Robert J. Hansen | 1 Jul 08:56 2006

Re: everything


> something out of the blues but i am really a greenhorn on this pgp  
> and gnupg thing . i have the pgp software downloaded already on my  
> system and i dont know much about it could someone or all pls tell  
> me all they know about it from there own point so to assist me .

I hate to give a nonconstructive answer, but the best way to begin-- 
in my opinion, at least--is to start by reading the documentation  
supplied with PGP.  It's fairly high-quality.  Then, if you run into  
anything you don't understand or would like explained more fully,  
come back and ask us about those things.

The PGP documentation is large--fifty pages or more, covering the  
subject in excellent depth for a layman.  Some of us on this list  
have the equivalent of five hundred pages or more of documentation  
lurking in our heads.  So asking us for "all we know about it from  
our own [view]point" is kind of impractical, I'm sorry to say.  :(

univalver | 1 Jul 11:20 2006
Picon

Re: _This_ amuses me.

--- In PGP-Basics <at> yahoogroups.com, "univalver" <univalver <at> ...> wrote:

> Well I've been playing with my Macbook for a couple of weeks now, and
> I can report that 
> 
> a) GnuPG installs and runs flawlessly as a Universal binary;
> b) PGP 8.1 installs and runs flawlessly as a PPC binary under Rosetta.
> c) PGP 9? Forget it.
> 
> 
> Just waiting on a MacGPG 1.4.4 release now.
>

Update - PGPDisk from PGP 8.1 seems to be flaky under Rosetta. Some
images just won't mount. I guess I'll stick to OS X's own encrypted
disk image functionality and use MacGPG for everything else.

______________________________________________________________
Archives:         http://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:     mailto:PGP-Basics-OT-subscribe <at> yahoogroups.com 
Marius Huse Jacobsen | 1 Jul 21:52 2006
Picon

Re: Time to abandon the WoT?


Robert J. Hansen wrote:

> That said, I think the Web of Trust is a pretty dumb idea to begin  
> with.  It's essentially a total failure, from a human-factors  
> perspective, and opens the door to some attacks that are arguably  
> even worse than the disease.
> 
> First, a question: can you remember the last time you used the Web of  
> Trust to decide whether you trusted a key or not?  I've been using  
> PGP for coming on 15 years now and I can tell you how many times I've  
> needed an introducer: zero.  Nada.  Never.  I know Randy Harmon, who  
> used to be the PGP Keyserver Administrator during the time PGP was  
> owned by Network Associates.  The last time I asked Randy about this,  
> he told me he'd never needed an introducer, either.  Hmm.  I wonder  
> if the entire Web of Trust isn't predicated on a false belief:  
> namely, that it matters.

The web of trust is a bad choice of name compared with what it actually
does. The name came from the original idea, which didn't work out; as
you pointed out.

If you consider the alternate hierarchical model, such as the one used
for ... certificates, there are a few at the top (that make how much
money off it?) that you are pretty much forced to trust. With OpenPGP,
you're allowed to choose.

In the "normal mode" there are no introducers; only direct signing.

Then, consider "group mode" which could apply for, say, 10 people and
(Continue reading)

Robert J. Hansen | 1 Jul 23:08 2006

Re: Time to abandon the WoT?


> If you consider the alternate hierarchical model, such as the one used
> for ... certificates, there are a few at the top (that make how much
> money off it?) that you are pretty much forced to trust. With OpenPGP,
> you're allowed to choose.

It's been remarked (with some accuracy) that the WoT is really a  
generalization of the X.509 hierarchy.  So yes, I buy this.

> The original idea failed for the reasons you outlined. But the tools
> made for those ideas work for a useful purpose. The name might not be
> too descriptive (it's a "web of hubs of trust") but should still be
> descriptive enough as long as you're not one of those who connect  
> to the
> "interweb". :D

It's not a web, though.

> (Put another way, does "web" mean "something internet-size", excluding
> even spiderwebs? Then you have a good reason to object to the name)

A web is nonhierarchial, wherein each node is considered equal.  The  
WoT is hierarchial.

A single node in the WoT is a mathematical tree, not a web.  If I  
were to be pedantic, I'd call the WoT the "trust forest" instead,  
because that's what it is--a set of independent trees.

PGP-Basics | 2 Jul 06:45 2006
Picon

File - Encryption_Help_Team.txt


The following Members of PGP-Basics have kindly offered to help new
Members who would like practise in sending and receiving encrypted
messages. If you would like to send encrypted messages to the Members
listed below, simply open PGPKeys and perform a search using the Key ID
numbers as a search criteria.

The List is in no particular order, so please peruse the List and choose
at random, or make a choice based either on PGP/Mail Client versions, or
the Member's Operating System if you like.

Remember that encrypted messages are encrypted *TO* a particular Public
Key, and that Public Key must be on your Public Key Ring. Once you
search for and find the Public Key of the Member you wish to write to,
simply import that Key onto your Public Key Ring. Then, when you go to
actually encrypt your messages, you will be presented with a "Key
Selection" Dialogue box: Scroll down the upper list until you come to
the Key you just imported. At that point, either double click on it, or
drag it to the lower frame in the "Key Selection" dialogue box. Don't
forget to set your PGP Options/General to "Always encrypt to default
key", as that will enable you to read the encrypted messages at a later
date if you so wish.

If you have any questions what so ever... run into any problems sending,
receiving or decrypting messages, please post them to the PGP-Basics
List so that we can assist you in resolving them. This is a very
generous offer on the part of these Members, so I hope most of you will
take advantage of it.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
(Continue reading)

PGP-Basics | 2 Jul 06:45 2006
Picon

File - List_Manual_rev(2004-10-17).txt


<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
                 PGP-BASICS LIST MANUAL ~ (rev2004-10-17)
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Hello, and welcome again to PGP-Basics. This "Manual" is a compilation of
PGP/GPG/Security related Web URL's, along with a listing of currently
available MUA's (Mail User Agents) or Mail Clients, for both the Windows,
MacIntosh and Linux Operating Systems. Individual Members of PGP-Basics
have kindly provided a brief accounting of their experiences with each
Mail Client listed, and more specifically, how PGP/GPG is implemented in
that Program.

Please take the time to read through the Listings, and do take advantage of
the URL's listed below, for they contain a wealth of information not only
specific to PGP/GPG, but to Internet Security in general.

                          <><><><><><><><><><><>
                            PGP RELATED LINKS
                          <><><><><><><><><><><>

1. *PGP Tutorial for Beginners*
http://www.pitt.edu/~poole/PGPintro.htm
~ courtesy of Bernard John Poole
~ courtesy of Dr. Netiva Caftori

Extremely well written tutorials on both PGP 6.5.8 and PGP 7.0.3. It was
designed to be used with PGP classes at the University of Northeastern
Illinois and University of Pittsburgh at Johnstown, PA.

(Continue reading)

PGP-Basics | 2 Jul 06:45 2006
Picon

File - PGP-Basics_Lists_Charter_rev(2001-06-04).txt


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
               PGP-BASICS LISTS CHARTER ~ (rev2001-06-04)
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

      Greetings List Members and a special "Welcome to our Newcomers"!

Please keep a copy of this message, as it contains important information
about the PGP-Basics Lists, as well as the Rules and Regulations that we
ask you to follow.

1. Lists Objectives
2. PGP-Basics Lists Internet Addresses
3. Lists Policies

This Charter has been digitally signed with the PGP-Basics Document
Release Key. To verify the digital signature on this document, please
download our PGP key in the Files section of our Web Page:

http://groups.yahoo.com/group/PGP-Basics/files/

..........................................................................

                         <><><><><><><><><><><>
                            Lists Objectives
                         <><><><><><><><><><><>

(Continue reading)

Pauline Roberts | 2 Jul 22:37 2006
Picon
Picon

Re: Help Team


Glad to see the "help team" has been updated at long last.  There were
names on previously that did not respond to requests of help. I am sure
this will benefit new users. Especially as I see some names I know well:-)

Skrefetz | 5 Jul 16:58 2006
Picon

deleting key rings off server

Hi all,

I have been trying to delete all my old key rings off the server. I am 
using PGP 6.58 . Most of my key rings have an expiration date a few do 
not. I have either lost or forgotten the pass phrases. The help menu 
is of little help.

Any suggestions?

______________________________________________________________
Archives:         http://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:     mailto:PGP-Basics-OT-subscribe <at> yahoogroups.com 
Robert J. Hansen | 5 Jul 21:05 2006

Re: deleting key rings off server


> I have been trying to delete all my old key rings off the server. I am
> using PGP 6.58 . Most of my key rings have an expiration date a few do
> not. I have either lost or forgotten the pass phrases. The help menu
> is of little help.
>
> Any suggestions?

If you could remove a key from the server without a passphrase, what  
would keep others from being able to remove anyone's key from the  
server without a passphrase?

There is no way to remove a key from the server, with or without a  
passphrase.


Gmane