log☇︎
1700+ entries in 0.382s
williamdunne: >PGP over HTTP is not necessary when using SSL (HTTPS).
williamdunne: thestringpuller: PGP over HTTP is not necessary when using SSL (HTTPS). Signing and encrypting with PGP is a nice way to bypass using authorization tokens, though, but it is not usable in a modern exchange interface. Trades on MPEx are very slow as a result.
williamdunne: thestringpuller: Not the first exchange to add PGP support
thestringpuller: http://www.reddit.com/r/Bitcoin/comments/35lebr/announcing_pgp_support_on_bitmex/ << PGP support announced for an exchange. The plot thickens?
mircea_popescu: go to all that trouble to introduce git hooks to sign, eschew pgp. i wouldn't use them to put a fire out.
pete_dushenski: double ummm, you don't 'update' pgp
pete_dushenski: uses pgp.
asciilifeform: historic as in history of pgp
asciilifeform: BingoBoingo: i often wonder how many folks who use (used?) pgp historically, only habitually communicated with one party, and would've been better served by vernam
assbot: PGP key top 1000 ... ( http://bit.ly/1Kn9ECb )
mircea_popescu: meh. actually, after a cursory look over the top 1k : http://pgp.cs.uu.nl/doc/top_1000.html it'd seem to me this wot is pretty much taken over.
assbot: Searching pgp.mit.edu for key with fingerprint: 1CF87B48F45FECB1C31625988C3B6B1EED7494DF. This may take a few moments.
dhill: oh i need a pgp key
assbot: [mats] PGP keyserver on Trilema - A blog by Mircea Popescu. ... ( http://bit.ly/1I8x3tu )
mircea_popescu: http://trilema.com/mats-pgp-keyserver
mircea_popescu: yes, builds a db out of the pgp pile.
mircea_popescu: sks build /var/lib/sks/dump/*.pgp -n 10 -cache 100 <<
assbot: List all GPG/PGP keys of a local SKS key server - Unix & Linux Stack Exchange ... ( http://bit.ly/1GSCWb8 )
asciilifeform: http://unix.stackexchange.com/questions/110110/list-all-gpg-pgp-keys-of-a-local-sks-key-server << other folks also pissed
assbot: Wingdings vs PGP : DarkNetMarkets ... ( http://bit.ly/1DM36I6 )
cazalla: https://np.reddit.com/r/DarkNetMarkets/comments/34mrtk/wingdings_vs_pgp/
BingoBoingo: For shame, 768 bit RSA key from 2002 http://pgp.mit.edu/pks/lookup?op=get&search=0xA8F0C01E3330EE4B
pete_dushenski: mircea_popescu: the impressive and simultaneously worrying aspect of the bb-pgp biz is that the owner was a former tradesman who apparently thought to himself "hey, you know what the market needs, properly encrypted messaging!"
jurov: iirc pgp/rsa is computationally expensive, so it's only used to establish rsa keys
pete_dushenski: i dun follow that part at all. the pgp/rsa makes sense but where aes comes in is anyone's guess.
pete_dushenski: "For maximum security, our BlackBerry PGP encryption service utilizes AES 256 bit PGP encryption with a 4096 bit RSA key format." << also uses session keys, but these are presumably generated on the phone, so...
assbot: PGP BlackBerry Encryption • How BlackBerry PGP Works • Myntex ... ( http://bit.ly/1ztraEI )
pete_dushenski: http://myntex.ca/pgp-blackberry.php << i found this interesting because it's a local kid doing this on his own.
assbot: Logged on 30-04-2015 03:33:07; mircea_popescu: hey various folks whose pgp keys i've signed at teh conference key signing party... you're supposed to also sign mine!
mircea_popescu: hey various folks whose pgp keys i've signed at teh conference key signing party... you're supposed to also sign mine! ☟︎
pete_dushenski: just whatever you do, don't pgp up and wander in here.
ascii_field: if folks were to put a million keys through this thing each day, every time a new planet with intelligent pgp-using aliens is contacted, i would probably tweak a few things, yes.
mircea_popescu: mhagelstrom PGP: 548A 84F8 60CF E0AB EA11 A2BA 4D34 0126 F402 0636 ?
BingoBoingo: Nah, I'm not talking the "essential" "accessories" the distros themselves try to put up a PGP front
BingoBoingo: Doesn't pretty much every linux Distro try to at least pretend to the PGP signed sherezade?
williamdunne still doesn't understand whats wrong with git and pgp sigs
ascii_field: or for that matter anything other than pgp
williamdunne not sure what is wrong with using github with pgp signatures
asciilifeform: an 'automated' gentoo is of the same kind of misguided animal as graphical pgp
mircea_popescu: http://log.bitcoin-assets.com/?date=27-04-2015#1112289 << the website thing never made any sense. nor was it supposed to i guess. this wot is "like" the old gpg/pgp wot, yes. ☝︎
EllieAsksWhy: The real one is PGP from MIT.
mircea_popescu: here's another thing that doesn't work : "The worst part, is Torrie Fischer is competent with PGP 4. My advice to her, is" << the problem being that i can readily see her cv, but i don't see yours. from whence do you give her advice ? this jars.
mircea_popescu: i do have some acct manager ppl who are technically bank clerks that i contact via pgp, which is a greast improvemnent over phone and i have nfi how they get into the systems
mircea_popescu: seems kinda contorted, the ssl key is used to "secure" pgp'd info ?
assbot: Logged on 24-04-2015 17:24:04; mats: pgp sig is SOP for DMCA notices
assbot: Logged on 24-04-2015 17:02:05; nubbins`: of note: the text of the notice was PGP-signed
mats: pgp sig is SOP for DMCA notices ☟︎
nubbins`: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xDE4B33712DAACFD6
williamdunne: nubbins`: Wait, did you have to type in the PGP sig?
nubbins`: asciilifeform unfortunately, sprayed-on PGP indicates to me that this email is fraudulent
asciilifeform: nubbins`: this is not the first time i recall seeing pgp 'sprayed on for flavour'
nubbins`: well, they come "pgp"-"signed"/
pete_dushenski: nubbins`: i heard about these being sent out. didn't know they came pgp-signed!
nubbins`: of note: the text of the notice was PGP-signed ☟︎
assbot: No valid OpenPGP data found on pgp.mit.edu.
assbot: Searching pgp.mit.edu for key with fingerprint: 8501B2A64453796C5FD544B296C4CF3215685733. This may take a few moments.
mircea_popescu: well... http://trilema.com/2015/pgp-keyserver/
funkenstein_: <mircea_popescu> and then $ gpg --keyserver sks-keyservers.net --send-key <KEYID> and $ gpg --keyserver pgp.mit.edu --send-key <KEYID> where keyid you just copy from the line above. <-- what about those three letters showing up here?
mircea_popescu: http://trilema.com/2015/pgp-keyserver/#comment-113787 << check that guy out
ben_vulpes: * ascii_lander [13:43] read mircea_popescu pgp rfc in half-awake state and almost released brain from nose until realized that it is for -keyserver- and not a pgptron (e.g. gpg) per se << wasn't there an actual keyserver rfc at some point? i swear i read this thing but now cannot find it.
ascii_lander read mircea_popescu pgp rfc in half-awake state and almost released brain from nose until realized that it is for -keyserver- and not a pgptron (e.g. gpg) per se
mircea_popescu: mats since i had a moment : http://trilema.com/2015/pgp-keyserver/
mircea_popescu: actually i suppose this could be a job for a young fellow not afraid of work : inherit phuctor and build a pgp keyserver around it.
mircea_popescu: certserver.pgp.com seems dead (gpg: keyserver send failed: keyserver error)
mircea_popescu: and then $ gpg --keyserver sks-keyservers.net --send-key <KEYID> and $ gpg --keyserver pgp.mit.edu --send-key <KEYID> where keyid you just copy from the line above. ☟︎
ben_vulpes: pgp: * Signed message? More like “cryptographic proof that I wrote this incriminating statement” << myeah
ben_vulpes: As I write this, the prosecution has showed that DPR’s private PGP key was on Ross Ulbricht’s laptop. How’s that strong proof of identity looking now? << funnily, it's more or less common knowledge that they shared the key around
assbot: Logged on 17-04-2015 20:27:29; pete_dushenski: ;;later tell ben_vulpes but what if i wanna advertise my pgp version and its implied affiliations ? also, sorry for skipping your scoop mention in the cavirtex article, it just seemed a little tardy to have mentioned it.
Citizenfive: Both are very good tools. At present, I see many solutions trying to fit the square peg of PGP into the gaping goatse of "maintaining OPSEC in an adverse environment of well-heeled adversaries". That is, it fits, but a large round peg, perhaps OTR, would allow less... spillage.
Citizenfive: PGP & OTR are not mutually exclusive
pete_dushenski: ;;later tell ben_vulpes but what if i wanna advertise my pgp version and its implied affiliations ? also, sorry for skipping your scoop mention in the cavirtex article, it just seemed a little tardy to have mentioned it. ☟︎
assbot: Searching pgp.mit.edu for key with fingerprint: 7AA64CBF8362275B2189869784A13BE284D27F50. This may take a few moments.
jayk: gpg: sending key 84D27F50 to hkp server pgp.mit.edu
danielpbarron: did you add it to pgp.mit.edu ? because if so, it might take a sec to show up
assbot: No valid OpenPGP data found on pgp.mit.edu.
assbot: Searching pgp.mit.edu for key with fingerprint: 7AA64CBF8362275B2189869784A13BE284D27F50. This may take a few moments.
williamdunne: jayk: gpg --send-keys --keyserver pgp.mit.edu 7AA64CBF8362275B2189869784A13BE284D27F50
assbot: No valid OpenPGP data found on pgp.mit.edu.
assbot: Searching pgp.mit.edu for key with fingerprint: 7AA64CBF8362275B2189869784A13BE284D27F50. This may take a few moments.
williamdunne: assbot: gpg --send-keys pgp.mit.edu 7AA64CBF8362275B2189869784A13BE284D27F50
assbot: No valid OpenPGP data found on pgp.mit.edu.
assbot: Searching pgp.mit.edu for key with fingerprint: 7AA64CBF8362275B2189869784A13BE284D27F50. This may take a few moments.
mircea_popescu: http://log.bitcoin-assets.com/?date=14-04-2015#1100337 << my face dropped when i read some piece of his (a year or two before becoming a speaking head for the govt) when he was going "oh, i lost my original pgp key long ago, it's too hard to use hurr durr" ☝︎
ascii_field: funkenstein_> for example, i could check your pubkey and send you coin << you can do that now. create addr, fill it, send over proper pgp
williamdunne: mircea_popescu: What about using citations found on WikiPedia from somewhat credible sources (post 1980) that lack PGP sigs?
mircea_popescu: "knowledge" without source is gunk. ideally the source is a pgp signature. absent that, it may be a name pre 1980.
assbot: Logged on 08-02-2015 19:54:52; mircea_popescu: gabriel_laddel you seriously thinking of implementing a sane pgp ?
Chillum: oh wait, just PGP
Chillum: Did you know that gribble is a real person? Never sleeps, can do bitcoin sigs and PGP in his head.
IHB: and my pgp has zero points on WoT
pete_dushenski: ^heh, pgp key associated with 'hushmail' acct
assbot: PGP Signed / Encrypted E-mails - Coinbase Community ... ( http://bit.ly/1cbgtvH )
bitstein: BingoBoingo: danielpbarron: http://qntra.net/2015/04/coinbase-outgoing-email-hacked/ << Pierre_Rochard and I have been trying to tell Coinbase they should be using PGP for a while now. https://community.coinbase.com/t/pgp-signed-encrypted-e-mails/470 Adrian from Coinbase (presumably the same one as linked to in the article) said: "Do you think that simply signing messages sent from Coinbase with PGP would add any additional security over
ascii_field listened (in car) to an infuriatingly zimmermanish interview with jon callas (former pgp, now 'silent circle' garbage) ☟︎
nubbins`: "this heavily redacted version of a pgp-signed document should be enough"
nubbins`: enough for me to verify that there exists a piece of paper with a bunch of pgp shit on it that i can't do anything with
nubbins`: wow, a guy just sent me a photograph of a pgp-signed custody document, with a piece of paper over his personal info, saying "this should be enough, preferably you don't need to know the other 19 coin addresses"
mircea_popescu: nubbins` have you ever lelled at the circumstance that if one ever sees pgp used like we use it, it's invariably with a ridoinculous line-and-a-half signature ?
ben_vulpes: -----BEGIN PGP SIGNATURE-----
ben_vulpes: "additional pieces of circumstantial evidence prove that FORCE is "French Maid." Both "French Maid" and Force (operating as "Nob") used the exact same brand of PGP software,a feww brand called GnuPG. There are different brands of PGP software, so it is noteworthy that both FORCE (operating as "Nob") and "French Maid" used the same brand."