From: Lee <ler762@gmail.com>
To: jhg@acm.org, Jim Garrison <jhg@jhmg.net>, cygwin@cygwin.com
Subject: Re: gpg ca-cert-file=[which file???]
Date: Sat, 15 Jul 2017 23:07:00 -0000 [thread overview]
Message-ID: <CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com> (raw)
In-Reply-To: <e0f5a752-c53d-492d-30d0-5bb1032a21a8@jhmg.net>
On 7/15/17, Jim Garrison wrote:
> On 7/15/2017 11:40 AM, Lee wrote:
>> It seems a bit silly to be downloading pgp keys 'in the clear', so
>> after a bit of searching I think I want
>> keyserver hkps://whatever
>
> Public keys are intended to be public. Why do you think you need
> to encrypt them when downloading?
I had wireshark running when I got a new key via hpk:// and it was
straight http. What does that open me up to? I dunno, but it seems
like using TLS would be better than clear-text http.
So while I don't need to encrypt the public key when downloading, I do
want to have some confidence that the key I requested is the key I
got, that the server I specified is the server gpg was talking to,
that nothing was modified in transit, etc.
This is what got me started on the topic:
https://lists.torproject.org/pipermail/tor-project/2017-July/001289.html
What can I do to reduce the chances of getting a fake key?
- keyid-format 0xlong
- use hkps:// and check the cert (keyserver-options check-cert=on)
- what else?
Regards,
Lee
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2017-07-15 20:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-15 19:04 Lee
2017-07-15 20:34 ` Jim Garrison via cygwin
2017-07-15 23:07 ` Lee [this message]
2017-07-16 4:56 ` René Berber
2017-07-16 5:14 ` Lee
2017-07-16 8:07 ` René Berber
2017-07-16 17:16 ` Lee
2017-07-16 21:07 ` René Berber
2017-07-17 13:40 ` Lee
2017-07-18 18:19 ` Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAD8GWstuD9KVF4svaoiNYuvFmB2=L9iyqFTSPj5gu8G=RCjAXA@mail.gmail.com' \
--to=ler762@gmail.com \
--cc=cygwin@cygwin.com \
--cc=jhg@acm.org \
--cc=jhg@jhmg.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).