Quantcast

Suggested updates for the Privacy Handbook?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Suggested updates for the Privacy Handbook?

A.M. Kuchling
A few days ago I posted about making the GNU Privacy Handbook
available as a GitHub repository and converting it to org-mode.
(Repository URL: https://github.com/akuchling/gph/ )

Now that the conversion is close to complete, what updates/changes
does the Handbook need?  I'd like to hear suggestions.

There are certainly obvious updates to recommended key sizes, and we
should check that the various command lines are still correct.  But
are there larger revisions to make?  e.g. New topics that should be
added or ones that should be dropped, new usage best practices or
tools to suggest?

(You can read the text of the handbook at
<https://github.com/akuchling/gph/blob/akuchling-modernize/en/manual.org>.)

--amk

_______________________________________________
Gnupg-doc mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-doc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Suggested updates for the Privacy Handbook?

Werner Koch
On Wed, 16 Oct 2013 04:50, [hidden email] said:

> Now that the conversion is close to complete, what updates/changes
> does the Handbook need?  I'd like to hear suggestions.

First of all we need to get rid of the FDL.  That is something we can't
do ourself unless we want to backout the changes done after the
assignment so that Mike will be able to change it.

I'll write again to the FSF.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-doc mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-doc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Suggested updates for the Privacy Handbook?

mezzanine
In reply to this post by A.M. Kuchling
It would be useful for the GPH to specify whether it is referring to GPG2 or a version of GPG in the 1.x line, and it might also be useful to include slight coverage of the differences between the two. In addition, the following topics and issues should be considered:
* Phasing out SHA1 and MD5 hashing and moving from DSA to RSA keys (see https://www.debian-administration.org/users/dkg/weblog/48 for info.)
* Using frontends such as GPGTools for the MacOSX platform and GPG4win for the Windows platform.
* The limitations of GPG with regard to protecting against attacks against an end user's system.
* Obtaining and installing GPG (including verification of downloaded copies, if necessary.)

Other possible topics are:
* Migrating from the PGP product to GPG.
* Comparing OpenPGP and S/MIME.

Attached to this message is a Signatures.gif image file which should have a better appearance than the existing signatures.jpg image file. (At the time when the GPH was originally written, JPEG may have been preferable because of GIF being subject to licensing issues with LZW compression and support for PNG images being less widespread than it is now.)

Adjusting the license for the GPH so that it can (at minimum) be distributed under the terms of CC BY-SA 3.0 would be useful.

--Richard

_______________________________________________
Gnupg-doc mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-doc

Signatures.gif (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Suggested updates for the Privacy Handbook?

Werner Koch
On Fri, 18 Oct 2013 06:50, [hidden email] said:

> * Phasing out SHA1 and MD5 hashing and moving from DSA to RSA keys (see https://www.debian-administration.org/users/dkg/weblog/48 for info.)

FWIW, GnuPG used MD5 only for PGP2 compatibility.  From rfc-4880:

   Implementations MUST implement SHA-1.  Implementations MAY implement
   other algorithms.  MD5 is deprecated.

SHA-1 is is an important part of OpenPGP and used in ways which are
resistant against collision attacks.  Thus it is not easy to fade it
out.  A paragraph explaining why certain algorithms re used by default
does make sense; though.


> * Using frontends such as GPGTools for the MacOSX platform and GPG4win for the Windows platform.
> * The limitations of GPG with regard to protecting against attacks against an end user's system.

Yes, that is important for real world security.


Shalom-Salam,

   Werner


--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-doc mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-doc
Loading...