Re: gpg ca-cert-file=[which file???]

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Lee <ler762@gmail.com>
To: jhg@acm.org, Jim Garrison <jhg@jhmg.net>, cygwin@cygwin.com
Subject: Re: gpg ca-cert-file=[which file???]
Date: Sat, 15 Jul 2017 23:07:00 -0000	[thread overview]
Message-ID: <CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com> (raw)
In-Reply-To: <e0f5a752-c53d-492d-30d0-5bb1032a21a8@jhmg.net>

On 7/15/17, Jim Garrison wrote:
> On 7/15/2017 11:40 AM, Lee wrote:
>> It seems a bit silly to be downloading pgp keys 'in the clear', so
>> after a bit of searching I think I want
>>   keyserver hkps://whatever
>
> Public keys are intended to be public. Why do you think you need
> to encrypt them when downloading?

I had wireshark running when I got a new key via hpk:// and it was
straight http.  What does that open me up to?  I dunno, but it seems
like using TLS would be better than clear-text http.

So while I don't need to encrypt the public key when downloading, I do
want to have some confidence that the key I requested is the key I
got, that the server I specified is the server gpg was talking to,
that nothing was modified in transit, etc.


This is what got me started on the topic:
https://lists.torproject.org/pipermail/tor-project/2017-July/001289.html

What can I do to reduce the chances of getting a fake key?
 - keyid-format 0xlong
 - use hkps:// and check the cert (keyserver-options check-cert=on)
 - what else?

Regards,
Lee

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2017-07-15 20:34 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-15 19:04 Lee
2017-07-15 20:34 ` Jim Garrison via cygwin
2017-07-15 23:07   ` Lee [this message]
2017-07-16  4:56 ` René Berber
2017-07-16  5:14   ` Lee
2017-07-16  8:07     ` René Berber
2017-07-16 17:16       ` Lee
2017-07-16 21:07         ` René Berber
2017-07-17 13:40           ` Lee
2017-07-18 18:19             ` Lee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com' \
    --to=ler762@gmail.com \
    --cc=cygwin@cygwin.com \
    --cc=jhg@acm.org \
    --cc=jhg@jhmg.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).