State: AIVw111y3QNIUHqlo4yZRd1Hcd8d9i2+ToIzpwPfzLhTdM2hehCv0ge/ qvVAw7Wg2E1dK+QFPyg8O8iupBVv5g==

X-Received: by 10.31.182.5 with SMTP id g5mr8775896vkf.151.1500150889091; Sat, 15 Jul 2017 13:34:49 -0700 (PDT)

MIME-Version: 1.0

In-Reply-To: <e0f5a752-c53d-492d-30d0-5bb1032a21a8@jhmg.net>

References: <CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A AT mail DOT gmail DOT com> <e0f5a752-c53d-492d-30d0-5bb1032a21a8 AT jhmg DOT net>

From: Lee <ler762 AT gmail DOT com>

Date: Sat, 15 Jul 2017 16:34:48 -0400

Message-ID: <CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com>

Subject: Re: gpg ca-cert-file=[which file???]

To: jhg AT acm DOT org, Jim Garrison <jhg AT jhmg DOT net>, cygwin AT cygwin DOT com

X-IsSubscribed: yes

On 7/15/17, Jim Garrison wrote:
> On 7/15/2017 11:40 AM, Lee wrote:
>> It seems a bit silly to be downloading pgp keys 'in the clear', so
>> after a bit of searching I think I want
>>   keyserver hkps://whatever
>
> Public keys are intended to be public. Why do you think you need
> to encrypt them when downloading?

I had wireshark running when I got a new key via hpk:// and it was
straight http.  What does that open me up to?  I dunno, but it seems
like using TLS would be better than clear-text http.

So while I don't need to encrypt the public key when downloading, I do
want to have some confidence that the key I requested is the key I
got, that the server I specified is the server gpg was talking to,
that nothing was modified in transit, etc.

This is what got me started on the topic:
https://lists.torproject.org/pipermail/tor-project/2017-July/001289.html

What can I do to reduce the chances of getting a fake key?
 - keyid-format 0xlong
 - use hkps:// and check the cert (keyserver-options check-cert=on)
 - what else?

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=h5n7owW
	0qvjPuh+jgMLsbbL+4M5pGDfKbl3MclooBFpjWTtuikIq0OZ2W7f9FLfUtQxamqp
	FWb53yNhL6xkEEzhfvL8bIXFuizLhU7IIW31bYihlFS1xF2/WiOfFONqKe92XHIV
	H9aaIvWjhHAhY2w+aQE1OMOGbYnzTnwjbKlE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:content-type; s=default; bh=EjbwzLw58lSN7
	zlsQ5uJrd3x7EA=; b=gZFtbaatIKpQSM5CP1bMvviAAvOPq4I/eRrJIXz4rvN5C
	bb+FS/66glreF4m6dSUBgc1N79cE+c2IfWbeHn7pExHMnAG+EHwvdtRMTStTV9hf
	z7q9h+5YKN/yn17hsaVXBffjFpNmA326n+c+an9P9/MQLvxgKea45Qw80VB/6o=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=UD:torproject.org, checkcert, check-cert, sk:keyserv
X-HELO:	mail-vk0-f41.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=fjkfopPQKHsDPEirqSEbTW2XYTCavxySS0mYsPNigOs=; b=QwwCqYqmnDXTebzfzaw29v2sWrDmZ0PolVesPwNUEqttG+YQwMgKJtRv7F7V86wRrl 54gIc/PJjc5+xEj1mYtwVIlf9SUL7063ddXsW5rajqNgla/+WGiG9qNrQSkgVi3kJtrF H5ew252+Q+nQ5LZTMtAiw6rSRt31KPkLcdHPLUAQsaDmwzkq6DYJ+o97XcExgxV+aHJ0 1/1+GTzAKoV4CqNlvzsP9HXX0SyljxvBTy37BbpJ9dWkD8keP6wX006YiZmmFxd+7qed 9T4srH8Cm8w2zRjTlm21jvOxG7rCIXbuZ3w1XS2OmRmosgXaCNFTtnOr60CAKbFTpV25 PECA==
X-Gm-Message-State:	AIVw111y3QNIUHqlo4yZRd1Hcd8d9i2+ToIzpwPfzLhTdM2hehCv0ge/ qvVAw7Wg2E1dK+QFPyg8O8iupBVv5g==
X-Received:	by 10.31.182.5 with SMTP id g5mr8775896vkf.151.1500150889091; Sat, 15 Jul 2017 13:34:49 -0700 (PDT)
MIME-Version:	1.0
In-Reply-To:	<e0f5a752-c53d-492d-30d0-5bb1032a21a8@jhmg.net>
References:	<CAD8GWsvT9rgHz+vcdBmX-opfckZS8g06_Px57JCNG_xCT_ku6A AT mail DOT gmail DOT com> <e0f5a752-c53d-492d-30d0-5bb1032a21a8 AT jhmg DOT net>
From:	Lee <ler762 AT gmail DOT com>
Date:	Sat, 15 Jul 2017 16:34:48 -0400
Message-ID:	<CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com>
Subject:	Re: gpg ca-cert-file=[which file???]
To:	jhg AT acm DOT org, Jim Garrison <jhg AT jhmg DOT net>, cygwin AT cygwin DOT com
X-IsSubscribed:	yes