tmsr - Search: pgp

800+ entries in 0.284s

simonpenner: you did a pgp auth right there?

mircea_popescu: get your pgp key registered

mircea_popescu: also look into the pgp reg thng

Framedragger: but the originally conceived idea of a site which serves 'smart' JS which does pgp must be disposed of. i even looked into the state of the art in pinning (say, JS) web resources in html5 so the browser can be sure it's being served the same stuff, but it's ~undoable because the whole browserstack is rotten (and obvs JS doubly so)

Framedragger: http://btcbase.org/log/2017-01-25#1606714 << if the thing was implemented as discussed (e.g. http://trilema.com/2015/a-proper-social-site-for-the-bdsm-community/#comment-117298) it would indeed not be centralised. or if it ended up relying on one central node, that node would be more like a passive store of pgp'd blobs. not to say that i believe this is the one true future and salvation, ☝︎

asciilifeform: mircea_popescu: hey, it's what they picked for 'how to deal with pgp'

shinohai: indiancandy: I used this link to help Eulora noobs a bit ttps://www.deepdotweb.com/2015/02/21/pgp-tutorial-for-windows-kleopatra-gpg4win/

asdfhasdjklf: don't have PGP, so not a person

a111: Logged on 2016-12-28 21:59 phf: Framedragger: it's always the same with you, "this online personality construct is great" "they do useful research" etc. until they publish "i don't believe in pgp" or really act in any way that you didn't expect. and then you don't have any recourse, because they are online personality constructs. how well do you know this "online researcher" if you ~having spent significant amount of effort to collect and upload ssh keys~ didn't even

asciilifeform: a 'this www has apparent pgp signature, let's see whose, and for the record', was the idea.

mircea_popescu: this is so horribly stated. so what you want is, for trinque or you, these being the only "et al" curtrently keeping pgp data ; to implement a search through it by random string ?

asciilifeform: (btw, trinque et al, here's a bot command idea: #!k (for instance) takes url and looks for pgp keyblocks or sigs or any other pgptronic object from which a key bitness , fp, or other interesting attribute can be pgpdump'd, and prints same in log)

asciilifeform: lel, 512b pgp key?!

asciilifeform looks forward to the demolition of koch-pgp.

mircea_popescu: "i gotta borrow trinque for a minute. i scrubbed the expiry off my pgp key, which of course makes a new pubkey even if it is the same modulus as before" not "i gotta borrow trinque for a minute. i have a refreshed (nonexpir) pubkey as of 5 min ago"

asciilifeform: http://www.loper-os.org/pgp.asc has been updated.

asciilifeform: because maybe i pasted the ---BEGIN PGP...... 3 seconds ago.

asciilifeform: well here's one typical scenario, i find a pgp-signed historic patch (e.g., linus) and want to see what vintage key etc

phf: Framedragger: it's always the same with you, "this online personality construct is great" "they do useful research" etc. until they publish "i don't believe in pgp" or really act in any way that you didn't expect. and then you don't have any recourse, because they are online personality constructs. how well do you know this "online researcher" if you ~having spent significant amount of effort to collect and upload ssh keys~ didn't even ☟︎

Framedragger: oh ffs. meat pgp signing event, for one

Framedragger: oh you're saying 'isis' doesn't have a good referent. i agree. she has a pgp key alright.

asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other

asciilifeform: and no ransomed old pgp key..?

asciilifeform: the linked item was made for a specific, narrow purpose, for butterfly collection of pgp keys as-found-in-the-wild.

asciilifeform: mircea_popescu: randos throw in pgp keys still, half dozen or so in a month typically

a111: Logged on 2015-08-08 04:11 asciilifeform: mircea_popescu: in somewhat related nyooz, i've been experimenting with what for now i call 'v' - a very dumb 'versioner' that i've been writing, which eats solely 0) pgp keys 1) patches 2) signatures for same, many-to-many mapping of (2) to (1)

asciilifeform: trinque: my original, unpublished vtron, only pressed (tracking the dependency flow), and user was expected to check the pgp sigs of the inputs, with bare hands, prior

asciilifeform: mircea_popescu: the current setup (with the patch.nickname.sig) is an artifact of the idiocy of pgp, where one cannot take the signature and extract a hash from it with which you can look up the patch from a manifest of patch hashes in O(NlogN)

asciilifeform: https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html << elsewhere in monkeystan

mircea_popescu: "the golden age of all the games suck but we finally don't feel threatened by pgp anymore"

mod6: I think it would be really cool to have something like !!deedbot <wotpaste_of_vpatch> <pgp_sig_of_wotpaste_vpatch>

mircea_popescu: ah alf, remember the happy days a few years ago when we actually thought gpg ~= pgp ?

asciilifeform: for this reason, jurov's pgp key (iirc it was him...) to this very day does not display in phuctor

mircea_popescu: so not just pgp, bitcoin too, and everything else.

goldfinger: Btw, PGP is really illegal in england?

shinohai: "But officer, I use `GPG` and pgp!"

goldfinger: Really, PGP is illegal in england?

mircea_popescu: you know you're no longer legally allowed to use pgp in that jurisdiction yea ?

pete_dushenski: it even has pgp pubkey block... gpg v1.4.10!

a111: Logged on 2016-12-07 16:42 mircea_popescu: must has indirection! java good asm bad ; unicode good ascii bad ; usd good bitcoin bad ; "signal" "tor" whatever good rsa pgp etc bad and so on it goes.

mircea_popescu: must has indirection! java good asm bad ; unicode good ascii bad ; usd good bitcoin bad ; "signal" "tor" whatever good rsa pgp etc bad and so on it goes. ☟︎

mircea_popescu: hurr durr, they were doing pgp subversion research and picked his hanno bock to publish some results.

mircea_popescu: dude wasn't using pgp, what can i say.

shinohai: https://blog.filippo.io/giving-up-on-long-term-pgp/

walter__: PGP? Where does one 'register'?

asciilifeform: has same downfall as keeping a spare pgp key a la mircea_popescu's

mod6: I like what it does, and it seems to make sense in the case where I might need this one single time. To prevent against cryptographic death, I can generate this key pair, sign it with my PGP key, and then send a one time message of my new PGP key fp to save me from hitting the ground.

mod6: I should clearsign the pubkey with my pgp-pubkey and deedbot this, aha?

a111: Logged on 2016-12-01 15:54 asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms)

asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms) ☟︎

a111: Logged on 2016-11-28 21:43 mircea_popescu: understand : when dorks dork on about "putting abstract principles above the people themselves" in http://trilema.com/2014/the-definitive-tract-on-sociopathy/ ; or when random nobody "does not have time to read logs" or "doesn't believe phuctor did so and so" or "doesn't see why should get a pgp key" or "doesn't think bitcoin can work" etc etc, there displayed is the SAME fundamental anti-idealism of the deliberately stupid l

mircea_popescu: understand : when dorks dork on about "putting abstract principles above the people themselves" in http://trilema.com/2014/the-definitive-tract-on-sociopathy/ ; or when random nobody "does not have time to read logs" or "doesn't believe phuctor did so and so" or "doesn't see why should get a pgp key" or "doesn't think bitcoin can work" etc etc, there displayed is the SAME fundamental anti-idealism of the deliberately stupid l ☟︎

asciilifeform: Framedragger: phuctor's scheme is sufficient for distinguishing pgp keys with same moduli but variant metafields from one another, and for no other purpose.

asciilifeform: btw if anyone is looking for something to do, getting hold of a copy of diddled freebsd and generating several hundred thousand ssh and pgp keys, would be spiffy

asciilifeform: Framedragger: well, pubkey, not 'pgp key'. but yes.

Framedragger: asciilifeform: but pgp key itself would supply ciphers, right? yeah, cool stuff / makes sense.

trinque: or did I just rub the pgp sauce on my twitter because it evokes a special feeling in my empty loins

Framedragger: trinque: well, you then submit "proofs" (say tweets) which you can open to actually confirm a pgp signed message saying that "@isuckballs is my (gpg id: ...) twitter account."

Framedragger: also, something about a virtual folder for sharing data with friends whose pgp keys you have? you just do echo "attack at dawn" > /something/friendname/secret.txt

Framedragger: it says "add or create a PGP key" when registered. heh.

asciilifeform: to make pgp key.

mircea_popescu: asciilifeform if you were to write timetables, how much time would you count "generate a pgp key and register it with deedbot" ? full hour ? ten minutes ? full day ?

a111: Logged on 2016-11-20 22:39 mircea_popescu: speaking of this, and re http://btcbase.org/log/2016-11-18#1569760 : a) it was actually exactly the same usg pays via min wage (out of private pockets, but w/e, usg is the REAL government, not the republic hurr durr) and b) it made people do sensible things such as making pgp keys. a certain ammount of this "wash yourself" "read a book" basic training will have to be done forcibly, because ontogenesis may follow philogenesis,

mircea_popescu: speaking of this, and re http://btcbase.org/log/2016-11-18#1569760 : a) it was actually exactly the same usg pays via min wage (out of private pockets, but w/e, usg is the REAL government, not the republic hurr durr) and b) it made people do sensible things such as making pgp keys. a certain ammount of this "wash yourself" "read a book" basic training will have to be done forcibly, because ontogenesis may follow philogenesis, ☝︎☟︎

asciilifeform: hey if ~proprietary pgp~ still exists...

asciilifeform: if he had postbox, and made an OMFG!11111#$$##$# pgp key, he would be at least 1 old lappy richer nao

asciilifeform: i cannot speak for others, but i disapprove of only two details -- 1) the solution of problems using wordplay & redefinition, the characteristic 'millenial' sin, e.g., 'this ftp daemon is TMSR WEB!', this can of cig butts is lisp machine 2) failure to maintain elementary self-hygiene -- have a hut with locking door, and FOR FUCKS SAKE, MAN, a pgp key

a111: Logged on 2016-11-18 17:49 asciilifeform: ( in related 'news', phuctor 'fan' : https://archive.is/dQFvt >> 'Oh, the Phuctor guy. Ignore him, he has a history of spreading FUD about PGP being horribly broken and accusing anyone who corrects him of being part of some elaborate cover-up (and in at least one case, threatening to contact the university of the person who did so. ' )

asciilifeform: ( in related 'news', phuctor 'fan' : https://archive.is/dQFvt >> 'Oh, the Phuctor guy. Ignore him, he has a history of spreading FUD about PGP being horribly broken and accusing anyone who corrects him of being part of some elaborate cover-up (and in at least one case, threatening to contact the university of the person who did so. ' ) ☟︎

Framedragger: unless you deem pgp key in this instance to also be an 'account/

Framedragger: pgp keys? not that this constitutes an entire solution

mircea_popescu: in other news - voice is not authentication. pgp is authentication ; and nothing else.

Framedragger: mircea_popescu: i guess in your view, perhaps no viable conflicts would arise in gns? say, two owners of two distinct pgp keys claiming ownership of "apple.com". some kind of due process is to take place, presumably

mircea_popescu: no pgp involved for instance. but sure, i guess.

Framedragger: "A0 can be implemented by regarding an authority's PGP public key as being its public routing address!" << nice kademlia and/or gossipd vibes

asciilifeform: as in, the thing gets hashed, and db gets queried for the hash, and for the fp (these are two separate and not wholly overlapping ways to index pgp keys) to see if we already have either

Framedragger: jurov: i have a trivial python script based on your openpgp-generator to convert arbitrary numbers of e,N,comment into pgp if interested (but you prolly have something of the same - just in case)

asciilifeform: i signed mircea_popescu's article with victim's pgp privk

asciilifeform: the pgp sig

Framedragger: apart from the lulz, the point would be, i suppose, that there should be no reason to disallow for that. assuming registering party is in good standing within WoT; and if there were an actual .lemonparty on current reptilian dns, they'd better cough up a pgp sig.

asciilifeform: i'm still not sold on the concept of a pgp key in multiple pockets being any different an affair from old fiatola reich control.

asciilifeform: picture if 'apple makes pgp key'

asciilifeform: mircea_popescu: you often meet roach with pgp key?!

asciilifeform: she has pgp key?!

asciilifeform: the 'official pgp key server'

PeterL: is there a way to make pgp use something other than sha1 for clearsigning?

asciilifeform: thank you for your finds, kmalkki . please come back, and make pgp key

asciilifeform: if you would like to post them publicly, send them pgp-encrypted to any of the folks here.

adlai: has 'friend' signed his pgp fingerprint? the full shit, not the eight ascii chars

asciilifeform: gabriel_laddel: if you make a new pgp key, i will rate you

mircea_popescu: anyway, consider registering your pgp key with deedbot, so you can self-voice.

Mariono: in the kleopatra just have pgp sign like this http://postimg.org/image/ygfw0njgv/

Mariono: i already played a game and have a pgp message for claim the free bits

asciilifeform: think 'pgp but with delegation to slaves'. usg is/was for some reason obsessed with such schemes.

asciilifeform: recall, if rsa died, mircea_popescu cannot simply pgp the J' to his current circle of friends.

asciilifeform: note, J can even be another pgp/rsa key, if you are insuring against merely a 'key costs $100M and takes 5years to break' scenario, rather than catastrophic rsacalypse

asciilifeform: anyway here is a simple, 'low-tech' lamport-style scheme. let K be my current pgp key; J be a future, continuity-of-life key in some yet-undiscovered system ;

mod6: -----END PGP PUBLIC KEY BLOCK-----

mod6: -----BEGIN PGP PUBLIC KEY BLOCK-----

anond: the ASCII-armored PGP includes the header and footer?