fsebugoutzone.org:9999

       Posts by duxsco@digitalcourage.social
 (DIR) Post #APNdcIzLeXvL9AdpLM by duxsco@digitalcourage.social
       2022-11-08T02:47:28Z
       
       0 likes, 0 repeats
       
       @freemo As DANE/CERT is obsolete in my eyes (https://dev.gnupg.org/T4618), I recommend WKD, if LDAP is out of the question for you. In contrast to a keyserver, the domain owner must play an active role in setting up WKD. This provides some kind of proof for the authenticity of the hosted public keys. Furthermore, 3rd party signatures are fetched over WKD, but not over HKPS (see: https://bugs.gentoo.org/878479). This allows for the setup of a centralised CA as done by the Gentoo Linux project (https://www.gentoo.org/glep/glep-0079.html). Here are some links that may provide some inspiration in this regard: https://youtu.be/RV1E_DjhCX0?t=1865 and https://sequoia-pgp.org/blog/2021/05/12/202105-hello-openpgp-ca/
       
 (DIR) Post #APQUuiLdmzMStheSX2 by duxsco@digitalcourage.social
       2022-11-09T11:53:56Z
       
       0 likes, 0 repeats
       
       @fsf You should update https://u.fsf.org/1df. The current default keyserver &quot;keyserver.ubuntu.com&quot; (see: &quot;man dirmngr&quot;) shouldn&#39;t be used, because it doesn&#39;t support WKD. You should go into the use of https://keys.openpgp.org/ and https://keys.mailvelope.com/ including e-mail verification which is often forgotten. Furthermore, the sks site you link (https://sks-keyservers.net/overview-of-pools.php) is dead.
       
 (DIR) Post #AQ4PjgSto3kerwfB8i by duxsco@digitalcourage.social
       2022-11-10T00:48:16Z
       
       0 likes, 0 repeats
       
       An die #AusweisApp2 Nutzer und an den @bsi, in dessen Auftrag der Dienst bereitgestellt wird:Importiert den public Key 0x5E5CCCB4A4BF43D7 von der Seite https://www.governikus.de/loesungen/produkte/open-pgp-schluessel/ mit dem Befehl &quot;gpg --weak-digest SHA1 --import ...&quot; und lasst euch überraschen 😉 Ist ja nicht so, dass das Problem unbekannt wäre...https://sha-mbles.github.iohttps://dev.gnupg.org/T4755https://heise.de/-4331048https://blog.bmarwell.de/2020/11/21/fixing-old-sha1-infested-openpgp-keys.htmlsowie:Abschnitt 1.5 undBemerkung 4.3 in [TR-02102-1] des #bsi (https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html)#gnupg #gpg #openpgp #pgp
       
 (DIR) Post #AQ4PjiJkv1cscAOuAK by duxsco@digitalcourage.social
       2022-11-10T01:36:00Z
       
       0 likes, 0 repeats
       
       Nichtsdestotrotz ist es ziemlich cool, dass das @bsi einen solchen Dienst anbieten lässt 👍
       
 (DIR) Post #AQ4PjligGoLXAL5Lvs by duxsco@digitalcourage.social
       2022-11-10T18:51:04Z
       
       0 likes, 0 repeats
       
       Eigentlich wäre es mit einem Re-sign des primary- und subkeys getan (siehe Heise Link und den verlinkten Blog Eintrag drunter).Man sollte aber das ganze Setup überdenken (IMHO). Beispielsweise benötigt der Key nur die &quot;cert&quot; Capability, besitzt jedoch zusätzlich die &quot;sign&quot; bzw. &quot;encrypt&quot; Capability. Zudem wird kein root und intermediate Key eingesetzt.Da die #CA in der jetzigen Form auf jeden Fall nicht der #Sicherheit zuträglich ist, sähe ich gerne den Revoke des alten Schlüssels und den Aufbau einer #CA nach Vorbild  https://www.gentoo.org/glep/glep-0079.html Vllt. könnte  @kuketzblog beim @bsi nachhaken 🙂
       
 (DIR) Post #ASpjI3cL0wGg9hkSKO by duxsco@digitalcourage.social
       2023-02-19T09:30:37Z
       
       1 likes, 0 repeats
       
       @nwalfield @kravietz yeah, WKD is the best. For revoked subkeys, I use HKPS in addition:https://github.com/duxsco/duxsco
       
 (DIR) Post #AWYTuj52SbNOQvZykq by duxsco@digitalcourage.social
       2023-06-10T17:25:16Z
       
       0 likes, 0 repeats
       
       @nitrokey Is the smartcard chip open, too?
       
 (DIR) Post #AjxMpSIDBgksmjTWPA by duxsco@digitalcourage.social
       2024-07-15T07:58:56Z
       
       0 likes, 0 repeats
       
       @itsfoss I don&#39;t like that @protonprivacy uses a tracker in their Android app.https://reports.exodus-privacy.eu.org/en/reports/ch.protonvpn.android/latest/#proton
       
 (DIR) Post #AlK68XGlj0gCwBuG0G by duxsco@digitalcourage.social
       2024-08-25T10:54:29Z
       
       0 likes, 0 repeats
       
       @RTP &gt; Translates into further war on encryption [...]lol, #telegram doesn&#39;t support end-to-end encryption for group chats. It supports it for chats between two individuals, though, but only if they opt-in.https://en.wikipedia.org/wiki/Telegram_(software)#Securityhttps://www.messenger-matrix.de/messenger-matrix-en.html
       
 (DIR) Post #AlM9ZLy8XJfTt3afpI by duxsco@digitalcourage.social
       2024-08-26T10:42:22Z
       
       0 likes, 0 repeats
       
       @RTP The problem with Telegram &quot;groups&quot; is that they can have up to 200.000 members. In my eyes, that&#39;s not a simple group anymore and goes in direction of social media. Whoever posts in such a large group can&#39;t expect their post to stay private, especially with Telegram group chat encryption not being possible. With the social media like nature of Telegram, it&#39;s no wonder that law enforcement tries to enforce moderation in order to combat fake news, hate speech and misinformation. In Germany, we have:https://en.wikipedia.org/wiki/Network_Enforcement_Act