From sean at rima.ws Thu Apr 2 07:15:55 2009 From: sean at rima.ws (Sean Rima) Date: Thu, 02 Apr 2009 15:15:55 +0100 Subject: [Enigmail] Specifing location of pgprules.xml Message-ID: <49D4C89B.6070104@rima.ws> Hi Folks I use my gpg key from 2 dedicated usb keys, 1 is a backup. I also use gpg from a couple of different laptops. Is there anyway to specify a seperate location of the pgprules.xml file for enigmail. I could work a script but would just prefer to be able to keep it permantly on my keys Sean From olav at mozilla-enigmail.org Thu Apr 2 09:07:47 2009 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Thu, 02 Apr 2009 18:07:47 +0200 Subject: [Enigmail] Specifing location of pgprules.xml In-Reply-To: <49D4C89B.6070104@rima.ws> References: <49D4C89B.6070104@rima.ws> Message-ID: <49D4E2D3.10803@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Sean, > Is there a way to specify a seperate location of the > pgprules.xml file for enigmail. I would prefer to keep > it with my keys none that I am aware of. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAknU4tIACgkQL/NBt8fdKe1quwCgoyXVWMAUh3DjImV557M9e4iA BNwAniIqoeDAtJzd55V64Z1JVPZwlUkY =rmFe -----END PGP SIGNATURE----- From sean at rima.ws Thu Apr 2 10:33:59 2009 From: sean at rima.ws (Sean Rima) Date: Thu, 02 Apr 2009 18:33:59 +0100 Subject: [Enigmail] Specifing location of pgprules.xml In-Reply-To: <49D4E2D3.10803@mozilla-enigmail.org> References: <49D4C89B.6070104@rima.ws> <49D4E2D3.10803@mozilla-enigmail.org> Message-ID: <49D4F707.7050000@rima.ws> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Olav Seyfarth wrote: >> Is there a way to specify a seperate location of the >> pgprules.xml file for enigmail. I would prefer to keep >> it with my keys > > none that I am aware of. > Shame really as I can do with this Sean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAknU9wYACgkQDif86V/dzTvtYQCfXZYRKKJgvxZndVylTsB2Rsjz 578An0uWBBuTAIf+NqMvfF0pojO5eSLx =p8ah -----END PGP SIGNATURE----- From barnesye at hgcbroadband.com Fri Apr 3 19:49:29 2009 From: barnesye at hgcbroadband.com (Damien Barnes) Date: Sat, 04 Apr 2009 10:49:29 +0800 Subject: [Enigmail] Please remove me from the discussion list Message-ID: <49D6CAB9.8040204@hgcbroadband.com> From alaric at metrocast.net Fri Apr 3 20:07:48 2009 From: alaric at metrocast.net (Phil Stracchino) Date: Fri, 03 Apr 2009 23:07:48 -0400 Subject: [Enigmail] Please remove me from the discussion list In-Reply-To: <49D6CAB9.8040204@hgcbroadband.com> References: <49D6CAB9.8040204@hgcbroadband.com> Message-ID: <49D6CF04.8050704@metrocast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Damien Barnes wrote: > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > You know, you could remove yourself by visiting the URL at the bottom of every message. It would be quicker than waiting for the list administrator to see your message. - -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAknWzwQACgkQ0DfOju+hMkli+QCfYi3UHIYEmE1nqCJfrhInzFhh 7IgAoM2vpi/ZnsYc3O6yn8PqmH4ZtF6c =NnaJ -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Fri Apr 3 20:13:24 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 03 Apr 2009 23:13:24 -0400 Subject: [Enigmail] Please remove me from the discussion list Message-ID: <49D6D054.1020408@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Damien Barnes wrote: > > _______________________________________________ > > Enigmail mailing list > > Enigmail at mozdev.org > > https://www.mozdev.org/mailman/listinfo/enigmail Simply use the Link above which appears at the bottom of every Post and remove Yourself the same way You subscribed Yourself. JOHN 8-) Timestamp: Friday 03 Apr 2009, 23:10 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ1tBRAAoJEBCGy9eAtCsPMQUH+wSV1vH7SCg+NgFc4vUpwNi2 lg0aP8g6zkAawhc8cVzzvJNzzm4iQBxY8TWWHp4Oxr866xFQLAVP81NQPbCeyLtR bGVQqzS2nWsYBzyCTopYrxvyII7yOe6zWES09d5UFhk/ChsOmNdS/GeFcv3Q6pd7 RLi5Zdz+Xr5V0yGKY4p1YDuSYmQIqh7GeKMLvpptJtYH9GZpXQpxkJYqa3BsX31d WZpcZFfyYZAgvCLFtuNuOpvto/f3wYpiyWpuhd90BjJBl5bw8XBLu65K+Ggzm5Pz 8vhwPbY+G4kyumsr/ajIVLccf2AgefVyDSBK0QcCnSKQ+pT3Q3ojyvPBpwyL0xM= =r1tg -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Sun Apr 5 14:39:21 2009 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun, 05 Apr 2009 23:39:21 +0200 Subject: [Enigmail] Specifing location of pgprules.xml In-Reply-To: <49D4C89B.6070104@rima.ws> References: <49D4C89B.6070104@rima.ws> Message-ID: <49D92509.5060200@mozilla-enigmail.org> Sean Rima wrote: > Hi Folks > > I use my gpg key from 2 dedicated usb keys, 1 is a backup. I also use > gpg from a couple of different laptops. Is there anyway to specify a > seperate location of the pgprules.xml file for enigmail. I could work a > script but would just prefer to be able to keep it permantly on my keys The file is always stored in the profile main directory. -Patrick From andy.ruddock at rainydayz.org Sun Apr 5 14:43:27 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Sun, 05 Apr 2009 23:43:27 +0200 Subject: [Enigmail] Ubuntu Seamonkey Enigmail Message-ID: <49D925FF.3070209@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 New builds for the upcoming 9.04 Jaunty release of Ubuntu, information on the forum : http://www.mozilla-enigmail.org/forum/viewtopic.php?f=12&t=588 - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknZJfcACgkQfSkWkaYi1FKayACgoi40UEv2JSAKzAnGDEZDbgdp VuoAn237ihKU+T61yHmudhaB6oDwjOvq =7rIT -----END PGP SIGNATURE----- From bsalisbu at starstream.net Sun Apr 5 15:05:56 2009 From: bsalisbu at starstream.net (Bill Salisbury) Date: Sun, 05 Apr 2009 15:05:56 -0700 Subject: [Enigmail] Enigmail & Windows 64 Message-ID: <49D92B44.6010209@starstream.net> Enigmail works fine on 32 bit but can't install on my 64 bit windows. Since I don't see a file for this I assume it has not been unimplemented of the 64 bit windows environment. Are there plans for it? Thanks Bill From John at Mozilla-Enigmail.org Sun Apr 5 15:20:28 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sun, 05 Apr 2009 17:20:28 -0500 Subject: [Enigmail] Enigmail & Windows 64 In-Reply-To: <49D92B44.6010209@starstream.net> References: <49D92B44.6010209@starstream.net> Message-ID: <49D92EAC.1070805@Mozilla-Enigmail.org> Bill Salisbury wrote: > Enigmail works fine on 32 bit but can't install on my 64 bit windows. > Since I don't see a file for this I assume it has not been unimplemented > of the 64 bit windows environment. Are there plans for it? > Thanks Bill It'll be available as soon as someone builds and contributes it. I don't mean to sound snarky, but it's not possible to build for every known OS, thus we rely on contributed efforts. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 678 bytes Desc: OpenPGP digital signature URL: From atlanx at gmx.de Tue Apr 7 08:41:41 2009 From: atlanx at gmx.de (Markur) Date: Tue, 07 Apr 2009 17:41:41 +0200 Subject: [Enigmail] Ubuntu Seamonkey Enigmail In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy Ruddock schrieb: > New builds for the upcoming 9.04 Jaunty release of Ubuntu, information > on the forum : > http://www.mozilla-enigmail.org/forum/viewtopic.php?f=12&t=588 > Cool, thank you for the link. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknbdDQACgkQhyyxgMuybxB7qACfYlQyPzHaoTYCNtigqdFTjIrw ySoAniG94Er6tw3FP6Bl0u6IJUz6wDmZ =Psly -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Apr 7 08:57:43 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 07 Apr 2009 11:57:43 -0400 Subject: [Enigmail] Ubuntu Seamonkey Enigmail In-Reply-To: <49D925FF.3070209@rainydayz.org> References: <49D925FF.3070209@rainydayz.org> Message-ID: <49DB77F7.5070300@fifthhorseman.net> On 04/05/2009 05:43 PM, Andy Ruddock wrote: > New builds for the upcoming 9.04 Jaunty release of Ubuntu, information > on the forum : > http://www.mozilla-enigmail.org/forum/viewtopic.php?f=12&t=588 How do these differ from the packages distributed by ubuntu itself? http://packages.ubuntu.com/enigmail --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature URL: From andy.ruddock at rainydayz.org Tue Apr 7 10:10:11 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Tue, 07 Apr 2009 19:10:11 +0200 Subject: [Enigmail] Ubuntu Seamonkey Enigmail In-Reply-To: <49DB77F7.5070300@fifthhorseman.net> References: <49D925FF.3070209@rainydayz.org> <49DB77F7.5070300@fifthhorseman.net> Message-ID: <49DB88F3.1040200@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Kahn Gillmor wrote: > On 04/05/2009 05:43 PM, Andy Ruddock wrote: >> New builds for the upcoming 9.04 Jaunty release of Ubuntu, information >> on the forum : >> http://www.mozilla-enigmail.org/forum/viewtopic.php?f=12&t=588 > > How do these differ from the packages distributed by ubuntu itself? > > http://packages.ubuntu.com/enigmail > > --dkg The Ubuntu packages only support Thunderbird - these builds are for Seamonkey. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknbiO8ACgkQfSkWkaYi1FKslACbBpW3COjiXd8ALmW86TC7SqrZ K+sAnjxCRwTNbS002prJyq1TGjutZRak =j+ct -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Tue Apr 7 10:56:51 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 07 Apr 2009 13:56:51 -0400 Subject: [Enigmail] Ubuntu Seamonkey Enigmail In-Reply-To: <49DB88F3.1040200@rainydayz.org> References: <49D925FF.3070209@rainydayz.org> <49DB77F7.5070300@fifthhorseman.net> <49DB88F3.1040200@rainydayz.org> Message-ID: <49DB93E3.8090806@fifthhorseman.net> On 04/07/2009 01:10 PM, Andy Ruddock wrote: > The Ubuntu packages only support Thunderbird - these builds are for > Seamonkey. Have you considered offering your changes to ubuntu so that the official packages can support both MUAs? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature URL: From markr-enigmail at signal100.com Tue Apr 7 15:52:49 2009 From: markr-enigmail at signal100.com (Mark Rousell) Date: Tue, 07 Apr 2009 23:52:49 +0100 Subject: [Enigmail] Enigmail & Windows 64 In-Reply-To: <49D92B44.6010209@starstream.net> References: <49D92B44.6010209@starstream.net> Message-ID: <49DBD941.6090409@signal100.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill, I'm running the standard Windows version of Enigmail (32 bit) on Windows Vista x64 without any problems whatsoever. Thunderbird and GPG are 32 bit too. They all work absolutely fine for me. Bill Salisbury wrote: > Enigmail works fine on 32 bit but can't install on my 64 bit windows. > Since I don't see a file for this I assume it has not been unimplemented > of the 64 bit windows environment. Are there plans for it? > Thanks Bill > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > > - -- MarkR PGP public key: http://www.signal100.com/markr/publickey Key ID: C9C5C162 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknb2UEACgkQJQGogsnFwWKJ1gCgoTLmw1T8HeQLaKr7tNGT2O3q W68AnAuzSsG1IjqWMbp7YFw2W2Yd37eJ =9pLB -----END PGP SIGNATURE----- From bsalisbu at starstream.net Tue Apr 7 17:10:14 2009 From: bsalisbu at starstream.net (Bill Salisbury) Date: Tue, 07 Apr 2009 17:10:14 -0700 Subject: [Enigmail] Enigmail & Windows 64 In-Reply-To: <49DBD941.6090409@signal100.com> References: <49D92B44.6010209@starstream.net> <49DBD941.6090409@signal100.com> Message-ID: <49DBEB66.8040305@starstream.net> Mark Rousell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Bill, > > I'm running the standard Windows version of Enigmail (32 bit) on Windows > Vista x64 without any problems whatsoever. Thunderbird and GPG are 32 > bit too. They all work absolutely fine for me. > > > > Bill Salisbury wrote: > >> Enigmail works fine on 32 bit but can't install on my 64 bit windows. >> Since I don't see a file for this I assume it has not been unimplemented >> of the 64 bit windows environment. Are there plans for it? >> Thanks Bill >> _______________________________________________ >> Enigmail mailing list >> Enigmail at mozdev.org >> https://www.mozdev.org/mailman/listinfo/enigmail >> >> >> > > - -- > MarkR > > PGP public key: http://www.signal100.com/markr/publickey > Key ID: C9C5C162 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAknb2UEACgkQJQGogsnFwWKJ1gCgoTLmw1T8HeQLaKr7tNGT2O3q > W68AnAuzSsG1IjqWMbp7YFw2W2Yd37eJ > =9pLB > -----END PGP SIGNATURE----- > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > > > > Thanks for the info. I am running seamonkey. This might be the problem. I will be checking this out as time permits. TIA Bill From nospaming at aedon.eu Sat Apr 11 07:25:46 2009 From: nospaming at aedon.eu (Peter J. Nachtigall) Date: Sat, 11 Apr 2009 16:25:46 +0200 Subject: [Enigmail] Problem with Enigma on MAC Message-ID: <49E0A86A.8080005@aedon.eu> Hi folks, I have a small issue with Enigma on OSX Leopard 10.5.6, Enigma doesn't connect to any keyservers in order to receive a key. However in CLI there is no problem. A 'gpg --keyserver x-hkp://pgpkeys.pca.dfn.de --recv-key XXXXXX' works like a charm. Environment: Thunderbird 2.0.0.21 and gpg (GnuPG) 1.4.9 Any suggestions? Cheers Peter -- aedon DESIGNS http://www.foto-hochzeitsalbum.de/ http://www.hochzeitsbuch.info/ From mlisten at hammernoch.net Sat Apr 11 07:41:03 2009 From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Sat, 11 Apr 2009 16:41:03 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E0A86A.8080005@aedon.eu> References: <49E0A86A.8080005@aedon.eu> Message-ID: <49E0ABFF.5080706@hammernoch.net> Hi, Peter J. Nachtigall wrote on 11.04.2009 16:25 Uhr: > Hi folks, > > I have a small issue with Enigma on OSX Leopard 10.5.6, > Enigma doesn't connect to any keyservers in order to receive a key. > However in CLI there is no problem. > A 'gpg --keyserver x-hkp://pgpkeys.pca.dfn.de --recv-key XXXXXX' > works like a charm. > > Environment: Thunderbird 2.0.0.21 and gpg (GnuPG) 1.4.9 > > Any suggestions? Which enigmail-version? 0.95.7? Which keyservers are entered in your preferences dialog? How? Usually http/hkp Servers don't need the protocols bevore server names, e.g. my entry in "Specify your keyserver(s)" is: pool.sks-keyservers.net, pgpkeys.pca.dfn.de, subkeys.pgp.net Do you have more than one keyserver in the section "Automatically download keys...."? If yes, then restrict the entry to only one. Does the GUI stall when manually requesting keys? Is the requested key in your keyring after cancelling the progress dialog? HTH Ludwig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 550 bytes Desc: OpenPGP digital signature URL: From nospaming at aedon.eu Sat Apr 11 08:18:24 2009 From: nospaming at aedon.eu (Peter J. Nachtigall) Date: Sat, 11 Apr 2009 17:18:24 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E0ABFF.5080706@hammernoch.net> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> Message-ID: <49E0B4C0.1030907@aedon.eu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ludwig H?gelsch?fer schrieb: > Which enigmail-version? 0.95.7? Positive > Which keyservers are entered in your preferences dialog? How? Usually > http/hkp Servers don't need the protocols bevore server names, e.g. my > entry in "Specify your keyserver(s)" is: > pool.sks-keyservers.net, pgpkeys.pca.dfn.de, subkeys.pgp.net I'm using x-hkp://pgpkeys.pca.dfn.de. There is outbound traffic through gpgkeys_hkp while using x-hkp. When I switch to plain 'pgpkeys.pca.dfn.de' there is no outbound traffic at all. Noticed on my personal firewall. I haven't sniffed it yet though. > Do you have more than one keyserver in the section "Automatically > download keys...."? If yes, then restrict the entry to only one. I do not use this feature. I always check for keys manually. However the automatic feature doesn't work either. > Does the GUI stall when manually requesting keys? Nope. Just the progress bar running for eternity. > Is the requested key > in your keyring after cancelling the progress dialog? Negative. Only if I use the terminal with e.g. your key 'x-hkp://pgpkeys.pca.dfn.de --recv-key 0959D2E3' I get the key into the ring. Which then btw works with enigma w/o any problems. > Ludwig Cheers Peter - -- aedon DESIGNS http://www.foto-hochzeitsalbum.de/ http://www.hochzeitsbuch.info/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkngtLUACgkQwIipPo4gL85XbQCfXPhdz/2ZVWfMyZCj/DRU9rN8 KuwAnjJnZAUA3zNbRAhWubLN6uIKFrpI =aPm7 -----END PGP SIGNATURE----- From egon.frerich at nord-com.net Sat Apr 11 14:27:01 2009 From: egon.frerich at nord-com.net (Egon Frerich) Date: Sat, 11 Apr 2009 23:27:01 +0200 Subject: [Enigmail] 64 bit 0.95.7 Message-ID: <49E10B25.4070800@nord-com.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu 7.10 is installed. I remember that I had to install a special version Enigmail 0.95.6 which works with 64 bits. Is there a special version Enigmail 0.95.7? Egon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ4QslZRiDo9Iq4qIRAjOJAJ9kFvC2dtP2KOeN7eGVwdiELuKJgACgtE+p Fq8UrKSC28EKVCBR7WkGe1g= =hwFy -----END PGP SIGNATURE----- From egon.frerich at nord-com.net Sat Apr 11 14:39:22 2009 From: egon.frerich at nord-com.net (Egon Frerich) Date: Sat, 11 Apr 2009 23:39:22 +0200 Subject: [Enigmail] OpenPGP/MIME vs. PGP-inline Message-ID: <49E10E0A.5080108@nord-com.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As a subscriber to the python-dev mailing list I received messages with errors for example: | OpenPGP-Sicherheitsinfo: | | Fehler - ?berpr?fung der Unterschrift fehlgeschlagen | | gpg Kommandozeile und Ausgabe: | /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --verify | gpg: Signatur am Fr 10 Apr 2009 15:31:46 CEST mit RSA Schl?ssel, ID | ED9D77D5, erfolgt | gpg: Falsche Unterschrift von "Barry A. Warsaw " I asked Barry and he told me: Hmm, what mail reader are you using? I've just switched to signing my messages with OpenPGP/MIME instead of PGP-inline. I typically use Mail.app 3.5 on OS X 10.5 with the gpgmail extension. I've been able to successfully validate my signatures with claws-mail on Linux and Thunderbird on OS X. Maybe your mail reader can't decode OpenPGP/MIME attachments? - -Barry Is there a bug in enigmail? Or have I to change an option? Egon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ4Q4KZRiDo9Iq4qIRAstIAKCFlYPHc3LluXX3dps3ZcFhy3El4wCgrTrf /3xHIoCyMsu0ywSrRBQtyQg= =/bGA -----END PGP SIGNATURE----- From andy.ruddock at rainydayz.org Sun Apr 12 04:16:13 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Sun, 12 Apr 2009 13:16:13 +0200 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: <49E10B25.4070800@nord-com.net> References: <49E10B25.4070800@nord-com.net> Message-ID: <49E1CD7D.8020507@rainydayz.org> Egon Frerich wrote: > My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu > 7.10 is installed. > > I remember that I had to install a special version Enigmail 0.95.6 which > works with 64 bits. > > Is there a special version Enigmail 0.95.7? > > Egon Ubuntu 7.10 is about to reach end-of-life. No security updates will be available after Sat April 18th. I'd consider upgrading, as you don't appear to be concerned with being at the cutting edge I'd recommend moving to 8.04 which is one of the LTS (long term support) Ubuntu releases. If you're using Thunderbird then Enigmail is available from the repositories. -- Andy Ruddock ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) From mlisten at hammernoch.net Sun Apr 12 04:23:08 2009 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Sun, 12 Apr 2009 13:23:08 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E0B4C0.1030907@aedon.eu> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> Message-ID: <49E1CF1C.8000805@hammernoch.net> Hi, Peter J. Nachtigall wrote on 11.04.2009 17:18 Uhr: > Ludwig H?gelsch?fer schrieb: > >> Which enigmail-version? 0.95.7? > > Positive Ok. >> Which keyservers are entered in your preferences dialog? How? Usually >> http/hkp Servers don't need the protocols bevore server names, e.g. my >> entry in "Specify your keyserver(s)" is: >> pool.sks-keyservers.net, pgpkeys.pca.dfn.de, subkeys.pgp.net > > I'm using x-hkp://pgpkeys.pca.dfn.de. There is outbound traffic through > gpgkeys_hkp while using x-hkp. > > When I switch to plain 'pgpkeys.pca.dfn.de' there is no outbound traffic > at all. Noticed on my personal firewall. I haven't sniffed it yet though. You're talking of the command line, don't you? >> Do you have more than one keyserver in the section "Automatically >> download keys...."? If yes, then restrict the entry to only one. > > I do not use this feature. I always check for keys manually. However the > automatic feature doesn't work either. Last time I used this, I was on 10.4.x, where it worked. Seems TB 2.x (together with enigmail) has some slight issues with 10.5. We weren't able to fix these, as they're mostly, if not all, TB 2.x things. The probability of having these fixed is nearly zero, as the main work goes into TB 3 which I anticipate this summer. >> Does the GUI stall when manually requesting keys? > Nope. Just the progress bar running for eternity. This is what I meant. Would you mind installing the nightly version of enigmail (called 0.96a) and see if key retrieval works. "Nightly" is an ambiguous label, as this enigmail version is built on a daily basis, however the code behind is very stable. Some issues since 0.95.7 have been fixed. I'm using it and it's very reliable. You can get it on the nightlies page: http://enigmail.mozdev.org/download/nightly.php Be sure to download the file for TB2: enigmail-trunk-moz-darwin-x86-ppc-gecko18.xpi HTH Ludwig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 550 bytes Desc: OpenPGP digital signature URL: From mlisten at hammernoch.net Sun Apr 12 04:35:02 2009 From: mlisten at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Sun, 12 Apr 2009 13:35:02 +0200 Subject: [Enigmail] OpenPGP/MIME vs. PGP-inline In-Reply-To: <49E10E0A.5080108@nord-com.net> References: <49E10E0A.5080108@nord-com.net> Message-ID: <49E1D1E6.8080006@hammernoch.net> Egon Frerich wrote on 11.04.2009 23:39 Uhr: [wrong PGP/MIME signature] > Is there a bug in enigmail? Or have I to change an option? Enigmail can very well handle PGP/MIME signatures. As the problem arises on a mailing list, the most probable cause for this is mailing list software or one of the other mail servers before or after the list server changes format or manuipulates required header lines breaking the PGP/MIME frame. I'm encountering this regularly on another list. I'd suggest to mail directly with the autor and test, if it works this way. HTH Ludwig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 550 bytes Desc: OpenPGP digital signature URL: From jmoore3rd at bellsouth.net Sun Apr 12 05:11:00 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 12 Apr 2009 08:11:00 -0400 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: <49E10B25.4070800@nord-com.net> References: <49E10B25.4070800@nord-com.net> Message-ID: <49E1DA54.4070008@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Egon Frerich wrote: > I remember that I had to install a special version Enigmail 0.95.6 which > works with 64 bits. > > Is there a special version Enigmail 0.95.7? You may wish to check out: http://www.rainydayz.org/index.php?option=com_content&view=article&id=59:building-enigmail-for-seamonkey-in-ubuntu-810-amd64&catid=34:linux&Itemid=53 Also, You can/should peruse the Enigmail Forum and see if anyone there has shared there solution to this issue. [http://www.mozilla-enigmail.org/forum/index.php] HTH JOHN 8-) Timestamp: Sunday 12 Apr 2009, 08:10 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4dpSAAoJEBCGy9eAtCsP/7AIAIsfbutk3QSrIlyMoNarlyFf hIIseZbB1HUA16rl+8q0heMBnTAVxW0cxUTTxM12Da1IwEWyn3COUk9zwMkcBea2 hLhbsDsVYRlHTf2rNrPh6IDKsxXbwVKpOHhFwqj8ONsVi7shiEYHqFmG0l1GGoTE TzGeaSjkDkU67cVIJAgNt3RAM5bv8eemY2sUUij9SimLH8YLf86Vy9htnHDjZOGo /uTVJqQ6GlDuI15qCj+4XZw1i9Gg8GnhqDoGsYlrGqzq31d02m22IKooERUT0hy7 /BO+RsfNzuqqFQOoK5QCmOI14tIYCHWmWB8wwLU6usKqQfNUccAJR7sSd2h3U+Q= =3YFV -----END PGP SIGNATURE----- From mcwerewolf at gmail.com Sun Apr 12 05:38:36 2009 From: mcwerewolf at gmail.com (Moonchild) Date: Sun, 12 Apr 2009 14:38:36 +0200 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid Message-ID: <49E1E0CC.1070903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks, I've run into a rather peculiar problem using enigmail. I've been looking at upgrading my mail client since my current one (Turnpike) isn't really supported anymore by the developers. Turnpike uses integrated PGP 6.5 to handle encrypted and signed messages. This setup hasn't given any issues with decrypting and verifying signed messages from anyone (including people using, for example, MUTT+OpenPGP and/or GNUPG). I've installed and tested (the current version of) enigmail on thunderbird 2.0.0.20, and ran into the following situation: - - Any message sent with a PGP signature using enigmail is flagged by my Turnpike/PGP as "invalid signature, message does not match signature" - - The signatures themselves check out fine (all data of the sender is correct) - - There is no problem decrypting messages with PGP either * I've had my fiend with MUTT/OpenPGP check a message and he says the signature checks out fine for the message. * Thunderbird itself says the signature is fine (also when sending through an external route the same as when checking with Turnpike). * This problem occurs regardless of what service I use to send/receive mail (so it doesn't seem to be a server/MTA problem). Is this a known issue with PGP? I thought it used the exact same standard... Is there a way around this? I would like to be able to sign my e-mails in the most compatible way possible so people with older PGP versions will also be able to verify my messages haven't been altered. I rely on verifiable digital signatures for work. I've tried using PGP/MIME or "regular" signing already. I can't get it to verify at all. As said: any other mail signed with PGP and OpenPGP seems to be fine, so I'm a bit at a loss where the problem lies. Thanks in advance, MC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAknh4MwACgkQ2TLZrDX4ZcaO+wCeMjf4SOY2KBECpSGq/0RlON9i xRoAnjUWOP3+avc64Wx28yOfkxC7eYhk =YAtd -----END PGP SIGNATURE----- From shavital at mac.com Sun Apr 12 07:21:01 2009 From: shavital at mac.com (Charly Avital) Date: Sun, 12 Apr 2009 10:21:01 -0400 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E1CF1C.8000805@hammernoch.net> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E1CF1C.8000805@hammernoch.net> Message-ID: <49E1F8CD.4070203@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ludwig H?gelsch?fer wrote the following on 4/12/09 7:23 AM: [...] > > You can get it on the nightlies page: > > http://enigmail.mozdev.org/download/nightly.php > > Be sure to download the file for TB2: > > enigmail-trunk-moz-darwin-x86-ppc-gecko18.xpi > > HTH > > Ludwig Till right now I had been running Enigmail 0.95.7, and didn't experience any problem accessing keyserver pool.sks-keyservers.net for automatic download of keys to verify signatures, except for momentary problems with the server itself. I would then attempt download via CLI, using other server(s). I have now switched to 0.96a (20090412-1301), no problems downloading/installing keys to verify new signatures. Charly MacOS X 10.5.6 - MacBook Intel C2Duo "Aluminum Late 2008"- GnuPG 1.4.9 - GPG2 2.0.11 - Thunderbird 2.0.0.21+Enigmail 0.96a (20090412-1301) - Apple's Mail+GPGMail 1.2.0 (v56), PGP key: 0xA57A8EFA -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJJ4fjKAAoJEM3GMi2FW4PvBkkH/R9JCA6rK27XzIA/c+96WUVs G/4Plhbc6BTJm28D4f+NYGZSjfnzEV3b2mbGwUS6MhwOsPQDTCRK7kqU3Eqqgie9 DxXjizqN3uVNuh94xBWMyx5Aw5XjELts9lzXfVLwS8+veCpTWRzhH6PIfmDZOtyk 5tRX5wP+dVDExWwulbnSgMXZM38TM4jyCGDAwkROYeHxSYphiROXXcMCWeVD+Nza c+cFqfoRO82nxkoijtoUJI8TNm+ZcM9JDKAgAQus5UPpvrKX1kuBDKyNvGcZqL1t LO3SQKWVXsRD9pkH3BWrqxQ5zpEtrsPWwkiHzXqwEkD3bYuD7E94U0qe2b+Xr88= =vtz2 -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sun Apr 12 09:33:25 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 12 Apr 2009 12:33:25 -0400 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid In-Reply-To: <49E1E0CC.1070903@gmail.com> References: <49E1E0CC.1070903@gmail.com> Message-ID: <49E217D5.5070302@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Moonchild wrote: > I've run into a rather peculiar problem using enigmail. I've been > looking at upgrading my mail client since my current one (Turnpike) > isn't really supported anymore by the developers. Turnpike uses > integrated PGP 6.5 to handle encrypted and signed messages. > Is this a known issue with PGP? I thought it used the exact same standard... PGP 6.5 is extremely deprecated. Standards change over time and in the case of PGP 6.5 a lot has changed. In fact, there is even a New 'Standard' in the form of RFC4880. The 'problem' is _not_ with Enigmail because it contains on encryption engine of any sort; it is simply a Frontend for GnuPG and merely passes commands to gpg.exe which is responsible for verifications, error messages, etc. My knee-jerk reaction is that the Settings within Enigmail have not been configured to 'throttle back' the use of Hash algorithms unsupported by PGP 6.5 If I am correct then PGP 6.5 will not verify the Sig on this message but any current version of GPG will. My proposed solution would be for You to immediately switch from PGP 6.5 to a more current version of OpenPGP. :-\ JOHN ;) Timestamp: Sunday 12 Apr 2009, 12:33 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4hfSAAoJEBCGy9eAtCsPfPsH+gOhl7JOeujvL+aezsOsVGDF cOi0jx0zmdrT1wZCkahAolaay97vboKXlRYwMg32SY2B8VNbfjx8Wl5cZMo1yf8n 8J8+DHs5Lmmy3ZPxoPHAFl/X+ui9kOkMYDHPeJugD59hWh3IvAjk2hfz1mWvSERA L9LeNOKfo62vKVKDwKIOzIbVtdM2LT9OJNiqh59Ar0M93kbVevEnZv3h6/gy/3we t1GPBJg/5IqhLlHdSS6Qy/IOt/eOl8LSt8QF+75rIvnVtHekHkZvzCjpJfpINnOO 8ncliMHQVbuWTHg5+6cJrjs/Fur254ZVfwHpQBvVIlCiIfgnkfNdCDItm6lHkHU= =XKER -----END PGP SIGNATURE----- From nospaming at aedon.eu Sun Apr 12 10:06:02 2009 From: nospaming at aedon.eu (Peter J. Nachtigall) Date: Sun, 12 Apr 2009 19:06:02 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E1CF1C.8000805@hammernoch.net> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E1CF1C.8000805@hammernoch.net> Message-ID: <49E21F7A.9010906@aedon.eu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ludwig, Ludwig H?gelsch?fer schrieb: > You can get it on the nightlies page: > http://enigmail.mozdev.org/download/nightly.php > Be sure to download the file for TB2: > enigmail-trunk-moz-darwin-x86-ppc-gecko18.xpi I'd love to. However it doesn't work. The maintainer has put the locale inside the package while it still not translated: XML-Verarbeitungsfehler: Undefinierte Entit?t Adresse: chrome://enigmail/content/pref-enigmail.xul Zeile Nr. 72, Spalte 20: &enigmail.basicUser.tooltip; There is no go with that one. - -- aedon DESIGNS http://www.foto-hochzeitsalbum.de/ http://www.hochzeitsbuch.info/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkniH3oACgkQBm2neosqb/AW6QCeLhfRxXc35+Q2MXmIO7T+XctZ TdkAn1hhC3nuaULKFiRvXRRJiGuWmKgA =BVss -----END PGP SIGNATURE----- From mlisten at hammernoch.net Sun Apr 12 12:21:17 2009 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Sun, 12 Apr 2009 21:21:17 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E21F7A.9010906@aedon.eu> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E1CF1C.8000805@hammernoch.net> <49E21F7A.9010906@aedon.eu> Message-ID: <49E23F2D.90107@hammernoch.net> Hi, Peter J. Nachtigall wrote on 12.04.2009 19:06 Uhr: > I'd love to. However it doesn't work. The maintainer has put the locale > inside the package while it still not translated: Yes, that's right, I forgot to mention, sorry for that. The nightly only works in an en-US TB version. Some weeks ago there was a post by Remi Collet with a script to set untranslated strings by the english ones. I still haven't put it in use for the build process of the nightlies for Mac OS X. I've got some time the next days, so I probably can do this. I'll let you know when they are available. Ludwig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 550 bytes Desc: OpenPGP digital signature URL: From egon.frerich at nord-com.net Sun Apr 12 07:11:37 2009 From: egon.frerich at nord-com.net (Egon Frerich) Date: Sun, 12 Apr 2009 16:11:37 +0200 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: References: <49E10B25.4070800@nord-com.net> Message-ID: <49E1F699.4030906@nord-com.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My question is not answered. At 2008-04-22 I downloaded enigmail-0.95.6-linux-x86_64.xpi and I want to know if there is a version 0.95.7 for 64 bits? Egon Andy Ruddock schrieb: | Egon Frerich wrote: |> My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu |> 7.10 is installed. |> |> I remember that I had to install a special version Enigmail 0.95.6 which |> works with 64 bits. |> |> Is there a special version Enigmail 0.95.7? |> |> Egon | | Ubuntu 7.10 is about to reach end-of-life. No security updates will be | available after Sat April 18th. | I'd consider upgrading, as you don't appear to be concerned with being | at the cutting edge I'd recommend moving to 8.04 which is one of the LTS | (long term support) Ubuntu releases. | | If you're using Thunderbird then Enigmail is available from the | repositories. | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ4faZZRiDo9Iq4qIRArIJAJ9yB9IlmdvR33T2whYW2/7Dhs6c9QCgzGwe SSJpB43kBIb4/qH0yWx14Ws= =X5df -----END PGP SIGNATURE----- From egon.frerich at nord-com.net Sun Apr 12 07:29:15 2009 From: egon.frerich at nord-com.net (Egon Frerich) Date: Sun, 12 Apr 2009 16:29:15 +0200 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: References: <49E10B25.4070800@nord-com.net> Message-ID: <49E1FABB.5080307@nord-com.net> Thank you. Egon John W. Moore III schrieb: > Egon Frerich wrote: > >> I remember that I had to install a special version Enigmail 0.95.6 which >> works with 64 bits. > >> Is there a special version Enigmail 0.95.7? > > You may wish to check out: > http://www.rainydayz.org/index.php?option=com_content&view=article&id=59:building-enigmail-for-seamonkey-in-ubuntu-810-amd64&catid=34:linux&Itemid=53 > > Also, You can/should peruse the Enigmail Forum and see if anyone there > has shared there solution to this issue. > [http://www.mozilla-enigmail.org/forum/index.php] > > HTH > > JOHN 8-) > Timestamp: Sunday 12 Apr 2009, 08:10 --400 (Eastern Daylight Time) From nospaming at aedon.eu Sun Apr 12 12:55:34 2009 From: nospaming at aedon.eu (Peter J. Nachtigall) Date: Sun, 12 Apr 2009 21:55:34 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E23F2D.90107@hammernoch.net> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E1CF1C.8000805@hammernoch.net> <49E21F7A.9010906@aedon.eu> <49E23F2D.90107@hammernoch.net> Message-ID: <49E24736.5030602@aedon.eu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ludwig Ludwig H?gelsch?fer schrieb: > I'll let you know when they are available. OK. Cheers Peter - -- aedon DESIGNS http://www.foto-hochzeitsalbum.de/ http://www.hochzeitsbuch.info/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkniRzYACgkQBm2neosqb/AueQCgjPCuowX/ykjQLIahu/j8+jgf 85AAoIZQL3EnqqFSR4RASvPvuswv7UdI =y0jV -----END PGP SIGNATURE----- From andy.ruddock at rainydayz.org Sun Apr 12 13:48:30 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Sun, 12 Apr 2009 22:48:30 +0200 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: <49E1F699.4030906@nord-com.net> References: <49E10B25.4070800@nord-com.net> <49E1F699.4030906@nord-com.net> Message-ID: <49E2539E.7040105@rainydayz.org> Egon Frerich wrote: > My question is not answered. > > At 2008-04-22 I downloaded enigmail-0.95.6-linux-x86_64.xpi and I want > to know if there is a version 0.95.7 for 64 bits? > > Egon > > > > Andy Ruddock schrieb: > | Egon Frerich wrote: > |> My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu > |> 7.10 is installed. > |> > |> I remember that I had to install a special version Enigmail 0.95.6 which > |> works with 64 bits. > |> > |> Is there a special version Enigmail 0.95.7? > |> > |> Egon > | > | Ubuntu 7.10 is about to reach end-of-life. No security updates will be > | available after Sat April 18th. > | I'd consider upgrading, as you don't appear to be concerned with being > | at the cutting edge I'd recommend moving to 8.04 which is one of the LTS > | (long term support) Ubuntu releases. > | > | If you're using Thunderbird then Enigmail is available from the > | repositories. > | > Try http://www.rainydayz.org/download/enigmail/ubuntu/ I've built enigmail for Seamonkey for AMD64 & i386 for Ubuntu versions 8.04, 8.10 & 9.04 Current enigmail version is 0.95.7 As I mentioned, 7.10 is now end-of-life and I see no point in building enigmail for that platform. -- Andy Ruddock ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) From John at Mozilla-Enigmail.org Sun Apr 12 15:00:23 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sun, 12 Apr 2009 17:00:23 -0500 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid In-Reply-To: <49E1E0CC.1070903@gmail.com> References: <49E1E0CC.1070903@gmail.com> Message-ID: <49E26477.6020306@Mozilla-Enigmail.org> Moonchild wrote: > Hey folks, > > I've run into a rather peculiar problem using enigmail. I've been > looking at upgrading my mail client since my current one (Turnpike) > isn't really supported anymore by the developers. Turnpike uses > integrated PGP 6.5 to handle encrypted and signed messages. This setup > hasn't given any issues with decrypting and verifying signed messages > from anyone (including people using, for example, MUTT+OpenPGP and/or > GNUPG). > > > Is this a known issue with PGP? I thought it used the exact same standard... > Is there a way around this? I would like to be able to sign my e-mails > in the most compatible way possible so people with older PGP versions > will also be able to verify my messages haven't been altered. I rely on > verifiable digital signatures for work. I've tried using PGP/MIME or > "regular" signing already. I can't get it to verify at all. > As said: any other mail signed with PGP and OpenPGP seems to be fine, so > I'm a bit at a loss where the problem lies. Your problem lies in PGP 6.5.8. It's nowhere near RFC 4880 compliant, although GnuPG may be "broken" to not use post PGP 6.x features by using the --pgp6 option. It instructs GnuPG to set up all options to be as PGP 6 compliant as possible. This restricts you to the ciphers IDEA (if the IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the compression algorithms none and ZIP. This also disables --throw-keyids, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. It's a very sub-optimal solution that leaves you in the crypto "Stone Age". You'll also need the IDEA DLL. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 678 bytes Desc: OpenPGP digital signature URL: From mcwerewolf at gmail.com Mon Apr 13 00:56:14 2009 From: mcwerewolf at gmail.com (Moonchild) Date: Mon, 13 Apr 2009 09:56:14 +0200 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid In-Reply-To: <49E26477.6020306@Mozilla-Enigmail.org> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> Message-ID: <49E2F01E.9060903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > Your problem lies in PGP 6.5.8. It's nowhere near RFC 4880 compliant, > although GnuPG may be "broken" to not use post PGP 6.x features by using > the --pgp6 option. It instructs GnuPG to set up all options to be as PGP > 6 compliant as possible. This restricts you to the ciphers IDEA (if the > IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and > RIPEMD160, and the compression algorithms none and ZIP. This also > disables --throw-keyids, and making signatures with signing subkeys as > PGP 6 does not understand signatures made by signing subkeys. So, it just means I've never run into anyone so far who uses RFC4880 encryption/signing, with all the contacts I have ;-) Although John Moore's kneejerk reaction is understandable, as I explained, at least for now I need to be as backwards compatible as I can until I am sure all of my contacts are "current" - I cannot impose the new signing algorhythm on them just because I change software, so the --pgp6 might be the workaround I need. I do like to note I have been using my existing (IDEA) cypher keys to sign and encrypt without any additional DLL installed with GnuPG. So IDEA is supported. I was wondering about that when I installed Enigmail/GnuPG as I knew some algorhythms were not used by the open source solutions by default, but everything worked. > It's a very sub-optimal solution that leaves you in the crypto "Stone > Age". Maybe so, but like I said in my current situation I need full backwards compatibility. I don't see being restricted to IDEA, 3DES and CAST5 and the hashes MD5, SHA1 and RIPEMD160 as much of a restriction. Apparently, all my peers so far have used these cyphers and hashes as well. (weren't those good enough, or what?) I'll try the pgp6 switch. Thanks. MC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkni8B4ACgkQ2TLZrDX4Zcb0KACfXEOg48UU65s+huEEthfCrPdO gU4An1c4B0AFFhLC70VMZ53Q9HEEv3wm =MKlQ -----END PGP SIGNATURE----- From l.dobrev at gmail.com Mon Apr 13 01:19:47 2009 From: l.dobrev at gmail.com (Lachezar Dobrev) Date: Mon, 13 Apr 2009 11:19:47 +0300 Subject: [Enigmail] Enigmail fails to detect encrypted message In-Reply-To: <90266c3f0801180230v6f5e1f4cnafb1fc09664a7d71@mail.gmail.com> References: <90266c3f0801090210xdf8c578t34b1c5f6bfdf4607@mail.gmail.com> <90266c3f0801100050l5c1df6bfs66d4291dbe12bbea@mail.gmail.com> <4785F3F3.20703@mozilla-enigmail.org> <90266c3f0801100253r5f89f85fh46e177f3ef231b39@mail.gmail.com> <90266c3f0801100259o57c52c5v3c2c69c999388e0f@mail.gmail.com> <90266c3f0801170208x3e61ec91r9c0366410b65705b@mail.gmail.com> <478F7963.9040908@mozilla-enigmail.org> <90266c3f0801170853p50e240e9h8e6b091cc68defeb@mail.gmail.com> <47905880.7040900@mozilla-enigmail.org> <90266c3f0801180230v6f5e1f4cnafb1fc09664a7d71@mail.gmail.com> Message-ID: <90266c3f0904130119v547f4a33m5ac12ebca80979f3@mail.gmail.com> Well... This is more than an year later, but I finally figured out that the culprit was not the quoted-printable (which was OFF by the way), but the flawed text support. After looking at the code (Use the Source Luke!) I found out, that Enigmail tries to disable flowed support upon installation. I am not exactly sure whether upgrading executes the installation procedure, or not. It seems flowed support has been left active in my Thunderbird. I could not find the flowed text support option through-out Thunderbird's menus and options, although I have the distinct feeling I used to check it on somewhere. After manually disabling the flowed text support in Thunderbird (using the Advanced Configuration Editor) signed and/or encrypted in-line messages (non-PGP/MIME) are correctly detected and decrypted/verified. Pity, 'cause I like flowed text, but whatever... I think I understand why Flowed Text and Quoted Printable break encryption/signing, but are there any plans to support those? Or at least disable those temporarily if the message is to be signed/encrypted? How is signing/encrypting HTML messages implemented? I don't use those, but maybe a similar approach could be useful? 2008/1/18 Lachezar Dobrev : > ? OK. I give up. > >> Quoted-printable is not an ideal choice for using with inline-PGP, there >> are many problems with it that are due to the way Enigmail obtains the >> messages from Thunderbird. > ? I see... That is a bit of a problem for me, but will have to just live > with that. > >> I could decrypt both successfully on Linux and Windows. As said, by all >> means avoid quoted-printable for inline PGP messages. > ? Well... You did... > ? However YOUR replies to the messages I sent you are also not detected as > encrypted, and I had to manually decrypt them. > > ? Anyway. Like I said I give up. > > ? P.S. I have attached a screen snip to demonstrate I am not talking empty > words. > ?????? I also attached two additional screen snips of a colleague's message > and the effect of manually decrypting it. > From faramir.cl at gmail.com Mon Apr 13 01:26:37 2009 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Apr 2009 04:26:37 -0400 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid In-Reply-To: <49E2F01E.9060903@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> Message-ID: <49E2F73D.60102@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Moonchild escribi?: > John Clizbe wrote: > So, it just means I've never run into anyone so far who uses RFC4880 > encryption/signing, with all the contacts I have ;-) All my regular contacts are RFC4880 compliant... > I do like to note I have been using my existing (IDEA) cypher keys to > sign and encrypt without any additional DLL installed with GnuPG. So > IDEA is supported. I was wondering about that when I installed > Enigmail/GnuPG as I knew some algorhythms were not used by the open > source solutions by default, but everything worked. I think if IDEA algorithm is not available, GPG uses 3DES... I never fully understood that part... > Maybe so, but like I said in my current situation I need full backwards > compatibility. I don't see being restricted to IDEA, 3DES and CAST5 and > the hashes MD5, SHA1 and RIPEMD160 as much of a restriction. Apparently, > all my peers so far have used these cyphers and hashes as well. (weren't > those good enough, or what?) Yes, but MD5 was considered secure some years ago, now it's not considered secure anymore, and SHA1 seems to be going on the same road... of course it's not something anybody can do (probably, very few people can forge a signature made with MD5), but... the idea is to move before the status reaches the "woman and children goes first" level... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ4vc9AAoJEMV4f6PvczxAuwQH/jJCcWFgMsNEDWAAjUZCWuUa G+bYwjCBZBkmaS7SY82AS94XVsJIqNIodcRk7ddtYxZfCM5RIpfg9qRxgJVSK4xy qjzduNorJZ5+OmHJgSurMHnLxYLcrXy858HQnHzRmxqLYf9XazI046y9H/ECAt+7 7XVYbdkOk1pukex0JvQvLtWYuPjunShwAzLp7pVHil8Cf4BzFPZpXD6jjSbluUyA kG6cJZJjCi0yDCDYFkx5LhWY/2YzELB/rrP6bw7Uia1cn5RRSUlrwqIQTZ+XMalX KAEWRndDq8E190cVqEnsDtr8ee2GcfoZUiU7inD2aUnLe54KFKnL2DDAdwhBfWU= =Si39 -----END PGP SIGNATURE----- From l.dobrev at gmail.com Mon Apr 13 01:44:03 2009 From: l.dobrev at gmail.com (Lachezar Dobrev) Date: Mon, 13 Apr 2009 11:44:03 +0300 Subject: [Enigmail] Failure to recognize signature of Signed+Encrypted mail from KMail. Message-ID: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> ?Recently a colleague migrated to KDE, and started using KMail as his mail application. ?After a few messages I noticed, that the messages that my colleague was signing were OK, those that were encrypted also worked fine. ?However messages that were both encrypted and signed were correctly decrypted, but their signature was not detected and was visible as an attached file in the decrypted message called signature.asc. ? Obviously attaching the encrypted mail will have no effect whatsoever unless you get a hold of my private key. ?Hence I am attaching: ?1. The original mail (slightly censored) retaining the headers and structure. ?2. The decrypted content of the mail (slightly censored) retaining headers and structure. Per request by a developer I will ask my colleague to send a test message encrypted with both my key, and the developer's key, and send it off-list. -------------- next part -------------- From: *** censored *** To: *** censored *** Subject: Re: =?utf-8?b?*** censored ***?= Date: Wed, 8 Apr 2009 16:16:24 +0300 User-Agent: KMail/1.11.2 (FreeBSD/7.1-RELEASE-p1; KDE/4.2.2; i386; ; ) References: <*** censored ***> <*** censored ***> In-Reply-To: <*** censored ***> MIME-Version: 1.0 Content-Type: multipart/encrypted; boundary="nextPart1516022.nfNtDFx8tU"; protocol="application/pgp-encrypted" Content-Transfer-Encoding: 7bit Message-Id: <*** censored ***> --nextPart1516022.nfNtDFx8tU Content-Type: application/pgp-encrypted Content-Disposition: attachment Version: 1 --nextPart1516022.nfNtDFx8tU Content-Type: application/octet-stream Content-Disposition: inline; filename="msg.asc" -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.11 (FreeBSD) *** censored ***== =8d5M -----END PGP MESSAGE----- --nextPart1516022.nfNtDFx8tU-- -------------- next part -------------- Content-Type: multipart/signed; boundary="nextPart2049370.tzTXW7JRzD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart2049370.tzTXW7JRzD Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Content-Disposition: inline *** censored ***== --nextPart2049370.tzTXW7JRzD Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEABECAAYFAknco64ACgkQ549Nz7jP2Qh/YgCfdUXt0rjIBkRckefToHkrya2t kmkAoLd5dzalO+UJ8SiJEeiSs9AAeCgR =VNLc -----END PGP SIGNATURE----- --nextPart2049370.tzTXW7JRzD-- From jmoore3rd at bellsouth.net Mon Apr 13 01:44:24 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 13 Apr 2009 04:44:24 -0400 Subject: [Enigmail] PGP indicates enigmail signed messages are invalid In-Reply-To: <49E2F01E.9060903@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> Message-ID: <49E2FB68.1010905@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Moonchild wrote: > all my peers so far have used these cyphers and hashes as well. (weren't > those good enough, or what?) Keyword here = "weren't" At one time these signature hashes 'were' good enough. No longer. MD5 is demonstrably broken. SHA1 has suffered man made collisions and is teetering on the brink of crypto extinction. RIPEMD160 is simply another 160bit Hash and once SHA1 is completely broken the knowledge learned from MD5 & SHA1 will be turned toward RIPEMD160. It would be prudent to begin migrating away from these 3 hash algorithms immediately. As to the IDEA .dll; this algorithm is native to PGP6 and would only need to be manually added to GnuPG installations. Since You earlier stated that You are using PGP6 from the command line My suspicion is that analysis of Your messages would reveal that 3DES is the cipher used for encryption. - From the GnuPG Manual the --pgp6 command will accomplish: --pgp6 Set up all options to be as PGP 6 compliant as possible. This restricts you to the ciphers IDEA (if the IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the compression algorithms none and ZIP. This also disables - --throw-keyids, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. This option implies --disable-mdc --no-sk-comment --escape-from- lines - --force-v3-sigs. The 'restrictions' that this compatibility option places upon GnuPG is an indication of just how limited PGP6 is in the present. :-\ Since You earlier indicated that You are using Enigmail simply place --pgp6 in the Preferences box labeled 'Additional Parameters' and these restrictions will be enforced with every instance. > So, it just means I've never run into anyone so far who uses RFC4880 > encryption/signing, with all the contacts I have ;-) Actually, the presence of broken/Bad signatures tends to indicate that You have "run into" some correspondents using RFC compliant software. The unverifiable signatures are most probably from GnuPG Users who haven't restricted GPG with the --pgp6 limiter. Because of the pains taken to ensure backwards compatibility by the GnuPG Developers encryption/decryption is still possible. Public Keys carry embedded statements [called preferences] which broadcast which ciphers/algorithms they are compatible with. This allows the encrypting Application to make selections based upon mutual compatibility. You didn't mention whether the PGP 6.5.8 version is a CKT build but if it is this also exposes the User to an entirely different can of worms; some of which may be expressly illegal. I say 'may be' because I am not conversant in Swedish law. HTH JOHN 8-) Timestamp: Monday 13 Apr 2009, 04:44 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4vtlAAoJEBCGy9eAtCsPIOYH/0UT8ss7yIOjZTApugOBdn21 /E1DLa27wEf+azqbABEVnmvdt3uDOIVbG4cSwSoodM0lf93jZAghxCOIVW63zVJf EUh4i177Dw8uGNd2nMgdMMTFBzbqd3DAnv2oNoc0GXpHFx8IqLOm6NlL2QfqTy5L vXfZSHikTbLDfHSh8dFWxWinPRMHh9dl665mADKKIri18Qs/XkgMo4cFtA3WRZzQ mNHsEuJMkZXDAjl2084ONFLf8BNA1irkW5RUQhbHzMHLvr6ScZu0OkwSqNoCB8ex ZdV315dRegUnEHuzghAypCgebeQ8Lq+ECET5sEBI1+5lTPI+6YrpcpqAggg+7wQ= =5GI9 -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Mon Apr 13 01:48:22 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 13 Apr 2009 04:48:22 -0400 Subject: [Enigmail] Enigmail fails to detect encrypted message In-Reply-To: <90266c3f0904130119v547f4a33m5ac12ebca80979f3@mail.gmail.com> References: <90266c3f0801090210xdf8c578t34b1c5f6bfdf4607@mail.gmail.com> <90266c3f0801100050l5c1df6bfs66d4291dbe12bbea@mail.gmail.com> <4785F3F3.20703@mozilla-enigmail.org> <90266c3f0801100253r5f89f85fh46e177f3ef231b39@mail.gmail.com> <90266c3f0801100259o57c52c5v3c2c69c999388e0f@mail.gmail.com> <90266c3f0801170208x3e61ec91r9c0366410b65705b@mail.gmail.com> <478F7963.9040908@mozilla-enigmail.org> <90266c3f0801170853p50e240e9h8e6b091cc68defeb@mail.gmail.com> <47905880.7040900@mozilla-enigmail.org> <90266c3f0801180230v6f5e1f4cnafb1fc09664a7d71@mail.gmail.com> <90266c3f0904130119v547f4a33m5ac12ebca80979f3@mail.gmail.com> Message-ID: <49E2FC56.8090509@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Lachezar Dobrev wrote: > How is signing/encrypting HTML messages implemented? I don't use > those, but maybe a similar approach could be useful? HTML messages are best handled using PGP/MIME since Inline is a crap shoot. Because many MUA's are incapable of handling PGP/MIME [most notably all of the ones 'sponsored' by M$] the rule-of-thumb is to stick with Plaintext when using Inline OpenPGP. JOHN ;) Timestamp: Monday 13 Apr 2009, 04:48 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4vxUAAoJEBCGy9eAtCsPjbYH/3bj9ubbMOPSA3p/o4xCJwcI tgbLnKOBsoS4pkaeuYdh+kd1Pq9tm3fwILKA+es2D+tFBhuOqnNAVJJ47CgWYzRL lXuYKtjitWPcaWTLw8YTfJMrlhM69nbfp8D/lp8Rf785l6uFb0bKNntyyRjCeH9+ dlBoqnnN7Zl85TwDvQlVhK8a01VKYMJX3xW1zH52wNhuW/O2r+L6HPdcdoiW63k7 UzWiw/v5ggbmx4LX0OIbpEIoUJxsJq1VIgiZu4mqQvqNGIdp/OKEnKjVK/F3r+Zs sl8ikmDa0jYxGixCUOI9n2G+Bn1jStd2myN0053DECBIwiFFryRBOdFFXdcVAWg= =Wc3c -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Mon Apr 13 01:54:46 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 13 Apr 2009 04:54:46 -0400 Subject: [Enigmail] Failure to recognize signature of Signed+Encrypted mail from KMail. In-Reply-To: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> References: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> Message-ID: <49E2FDD6.5040301@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Lachezar Dobrev wrote: > However messages that were both encrypted and signed were correctly > decrypted, but their signature was not detected and was visible as an > attached file in the decrypted message called signature.asc. Your correspondent is using PGP/MIME which fortunately for You is easily digested by Thunderbird/Enigmail. IIRC, FireGPG also can decrypt PGP/MIME [I noticed You are sending from the Gmail interface]. Should Your colleague begin using PGP/MIME with a correspondent attempting to read the Email using Outlook, Outlook Express or Windows Mail frustration is certain to ensue. :) JOHN ;) Timestamp: Monday 13 Apr 2009, 04:54 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4v3NAAoJEBCGy9eAtCsPxHQH/jMlE5qktwUsQlWRYi9l6I4B vZ1MWuX01PTQDOKzsA4NxLC5tiqKLAxnIFDueTyfBobM9MIpR07JpwOFon9Jgrt6 fkIh2hQlF8xngkICfej8sD9JJT7v5dSm/GUYtKbjJFwLLyVV8e75RerdejoPhU10 jSNlen21uI2QF0DFoCFYWo7tvvCVO+sjSGhGDy90OhwNhzCWU1cM2j9TQTy/nrlC ZJkgsQHEdnuM7ixY7ebnBZwIBwXjXWM+RvLkxV1bVkU4RckJ/Wmn1EuB45xXtnzl FluUFlVK424qKC3dS6T7UsD+XpB6EmsKvbHcxpaEVmskS0LEqWiiQqfgFk+8xU4= =XDZt -----END PGP SIGNATURE----- From l.dobrev at gmail.com Mon Apr 13 02:09:45 2009 From: l.dobrev at gmail.com (Lachezar Dobrev) Date: Mon, 13 Apr 2009 12:09:45 +0300 Subject: [Enigmail] Failure to recognize signature of Signed+Encrypted mail from KMail. In-Reply-To: <49E2FDD6.5040301@bellsouth.net> References: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> <49E2FDD6.5040301@bellsouth.net> Message-ID: <90266c3f0904130209h5382ba83ufba7089017c8fdc0@mail.gmail.com> My point is, that Enigmail does NOT digest the message, but rather chokes on it, and spits the signature as an attachment in the deciphered mail. Enigmail does not try to verify the attached signature (or at least shows not signature results), leaving me puzzled as to why my colleague does not sign his messages at all... I only get the 'OpenPGP: Decrypted message' heading, no reference to signature whatsoever. And I see the signature as an attachment to the decrypted mail. BTW. We only use encryption/signing for the mails sent between colleagues, who use Thunderbird+Enigmail (and one uses KMail). I could care less for M$ mailers, but not much less. My desire is to have all the colleagues send and receive encrypted and signed mails between ourselves, the 'outside' world is oblivious anyway (like my wife and parents). 2009/4/13 John W. Moore III : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Lachezar Dobrev wrote: > >> ? However messages that were both encrypted and signed were correctly >> decrypted, but their signature was not detected and was visible as an >> attached file in the decrypted message called signature.asc. > > Your correspondent is using PGP/MIME which fortunately for You is easily > digested by Thunderbird/Enigmail. ?IIRC, FireGPG also can decrypt > PGP/MIME [I noticed You are sending from the Gmail interface]. ?Should > Your colleague begin using PGP/MIME with a correspondent attempting to > read the Email using Outlook, Outlook Express or Windows Mail > frustration is certain to ensue. ?:) > > JOHN ;) > Timestamp: Monday 13 Apr 2009, 04:54 ?--400 (Eastern Daylight Time) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10-svn4979: (MingW32) > Comment: Public Key at: ?http://tinyurl.com/8cpho > Comment: Gossamer Spider Web of Trust: https://www.gswot.org > Comment: Homepage: ?http://tinyurl.com/yzhbhx > > iQEcBAEBCgAGBQJJ4v3NAAoJEBCGy9eAtCsPxHQH/jMlE5qktwUsQlWRYi9l6I4B > vZ1MWuX01PTQDOKzsA4NxLC5tiqKLAxnIFDueTyfBobM9MIpR07JpwOFon9Jgrt6 > fkIh2hQlF8xngkICfej8sD9JJT7v5dSm/GUYtKbjJFwLLyVV8e75RerdejoPhU10 > jSNlen21uI2QF0DFoCFYWo7tvvCVO+sjSGhGDy90OhwNhzCWU1cM2j9TQTy/nrlC > ZJkgsQHEdnuM7ixY7ebnBZwIBwXjXWM+RvLkxV1bVkU4RckJ/Wmn1EuB45xXtnzl > FluUFlVK424qKC3dS6T7UsD+XpB6EmsKvbHcxpaEVmskS0LEqWiiQqfgFk+8xU4= > =XDZt > -----END PGP SIGNATURE----- > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail From l.dobrev at gmail.com Mon Apr 13 02:14:58 2009 From: l.dobrev at gmail.com (Lachezar Dobrev) Date: Mon, 13 Apr 2009 12:14:58 +0300 Subject: [Enigmail] Enigmail fails to detect encrypted message In-Reply-To: <49E2FC56.8090509@bellsouth.net> References: <90266c3f0801090210xdf8c578t34b1c5f6bfdf4607@mail.gmail.com> <90266c3f0801100253r5f89f85fh46e177f3ef231b39@mail.gmail.com> <90266c3f0801100259o57c52c5v3c2c69c999388e0f@mail.gmail.com> <90266c3f0801170208x3e61ec91r9c0366410b65705b@mail.gmail.com> <478F7963.9040908@mozilla-enigmail.org> <90266c3f0801170853p50e240e9h8e6b091cc68defeb@mail.gmail.com> <47905880.7040900@mozilla-enigmail.org> <90266c3f0801180230v6f5e1f4cnafb1fc09664a7d71@mail.gmail.com> <90266c3f0904130119v547f4a33m5ac12ebca80979f3@mail.gmail.com> <49E2FC56.8090509@bellsouth.net> Message-ID: <90266c3f0904130214y158df371u2e0e63ad1ef740a9@mail.gmail.com> >> ? How is signing/encrypting HTML messages implemented? I don't use >> those, but maybe a similar approach could be useful? > > HTML messages are best handled using PGP/MIME since Inline is a crap > shoot. ?Because many MUA's are incapable of handling PGP/MIME [most > notably all of the ones 'sponsored' by M$] the rule-of-thumb is to stick > with Plaintext when using Inline OpenPGP. > > JOHN ;) Exactly my point. Using PGP/MIME did not exhibit the problem in the first place. The puzzling part was the fact, that the behavior was dependent on local mailer visual option, rather than the senders'. That is why my attempts to explain the behavior failed miserably before: the people I was trying to explain this to had this option (flowed text) turned off. From rNaOsSmPiAtMh1959 at gmail.com Mon Apr 13 02:59:37 2009 From: rNaOsSmPiAtMh1959 at gmail.com (Roy Smith) Date: Mon, 13 Apr 2009 04:59:37 -0500 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: References: Message-ID: Egon Frerich wrote: > My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu > 7.10 is installed. > > I remember that I had to install a special version Enigmail 0.95.6 which > works with 64 bits. > > Is there a special version Enigmail 0.95.7? If you're going to digitally sign your messages, please have the courtesy of either posting a link to download your public key from, or send it to the keyservers. -- Roy Smith Ubuntu 8.10 Intrepid Ibex Registered Linux User #488144 Remove N O S P A M when replying by email. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 898 bytes Desc: OpenPGP digital signature URL: From rNaOsSmPiAtMh1959 at gmail.com Mon Apr 13 03:02:59 2009 From: rNaOsSmPiAtMh1959 at gmail.com (Roy Smith) Date: Mon, 13 Apr 2009 05:02:59 -0500 Subject: [Enigmail] 64 bit 0.95.7 In-Reply-To: References: <49E10B25.4070800@nord-com.net> Message-ID: Andy Ruddock wrote: > Egon Frerich wrote: >> My computer has an AMD Athlon 64 X2 Dual Core Processor 3800+. Ubuntu >> 7.10 is installed. >> >> I remember that I had to install a special version Enigmail 0.95.6 which >> works with 64 bits. >> >> Is there a special version Enigmail 0.95.7? >> >> Egon > > Ubuntu 7.10 is about to reach end-of-life. No security updates will be > available after Sat April 18th. > I'd consider upgrading, as you don't appear to be concerned with being > at the cutting edge I'd recommend moving to 8.04 which is one of the LTS > (long term support) Ubuntu releases. > > If you're using Thunderbird then Enigmail is available from the > repositories. That is true, but the version in the repository is old (v0.95.0). -- Roy Smith Ubuntu 8.10 Intrepid Ibex Registered Linux User #488144 Remove N O S P A M when replying by email. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 898 bytes Desc: OpenPGP digital signature URL: From mcwerewolf at gmail.com Mon Apr 13 03:49:08 2009 From: mcwerewolf at gmail.com (Moonchild) Date: Mon, 13 Apr 2009 12:49:08 +0200 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E2FB68.1010905@bellsouth.net> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> Message-ID: <49E318A4.1080700@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John W. Moore III wrote: > Actually, the presence of broken/Bad signatures tends to indicate that > You have "run into" some correspondents using RFC compliant software. > The unverifiable signatures are most probably from GnuPG Users who > haven't restricted GPG with the --pgp6 limiter. Because of the pains Actually, I only ran into it because the first thing I did was send myself a signed message from TB with enigmail to test, and it failed checking the signature. I haven't run into any issues with anyone else so far, like I said. As for problems with hashes having collisions etc. - Theoretically, it is an issue. In practice, ANY hash will find situations where the same hash is found for different sources, the question then becomes: is it a practical issue to assume this minutely small chance will pose a problem with normal use? Is there really a danger of someone, in a reasonable amount of computing time, being able to recreate a valid has from an altered message? I think it's unneeded. As it is, I'll verify RFC4880 compliance with my peers before migrating to it by removing the --pgp6 switch again. I have tested the --pgp6 parameter and it solved the signing issue. So it was definitely just a clear issue of the new RFC signatures not being processed correctly by the old PGP. As for legality: The PGP I use is an official build as supplied by PGP at the time. It is not a command-line version, and purchased&licensed as part of the mail/news suite. It had better not be illegal to use ;-) Like I said in my original post: the client software hasn't been developed for quite a while and it needs replacing. Thanks for the help, folks. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iD8DBQFJ4xik2TLZrDX4ZcYRAo8DAJ9sAIaViqp46LTuUJv8eWomTzQLXQCgiHId C7Bru+QPlGdLW52hogbkTmw= =Nj3O -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Mon Apr 13 07:16:44 2009 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 13 Apr 2009 16:16:44 +0200 Subject: [Enigmail] Fedora + TB 3.0b2 + Enigmail 0.96a (2009-03-15) In-Reply-To: <49BEAABD.8050806@FamilleCollet.com> References: <49BD3EE7.8030006@FamilleCollet.com> <49BD578A.1090707@hammernoch.net> <49BEAABD.8050806@FamilleCollet.com> Message-ID: <49E3494C.5060104@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Remi Collet wrote: > Le 15/03/2009 20:31, Ludwig H?gelsch?fer a ?crit : > >> Enigmail trunk is almost never translated fully. I'm confident that this >> will be fixed for a enigmail release suitable for the upcoming TB3. I >> think Patrick will call for translators when the rest of the code is >> stable enough for a release, if needed. > > I think I perfectly understand how work such a OpenSource project. > >> And, as always with open source projects, patches are welcome :-) > > My goal is not to have a french (or other) translation complete (and I > don't think I will be a good translator), it's to provide (as I'm used > to do) a working package of enigmail "in all languages" for Fedora Users > for most versions (from FC4) and most architectures (i386, x86_64, ppc > and ppc64) > > So, I quickly write a small and dirty script which check each lang file > (enigmail.dtd and enimail.properties) and add the missing strings (from > then english reference file). > > The result is a working extension in all languages (well, of course with > some english messages). > > The script is attached. > Written in PHP (sorry, but that's the simplest language for me) > > And before building enigmail, I run : > > cd mailnews/extensions/enigmail > for rep in $(cat lang/current-languages.txt) > do > dos2unix lang/$rep/enigmail.dtd > dos2unix lang/$rep/enigmail.properties > php enigmail-fixlang.php ui/locale/en-US lang/$rep > done > > Hope it could help others. Hi Remi I finally found the time to test your script. It's really cool, I'll integrate it into my nightly build script :-) Thanks a lot, - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSeNJS3cOpHodsOiwAQgbEAgAwYNnJZIx4ARNb7evE0PxlSHJAQtCVR/d QIsXhF+4oFhzBZdWujyE8RliUtW//EIwvJweHUiFdy2jjcixoAdPQ55+ukk9ETvC PzWtMv0y4CLB6OShGgVtw+u5HZgg1kQpE0tIoGkAYlSoGLkywUJxFZ4Kxk+wC5Qo wGssqZSf+x2UEYOmqdFMkcBebdek27aKpZ5ZU+tyJumMfI6wgRgE4MnIE76bU55/ KJ6SXgIJ2j5lRZa+Y43R2+fCl/NdFPBK3NViSCBPObAFtu0NnUtNJrxSUiMWrmXH FZOW2Yu3PkAq3zLuB1UuiPPGAs88GMBRUV+2WlO53EkQaThu2Pq0Ig== =Bxn/ -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Mon Apr 13 07:40:12 2009 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 13 Apr 2009 16:40:12 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E0B4C0.1030907@aedon.eu> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> Message-ID: <49E34ECC.2020101@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter J. Nachtigall wrote: > Ludwig H?gelsch?fer schrieb: > >> Which enigmail-version? 0.95.7? > > Positive > >> Which keyservers are entered in your preferences dialog? How? Usually >> http/hkp Servers don't need the protocols bevore server names, e.g. my >> entry in "Specify your keyserver(s)" is: >> pool.sks-keyservers.net, pgpkeys.pca.dfn.de, subkeys.pgp.net > > I'm using x-hkp://pgpkeys.pca.dfn.de. There is outbound traffic through > gpgkeys_hkp while using x-hkp. > > When I switch to plain 'pgpkeys.pca.dfn.de' there is no outbound traffic > at all. Noticed on my personal firewall. I haven't sniffed it yet though. > >> Do you have more than one keyserver in the section "Automatically >> download keys...."? If yes, then restrict the entry to only one. > > I do not use this feature. I always check for keys manually. However the > automatic feature doesn't work either. > >> Does the GUI stall when manually requesting keys? > Nope. Just the progress bar running for eternity. > >> Is the requested key >> in your keyring after cancelling the progress dialog? > > Negative. > > Only if I use the terminal with e.g. your key > 'x-hkp://pgpkeys.pca.dfn.de --recv-key 0959D2E3' I get the key into the > ring. Which then btw works with enigma w/o any problems. I think the problem might be related to the URI specification ("x-hkp://"). For HKP servers, simply enter the keyserver name without x-hkp:// and downloading keys might work! - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSeNOy3cOpHodsOiwAQh8Bgf/ft4JmVc1p3yVtu4KQwUy23N60y3BJ8ZT VzkxlqySMMwkBdQOSv8fK7EroTPowAC6KEbeFhm5AMjperd7n/vNAe4jYoOaxB25 cE0pmfLsKqdJHTdac03lRUu2EP17uWobhmWmY/gYgaakiyyrLtwEsM/VhaSSq/vg rCe7kQsGr6E/ARav0W08i9R1H/GG0Cymu/1kOEMUjzATAFljy/8+o4ne+8sTHpMX TVsDcZA1lXjPTambkCrd45Z4OcT9cqM2fuYwXo7MYy/6H843KP6Q3LsTmGDxFbif EWejWByNgdk0NUytlNBzL1teYGQL2DdtAoGJ735D/ynFuwYIW1hoYw== =hwqU -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Mon Apr 13 07:53:14 2009 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 13 Apr 2009 16:53:14 +0200 Subject: [Enigmail] Failure to recognize signature of Signed+Encrypted mail from KMail. In-Reply-To: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> References: <90266c3f0904130144l11ec70aex46a87cc86bc27f36@mail.gmail.com> Message-ID: <49E351DA.8030503@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Lachezar Dobrev wrote: > Recently a colleague migrated to KDE, and started using KMail as his > mail application. > After a few messages I noticed, that the messages that my colleague > was signing were OK, those that were encrypted also worked fine. > However messages that were both encrypted and signed were correctly > decrypted, but their signature was not detected and was visible as an > attached file in the decrypted message called signature.asc. That's right (but of course not correct). The problem lies deep inside Thunderbird, and I could not yet find a way to fix it. Therefore currently any RFC 3156 messages following section 6.1 (i.e. sign and encrypt in 2 steps) are decrypted any only for valid signatures if the message size is very small. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSeNR2XcOpHodsOiwAQhnyAgAwWKNg8KyIaOVnGALKyQ/sXUMMRH0AsK7 XwShym6eWiFQE9lB3lJN84u8O1p+zL/sFdN+mpIOVvvm9gRqCsoFRmRxeKHMHVxZ zK9vdnx5o5S84XtjZTx8Xdvgvc8CsyWq1ETGCsjIBrjUS5AsTXVT6RHyfafsEwsp EA1zjT9JfTMMlebI1oBL10kTcYw/7KM/UslulB9fHY9ABnzVGiHvmGBkuyh+SMOD 9+qo7kWSFBXPaXw4+XMDyBn6DMKX4Y5SQwjpbsMlDBo8v1aB5urHgdQQS4auZlrT YLRXiR19PlY41byAz+xfmdby2JqcJt5lxekEfMNOBIQ94IuPFThJbQ== =F9pS -----END PGP SIGNATURE----- From nospaming at aedon.eu Mon Apr 13 08:21:28 2009 From: nospaming at aedon.eu (Peter J. Nachtigall) Date: Mon, 13 Apr 2009 17:21:28 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E34ECC.2020101@mozilla-enigmail.org> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E34ECC.2020101@mozilla-enigmail.org> Message-ID: <49E35878.5060308@aedon.eu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Patrick Patrick Brunschwig schrieb: > I think the problem might be related to the URI specification > ("x-hkp://"). For HKP servers, simply enter the keyserver name without > x-hkp:// and downloading keys might work! As stated previously it didn't. Even more using x-hkp seems to make key-polling more reliable. However, I just setup a new profile for Thunderbird and now Enigma is working as it suppose to. FYI I installed all the same extensions in the new profile thus something else must have been gone wrong. The curiosity is that the old profile is still running w/o any probs on all my Linux boxes. Cheers Peter - -- aedon DESIGNS http://www.foto-hochzeitsalbum.de/ http://www.hochzeitsbuch.info/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknjWHgACgkQBm2neosqb/BC+wCgr/HsiHQL4uEtVK1kARu4QX/2 WEoAoI9Od1zndbdFQZGjxIP6Zknxk/qP =YN5U -----END PGP SIGNATURE----- From faramir.cl at gmail.com Mon Apr 13 08:25:42 2009 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Apr 2009 11:25:42 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E318A4.1080700@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> Message-ID: <49E35976.4060405@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Moonchild escribi?: ... > Actually, I only ran into it because the first thing I did was send > myself a signed message from TB with enigmail to test, and it failed > checking the signature. I haven't run into any issues with anyone else > so far, like I said. That's good, I hope you won't have more problems... > As for problems with hashes having collisions etc. - Theoretically, it > is an issue. In practice, ANY hash will find situations where the same > hash is found for different sources, the question then becomes: is it a > practical issue to assume this minutely small chance will pose a problem > with normal use? Is there really a danger of someone, in a reasonable > amount of computing time, being able to recreate a valid has from an > altered message? I think it's unneeded. Well, some time ago, it was something that was not possible to do even in an unreasonable amount of computing time, now it is possible (with MD5) with an unreasonable amount of computing time... and in future, we don't know. In my short experience, I think people using cryptography is uncomfortable with uncertainty. > As it is, I'll verify RFC4880 compliance with my peers before migrating > to it by removing the --pgp6 switch again. Good, that is the idea, you don't need to migrate today, but you should "push" your peers to migrate to something more standard. Not just for security, but also to don't have to worry about having to force compatibilities. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ41l1AAoJEMV4f6PvczxAPpQIAJG+hza/Q1P3naOLefE4wpD8 B13Ca0iYmvA0DKM+4sYsWGWZVDNGC9iA06P5G/4lGD7UwSaTZDeU/nGDNDe7XUyE PfShU8LA1Uk6gqt/iJsZ1q39Z/XTTzrqiXk1Q4pM4lQfcrAr92ANZC5MC9eYiiG6 wKgAw0mKB4uthPtyDTmAYVHSsz33V0zKLdDsYINPKSa2zBuUNmtAYYzb7tJVir5w 9nVoVwSKKnU7QU5cPE4SXjd2Ol/d5LhlpPVa2aKYj6WQxVchhrwzM3zgEiahhsFV yZp1oVtTv0PnGBUNvaSwiF2BBGf8jjwZPzcd5LZ8zQCYqbFwPs+sGfS5opEtptM= =/yeU -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Mon Apr 13 10:01:12 2009 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 13 Apr 2009 19:01:12 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E35878.5060308@aedon.eu> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E34ECC.2020101@mozilla-enigmail.org> <49E35878.5060308@aedon.eu> Message-ID: <49E36FD8.8070304@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter J. Nachtigall wrote: > Hi Patrick > > Patrick Brunschwig schrieb: > >> I think the problem might be related to the URI specification >> ("x-hkp://"). For HKP servers, simply enter the keyserver name without >> x-hkp:// and downloading keys might work! > > As stated previously it didn't. Even more using x-hkp seems to make > key-polling more reliable. However, I just setup a new profile for sorry, I missed that. > Thunderbird and now Enigma is working as it suppose to. FYI I installed > all the same extensions in the new profile thus something else must have > been gone wrong. The curiosity is that the old profile is still running > w/o any probs on all my Linux boxes. Did you define a proxy in your original profile? Enigmail does respect proxy settings in Thunderbird. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSeNv13cOpHodsOiwAQg3NQf7BQ9EPMWtMUw6THTnRjoQGYlaehHX/hJx R2vrM9DmIhsQEtX/kGiFQZ4jbmo6NOgGbAsb9IPIdxdcAwDOg/wk8jixlpGikypY 1k0Dsuj7SMJpgFee1rDpBlVS5GMFV/qQkympzza4LllOo6uR6zJo/Txwxl+g+S5k y+F4BoE2rz9YzKy67hi5DlKQlSXer7Q0JoE574gfzl6wjPzd+l6ZD89YkCMmDScO f9fM3Iyca2piuQdefKRLP84dUCH2DBf9d9um6sxnP0zcJ9ktQsisVV2MZQ5M7WLq QtPo8PIJo55MZSZY26usFzMpflzZQW61G3GGq5jZJHyML3dymo2++w== =4w75 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon Apr 13 10:52:51 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 13 Apr 2009 10:52:51 -0700 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E35976.4060405@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> Message-ID: <20090413105251.109850gozxovlucc@mail.monkeyblade.net> > Well, some time ago, it was something that was not possible to do even > in an unreasonable amount of computing time, now it is possible (with > MD5) with an unreasonable amount of computing time... MD5 collisions can be generated in realtime; we know this to be true and have known it to be true for more than a decade. Currently, MD5 collisions require a few minutes to generate, using some fairly high end equipment. That said, neither the time nor expense is "unreasonable." _All_ hash functions are subject to collisions, assuming the attacker is willing to spend unreasonable time and effort. By "unreasonable time," I mean in the billions of years, and by "unreasonable effort," I mean building a Dyson Sphere around the sun to capture enough energy to power the computer. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From faramir.cl at gmail.com Mon Apr 13 11:21:23 2009 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Apr 2009 14:21:23 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <20090413105251.109850gozxovlucc@mail.monkeyblade.net> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> Message-ID: <49E382A3.9020406@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribi?: >> Well, some time ago, it was something that was not possible to do even >> in an unreasonable amount of computing time, now it is possible (with >> MD5) with an unreasonable amount of computing time... > > MD5 collisions can be generated in realtime; we know this to be true and > have known it to be true for more than a decade. > > Currently, MD5 collisions require a few minutes to generate, using some > fairly high end equipment. That said, neither the time nor expense is > "unreasonable." Sorry, I tried to refer to the forged 509 certificate which had a signature made using MD5. That required more than 1 month IIRC, and a cluster of PSP, which is something very few people can do... so for "normal" people, it would be "unreasonable but feasible". I should have been more clear about that. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ44KjAAoJEMV4f6PvczxAelcH/1y0E23SGkNXKVj65bdJ+4bR SdJKrAZP/htkQLWUICA9Ot0oieqP3Fmc9Y+eZkAkTly4ICmQ7XOAmUPIxiDkAhtJ p0Kuw75L9utQng/a1FMLJYUDl1PvafHOKNKogiZR6JQ4yLVrAZRraamsARNecJJY GyGxWdS+gYPf+c8oK+bhkcfm3fkvfPSgZo++wwrs2G0s/g0c7eDaxezg/xLLtAxs iqOJEcbapbF381pSj24HXgbxqe9jL6LkWLKFIECW8nTnLyd0VbSd1ZS2QNMDIMlc +dBQJCIpVvh7+wOGibFRYcDzaXuE76uM5RaPhz/XfOs3uUD0RLGHCoYM9ByTztg= =rT8o -----END PGP SIGNATURE----- From alaric at metrocast.net Mon Apr 13 11:28:28 2009 From: alaric at metrocast.net (Phil Stracchino) Date: Mon, 13 Apr 2009 14:28:28 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <20090413105251.109850gozxovlucc@mail.monkeyblade.net> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> Message-ID: <49E3844C.7090202@metrocast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen wrote: > _All_ hash functions are subject to collisions, assuming the attacker > is willing to spend unreasonable time and effort. By "unreasonable > time," I mean in the billions of years, and by "unreasonable effort," > I mean building a Dyson Sphere around the sun to capture enough energy > to power the computer. I'd like a few minutes of time on that computer. I have some projections and analyses I'd like it to run for me... - -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAknjhEwACgkQ0DfOju+hMkmJoQCfR5xZnD22HV1uRk2gbq8QDOd3 BjoAni2EAblvjZNkoUSDse27wQoF6nH0 =pPfh -----END PGP SIGNATURE----- From mlisten at hammernoch.net Mon Apr 13 16:11:10 2009 From: mlisten at hammernoch.net (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Tue, 14 Apr 2009 01:11:10 +0200 Subject: [Enigmail] Problem with Enigma on MAC In-Reply-To: <49E24736.5030602@aedon.eu> References: <49E0A86A.8080005@aedon.eu> <49E0ABFF.5080706@hammernoch.net> <49E0B4C0.1030907@aedon.eu> <49E1CF1C.8000805@hammernoch.net> <49E21F7A.9010906@aedon.eu> <49E23F2D.90107@hammernoch.net> <49E24736.5030602@aedon.eu> Message-ID: <49E3C68E.9050307@hammernoch.net> Peter J. Nachtigall wrote on 12.04.2009 21:55 Uhr: > Hi Ludwig > > Ludwig H?gelsch?fer schrieb: > >> I'll let you know when they are available. > > OK. They're available for download. Ludwig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 550 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Mon Apr 13 17:54:20 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 13 Apr 2009 20:54:20 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E382A3.9020406@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> Message-ID: <49E3DEBC.6090103@sixdemonbag.org> Faramir wrote: > Sorry, I tried to refer to the forged 509 certificate which had a > signature made using MD5. That required more than 1 month IIRC, and a > cluster of PSP, which is something very few people can do... so for > "normal" people, it would be "unreasonable but feasible". I should have > been more clear about that. For a normal attacker, this network can be had for under $1000 and a couple of hours of time. It's called a botnet, and they're available for rent. This is normal, reasonable, and /very/ feasible. A common mistake people made when determining capabilities is to say, "well, I don't know how I'd do it, so that means nobody does." The reality is that scoundrels and rogues are often exceptionally skilled in their skulduggery. From faramir.cl at gmail.com Mon Apr 13 18:56:21 2009 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Apr 2009 21:56:21 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E3DEBC.6090103@sixdemonbag.org> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> Message-ID: <49E3ED45.5020106@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribi?: > Faramir wrote: ... >> signature made using MD5. That required more than 1 month IIRC, and a >> cluster of PSP, which is something very few people can do... so for >> "normal" people, it would be "unreasonable but feasible". I should have >> been more clear about that. > > For a normal attacker, this network can be had for under $1000 and a > couple of hours of time. It's called a botnet, and they're available > for rent. > > This is normal, reasonable, and /very/ feasible. ... Just $1000? I thought it would be more expensive... yes, that changes things a lot :S > A common mistake people made when determining capabilities is to say, > "well, I don't know how I'd do it, so that means nobody does." The Yes, maybe I should have searched for second hand psp before writting... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ4+1FAAoJEMV4f6PvczxAFBUH/10QOzgGr08gWymZEvCpdI1y j2fIwthwrCcRz3MV7hl9AU3DjHYHqF7sCE7mv9uh7ow4ySj4q4dTwUsLTNRFlETu ah6RZVeM8Np0ycD1khHD3XpQ9rEyH/zBbh45Z1mX2dYSMmKxejI1nMOARarDDpyu y9l2bPP1pzkJXsi3kWxxOB/bVwWGfuHJzGeDXY2judgIhtB9/vahVmMazqB9EL6V t97F3eIb6OnnRZGLqBj2SUdRKF8yQz26Easxi8x5m0FjxNjcwZbcDqi5fxC2FRe+ j/Mr8tIsy5+Dip3+m6crYRSKMTGCYvUrXJccoMxs1FqvHhoPrKjBnmarWU99X/s= =rwLO -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Apr 14 11:14:41 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 14 Apr 2009 14:14:41 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E3DEBC.6090103@sixdemonbag.org> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> Message-ID: <49E4D291.30908@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > reality is that scoundrels and rogues are often exceptionally skilled in > their skulduggery. Into which category to Governments fall? :-D JOHN ;) Timestamp: Tuesday 14 Apr 2009, 14:14 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ5NKQAAoJEBCGy9eAtCsPxsAH/25mAoIBEsE+dkUgrBQr5QWD 23kLtQose2Qu676pz1hCmbk93JvYhykP1+MYcxs08tBl89WmJetkMXmSjcEFriP5 jl/mntYH8Ioe6YA7xE70OBCm64iZYGGwIXqTFulwBDaCfzckcSqbKHeIj3vTnXfN eMNNKjdZ5zHZ7QoSycXFIDIDLE2B932rvZtiElLASTxB2m9gsMzq7RAnuXhFwZKE K49UqpHZu6x3l5gHM/5SI5PIf5yCORiksRMoMm9WAldsWpgyj5021ASTAa7SS26n C5TQWe+KLo1+Wqsgo+OzfrSzRTAnNPGH30Iqv5iAgUh1tBrDWVYsmaJtGCeAy5g= =O+4U -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Apr 14 11:26:09 2009 From: faramir.cl at gmail.com (Faramir) Date: Tue, 14 Apr 2009 14:26:09 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E4D291.30908@bellsouth.net> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> <49E4D291.30908@bellsouth.net> Message-ID: <49E4D541.1080002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > Robert J. Hansen wrote: > >> reality is that scoundrels and rogues are often exceptionally skilled in >> their skulduggery. > > Into which category to Governments fall? :-D Government are huge things, probably they have divisions to take charge of each category XD Well, they also have divisions in charge of fighting both things too... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ5NVBAAoJEMV4f6PvczxA7J4H+wT891xcriyLpvunkouTkiae F5ywgfXLvV6DfsPh75fumCZ2U+vZoz9tLnDhc21FnvGg5B+bNffdC6VV67grernh QoGEtmR9j1Q4jclE3HQgfvV3qkv/Edfk+vVTxzImLXnHZkdpHjrhhraAHrdQA+++ SON906oxOceID9Wu1hXQVLy7vLO+oxjc2hhGIovXm7DnMizfAgWFsmCCFORyD2Ms FzWC+w7FbziogzHzjEve5Jd9h8CmdII94Qq5XZMLnVSJ4AVeb+/dumGZ5/25INjD lWirVSqFaMTiOibstKLNdWA5JAc/3+3AGXAp56Ex9hJ+1V203DsZoFq2LF+z9kI= =Sxnu -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Apr 14 11:40:00 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 14 Apr 2009 14:40:00 -0400 Subject: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid In-Reply-To: <49E4D541.1080002@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> <49E4D291.30908@bellsouth.net> <49E4D541.1080002@gmail.com> Message-ID: <49E4D880.1080608@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > John W. Moore III escribi??: >> Robert J. Hansen wrote: > >>> reality is that scoundrels and rogues are often exceptionally skilled in >>> their skulduggery. >> Into which category to Governments fall? :-D > > Government are huge things, probably they have divisions to take > charge of each category XD > Well, they also have divisions in charge of fighting both things too... Hmm... Sounds like an excellent argument for the Libertarian position. But this isn't the proper forum for political frustration. JOHN ;) Timestamp: Tuesday 14 Apr 2009, 14:39 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ5Nh+AAoJEBCGy9eAtCsPro8H/RZBhGd9SONTfhC+QLWCB9Ao AKiiBb6rHG8FtZAJNd7eDT6fcDpkL6tliB70iU2ClpFoogEtqfZcuNBhUeyOCkPy LZUJ5ht+cyHRjfmJwS+mVOeA2u9rcWEs21IV4O9WA7dlL6kxpl54dLRnhwd++SYX FVDw2jg3uGnltpbP7au2IGczPCDdp8NUgIlRVTRjEheNSxtk9hJglJFCQyEK1CVi NCDAOUbCbHjDLOptADltq2C7qL84ek6C0stxyyBpoduLUoeg/QeDQrzNP5t10EmD MJmOOHOTm+SUbRK4MJcll4M2r51/SCohV/UzBIFqA95yGDkkuxeT1PNvDbs3pCU= =y905 -----END PGP SIGNATURE----- From Jhony.Armando at djmtz.sld.cu Mon Apr 13 21:30:06 2009 From: Jhony.Armando at djmtz.sld.cu (Jhony A Flores Balderrama(G11)) Date: Mon, 13 Apr 2009 21:30:06 -0700 Subject: [Enigmail] Re. HOLA In-Reply-To: <49E3DEBC.6090103@sixdemonbag.org> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> Message-ID: QUIERO TENER UN CORREO ELECTRONICO EN LA PAGINA DE ENIGMAIL MOZDEV .....POR FA...CHAO -----Original Message----- From: "Robert J. Hansen" To: Enigmail user discussion list Date: Mon, 13 Apr 2009 20:54:20 -0400 Subject: Re: [Enigmail] Solved: PGP indicates enigmail signed messages are invalid Faramir wrote: > Sorry, I tried to refer to the forged 509 certificate which had a > signature made using MD5. That required more than 1 month IIRC, and a > cluster of PSP, which is something very few people can do... so for > "normal" people, it would be "unreasonable but feasible". I should have > been more clear about that. For a normal attacker, this network can be had for under $1000 and a couple of hours of time. It's called a botnet, and they're available for rent. This is normal, reasonable, and /very/ feasible. A common mistake people made when determining capabilities is to say, "well, I don't know how I'd do it, so that means nobody does." The reality is that scoundrels and rogues are often exceptionally skilled in their skulduggery. _______________________________________________ Enigmail mailing list Enigmail at mozdev.org https://www.mozdev.org/mailman/listinfo/enigmail La Facultad - Policlinico 26 de Julio Celebra el ??Aniversario 50 de la Revoluci?n Cubana ?? -------------- next part -------------- An HTML attachment was scrubbed... URL: From faramir.cl at gmail.com Wed Apr 15 14:04:01 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 15 Apr 2009 17:04:01 -0400 Subject: [Enigmail] Re. HOLA In-Reply-To: References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> Message-ID: <49E64BC1.7010608@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jhony A Flores Balderrama(G11) escribi?: > > QUIERO TENER UN CORREO ELECTRONICO EN LA PAGINA DE ENIGMAIL MOZDEV > .....POR FA...CHAO Creo que no entiendes realmente para qu? es la p?gina de Enigmail. Es para la aplicasi?n Enigmail, no es un servicio que provea correos seguros. La seguridad la provee el programa GnuPG, y Enigmail es solamente una interfase gr?fica que le permite al gestor de correos Thunderbird el poder utilizar GnuPG. Google provee correos gratuitos, que pueden configurarse para funcionar con Thunderbird, y as? poder utilizar GnuPG para proveer seguridad a los mensajes. Por cierto, lo primero seria que averig?es si es legal en tu pa?s utilizar criptograf?a en tus mensajes, no te vayas a meter en un l?o. Saludos Translation: The guy wants an e-mail address in Enigmail Mozdev website. In my reply, I tell him Enigmail Mozdev is not a provider of secure e-mail addresses, but to develope Enigmail, and try to explain a bit what is Enigmail, that it needs GnuPG to provide encryption, and that Gmail can be configured to work with Thunderbird and that way use encryption. And finally, I tell him to check if it is legal to use encryption in his country, so he can avoid getting troubles for using it without checking that first. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ5kvBAAoJEMV4f6PvczxAgQkH/0Mtri/QRO7CIvKgnqo+8sVH Mpxz/N9F6vhiwFUGpUUW6O0lNlYd6JvhPgxxlfj9bACXU0YPiWVVpZu8JO7mSygr +8cDAXSN3ptvnVtc/amX8HZbr83sr3i7kSK8KGBV69T3QJ5rBiUZ+lAqYrI0JpH4 jf9gTngatvWK2R8aRZNOf3PPMXcJg2v5PTKMJpOauHSHP+KKBHz8WV7ukxVhoo+N YXm6LSm2K2dlR2U8VBWoT2RK7IkUdkt2C1I5ttf0EMRImszUZ5Oen/9IcO7ldHn5 3rUtJHUGHfQnwMrU7tOV4E2Wc2f2Ghj1oAG9YmbHVzRppa4j560Fm3nQHB7zEYY= =qPqo -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Apr 15 14:38:22 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 15 Apr 2009 17:38:22 -0400 Subject: [Enigmail] Re. HOLA In-Reply-To: <49E64BC1.7010608@gmail.com> References: <49E1E0CC.1070903@gmail.com> <49E26477.6020306@Mozilla-Enigmail.org> <49E2F01E.9060903@gmail.com> <49E2FB68.1010905@bellsouth.net> <49E318A4.1080700@gmail.com> <49E35976.4060405@gmail.com> <20090413105251.109850gozxovlucc@mail.monkeyblade.net> <49E382A3.9020406@gmail.com> <49E3DEBC.6090103@sixdemonbag.org> <49E64BC1.7010608@gmail.com> Message-ID: <49E653CE.6030809@sixdemonbag.org> Faramir wrote: > Translation: Thank you, Faramir; this was very helpful to me, and to a lot of other people. :) As a helpful reminder, this mailing list is multilingual. We have no "English-only" rule. That said, it is generally a good idea to try using English first, since it's as close as we have to a common tongue. From dukethek9 at gmail.com Sat Apr 25 16:20:24 2009 From: dukethek9 at gmail.com (Duke Hound) Date: Sat, 25 Apr 2009 19:20:24 -0400 Subject: [Enigmail] Newbie Message-ID: <49F39AB8.8050302@gmail.com> Hello, I am a relative newbie to PKI. I set up thunderbird/gnupg/enigmail today and all seemed to work. Yeah. 1) With this set up there doesn't seem to be a certificate. Is there one in the background? (I suppose not, b/c that would mean I issued my own certificate...is this why gnupg has the sign a public key?) When I sign a key, am i essentially letting everyone on the public key network know that I trust this public key and in a way being a certificate authority or is this signature only for me locally? 2) gmail (online client) does not play nicely with GNUPG signatures. Does gmail (online client) play nicely with verisign Class 1 Digital ID signatures? 2a) If the answer to 2) is no. Do any common online email clients gmail.com, yahoo.com, aol.com, etc play nicely with gnupg or verisign email signatures? Is there any progress being made to standardize this process so that that my choice of signature infrastructure (thunderbird/gnupg/enigmail) can be made without considering the technical setup and understanding of my email recipients? Thanks, d From jmoore3rd at bellsouth.net Sun Apr 26 05:03:50 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 26 Apr 2009 08:03:50 -0400 Subject: [Enigmail] Newbie In-Reply-To: <49F39AB8.8050302@gmail.com> References: <49F39AB8.8050302@gmail.com> Message-ID: <49F44DA6.2080401@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Duke Hound wrote: > I am a relative newbie to PKI. I set up thunderbird/gnupg/enigmail > today and all seemed to work. Yeah. Congratulations! Should You feel an urge to 'practice' using Enigmail and/or encryption feel free to write Me directly. :) > 1) With this set up there doesn't seem to be a certificate. Is there > one in the background? (I suppose not, b/c that would mean I issued my > own certificate...is this why gnupg has the sign a public key?) When I > sign a key, am i essentially letting everyone on the public key network > know that I trust this public key and in a way being a certificate > authority or is this signature only for me locally? OK, basically 'Certificate' & Key are interchangeable terms in this context. Yes, if/when You 'Sign' a Key with an exportable signature [as opposed to a Local Signature] You are effectively publishing/expressing Your faith/trust in the validity of the Key & the information it contains. I suggest that You only use Local Signatures in the beginning until You have become more familiar [comfortable?] with the concepts of Web of Trust [WoT], Trust Models, etc. A Local Signature exists _only_ on Your Keyring and is exported or shared when You work with the Key. [hence the term 'Local' ;) ] > 2) gmail (online client) does not play nicely with GNUPG signatures. > Does gmail (online client) play nicely with verisign Class 1 Digital ID > signatures? - From the Web interface none of the WebMail services are particularly kind to Encryption. This is due to a lot of reason but basically the main reason is that Web Mail is enamored of HTML and inline Encryption works best with Plaintext. If You access any of the Web Mail Services using Thunderbird with the correct Settings You should experience no problem. The same is True with using x.509 [S/MIME] via Web Mail. IIRC, there is an Extension/Add-On available for Firefox/SeaMonkey Browsers that facilitates the use of S/MIME from within the Gmail Web screen. > 2a) If the answer to 2) is no. Do any common online email clients > gmail.com, yahoo.com, aol.com, etc play nicely with gnupg or verisign > email signatures? Is there any progress being made to standardize this > process so that that my choice of signature infrastructure > (thunderbird/gnupg/enigmail) can be made without considering the > technical setup and understanding of my email recipients? Aye, here's the rub; some 'understanding' is necessary, if only to possess their Key. If Your recipient has a Public Key for either PGP/GPG or x.509 [S/MIME] then the assumption must be made that They also have the skills & ability to Decrypt messages sent to them. Additionally, do not use PGP/MIME with any recipient until You have verified with Them that their MUA [Mail Client] can handle this format. Some can but many can't. Using Enigmail You may rest assured that Your MUA _can_ handle PGP/MIME. Standardization? Well, other than Outlook 97 I have not seen any MUA that cannot Encrypt/Decrypt using S/MIME. [PKI x.509] In order to utilize OpenPGP most MUA's will require the installation of any OpenPGP [PGP, GPG] Application, a GUI for the PGP/GPG App or familiarity with Command Line operations] & a basic understanding of "how things work." HTH JOHN ;) Timestamp: Sunday 26 Apr 2009, 08:03 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ9E2kAAoJEBCGy9eAtCsPqgwIAIT3glNA5bldywvfPo/VS1jJ jUkm4zjtVy1I0NUzEJlw5d9gXj60MoDTeIsU6KuyCUU8bq46lrXdj3s7bQ22XIL/ BUXa+Z+RXm4xnkB/hnRg48PoiIaOCmBWTdPuISsFGdho/043W7PI6GZ4p1RZQX+P w/oQAbkxCTOV8O5LKm8xnQNZhcQpKHiMOSE97e03Z+0WwtSYHfOxlb+3KsFknOP2 EnFd/GFPKrSAA1qmFHCaEh4S8IHcop4xxXLsCUFyxCCLcWhy0o5Ldob8bQ3aHMmv 93OYvPpREelmb65E/nJrTV+P/mmBqgzgHlsFWw/Y69phpCmNKyV7EDrYW2G+eT0= =zE0m -----END PGP SIGNATURE----- From darylstyrk at gmail.com Mon Apr 27 12:24:35 2009 From: darylstyrk at gmail.com (Daryl Styrk) Date: Mon, 27 Apr 2009 15:24:35 -0400 Subject: [Enigmail] signing test followed by an encryption test Message-ID: <20090427192435.GC17722@t61.daryl.homelinux.net> Thanks in advance. -- Daryl Styrk Naples, FL USA -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: From John at Mozilla-Enigmail.org Mon Apr 27 12:30:00 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Mon, 27 Apr 2009 14:30:00 -0500 Subject: [Enigmail] signing test followed by an encryption test In-Reply-To: <20090427192435.GC17722@t61.daryl.homelinux.net> References: <20090427192435.GC17722@t61.daryl.homelinux.net> Message-ID: <49F607B8.3060304@Mozilla-Enigmail.org> Daryl Styrk wrote: > Thanks in advance. OpenPGP Security Info UNTRUSTED Good signature from Daryl Styrk Key ID: 0x6F02CEB8 / Signed on: 4/27/2009 14:24 Key fingerprint: 5E2D 1801 DF88 92A3 F0BB 8C99 E9B6 8185 6F02 CEB8 -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 678 bytes Desc: OpenPGP digital signature URL: From andy.ruddock at rainydayz.org Wed Apr 29 06:17:08 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Wed, 29 Apr 2009 15:17:08 +0200 Subject: [Enigmail] Setting trust levels for unknown keys Message-ID: <49F85354.5050009@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I receive quite a bit of signed mail via mailing lists to which I'm subscribed. I download keys for many of these and have a question regarding the trust settings to apply for these keys. In the OpenPGP Kay Management window I select a new keys and right-click and select "Set Owner Trust", which gives me five options, the first two of which are "I don't know" and "I do NOT trust". For these unknown keys I generally select "I don't know", but I could also choose "I do NOT trust" as I have no knowledge of the person or how the key was generated or is used. The "I do NOT trust" option seems, to me, to be negative. If a scale were to be drawn it seems to me that the "I don't know" option" would be at the origin, with "I do NOT trust" at -1 and the other options at +1 and above. I wonder how other people use these settings. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4U1AACgkQfSkWkaYi1FK1wgCgtgWaNqCXgjBLZzolBakGplDW g/8AoKuU3h75AGrZtjAaNCMh8N5RQdSo =KkEJ -----END PGP SIGNATURE----- From olav at mozilla-enigmail.org Wed Apr 29 07:17:22 2009 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Wed, 29 Apr 2009 16:17:22 +0200 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F85354.5050009@rainydayz.org> References: <49F85354.5050009@rainydayz.org> Message-ID: <49F86172.1060309@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Andy, > The "I do NOT trust" option seems, to me, to be negative. If a scale > were to be drawn it seems to me that the "I don't know" option" would be > at the origin, with "I do NOT trust" at -1 and the other options at +1 > and above. I do NOT trust seemst to be intended to mark forged keys. GnuPG 1.4.9 -> \g10\pkclist.c -> check_signatures_trust() : case TRUST_NEVER: /* currently we won't get that status */ write_status( STATUS_TRUST_NEVER ); log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_(" The signature is probably a FORGERY.\n")); if (opt.with_fingerprint) print_fingerprint (pk, NULL, 1); rc = G10ERR_BAD_SIGN; break; Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkn4YXEACgkQL/NBt8fdKe3+9wCgwqkHuGV+RKrs2LepVNizN8ny vxsAnjVlRMdeVJYz304jf41BN/cX06SQ =+bk2 -----END PGP SIGNATURE----- From rb63 at xs4all.nl Wed Apr 29 07:28:57 2009 From: rb63 at xs4all.nl (rb63 at xs4all.nl) Date: Wed, 29 Apr 2009 14:28:57 +0000 Subject: [Enigmail] GEACCEPTEERD: Setting trust levels for unknown keys Message-ID: <200904291429.n3TETnAq078164@smtp-vbr19.xs4all.nl> ----Origineel bericht---- Van: Andy Ruddock Verzonden: 29-04-2009 15:17:08 Aan: Enigmail user discussion list Onderw.: [Enigmail] Setting trust levels for unknown keys -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I receive quite a bit of signed mail via mailing lists to which I'm subscribed. I download keys for many of these and have a question regarding the trust settings to apply for these keys. In the OpenPGP Kay Management window I select a new keys and right-click and select "Set Owner Trust", which gives me five options, the first two of which are "I don't know" and "I do NOT trust". For these unknown keys I generally select "I don't know", but I could also choose "I do NOT trust" as I have no knowledge of the person or how the key was generated or is used. The "I do NOT trust" option seems, to me, to be negative. If a scale were to be drawn it seems to me that the "I don't know" option" would be at the origin, with "I do NOT trust" at -1 and the other options at +1 and above. I wonder how other people use these settings. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4U1AACgkQfSkWkaYi1FK1wgCgtgWaNqCXgjBLZzolBakGplDW g/8AoKuU3h75AGrZtjAaNCMh8N5RQdSo =KkEJ -----END PGP SIGNATURE----- _______________________________________________ Enigmail mailing list Enigmail at mozdev.org https://www.mozdev.org/mailman/listinfo/enigmail From John at Mozilla-Enigmail.org Wed Apr 29 09:22:29 2009 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 29 Apr 2009 11:22:29 -0500 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F85354.5050009@rainydayz.org> References: <49F85354.5050009@rainydayz.org> Message-ID: <49F87EC5.8080600@Mozilla-Enigmail.org> Andy Ruddock wrote: > In the OpenPGP Kay Management window I select a new keys and right-click > and select "Set Owner Trust", which gives me five options, the first two > of which are "I don't know" and "I do NOT trust". > > For these unknown keys I generally select "I don't know", but I could > also choose "I do NOT trust" as I have no knowledge of the person or how > the key was generated or is used. > The "I do NOT trust" option seems, to me, to be negative. If a scale > were to be drawn it seems to me that the "I don't know" option" would be > at the origin, with "I do NOT trust" at -1 and the other options at +1 > and above. > > I wonder how other people use these settings. If I don't know the purported key owner I select "I don't know." "Don't know" is the zero option in this case. It's neutral. As Olav pointed out, "I do NOT trust." is for keys that should NEVER be trusted. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 678 bytes Desc: OpenPGP digital signature URL: From allen.schultz at gmail.com Wed Apr 29 11:43:48 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Wed, 29 Apr 2009 12:43:48 -0600 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F87EC5.8080600@Mozilla-Enigmail.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> Message-ID: <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> On Wed, Apr 29, 2009 at 10:22 AM, John Clizbe wrote: > If I don't know the purported key owner I select "I don't know." > > "Don't know" is the zero option in this case. It's neutral. > > As Olav pointed out, "I do NOT trust." is for keys that should NEVER be > trusted. Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign it as it is a Certificate Authority. Then you may download a few or all of the GSIntroducers how have verified and signed other keys. Once I have done this, over half of my corespondants became Trusted. Allen From rjh at sixdemonbag.org Wed Apr 29 13:33:23 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 29 Apr 2009 16:33:23 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> Message-ID: <49F8B993.6000008@sixdemonbag.org> Allen Schultz wrote: > Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign > it as it is a Certificate Authority. This handwaves the question, though, of _why_ you're choosing to trust CAcert.org. I have no evidence CAcert.org is untrustworthy. At the same time, it's not like they've ever bought me a beer, either. From andy.ruddock at rainydayz.org Wed Apr 29 13:44:23 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Wed, 29 Apr 2009 22:44:23 +0200 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F87EC5.8080600@Mozilla-Enigmail.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> Message-ID: <49F8BC27.2090206@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Clizbe wrote: > Andy Ruddock wrote: >> In the OpenPGP Kay Management window I select a new keys and >> right-click and select "Set Owner Trust", which gives me five >> options, the first two of which are "I don't know" and "I do NOT >> trust". >> >> For these unknown keys I generally select "I don't know", but I >> could also choose "I do NOT trust" as I have no knowledge of the >> person or how the key was generated or is used. The "I do NOT >> trust" option seems, to me, to be negative. If a scale were to be >> drawn it seems to me that the "I don't know" option" would be at >> the origin, with "I do NOT trust" at -1 and the other options at +1 >> and above. >> >> I wonder how other people use these settings. > > If I don't know the purported key owner I select "I don't know." > > "Don't know" is the zero option in this case. It's neutral. > > As Olav pointed out, "I do NOT trust." is for keys that should NEVER > be trusted. That's as I understood it - maybe the text should be a little stronger, actually saying something along the lines of "Untrustworthy or known to be bad" - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4vCIACgkQfSkWkaYi1FIABwCeJBhkxO1ZnM8fS38j3Rl0kh5G nLYAoKLTZ9xODOxrB7v76uWI0SAHV/8q =6c/v -----END PGP SIGNATURE----- From andy.ruddock at rainydayz.org Wed Apr 29 13:46:00 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Wed, 29 Apr 2009 22:46:00 +0200 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F86172.1060309@mozilla-enigmail.org> References: <49F85354.5050009@rainydayz.org> <49F86172.1060309@mozilla-enigmail.org> Message-ID: <49F8BC88.8080200@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Olav Seyfarth wrote: > Hi Andy, > >> The "I do NOT trust" option seems, to me, to be negative. If a scale >> were to be drawn it seems to me that the "I don't know" option" would be >> at the origin, with "I do NOT trust" at -1 and the other options at +1 >> and above. > > I do NOT trust seemst to be intended to mark forged keys. > > GnuPG 1.4.9 -> \g10\pkclist.c -> check_signatures_trust() : > > case TRUST_NEVER: > /* currently we won't get that status */ > write_status( STATUS_TRUST_NEVER ); > log_info(_("WARNING: We do NOT trust this key!\n")); > log_info(_(" The signature is probably a FORGERY.\n")); > if (opt.with_fingerprint) > print_fingerprint (pk, NULL, 1); > rc = G10ERR_BAD_SIGN; > break; > > Olav Thanks, that clears it up for me. - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4vIQACgkQfSkWkaYi1FJc3wCdHvMEaqmOapR9C1oxRXRyr9uY puMAn0XlqJtygpbnD0bMl9oWQgxeieVh =+a3T -----END PGP SIGNATURE----- From andy.ruddock at rainydayz.org Wed Apr 29 13:50:56 2009 From: andy.ruddock at rainydayz.org (Andy Ruddock) Date: Wed, 29 Apr 2009 22:50:56 +0200 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8B993.6000008@sixdemonbag.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> Message-ID: <49F8BDB0.6080301@rainydayz.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen wrote: > Allen Schultz wrote: >> Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign >> it as it is a Certificate Authority. > > This handwaves the question, though, of _why_ you're choosing to trust > CAcert.org. > > I have no evidence CAcert.org is untrustworthy. At the same time, it's > not like they've ever bought me a beer, either. > Good point, what does it take to promote a key to "trust marginally", and from there to "trust fully". For me, the only keys I have that I trust ultimately are those I generated myself. Other members of the family have keys which I trust fully. A few keys came from colleagues which I can "trust marginally", but almost all the keys I have are "don't know". - -- Andy Ruddock - ------------ andy.ruddock at rainydayz.org (GPG Key ID 0xA622D452) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4vasACgkQfSkWkaYi1FKf+wCeOZc8d18BVZ2wQHzGJNuq6pwo RAAAmgLSq0WkGZcEmirAbt2oX3kRsCFu =Eb/X -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Apr 29 14:12:59 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 29 Apr 2009 17:12:59 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8B993.6000008@sixdemonbag.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> Message-ID: <49F8C2DB.7000100@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribi?: ... > This handwaves the question, though, of _why_ you're choosing to trust > CAcert.org. > > I have no evidence CAcert.org is untrustworthy. At the same time, it's > not like they've ever bought me a beer, either. Right, it's indeed a very good question. Leaving aside it is always a personal decision to trust or not a key or CA, CAcert is based on the OpenSource philosophy, and that means their policies and procedures are available to be checked by everybody. So maybe a level 2 signature (informal checking) is not a bad idea at all (but again, that's a personal decision). IIRC, that's the kind of signatures CAcert issue, even to their Assurers (which have had their identities checked by at least 3 different persons). I'd say there are no reasons to trust CAcert less than thawte free email certificates, since both are based in the same kind of identity verifications. Of course, maybe you wouldn't trust Thawte too, and I know you have the right to do that. It is still a good idea to have a trusted third party that can issue signatures, so we can trust people we have never seen face to face (by trust I'm meaning, "trusting a bit more than without any proof of identity". As an example, when I download GPGShell, I can check the signature of the file against the author's public key, but since that key is not signed by anybody I have seen face to face, I can never know if it has been hacked or not (the workaround is I have had that key in my keyring for about 1 year, so it's likely the author would notice if somebody is impersonating him, in that time). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+MLbAAoJEMV4f6PvczxA3OcH/ig5+gOMXhtkIjGOiHevWWz+ opAmF8n2iI9pMnjMv5v87Wa2GnSs1Db3zEW0xjVvAgIQgDQ9Qu6oaop43cVfPy5C rLV8lUovT6MKg+JkuxTNTNamVrSEwM8O/KyTbGF/0A0TEMB+LRlF+b1QY5JUxpRq WSc1Xi79q8+jeToNlaFsT4kluds/cbUM3phvEDPgM+mpG7c6jdVL1IHYYoM1hckk grXXwblJ6AKq+594zkSqDTy024mNdXyOjYVvxqjzX+31rsmRWY1h9BBVIA9obb1X XHe3KsweZbDxN//s9Bccbtr1oRN+cdeWnCi7y40u4zwAiMUdsPT/tHdKV1ZjIZs= =ZODB -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Wed Apr 29 14:21:40 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 29 Apr 2009 17:21:40 -0400 Subject: [Enigmail] ownertrust vs. calculated validity [was: Re: Setting trust levels for unknown keys] In-Reply-To: <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> Message-ID: <49F8C4E4.10507@fifthhorseman.net> On 04/29/2009 02:43 PM, Allen Schultz wrote: > Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign > it as it is a Certificate Authority. Then you may download a few or > all of the GSIntroducers how have verified and signed other keys. Once > I have done this, over half of my corespondants became Trusted. Sorry to nit-pick here, but this terminology is pretty confusing, and i think we owe it to ourselves to be clear. There are (at least) two concepts that are being conflated into the term "trust", which i'll try to distinguish. * One thing people mean by "Trust" is probably better called "Calculated Validity" This answers the question "Do i believe that the key (e.g. 0x12ABCD34) used here actually belongs to the User ID (e.g. "Joe Smith ") that it claims to belong to?" People often call this "trust" in the context of a signed message because having full calculated validity to a given User ID lets you be sure that a message signed by the associated key actually was written by the person to whom the User ID refers. Enigmail currently says "Good Signature from Joe Smith with key ID 0x12ABCD34" in green, when there is full calculated validity. This is good. But when there is not full calculated validity, it simply prefixes the message with "UNTRUSTED". Instead, it should say something like "OK Signature by Key 0x12ABCD34, which may or may not belong to Joe Smith ". Maybe it should also use some other color in this case. * The other thing that people mean by "Trust" is the OpenPGP concept of "ownertrust". This answers the question "Do I expect the holder of this key to make responsible certifications of other Keys and User IDs?" That is, if you grant full ownertrust to key 0x12345678, whoever holds the secret part of that key can make a certification which binds another key (0x12ABCD34) to its associated User ID ("Joe Smith "). Because of the grant of ownertrust, you can now calculate full validity on the binding between "Joe Smith " and key 0x12ABCD34, even though you've never met Joe in person and exchanged fingerprints. The UI that the original poster is asking about relates to ownertrust, not to calculated validity, and is therefore *not* directly unrelated to the "UNTRUSTED" label applied in the message view pane. If enigmail (and other OpenPGP tools could stop using the word "trust" altogether, i think it would be a good thing, since the word is so confused/confusing/ambiguous due to its multiple meanings. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Wed Apr 29 14:27:26 2009 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 29 Apr 2009 17:27:26 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C2DB.7000100@gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> Message-ID: <49F8C63E.1010907@sixdemonbag.org> Faramir wrote: > Right, it's indeed a very good question. Leaving aside it is always a > personal decision to trust or not a key or CA, CAcert is based on the > OpenSource philosophy, and that means their policies and procedures are > available to be checked by everybody. Their policies and procedures are one thing -- but how do you know that the policies and procedures they list are the same as what they actually _do_? When I'm teaching software engineering, I present the students with a hypothetical question involving a database system that's written entirely in RavenSPARK, with formal correctness proofs, a stackload of documentation explaining the design from conception to delivery, lifecycle diagrams, UML, the whole nine yards. This database system is great and it's bug-free. I tell them I have not lied to them in any detail about any component of this database system. It really is that good. Should they recommend their client deploy it? They always say yes. Then I ask them what they will tell the family of the dead Air Force pilot when he goes to pull his ejection seat and his seat's ballistic computer goes off and performs 250,000 SQL queries per second instead of actually firing the pilot out of the cockpit the way it's supposed to. The moral of the story is that even if something is developed _perfectly_, it can still be totally unsuitable for the purposes to which it is being deployed in the field. There is no substitute for getting on-the-ground knowledge of how your product will be used, in what environment, by what users, for what purposes. Without that, you're putting a lot of trust in some pieces of paper written by some schmuck who probably doesn't understand the problem at all. There is no substitute for direct on-the-ground knowledge. If you're cool with trusting CAcert without this, that's your call to make: but I don't think impressive documentation, by itself, inspires much confidence. > Of course, maybe you wouldn't trust Thawte too, and I > know you have the right to do that. Thawte has more to lose by screwing up. Thawte's a business that has to keep customers happy or else they're out of business. CAcert, by its nature as an unpaid volunteer project, can afford to screw it up badly and still retain most of its users. It isn't so much that I think Thawte is more morally pure or virtuous or anything else. I think Thawte is less immune to the consequences of their actions, and I further think Thawte knows this. That tends to lead me to believe they're more suitable recipients of trust. From faramir.cl at gmail.com Wed Apr 29 14:27:00 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 29 Apr 2009 17:27:00 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8BDB0.6080301@rainydayz.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8BDB0.6080301@rainydayz.org> Message-ID: <49F8C624.7000308@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andy Ruddock escribi?: ... > Good point, what does it take to promote a key to "trust marginally", > and from there to "trust fully". Indeed, CAcert "trust marginally" the keys it signs. > For me, the only keys I have that I trust ultimately are those I > generated myself. Other members of the family have keys which I trust > fully. A few keys came from colleagues which I can "trust marginally", > but almost all the keys I have are "don't know". Same here, I just fully trust keys I have exchanged by hand in a face-to-face meeting, all the other keys are marginally trusted. But that's better than "don't know". I think (but that's just my opinion) that the idea behind the WoT is to be able to trust keys of people we have not had the chance to met face-to-face. Specially in the case of the keys of software developers. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+MYkAAoJEMV4f6PvczxAmiEIAJtWgMx0/QMSlLuV6gE5PLJm bQLPzwPAyKFCXO51Q0NJqZ6fBijlXgzGH07Oba1j/wdjRHBBdguSWzbw+eMaiCi2 iqnVnibDf5hRONdST+KA3k1KXbH+ZFNuX89rLDHLOE6ZNVsG8ve4Pi4RnKATd619 sCRxMP9cCVY/Ig2mGxIm4RtCuZFusaDXCrI/kc31zqNBJ4fJ+KI/oUbBOyzV6+sT 4fkI2TvvuOpgj1k176av08mb6Kpb8hedwQ9xZXjIirxyoZhCER2/qGNInmrW0ZF8 78+dY9/UNbyrBTXrXkhQNEIlXicd/jXan2r+yytDm2n1BiZHM+3dCaHYFTA2OiQ= =reFx -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Wed Apr 29 14:38:36 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 29 Apr 2009 17:38:36 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C624.7000308@gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8BDB0.6080301@rainydayz.org> <49F8C624.7000308@gmail.com> Message-ID: <49F8C8DC.50205@fifthhorseman.net> On 04/29/2009 05:27 PM, Faramir wrote: > I just fully trust keys I have exchanged by hand in a > face-to-face meeting, all the other keys are marginally trusted. But > that's better than "don't know". This strikes me as an example of the confusion between "calculated validity" and "ownertrust" that many OpenPGP tools encourage. Just because I've met "Eve L. Hacker" in person and verified her identity does *not* mean that i trust her to properly identify other people. Please do not blindly designate ownertrust simply because you've met someone face-to-face. We've all met malicious and/or incompetent people face-to-face. It's good to know who the person is ("calculated validity"), but you should need to know something about their skills, their presence of mind, their ethical code, and their resistance to shenanigans in general to decide to trust their certifications ("ownertrust"). Certainly, don't set ownertrust at all for keys to which you have no calculated validity. But you may also want to consider setting ownertrust on a key whose owner you have never met face-to-face in certain circumstances. For example: * you have full calculated validity to their key already through other connections in the WoT, and * this person has published their keysigning policy, and has an untarnished public record of holding true to it, and * their keysigning policy seems reasonable to you. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature URL: From allen.schultz at gmail.com Wed Apr 29 15:00:28 2009 From: allen.schultz at gmail.com (Allen Schultz) Date: Wed, 29 Apr 2009 16:00:28 -0600 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C8DC.50205@fifthhorseman.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8BDB0.6080301@rainydayz.org> <49F8C624.7000308@gmail.com> <49F8C8DC.50205@fifthhorseman.net> Message-ID: <3f34f8420904291500p666cc8e4i1b1a7d1f84baa44a@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Apr 29, 2009 at 3:38 PM, Daniel Kahn Gillmor wrote: > Please do not blindly designate ownertrust simply because you've met > someone face-to-face. We've all met malicious and/or incompetent people > face-to-face. It's good to know who the person is ("calculated > validity"), but you should need to know something about their skills, > their presence of mind, their ethical code, and their resistance to > shenanigans in general to decide to trust their certifications > ("ownertrust"). This could go for all Certificate Authorities, not just Thawte or CAcert who even issue SSL certificates for ssl verified https encryption for your security on the web as well. You the community will use issued certificates from CA companies for financial data online when you either need to or want to. When is it time to accept a CA? When they have legal backing to be fined by whatever government they're a corporation under? Can you trust any company out there? Even the one you work for as an employee to verify identy or trust in keysigning policies? Should we even have a 3rd party authority at all if this discussion is coming up with this level of heat/passion? Faramir and I, among others, have reviewed "said" policies and agreement (legal) documents with CAcert and Thawte have "personally" decided to trust them (under the context of legal consequence to the CA's) about their validity. Please read them when you get the chance. If you find that they have notorized someone that is false, they have a legal remorse policy that must be followed. Would you trust that? I did "not" mean to turn this into a heated discussion or flame war on the subject of trust. But I was merely pointing out that there are 3rd party organizations who have SSL certificate roots and GPG key roots for their personal WoT. You can either sign on with them through their policies and get notorized (verified identity) with them or set up your own WoT. Your personal choice as Faramir keeps stating on this issue. Allen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.72 iEYEARECAAYFAkn4zf0ACgkQV5r3Eu55xjZC0ACfe51RzOMbcih5P+MHYpNA05U4 LJAAnREXeoC25g+86euG0cB9wP5xG8DE =IMp0 -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Wed Apr 29 15:49:33 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 29 Apr 2009 18:49:33 -0400 Subject: [Enigmail] ownertrust vs. calculated validity [was: Re: Setting trust levels for unknown keys] In-Reply-To: <49F8C4E4.10507@fifthhorseman.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8C4E4.10507@fifthhorseman.net> Message-ID: <49F8D97D.1080204@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Kahn Gillmor wrote: > Enigmail currently says "Good Signature from Joe Smith > with key ID 0x12ABCD34" in green, when there is full calculated > validity. This is good. But when there is not full calculated > validity, it simply prefixes the message with "UNTRUSTED". Instead, it > should say something like "OK Signature by Key 0x12ABCD34, which may or > may not belong to Joe Smith ". Maybe it should also > use some other color in this case. 1st: Enigmail _does_ use another color; Blue. 2nd: The terminology of Good/Bad, Trusted/Untrusted as they apply to Sigs has been debated ad infinitum but the bottom line is that it doesn't really matter what word is used; due to the disparities in knowledge levels regarding what information is actually being conveyed whatever word is chosen to be used there will be confusion. The words Trust & Valid are so subjective as to be as difficult to universally define as herding cats. :-\ Everyone's Trust Model is different and unique. Individual Users must determine how the information conveyed by GnuPG 'fits' their criteria and the most beneficial interpretation. - From My perspective I would like to see Enigmail able to easily assign Trust Signatures wherein the Depth of Trust can be strictly specified. Due to the paucity of Frontends for GPG available for Linux I feel this would make Enigmail a more useful and valuable instrument for casual Users and the more Experienced User. Even PGP incorporates the ability to make Trusted Introducer [Black Pencil] Signatures in their GUI. Most PGP Users are unaware how to access it and even less understand what the difference is between a Trust Signature and a 'Regular' exportable or local signature. :( JOHN ;) Timestamp: Wednesday 29 Apr 2009, 18:45 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+Nl6AAoJEBCGy9eAtCsPM7YH/j4CBTSZwsxFDTOibQHhLglO WTDXKhROQPB/JYgAUl1VXPp6lLR9CvuXIJFWxPnmA9GKjju2qeGltC+f+Pk4DdT1 mF0xFdsHDjvOWoBBNIHXs7HFjD0FztBnmyXuk0em0BMYvTlQHHFo1HEReLNSxN5a tSb4uRv7Oto++UUP1QkRUDufJbARaa+8BUqe1MUZerADxtwArVXGXuZTxdvZThE4 ZHZhaWrUfMBpTpya8/COEXqae9TLa8Li3kRKmobbyDBy3FBHv+F1x4hBgqulXtN5 eEGCDAAsr6aPJYgxWP9jd8s79dqjGzzLYJHFVTiAgfCW/z7622S7SpWtgvD6+9U= =GITT -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Wed Apr 29 15:58:53 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 29 Apr 2009 18:58:53 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C8DC.50205@fifthhorseman.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8BDB0.6080301@rainydayz.org> <49F8C624.7000308@gmail.com> <49F8C8DC.50205@fifthhorseman.net> Message-ID: <49F8DBAD.3040905@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Kahn Gillmor wrote: > Just because I've met "Eve L. Hacker" in person and verified her > identity does *not* mean that i trust her to properly identify other people. > > Please do not blindly designate ownertrust simply because you've met > someone face-to-face. We've all met malicious and/or incompetent people > face-to-face. It's good to know who the person is ("calculated > validity"), but you should need to know something about their skills, > their presence of mind, their ethical code, and their resistance to > shenanigans in general to decide to trust their certifications > ("ownertrust"). This is why during the making of a Trust Signature [tsign] You are asked both Questions: 1.) How carefully have You verified the ownership of this Key? 2.) How much do You trust this Key owner to properly verify the Keys They Sign? then comes Question 3: What Level/Depth of Trust do You wish to assign to this signature. When viewing a Trust Signature on a Key it is apparent how the Questions were answered. Whether the verification was performed face-to-face or whether a more casual method was used. [1st integer displayed] and the the 2nd integer indicates the Depth of Trust. Of course, this assumes that everyone is using the same numerical equivalence scale. :-\ GnuPG allows the use of 5 different Trust Models and can supply much information within a closed system of understanding but there is no Universal acceptance regarding what each bit of information means. JOHN ;) Timestamp: Wednesday 29 Apr 2009, 18:58 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+NusAAoJEBCGy9eAtCsPFNkH/RvVmiwe7oW1yzUV1y4iyLZP hyNfe+x8mWrPmhEirPpupJUTlhoZMasMxQPbkK1Hhe6uAPAuUO92tzJPYFccgXew cHstBVVqTUtOTA3fCK5nNA7kAjNCXPAZEcQloU+3sIHeJmCNKLSJIw1I0PNi88aC ejKPg/m+ZInRMqeGhSbLwvE8F8+xrPK9g9Bb/GSDyrxVmLLX66owGkQohaJJpFaj VjEOiBqKh1lvY3xmZFfn0S4SF1aSHuzzHleJsEaEm6L8Bdv2zLHoAXasQUk43b12 Yofx4pqJhKsUXXkykvIspC2L4OPJk6nqJHETJLXPgZvlRaKYiLOgEba+GBARyYA= =qqIg -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Apr 29 16:12:42 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 29 Apr 2009 19:12:42 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C63E.1010907@sixdemonbag.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> <49F8C63E.1010907@sixdemonbag.org> Message-ID: <49F8DEEA.8010008@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribi?: > Faramir wrote: >> Right, it's indeed a very good question. Leaving aside it is always a >> personal decision to trust or not a key or CA, CAcert is based on the >> OpenSource philosophy, and that means their policies and procedures are >> available to be checked by everybody. > > Their policies and procedures are one thing -- but how do you know that > the policies and procedures they list are the same as what they actually > _do_? Well... we can't know what any individual assurer is doing right now. But there is an external auditory in process right now, which was required by Mozilla to include their root certificate in Mozilla products. That means they have a lot to lose if something goes wrong, because we need it included by default in browsers to stop seeing the ugly "untrusted certificate" warnings... which become even more ugly after each release of browsers (right now, it's hard to bypass that warning, on some browsers). Also, CAcert Assurers are required to pass a test about how to do assurances, before gaining assurer status. New assurers had to pass it, and now, old assurers are required to pass it to retain their assurer status (there was a period to do the test, now, all assurers who didn't do it are blocked from assuring people until they pass it). For these reasons, I think CAcert has better trained assurers than Thawte, and also, since CAcert is required to show it is "secure", they need to be more careful than ever. In other hand, Thawte has a long tradition of working fine, and they have a big budget to pay to costumers if something goes wrong. And probably they solve the disputes using courts of justice, with highly trained lawyers and lengthy processes. CAcert solves the disputes using internal arbitration, which is supposed to be faster, and since they don't require lawyers, it's affordable by anyone. > There is no substitute for direct on-the-ground knowledge. If you're > cool with trusting CAcert without this, that's your call to make: but I > don't think impressive documentation, by itself, inspires much confidence. I forgot to mention I became an assurer on last december, and I am an active reader of support list and policy list, so I have seen how they cook their policies, and I can opine on their drafts if I feel I want to. Of course, I am not an expert on policies, and I have not written much on that list. But still, I don't have any idea about how is an assurer in New York doing his job... of course, I don't know how a Thawte Notary is doing his job in anywhere... >> Of course, maybe you wouldn't trust Thawte too, and I >> know you have the right to do that. > > Thawte has more to lose by screwing up. Thawte's a business that has to > keep customers happy or else they're out of business. CAcert, by its > nature as an unpaid volunteer project, can afford to screw it up badly > and still retain most of its users. Yes and no... Thawte has his brand name to protect them from minor mishaps, and a big wallet to solve problems, they won't be removed from browsers easily, while CAcert can't say the same. I get your point, but I don't share your point of view about Thawte Notaries being more trust worth than CAcert Assurers, after all, their are people too, and they have exactly the same chance of being caught cheating... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+N7qAAoJEMV4f6PvczxAcSsIAJEiLET0tBeqHvJIlBj/l/ga ZbsyV95/qzOvBDA3xpacEbFLFGYZeZuJSDg6ic7iufvXURGjDs+jabmTAMZz/kfP MGI+RQ9B+ZazfoqIU/Iz+fSXacJtgQMmRIvqGFxotbYg3bGVpD4oqEpjkgJrk/mJ NAR6pn7E5WntQEdmzgKe7zfXxb+OuP87QlEPGfuZAhLQY07SzZC2o9voK17fDq9e CWBVrVpWRFg9jlinPJtaNkVhrS4FVvqoXLtgCpAb40Mm33n/BkMylllBpNrvlj96 pzCUN8R1EwNyzIjRvlBU6+gHIgG3eC9SX+4AK6Sxxk+yu6madNOt9LcM/oiiOHs= =cC6a -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Apr 29 16:35:48 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 29 Apr 2009 19:35:48 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C8DC.50205@fifthhorseman.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8BDB0.6080301@rainydayz.org> <49F8C624.7000308@gmail.com> <49F8C8DC.50205@fifthhorseman.net> Message-ID: <49F8E454.8080908@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Daniel Kahn Gillmor escribi?: > On 04/29/2009 05:27 PM, Faramir wrote: >> I just fully trust keys I have exchanged by hand in a >> face-to-face meeting, all the other keys are marginally trusted. But >> that's better than "don't know". > This strikes me as an example of the confusion between "calculated > validity" and "ownertrust" that many OpenPGP tools encourage. Yes, I was talking about validity, not about trust in the signatures issued from those keys. > Just because I've met "Eve L. Hacker" in person and verified her > identity does *not* mean that i trust her to properly identify other people. No, but you can be reasonably secure about Eve L. Hacker being the owner of her key... > Certainly, don't set ownertrust at all for keys to which you have no > calculated validity. But you may also want to consider setting > ownertrust on a key whose owner you have never met face-to-face in > certain circumstances. For example: > > * you have full calculated validity to their key already through other > connections in the WoT, and Yes, that's was exactly what a I wanted to archive by "trusting" the signatures issued by CAcert, to be able to calculate validity of keys belonging to people I can't meet face-to-face. > * this person has published their keysigning policy, and has an > untarnished public record of holding true to it, and In the case of CAcert, they just sign keys of people who have had their identities check at least by 2 other members of CAcert Community, and only if the name and e-mail address in the UID matches the name which was on the government issued Photo-ID presented at the time of verifying the ID, and e-mails that have passed an email control challenge. > * their keysigning policy seems reasonable to you. In the case of CAcert, it does. I have never suggested trusting the signatures issued by keys signed by CAcert or by GSWoT. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+ORUAAoJEMV4f6PvczxAa/wH/jIxYIzi2+Kq0JuhuuyZuVyL BQruEnl6zCqra1rJKasw4x/WZK+E5VeZFUbtaM0cBRSejKZ14zeBCzYy5Vw+fDWH yNx1HHd9W7Vq87c2ygvZBmpkmXPKqiLaDDv4His0B+dyCDLFbHmz9xVJZFpAxiCb oXcjZSDIgO+n3/ZummMESL+v/O+QHtbWGrUvV8UYuKH8qD0GhlJJSkluFOA8FHAs oe0jtvpK7nOsPS6ECm2YYlIJSwRTK6Z8qEKFO/JHHldSREgE4i3g3bUrO3zOXhzP P0MmTzENjVs866K8o88ZsKc5JD4LuYYFQHIw4RmlpXE7o9JIc6zznaUHTVX+QGg= =wuMw -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Apr 29 17:39:41 2009 From: faramir.cl at gmail.com (Faramir) Date: Wed, 29 Apr 2009 20:39:41 -0400 Subject: [Enigmail] ownertrust vs. calculated validity [was: Re: Setting trust levels for unknown keys] In-Reply-To: <49F8D97D.1080204@bellsouth.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8C4E4.10507@fifthhorseman.net> <49F8D97D.1080204@bellsouth.net> Message-ID: <49F8F34D.2080802@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: ... > From My perspective I would like to see Enigmail able to easily assign > Trust Signatures wherein the Depth of Trust can be strictly specified. > Due to the paucity of Frontends for GPG available for Linux I feel this > would make Enigmail a more useful and valuable instrument for casual > Users and the more Experienced User. Even PGP incorporates the ability I Agree, and it should not be a lot more complex to implement than the standard signature, after all, it only changes the command from sign to tsign, and adds 1 parameter more. While Enigmail is, AFAIK, intended as a tool lo allow Thunderbird the usage of GPG, it already carries a key manager, which is very friendly to use. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+PNNAAoJEMV4f6PvczxAaogH/1+obvj+FfUeL69JihOV7I+B 6+fGpGLkeS5+cPyYUq9Ri7R0eJLzAOU1mw6lu+7MXQTR0ojPBz/8/EJtu1kQfe+F TG10MbOhH6t+tJV3uzbX9GOCTuBIpuqgVetZj5d4Tc/3CMXyjJt1+0qt7m5KLGi3 Azikc5AfJ/zs4nPAk30fvEiYBdFKp4z3NbyFm1rnB8Kj28dcxJjjiC7h/SzPf1ed Q2cDYzmvpB2IiQkrPOnIJ7E6dS3Ix1GuwgFjlfEM33BJTdcH18MDQusBSSJsz/5w wOsJg3TC5rkA2pQayB5/Tb7oRBHIAz2scF6InBya6IbhE9uESaURiA1pJrpbIVs= =dGOu -----END PGP SIGNATURE----- From 85.ayush2 at gmail.com Wed Apr 29 14:42:05 2009 From: 85.ayush2 at gmail.com (Ayush Sharma) Date: Thu, 30 Apr 2009 03:12:05 +0530 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C63E.1010907@sixdemonbag.org> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> <49F8C63E.1010907@sixdemonbag.org> Message-ID: <49F8C9AD.7060709@gmail.com> Hi Robert and everyone else!, Robert J. Hansen wrote: > Faramir wrote: >> > Their policies and procedures are one thing -- but how do you know that > the policies and procedures they list are the same as what they actually > _do_? > I have absolutely no idea about this stuff Robert (or shall I use Mr. Hansen?), but just asking, shouldn't CACert go through some kind of "stringent" (LOL) tests to ensure that it doesn't goof up down the road, something like it does "what it should" with a success rate more than some threshold limit, before it gets recognized by browsers as a trustworthy Root CA by default (and I guess that's why it's NOT accepted to date by firefox), while Thawte is. > When I'm teaching software engineering, I present the students with a > hypothetical question involving a database system that's written > entirely in RavenSPARK, Makes me remember an interesting anecdote that I will share later. ;) > > There is no substitute for direct on-the-ground knowledge. If you're > cool with trusting CAcert without this, that's your call to make: but I > don't think impressive documentation, by itself, inspires much confidence. words are dime a dozen, eh ;) Warm Regards to everyone, and wish everybody's cities are blessed with a s good a weather that we have here, -Ayush From hajo at hajo-kirchhoff.de Thu Apr 30 06:51:00 2009 From: hajo at hajo-kirchhoff.de (Hajo Kirchhoff) Date: Thu, 30 Apr 2009 15:51:00 +0200 Subject: [Enigmail] Encrypt newsposts Message-ID: <49F9ACC4.30500@hajo-kirchhoff.de> Hi all, I want to use enigmail to encrypt posts to a private news server. Presently enigmail complains: "Encrypted send operation aborted.\n\nThis message cannot be encrypted because there are newsgroup recipients." How can I disable this error message and have enigmail encrypt my post with the key(s) I specified in the rules before it gets posted to the news server? Yes, I know about public/private keys schemes and that it is unusual to use PGP for news. But I want to do it anyway, I know what I am doing and the PGP plugin for Outlook support(ed) this. What about enigmail? Is this feature intentionally disabled or just not implemented? Regards Hajo From dkg at fifthhorseman.net Thu Apr 30 10:40:17 2009 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 30 Apr 2009 13:40:17 -0400 Subject: [Enigmail] Encrypt newsposts In-Reply-To: <49F9ACC4.30500@hajo-kirchhoff.de> References: <49F9ACC4.30500@hajo-kirchhoff.de> Message-ID: <49F9E281.3020509@fifthhorseman.net> On 04/30/2009 09:51 AM, Hajo Kirchhoff wrote: > I want to use enigmail to encrypt posts to a private news server. > Presently enigmail complains: "Encrypted send operation aborted.\n\nThis > message cannot be encrypted because there are newsgroup recipients." I don't know about how enigmail might handle this, but i have a couple general questions about your approach here: To whom are you encrypting the message? enigmail tries to find a match for the recipient by scanning your keyring for a matching e-mail address. Since a newsgroup doesn't have an e-mail address to target, enigmail is likely to be confused. OpenPGP user IDs are traditionally RFC 2822 e-mail addresses, but that doesn't mean they can't be, say, newsgroup labels. Do you have a key with a User ID which matches the newsgroup name? does that UserID/key combo have full calculated validity according to the trust model you're using? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Thu Apr 30 10:58:18 2009 From: faramir.cl at gmail.com (Faramir) Date: Thu, 30 Apr 2009 13:58:18 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C9AD.7060709@gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> <49F8C63E.1010907@sixdemonbag.org> <49F8C9AD.7060709@gmail.com> Message-ID: <49F9E6BA.6020903@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ayush Sharma escribi?: > Hi Robert and everyone else!, > > Robert J. Hansen wrote: ... >> Their policies and procedures are one thing -- but how do you know that >> the policies and procedures they list are the same as what they actually >> _do_? >> > I have absolutely no idea about this stuff Robert (or shall I use Mr. > Hansen?), but just asking, shouldn't CACert go through some kind of > "stringent" (LOL) tests to ensure that it doesn't goof up down the road, > something like it does "what it should" with a success rate more than > some threshold limit, before it gets recognized by browsers as a > trustworthy Root CA by default (and I guess that's why it's NOT accepted > to date by firefox), while Thawte is. Yes, I think that's the point of the auditory in progress. However, IMHO, the weakest link will always be the need to rely on decentralized people to check identities of new members... but Thawte operates the same way (at that point, I don't refer to the centralized part of the processes), so... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+ea6AAoJEMV4f6PvczxAAOwH/AlfwQbjVePFOR+vGqsUrAR2 JNs0QLG/HbIn1oIlXmML1tc15b/8CiUwr5Wb2LEfyEG21zuMvSFSW+ZoMbsw1tQR 4IECYS+0cielsmXMamrDuMuiKlfSssi4bEO2oVRHrL/Lil3P7H/GLUKAiTkLnziP b+8EjcS/gb3ajV++Chk9h2ffpWGSQ9jV1MPyR/Rr5YIIjs4wOB9i0JS42QKY3Zml vbHUtUXJXXIRNuKVGadYitJZ0W3CJiVrwgIYMYOHt1wH7Tn4EBgUEfd71PBKX9yZ U7ZilQbcjLC0l0Cj8dNEOi94meCR6G/6jIrA/Qb5tuvgD1Cck6etw5GID6GQGHI= =Wp8T -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Thu Apr 30 11:53:06 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 30 Apr 2009 14:53:06 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F8C9AD.7060709@gmail.com> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> <49F8C63E.1010907@sixdemonbag.org> <49F8C9AD.7060709@gmail.com> Message-ID: <49F9F392.9070903@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ayush Sharma wrote: > I have absolutely no idea about this stuff Robert (or shall I use Mr. > Hansen?), but just asking, shouldn't CACert go through some kind of > "stringent" (LOL) tests to ensure that it doesn't goof up down the road, > something like it does "what it should" with a success rate more than > some threshold limit, before it gets recognized by browsers as a > trustworthy Root CA by default (and I guess that's why it's NOT accepted > to date by firefox), while Thawte is. An Audit is in progress at present. Thawte, VeriSign and Others are included because they pay a hefty inclusion fee. At least they do to M$. Most other Browsers available merely include the same ones that M$ does. Most likely the first Browser that will include CAcert will be those offered by Mozilla. JOHN ;) Timestamp: Thursday 30 Apr 2009, 14:52 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+fOQAAoJEBCGy9eAtCsPuewIAJkU803gwj4/EP5FOS0LKaZv m9K/1pL7UxOJQXrKMbBMZvVvEEItPhurNVgOY0O//vuvkQLl+Fz/ydJJJYqURbrV eSXnnjegvHwETzBkdmHTdZomlJcgGjfg5JvE/WhlC3ehUtG3tRIx3QbnD1D/fkZB ppZZj20s5AdC5TsYi2ARtar5VdEjbdH2s1MzJBOAXtoC9w+M2YPNvHLvIJ5ebEy4 DBzjHgC/GDbYkpHeG1wOqVQ3q8rzgOUxELRexgd8wIgLiLWoKd+CsnB9KmTE74y+ 8UWEP7QNHsjYIuaaOyhQG9hWtSQJS3w1lI+2drTponh8lDGcPVOE44zhC0QM514= =RSk8 -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Thu Apr 30 11:56:00 2009 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 30 Apr 2009 14:56:00 -0400 Subject: [Enigmail] Encrypt newsposts In-Reply-To: <49F9ACC4.30500@hajo-kirchhoff.de> References: <49F9ACC4.30500@hajo-kirchhoff.de> Message-ID: <49F9F440.6070904@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hajo Kirchhoff wrote: > Hi all, > I want to use enigmail to encrypt posts to a private news server. > Presently enigmail complains: "Encrypted send operation aborted.\n\nThis > message cannot be encrypted because there are newsgroup recipients." > > How can I disable this error message and have enigmail encrypt my post > with the key(s) I specified in the rules before it gets posted to the > news server? You can Inline Sign News Group posts but in order to encrypt them You will need the Public Key for every recipient or encrypt to only Your Key which will make it impossible for others to read. The 3rd option is for there to exist a Group Key shared by everyone receiving the News Group which may be Encrypted to and then each recipient can decrypt using the Group Key. :-\ JOHN ;) Timestamp: Thursday 30 Apr 2009, 14:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+fQ/AAoJEBCGy9eAtCsPvsMIAJvXqiCifORXRG1Xj++7zRB8 e4O485mZEmcd3apIuXKlnbic0PGCVfK5OdV3Xh4rx4QbLrOYct3RzfrjiA6L+485 b55ksE5NJmS/47MxufNOf8rS30vYNQQ1QDMLUlwvNliS00NAVdmbA+mi+CfAEwba +c9QsxJGwOk2y8RXnnlmmf2uzV7E7tef/pa10WPNBMp4wi81JrAlpfwpPhjhsv7w OuuCSFhG4iM3EWVUse+LoCt6ZTVua5QDyyQv/U8G+WbWBFCh5uoChWVPt6W+Toeb eQ7HO6AE9wRzLWDT7R7IZPeE9F2II5ZstKsJER4e7uXFq3r/JQ7B/rALiSUgfe8= =NCqX -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Apr 30 12:15:56 2009 From: faramir.cl at gmail.com (Faramir) Date: Thu, 30 Apr 2009 15:15:56 -0400 Subject: [Enigmail] Setting trust levels for unknown keys In-Reply-To: <49F9F392.9070903@bellsouth.net> References: <49F85354.5050009@rainydayz.org> <49F87EC5.8080600@Mozilla-Enigmail.org> <3f34f8420904291143u733cc36es314fbf70f7b5982e@mail.gmail.com> <49F8B993.6000008@sixdemonbag.org> <49F8C2DB.7000100@gmail.com> <49F8C63E.1010907@sixdemonbag.org> <49F8C9AD.7060709@gmail.com> <49F9F392.9070903@bellsouth.net> Message-ID: <49F9F8EC.1020803@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: ... > An Audit is in progress at present. Thawte, VeriSign and Others are > included because they pay a hefty inclusion fee. At least they do to > M$. Most other Browsers available merely include the same ones that M$ > does. Most likely the first Browser that will include CAcert will be > those offered by Mozilla. Oh, no, CAcert is not in that bad status, it's already included by default in at least 1 browser and in several OS... but I don't use none of them. The current list is available at: http://wiki.cacert.org/wiki/InclusionStatus Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+fjsAAoJEMV4f6PvczxAeVsH/RpfVbXUDRSTQ/nua9M34jZu rhnZtvTnfsDs5u7M6oQ1o3pZJMZrC65QYiVJkWez9Oqgf7Xh+ud3j/wRy/y7U50D iejW63xPGJ24Hspiq7s0bFIWxK0bjmhnU/fgceulBXvNoUd/M0cOYca3KPU9Zn1C eV1lGt/gF1bZ/ytCKmRyIh30/dlsNpNDZrEysBSLtZc4P5RFI76AxxQJZga9G9T4 5MvaRZrEQ5PbQ18rbbCtuFFzh6jiAwHmMpMVMYKYzQiYOWOKGUUF9COPunr8Htqs qqgSZ2zm45lan6+duMmy0QdofrZUia3Ap6FZEa1YNVOT2GuC70w6HgxmNF6ZHIE= =NGKF -----END PGP SIGNATURE----- From mailinglists at hajo-kirchhoff.de Thu Apr 30 23:22:16 2009 From: mailinglists at hajo-kirchhoff.de (mailinglists) Date: Fri, 01 May 2009 08:22:16 +0200 Subject: [Enigmail] Encrypt newsposts In-Reply-To: <49F9F440.6070904@bellsouth.net> References: <49F9ACC4.30500@hajo-kirchhoff.de> <49F9F440.6070904@bellsouth.net> Message-ID: <49FA9518.9090102@hajo-kirchhoff.de> Hi, thank you all, my problem is that enigmail refuses to encrypt posts. Actively refuses. I am using a shared public/private key and have set up identity and rules such that encrypting is active when posting to this particular newsgroup, say it's called rc.test Enigmail finds the rule but then refuses to continue. So it's not a matter of how to set up my keys, I (think I) already done that. It's just that enigmail detects a newsgroup address in the recipients and then prints this error and stops with this error message. >> Presently enigmail complains: "Encrypted send operation aborted.\n\nThis >> message cannot be encrypted because there are newsgroup recipients." > You can Inline Sign News Group posts but in order to encrypt them You > will need the Public Key for every recipient or encrypt to only Your Key > which will make it impossible for others to read. The 3rd option is for > there to exist a Group Key shared by everyone receiving the News Group > which may be Encrypted to and then each recipient can decrypt using the > Group Key. :-\ Thank you, I already did that. But enigmail refuses to inline encrypt my post. Regards Hajo