Plan B - Who carries the torch?

>Yeah.  Less time worrying about how to make OpenPGP continue for>another twenty years, more time spent about how to make a next->generation cryptographic tool that will occupy the same space OpenPGP>did but will do it better and with more modern techniques.
I totally agree with you on that. Though I have no idea how to do it, I think in the midterm we need something totally new with modern crypto-technology, easy to use and lean. Like WireGuard for VPN or the modern messengers.
Unfortunately OpenPGP and S/MIME have not managed to conquer a broad public and sometimes even not to keep up with modern standards in the last twenty years.
Sorry for criticising without suggesting a solution.Karel

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-03 at 15:35 +0100, karel-v_g--- via Gnupg-users wrote:
> > Yeah.  Less time worrying about how to make OpenPGP continue
> > for>another twenty years, more time spent about how to make a next-
> > >generation cryptographic tool that will occupy the same space
> > OpenPGP>did but will do it better and with more modern techniques.
> I totally agree with you on that. Though I have no idea how to do it,
> I think in the midterm we need something totally new with modern
> crypto-technology, easy to use and lean. Like WireGuard for VPN or
> the modern messengers.

Changing OpenPGP standard to use a Quantum-resistant algorithm would be
"easy".

With really big quote marks in bold typeface. But simple in theory.


First, you would need a new public key algorithm resistant to the new
attack e.g. Quantum-resistant.

I don't think a new simmetric cipher would be needed, current AES
options should stand even in Quantumcalypsis.

Then, you will need to assign an algo id for the new algorithm and set
the way the parameters will be stored in the key. You get all
implementations to add support for that new algorithm (well, at least
all implementations used by people you care about).

Finally, every user will need to discard their now-useless keys,
generate new ones and rebuild the chain of turst from the ground up.


Right now, we don't even have the candidate on what such algorithm will
be. Hopefully, it will appear long before that Quantumcalypsis.
Then, getting one or two implementations to support it may be simple,
but the OpenPGP ecosystem is a very fossilized environment. We still
haven't reached broad ECC support. There are some implementations which
still don't support it at all. And in other cases the program would
support it, but the user happens to use an ancient version that they
didn't update for many years.


As for the need of creating new keys and rebuilding the WoT, that's
sadly a consequence of the way openpgp keys are structured. There's no
clean way to progressively migrate into a new asymmetric algorithm.
For symmetric ciphers you do that with multiple subkeys, but not for
asymmetric keys. Well, you _could_ do that, but either the main key
uses the new algorithm (and thus old clients wouldn't be able to use
the key, so no reason for adding a classic subkey) or if the main key
used a classic algorithm, that would be the key being attacked, so
there is still no point for that.
At most, you could use two separate keys, one using "new" and other
"classic" crypto, and use them selectively (depending on who you
communicate with) or in parallel (i.e. always signing everything with
both keys).
It would be nice to have a way to attach a new, modern, key to a
backwards-compatible key, but that seems hard to construct (the
fingerprint would *not* cover the new key, or otherwise, you would need
to (ab)use an ignored portion of the public key block).


Regards

Ángel



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 1/4/21 9:31 PM, ï¿œngel wrote:
> Finally, every user will need to discard their now-useless keys,
> generate new ones and rebuild the chain of turst from the ground up.

Building a web of trust is so hopeless, from my point of view, that I
have abandonned gnupg. I have made keys for myself, obtained enigmail
for my Firefox browser, etc. But those with whom I correspond by e-mail
has diminished to almost the vanishing point. They use text messages on
their cell phones, Facebook messages, etc. While a few worry about the
"CIA" snooping on them, none will consider gnupg and enigmail. So for
me, it is pointless.

--
   .~.  Jean-David Beyer
   /V\  Shrewsbury, New Jersey
  /( )\ Red Hat Enterprise Linux
  ^^-^^ up 4 days, 13 hours, 37 minutes


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 05, 2021 at 07:27:14AM -0500, Jean-David Beyer via Gnupg-users wrote:
I noticed your signature, so I must point out that RHEL and the Linux Kernel
development process rely heavily on GnuPG and the web of trust. Every time you
update packages on your system, large parts of the supply chain were verified
using GnuPG, relying on the integrity of the trust store shipped with RHEL.

So, you may not see it in your person-to-person communication, but you use
GnuPG every day.

-K

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 1/5/21 8:24 AM, Konstantin Ryabitsev wrote:
I sit corrected:

$ rpm -qf /usr/bin/gpg
gnupg2-2.2.9-1.el8.x86_64

I posted, not so much to criticize GnuPG as to criticize my associates
who talk security paranoia, but refuse to do anything about it. When all
is said and done, more is said than done. At least, with my associates.

--
   .~.  Jean-David Beyer
   /V\  Shrewsbury, New Jersey
  /( )\ Red Hat Enterprise Linux
  ^^-^^ up 4 days, 15 hours, 2 minutes


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue,  5 Jan 2021 07:27, Jean-David Beyer said:

> Building a web of trust is so hopeless, from my point of view, that I
> have abandonned gnupg. I have made keys for myself, obtained enigmail

Virtually nobody uses the WoT.  What people use are direct key
signatures.  That is you verify a key's owner and then sign that key.
Usually not even exportable.  Verification is often done by trust on
first use.  And that is okay for the majority of use cases.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, 2021-01-05 at 15:38 +0100, Werner Koch via Gnupg-users wrote:
> Virtually nobody uses the WoT...

Strangely, the Linux kernel folks still use it a decent amount.
They're the only large group I can think of offhand, though.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue,  5 Jan 2021 09:46, Robert J. Hansen said:

> Strangely, the Linux kernel folks still use it a decent amount.

There are indeed use cases for the WoT; in particular if you don't known
your co-worker.  However, in commerical or private settings the
communication patterns are different from the hacker community.


Salam-Shalom,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 5, 2021 at 3:44 PM Werner Koch via Gnupg-users
<[hidden email]> wrote:
Not sure I understand you correctly, but why are then SKS key servers
still in operation, which allows third parties to look up who signed
who's key and with what trust level and GnuPG's WoT support, compared
to sq and Hagrid?

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 05, 2021 at 09:46:01AM -0500, Robert J. Hansen via Gnupg-users wrote:
> On Tue, 2021-01-05 at 15:38 +0100, Werner Koch via Gnupg-users wrote:
> > Virtually nobody uses the WoT...
>
> Strangely, the Linux kernel folks still use it a decent amount.
> They're the only large group I can think of offhand, though.

Debian is much larger, though they've been moving away from the web of trust
based on keysigning and towards a scheme based around signed digital
documents (same idea, but certificates aren't bundled with keys themselves).

The use of WoT is not really that strange. WoT works better than most
alternatives in setups with decentralized infrastructure. While kernel.org
does act as a "certification authority" of sorts, we merely check and enforce
the web of trust before issuing accounts. Every step of the process is
transparent and can be verified, per this document:

https://korg.docs.kernel.org/pgpkeys.html

-K

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-05 Stefan Claas via Gnupg-users - [hidden email] wrote:
> ...     but why are then SKS key servers
> still in operation, which allows third parties to look up who signed
> who's key and with what trust level and GnuPG's WoT support, compared
> to sq and Hagrid?

The landscape has changed dramatically from the times when the
original PGP fundamentals were introduced. Today, for any secure
personal communication system to be of practical use, it must
be designed from the ground up observing the following simple
principle: *anonymity is the necessary condition of privacy*.



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> The landscape has changed dramatically from the times when the
> original PGP fundamentals were introduced. Today, for any secure
> personal communication system to be of practical use, it must
> be designed from the ground up observing the following simple
> principle: *anonymity is the necessary condition of privacy*.

This borders on ridiculous.

One of the problems we have in privacy discussions is there is no
single agreed-upon definition of privacy.  Privacy is defined by
culture, and unless we share a culture we're very unlikely to share a
privacy definition.

In the United States, the prevailing culture cares a lot more about
government's ability to learn things about me without a warrant than it
does about the ability of corporations or businesses.  And we also
believe that government limiting our ability to speak infringes on our
privacy: "why the hell is the government getting in my business if all
I'm doing is sharing true things with my buddy?"  Whereas in Europe,
right-to-be-forgotten laws, enforced by the government, are seen as
wins for privacy, in America they would be (a) blatantly unlawful and
(b) considered massive invasions of our privacy by the government.

In Europe it's a lot different.  There, the prevailing culture cares a
lot more about limiting the ability of businesses to learn things about
a person than with limiting the ability of governments.  The national
security exemption in the GDPR is big enough to drive a truck through:
it is so all-encompassing that I, as an American, look at the GDPR and
think it's a nightmare for privacy rights.

And, you know, *this is okay*.  Privacy is culturally defined.  Enjoy
your culture, accept or reject its definition of privacy as you like.
Just don't think that your culture's definition is somehow the only
one, or universally agreed-upon, or...

If there is no agreed-upon universal definition of privacy (and there
isn't), then any attempt to make sweeping statements like "anonymity is
a necessary condition of privacy" is just a bunch of freshman
Philosophy 101 crap that's entirely disconnected from the real world.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 5, 2021 at 9:05 PM <[hidden email]> wrote:
That the landscape has changed dramatically everyone will
(hopefully) agree and your phrase is perfectly fine, but I do not
consider GnuPG or OpenPGP apps as tools giving users anonymity.

What you say would fit more for a cross-platform OpenSource app
like Bitmessage, compared to PGP's or GnuPG's privacy philosophy.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 6, 2021 at 12:09 AM Stefan Claas
<[hidden email]> wrote:

> What you say would fit more for a cross-platform OpenSource app
> like Bitmessage, compared to PGP's or GnuPG's privacy philosophy.

Regarding Bitmessage and OpenPGP. There was an announcement
made last year about an Bitmessage OpenPGP chan, where people
can discuss all things around OpenPGP anonymously and globally.

I am a bit out of the loop regarding Bitmessage but here is the
address for interested parties:

OpenPGP
BM-2cU9MZTNKThqH9nDPycVaPGAduisN6Nnm1

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

12021/00/04 08:01.47 ನಲ್ಲಿ, [hidden email] ಬರೆದರು: That depends heavily on your threat model, though. For many people, the goal isn't to keep their identity safe from the people they're talking with. Rather, the goal is to keep the contents of their messages safe from _everyone else_ (including CIA, NSA, shitty governments, etc).

In many ways, security and anonymity are at odds, since if I can't easily verify that <x> is the person they claim to be, I have no way of knowing if I'm telling them stuff they shouldn't know. While there are ways to ensure confidentiality and integrity of the *communication channel* while preserving anonymity, there isn't really a way of ensuring the integrity of the *conversation* while preserving anonymity. Pretty much any way of properly resolving this dilemma requires de-anonymizing both participants, and then we're right back where we started.

If, instead, we acknowledge that most use cases require integrity of the communication channel *and* the conversation, then we can use common identifiers (like phone numbers) or (mostly) verifiable identities (like GPG keys hosted on WKD) to ensure the integrity of the conversation (I say mostly verifiable because there's always a chance the domain is compromised and the keys are replaced). Once anonymity isn't really as much of a concern, we get things like Signal, which is decidedly *not* anonymous (with the exception of using VOIP numbers to sign up) but is most assuredly private (they don't know what you're saying and neither does anyone else, apart from the people you're messaging).

Regards,

Chiraag
--
ಚಿರಾಗ್ ನಟರಾಜ್
Pronouns: he/him/his

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 05-01-2021 23:07, Robert J. Hansen via Gnupg-users wrote:

As always, it probably depends on who you have the most to fear from:
your government, corporations, or maybe someone else?

> In Europe it's a lot different.  There, the prevailing culture cares a
> lot more about limiting the ability of businesses to learn things about
> a person than with limiting the ability of governments.
That is changing. Now that governments are ourtsourcing censorship to
corporations in their struggle against unwelcome news (these days they
call that often "fake news" or "Russian propaganda" and voices are
getting stronger to censor unwelcome messages directly, recently
enhanced by protests against the covid measures, protection against the
government are getting more important in Europe as well. But that is not
yet much reflected in actual policies being made, mainly because those
policies are made by the very people we need protection against.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue,  5 Jan 2021 16:46, Stefan Claas said:

> Not sure I understand you correctly, but why are then SKS key servers
> still in operation, which allows third parties to look up who signed
> who's key and with what trust level and GnuPG's WoT support, compared

Because that is the base of the WoT and there a legitimate use cases for
this.  You might also want to learn on how the WoT works to see why the
keyservers don't carry any information on what you call "trust level"
and what we call "ownertrust".  Just in case you meant the signature
class (0x10..0x13 aka generic,persona,casual,positive) the default is
"generic" and you need to employ the --ask-cert-level option to change
the default on a key by key case.

Further, the plan is to replace the SKS software by hockeypuck on the
servers.  Thus the existing defaults are still good defaults.


Salam-Shalom,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue,  5 Jan 2021 17:07, Robert J. Hansen said:

> I'm doing is sharing true things with my buddy?"  Whereas in Europe,
> right-to-be-forgotten laws, enforced by the government, are seen as
> wins for privacy, in America they would be (a) blatantly unlawful and

I don't think that the right not to be listed prominently in search
results is related to privacy.  This ruling is more similar to rules
that you are not required to wear a badge that you spent some time in
jail or need to state this in your CV.

> In Europe it's a lot different.  There, the prevailing culture cares a
> lot more about limiting the ability of businesses to learn things about
> a person than with limiting the ability of governments.  The national

Like all over the world governments work on terminating all rules which
limit their power.  It seems to be a never-ending task to counter that.

Speaking of Germany: There are a lot of barriers between administrative
entities to share data - there is not even a central database of all
citizens.  There is no shared access between the databases of the police
and the spooks.  The spooks tried to tell us that it is okay to
eavesdrop as long as no German citizen is part of the communication but
courts declared such a workaround as illegal.  But yes, all these laws
and rulings wind up faster and faster :-(


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 6, 2021 at 3:00 PM Werner Koch <[hidden email]> wrote:
Thanks for the reply and clarifying.

> Further, the plan is to replace the SKS software by hockeypuck on the
> servers.  Thus the existing defaults are still good defaults.

Ah, interesting. You know, what would be cool if a hockeypuck testnet would
be run first, starting from zero, so that everybody interested in this
new keyserver
network can participate, like submitting their keys etc. and later it
get's transfered
to a mainnet without old useless keys, to have a fresh and clean database.

I guess even the most hardcore SKS fan would agree that this should be not
to much work for users, submitting only once their actual key(s) and
revoked keys.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

>This ruling is more similar to rules that you are not required to wear
>a badge that you spent some time in jail or need to state this in your CV.

It is a ruling that gives more power to the government, whatever the
"declared goal" actually is. The actual usage of this rule is to hide
blatant evidence of corruption of government officials from public
sources.


Werner Koch via Gnupg-users <[hidden email]> writes:


--
Vladimir Nikishkin (MiEr, lockywolf)
(Laptop)

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users