-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On this whole point of Gnupg (gpg) and some of the issues with using it (and transitions etc), may I (well, I just will) recommend this, from sources I've compiled in a way that people seem to like and have found helpful: Crazy Strong: @gnupg "learn or die" in 2015 #31c3 All systems https://securityinabox.org/thunderbird_main See also http://futureboy.us/pgp.html#GettingStarted http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/ on twitter as: https://twitter.com/AnonyOdinn/status/550826144014934016 which has caused Gnupg / thunderbird / etc. awareness to reach 14,685 accounts that might otherwise not have seen it. based on an analysis from http://tweetreach.com/reports/12801475 Learn or die folks. but you may ask, what about the transitions? new machine? older key issues? proper use? getting stronger new key? etc. valid questions! which is what I am asking myself right now (since I have some old key issues that I am trying to work through and I didn't have good answers). fortunately, rysiek came to the rescue in a very timely way, and gave me permission to republish (rysiek's) statement which appears below: rysiek explains: GPG Key Transition: http://rys.io/en/147 Zmieniam klucz GPG: http://rys.io/pl/147 twitter: https://twitter.com/AnonyOdinn/status/552630836747456512 The instructions are very clear and helpful. (Thank you rysiek!) I'll be developing my own transition statement at some point soon using rysiek's page as a guide. Not sure of when, but rysiek's page will be my guide. Cathal Garvey:
So far, as far as I can see, you're not even inflicting PGP on us here, let alone your friends.
I did for a while, but then I moved hardware and didn't see any reason to set up PGP again. At best, it was a signal to people that I cared about security/privacy, at worst it was making everything I posted non-repudiable for no useful reason.
The fact that miniLock is authenticated but repudiable makes it a better bet for PGP-usecase purposes *anyway*, and my minilock ID is in my signature (again, had lapsed by accident) for people who want to use miniLock outside of peerio.
But, miniLock isn't (opportunistic pun) "turn-key", it requires launching, authenticating, dropping a file to encrypt, typing in a miniLock ID to encrypt to (encrypting to yourself probably makes it non-repudiable if someone acquires your private key, beware!), downloading the encrypted file, and then transmitting the encrypted file out-of-band.
Now, implementing Peerio server is something I endorse. If I weren't too busy, I'd investigate doing it myself, it looks like fun. If anyone does feel like it, they have miniLock for JS-based servers, and deadLock for Python-based servers (needs some work/bugfixes).
On 15/01/15 16:44, rysiek wrote:
Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
If the server code were open, how would you know the server was actually running that code anyway?
Not much. But it would allow others to run the server code and offer similar service, at the very least.
Having the protocol documented so thoroughly makes the task of writing an alternative server trivial if time-consuming. I'd obviously prefer the server were AGPL, and I hope someone will write an AGPL'd server and federation.
Of course. The "time-consuming" part is what bothers me. I *could* throw in an hour or two to set-up a peerio server had the code been available; I have absolutely *no way in hell* of throwing in days or weeks of work to implement their protocol.
For now though, the client is open source, the crypto doesn't suck, the UX is excellent, and the threat model is pretty transparent. I'm *never* going to inflict PGP on friends, but I'll happily inflict this on them.
So far, as far as I can see, you're not even inflicting PGP on us here, let alone your friends.
- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUuNWoAAoJEGxwq/inSG8Cww8H/1EwN1FZ9ghrvsNlf+BcfoO4 EGVz2zuT7fkz6zNUahf6VPHIWeYJszspEv3e6a9Kn7m9Hbt6YPPBc22o/aeadaFi jQjgj7dSfx5eYJbhw+fNANh4VLgpgxhqTn6rmkj+VuFveebYoFkAivGok7hX8B7r nO4jgAy9xq4jyw6ovWSpCkBfC7YemmZeYQbFtuxlTBHe4/RBbwG0xNukYvxfWZbM SA0a7RQTFXWN3r0YhPSbKGlsToyhdYK+f6wCqbzQQUpCmG7mZ+mk/VatV3dYsM84 OzIjrLzSHYM+0Ds9SG2X+PVsSkPjYlTQ3qWbRFgVrc3ypTDOjfUx+yXVngUN24Q= =6gAV -----END PGP SIGNATURE-----