Heya, It's hard for me to track this cause of my mental instability, but obviously preserving an archive of a state of this list is unaddressed. - archives scattered on a couple websites appear unhashed, unsigned and vulnerable to loss of the host - there are bittorrent-hashed archives on archive.org, but they may be deletable if the account that uploaded them is wrongly accessed. these contain signatures via a newer pgp key coderman's been emailing; is this key in the web of trust or verifiable in some other way? todo: check this obviously, ideally any archives would be stored in a distributed way without single biological or digital points of failure. i really care a lot about communication integrity, a care that has gone pretty poorly for me in my life, and i can get a little confused when trying to address the topic here. i hope if i am rude or asking too much or too difficult a presence for a person or community here, that somebody might let me know this, to help things. any thoughts?
Hi Karl, On Sun, Oct 24, 2021 at 2:46 PM Karl <gmkarl@gmail.com> wrote:
- archives scattered on a couple websites appear unhashed, unsigned and vulnerable to loss of the host
I must admit I do not understand what advantage a hashed or signed *new* archive has, created from an old archive, which might be later no longer available, for comparison. Another way to create new archives may be worth exploring, is IPFS (https://ipfs.io) in combination with a Bitcoin-based blockchain timestamping service (opentimestamps.org), which both are available for free. It would simply mean, that whoever creates an archive hashes the contained files, uses the hashsum file with the timestamping service and then uploads the archive, hashfile, and timestamp to IPFS. Regards Stefan
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Hi Karl,
On Sun, Oct 24, 2021 at 2:46 PM Karl <gmkarl@gmail.com> wrote:
- archives scattered on a couple websites appear unhashed, unsigned and vulnerable to loss of the host
I must admit I do not understand what advantage a hashed or signed *new* archive has, created from an old archive, which might be later no longer available, for comparison.
I'm also having trouble following you ... if it's hashed and signed with sufficient trust, isn't the comparison unneeded? Meanwhile, if it isn't, what is to prevent future mutations of the content of the old archive?
Another way to create new archives may be worth exploring, is IPFS (https://ipfs.io) in combination with a Bitcoin-based blockchain timestamping service (opentimestamps.org), which both are available for free.
IPFS deduplicates content which seems like it might be great for ongoing mailing list archival.
It would simply mean, that whoever creates an archive hashes the contained files, uses the hashsum file with the timestamping service and then uploads the archive, hashfile, and timestamp to IPFS.
This sounds like such a wonderful idea. What do you think of using the existing torrents until somebody pins content to ipfs?
Stefan,
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Another way to create new archives may be worth exploring, is IPFS (https://ipfs.io) in combination with a Bitcoin-based blockchain timestamping service (opentimestamps.org), which both are available for free.
It would simply mean, that whoever creates an archive hashes the contained files, uses the hashsum file with the timestamping service and then uploads the archive, hashfile, and timestamp to IPFS.
I'm looking through the source code of opentimestamps.org's protocol and I see that it adds a random nonce to its file hashes, to prevent content identification. I'm worried about this: doesn't it mean you need access to the associated verification file to verify a timestamp? I'm thinking on mutating the sourcefile to instead mark content with a public identifier, so people can compare history and see what copy was timestamped earlier. Not sure I'll get that far though.
Stefan, thank you for your helpful reply. Punk, hope you are well. Sorry I am bonkers and all.
Hi Karl, On Sun, Oct 24, 2021 at 7:58 PM Karl <gmkarl@gmail.com> wrote:
Stefan, thank you for your helpful reply.
Karl, I am sorry I took a nap and therefore could not reply earlier. To answer your questions. I wrote in my reply that one would upload the files, the hash sum file and the timestamp file, so that users wishing to know if the files were tampered with they simply drag and drop the timestamp file and the hash sum file into opentimestamps.org interface and see that the result is valid with the date the file was stamped. Regarding mutations. Since you have the date displayed and one would find another site with the same content he could not prove an earlier date than you, because the timestamp is in the blockchain. Regards Stefan
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Hi Karl,
On Sun, Oct 24, 2021 at 7:58 PM Karl <gmkarl@gmail.com> wrote:
Stefan, thank you for your helpful reply.
Karl, I am sorry I took a nap and therefore could not reply earlier.
To answer your questions. I wrote in my reply that one would upload the files, the hash sum file and the timestamp file, so that users wishing to know if the files were tampered with they simply drag and drop the timestamp file and the hash sum file into opentimestamps.org interface and see that the result is valid with the date the file was stamped.
Regarding mutations.
Since you have the date displayed and one would find another site with the same content he could not prove an earlier date than you, because the timestamp is in the blockchain.
Regards Stefan
Well if he can get the word out more than you in some way, he can make it look like he was first to those who don't find your file, since the blockchain doesn't reveal there was prior work. But it looks easy to fix via small change to the opentimestamp client code. Kudos to Germany, that's incredible stuff that the national id card has a pgp key in it, huge addition to the systems out there.
Hi Karl, If people would make it a habit to use for (important) stuff a timestamping service and let's say a digitally signed document refers to this fact it would be IMHO obvious that the original content provider was the first person in the blockchain, according to the provided timestamp file. Our ID-card has no pgp in it, but you can securely bind your public pgp key to your ID-card, so that third parties know that the name displayed in the UID of your pub key is the name in your ID-card. It is done in the following way. Our ID-cards have a RFID chip in with our details, which is then inserted into a card reader. You visit the Governikus website which asks for your ID-card and the card-reader and software on your computer checks this and the website knows than that it is me and ask for my pub key to be inserted. If the UID data matches with my ID-card my public key will be signed with a sig3. This has IMHO the advantage that you do not need a ton of WoT signatures and since Governikus is our official German pgp CA, people know then that it is me. In the whole procedure, your secret key is under your full control and never leaves your (offline) computer, or hardware token. Regards Stefan On Sun, Oct 24, 2021 at 9:48 PM Karl <gmkarl@gmail.com> wrote:
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Hi Karl,
On Sun, Oct 24, 2021 at 7:58 PM Karl <gmkarl@gmail.com> wrote:
Stefan, thank you for your helpful reply.
Karl, I am sorry I took a nap and therefore could not reply earlier.
To answer your questions. I wrote in my reply that one would upload the files, the hash sum file and the timestamp file, so that users wishing to know if the files were tampered with they simply drag and drop the timestamp file and the hash sum file into opentimestamps.org interface and see that the result is valid with the date the file was stamped.
Regarding mutations.
Since you have the date displayed and one would find another site with the same content he could not prove an earlier date than you, because the timestamp is in the blockchain.
Regards Stefan
Well if he can get the word out more than you in some way, he can make it look like he was first to those who don't find your file, since the blockchain doesn't reveal there was prior work. But it looks easy to fix via small change to the opentimestamp client code.
Kudos to Germany, that's incredible stuff that the national id card has a pgp key in it, huge addition to the systems out there.
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Hi Karl,
If people would make it a habit to use for (important) stuff a timestamping service and let's say a digitally signed document refers to this fact it would be IMHO obvious that the original content provider was the first person in the blockchain, according to the provided timestamp file.
Due to the addition of a privacy-preserving nonce by opentimestamps.org, either universal access to the preceding timestamp file, or small mutation of the timestamping behavior, is required to identify the first item on the blockchain. That's all.
Our ID-card has no pgp in it, but you can securely bind your public pgp key to your ID-card, so that third parties know that the name displayed in the UID of your pub key is the name in your ID-card.
It is done in the following way. Our ID-cards have a RFID chip in with our details, which is then inserted into a card reader. You visit the Governikus website which asks for your ID-card and the card-reader and software on your computer checks this and the website knows than that it is me and ask for my pub key to be inserted. If the UID data matches with my ID-card my public key will be signed with a sig3.
This has IMHO the advantage that you do not need a ton of WoT signatures and since Governikus is our official German pgp CA, people know then that it is me.
I didn't know there was such a thing as a PGP CA, kinda cool, does sound a little single-point-of-failure to me, but you must have laws to e.g. force them to improve their practices if they aren't sufficient, I suppose.
On Sun, Oct 24, 2021 at 10:12 PM Karl <gmkarl@gmail.com> wrote:
I didn't know there was such a thing as a PGP CA, kinda cool, does sound a little single-point-of-failure to me, but you must have laws to e.g. force them to improve their practices if they aren't sufficient, I suppose.
Well, the CA is run on behalf of our BSI (a Government Institution) for computer security etc. If the service goes down, you can expect that it will be up again the next day, in case of failure or DDOS. The only reason to no longer run the CA could maybe be that one day OpenPGP plays no longer a role, cost-wise to run such a service, for free and its (few) citizens using OpenPGP. For digital signatures only we have also now EU wide eIDAS, which allows people to use .pdf documents and let them digitally sign via authorized (by Government) services. You then can for example (as a US citizen etc.) verify my .pdf document, say contract, application form, or whatever, and you would know that it is me and also the signature is legally binding. Regards Stefan
On Sun, 24 Oct 2021 22:39:18 +0200 Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
For digital signatures only we have also now EU wide eIDAS, which allows people to use .pdf documents and let them digitally sign via authorized (by Government) services.
fucking hilarious - the european cesspool is run by adobe. "kudos" Stefan =)
On Sun, Oct 24, 2021 at 10:44 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 24 Oct 2021 22:39:18 +0200 Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
For digital signatures only we have also now EU wide eIDAS, which allows people to use .pdf documents and let them digitally sign via authorized (by Government) services.
fucking hilarious - the european cesspool is run by adobe. "kudos" Stefan =)
Hi Punk, When one uses the free Adobe reader for verification. On Linux there are other tools available. Hardware-based solutions, like chip cards etc, are also not based on Adobe. Adobe implemented in his software a mechanism which follows the definition of the EU signature standard. In the United States IIRC there is a similar digital signature scheme available. While this stuff might be of course not cool cypherpunk stuff, it IMHO shows, while digitalization of the planet continues, that there are solutions now available which allow Joe user average to use such things, in case he needs an official and secure way to accomplish certain task. Regards Stefan
BTW. Punk. If you or anybody else here on the list like to talk about how things developed globally in regards to IoT, cypherpunk and what not. I am always open to speak about my long journey as virtual junkie. Next year I am 40 years online and I may can tell some folks younger than me what I have seen, or what my fears are for the younger generation is. P.S regarding Punk, I was one in the late seventies and I am still one in my heart, even if I do things differently today or support this and that. I always did not follow main stream, or what mostly other people did. :-) Regards Stefan On Sun, Oct 24, 2021 at 11:03 PM Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
On Sun, Oct 24, 2021 at 10:44 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 24 Oct 2021 22:39:18 +0200 Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
For digital signatures only we have also now EU wide eIDAS, which allows people to use .pdf documents and let them digitally sign via authorized (by Government) services.
fucking hilarious - the european cesspool is run by adobe. "kudos" Stefan =)
Hi Punk,
When one uses the free Adobe reader for verification. On Linux there are other tools available. Hardware-based solutions, like chip cards etc, are also not based on Adobe. Adobe implemented in his software a mechanism which follows the definition of the EU signature standard. In the United States IIRC there is a similar digital signature scheme available. While this stuff might be of course not cool cypherpunk stuff, it IMHO shows, while digitalization of the planet continues, that there are solutions now available which allow Joe user average to use such things, in case he needs an official and secure way to accomplish certain task.
Regards Stefan
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
BTW. Punk.
If you or anybody else here on the list like to talk about how things developed globally in regards to IoT, cypherpunk and what not. I am always open to speak about my long journey as virtual junkie. Next year I am
Certainly interested. I don't understand what changed since 2010 and am younger than you. I am quite curious what changed your behavior since the 70s, as well.
Okay, I will start tomorrow afternoon CET, once I am from work. It is already late now in Germany and I have to do other things before I go to bed. Regards Stefan On Sun, Oct 24, 2021 at 11:39 PM Karl <gmkarl@gmail.com> wrote:
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
BTW. Punk.
If you or anybody else here on the list like to talk about how things developed globally in regards to IoT, cypherpunk and what not. I am always open to speak about my long journey as virtual junkie. Next year I am
Certainly interested. I don't understand what changed since 2010 and am younger than you.
I am quite curious what changed your behavior since the 70s, as well.
On Sun, 24 Oct 2021 23:03:49 +0200 Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
In the United States IIRC there is a similar digital signature scheme available. While this stuff might be of course not coolcypherpunk stuff,
indeed, it is not cypherpunk nor cool.
it IMHO shows, while digitalization of the planet continues,
the cancer marches on yes.
that there are solutions now available which allow Joe user average to use such things, in case he needs an official and secure way to accomplish certain task.
I think my point fully stands, regardless of a very thin and irrelevant layer of 'open source' software, like a linux-pdf-whatever. The show is run by adobe-US-govcorp and the govcorp mafia that produces 'smart' cards. Those are not 'open source' eh.
P.S regarding Punk, I was one in the late seventies and I am still one in my heart
good to hear that
Regards Stefan
On Sun, 24 Oct 2021 15:48:47 -0400 Karl <gmkarl@gmail.com> wrote:
Kudos to Germany, that's incredible stuff that the national id card has a pgp key in it, huge addition to the systems out there.
.... why the fuck is that sort of stuff posted on this list? What part you don't get about government and surveillance being the enemy, Karl?
On Sun, Oct 24, 2021 at 6:53 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 24 Oct 2021 08:38:06 -0400 Karl <gmkarl@gmail.com> wrote:
these contain signatures via a newer pgp key coderman's been emailing;
what makes you think that stuff signed by 'coderman' has any validity at all?
Correct, the only way currently in the OpenPGP ecosystem, is for users in Germany, with a German ID-card, containing a chip, and a secure mechanism, to prove that this public key belongs to this person. And when the key pair is directly burned on a YubiKey or Nitrokey the private key can't be stolen, when used on a compromised online device. Probably the most secure way, but it still cannot guaranty that I did the signature when I supply a warrant canary and I am already dead and someone is in possession of my (valid) ID-card and YubiKey+ credentials. Regards Stefan
On Sun, Oct 24, 2021 at 8:35 PM Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
On Sun, Oct 24, 2021 at 6:53 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 24 Oct 2021 08:38:06 -0400 Karl <gmkarl@gmail.com> wrote:
these contain signatures via a newer pgp key coderman's been emailing;
what makes you think that stuff signed by 'coderman' has any validity at all?
Correct, the only way currently in the OpenPGP ecosystem, is for users in Germany, with a German ID-card, containing a chip, and a secure mechanism, to prove that this public key belongs to this person. And when the key pair is directly burned on a YubiKey or Nitrokey the private key can't be stolen, when used on a compromised online device. Probably the most secure way, but it still cannot guaranty that I did the signature when I supply a warrant canary and I am already dead and someone is in possession of my (valid) ID-card and YubiKey+ credentials.
This CA Service is run by Governikus, on behalf of our German Government (BSI) and even Werner Koch (Germany) the author of GnuPG does not use this system, for free, which also requires that you need an BSI authorized card reader for your ID-card to use this service. Regards Stefan
This CA Service is run by Governikus, on behalf of our German Government (BSI)
You don't need to create keep grow prop up digitize worship and in general foolishly continue to put governments in power over you for this, or anything else. PGP WoT works entirely independent of and has no need for Government database bullshit. Create whatever keys for whatever nyms you aspire to, demonstrate and hold them out for others to sign to whatever degree they wish, hit send, and around the globe it goes. No Govt "authorities" DB's Bio-ID's etc needed.
even Werner Koch (Germany) the author of GnuPG does not use this system
Perhaps that's why he doesn't, and shouldn't.
for free
Nothing is ever free except charity, but you gave away that personal responsibility to Govt too, now they steal many times the amount from you, and fuck it up. And in this case, "free" is being used as a scam to lure people into permanent central Bio-ID dependency structures GovCorp digital slavery and control systems, lifetime tracking spyveillance and datamining, and worse... and you're falling for it. That's very bad and never ends well, ever. https://en.wikipedia.org/wiki/IBM_and_the_Holocaust
On Sun, Oct 24, 2021, 11:40 PM grarpamp <grarpamp@gmail.com> wrote:
This CA Service is run by Governikus, on behalf of our German Government (BSI)
You don't need to create keep grow prop up digitize worship and in general foolishly continue to put governments in power over you for this, or anything else.
PGP WoT works entirely independent of and has no need for Government database bullshit.
Create whatever keys for whatever nyms you aspire to, demonstrate and hold them out for others to sign to whatever degree they wish, hit send, and around the globe it goes. No Govt "authorities" DB's Bio-ID's etc needed.
Stefan, does Governikus sign using normal PGP signatures that could be added to a WoT?
for free
Nothing is ever free except charity, but you gave away
Cost here is personal power given to a government. And in this case, "free" is being used as a scam to lure people into
permanent central Bio-ID dependency structures GovCorp digital slavery and control systems, lifetime tracking spyveillance and datamining, and worse... and you're falling for it. That's very bad and never ends well, ever.
These things do seem true, and have played out clearly on the global stage in modern times.
On Mon, Oct 25, 2021 at 12:16 PM Karl <gmkarl@gmail.com> wrote:
On Sun, Oct 24, 2021, 11:40 PM grarpamp <grarpamp@gmail.com> wrote:
This CA Service is run by Governikus, on behalf of our German Government (BSI)
You don't need to create keep grow prop up digitize worship and in general foolishly continue to put governments in power over you for this, or anything else.
PGP WoT works entirely independent of and has no need for Government database bullshit.
Create whatever keys for whatever nyms you aspire to, demonstrate and hold them out for others to sign to whatever degree they wish, hit send, and around the globe it goes. No Govt "authorities" DB's Bio-ID's etc needed.
Stefan, does Governikus sign using normal PGP signatures that could be added to a WoT?
Hi Karl, The Governikus signatures are regular sig3 signatures, which you can keep along your WoT signatures. Regards Stefan
Sounds like the approaches work great together protocol- and trust-wise. I'd use both if safe to.
Ok. I give you now some ideas you may think about, or not. As you may know modern sequoia-pgp (Testimonials by Mr Zimmermann) no longer uses the stupid WoT. Stupid keyservers like SKS are thankfully also dead. The difference in CA sigs and a modern keyserver like Mailvelope and the difference between WoT signatures and SKS keyservers: When I have a CA signature, based on our Government system and I upload my signed pub key to Mailvelope you have the *guarantee* that the key is from me and I have the guarantee that no one can add (spam) signatures. And I can delete my key (right to be forgotten) When you are a fan of classic WoT signatures and SKS keyservers the following can happen. A person, say a left-winger uploads his pub key to SKS and asks a respected community member of OpenPGP if he signs his pub key and he does. Later the left-winger figures out that the signee was employed at two different NSA contractors he may feel a bit uncomfortable, if this would be publicity known. These persons exist. Another respected OpenPGP community member runs a private CA, which GnuPG users like. What the GnuPG users do not know that he signs pub keys without notifying the people and not checking the people. Also real case. So what value have these signatures? Fan sigs: Check Mr Zimmermann's or Mr Koch's key and do a reverse signature search and look how many these both have signed from their signees. Let's assume you have minors, which you allow to use OpenPGP. Some little bastard of your daughter's friends appends nasty signatures to her pub key. Later she comes home and cries and asks daddy, please remove my key from keyservers. Same can happen to adults of course. Ok, the last three cases won't happen with Mailvelope, but you get the idea. Also OpenPGP is the only public key software, from many, and I mean many which uses key signtures. Then you had openly shown communication paths, which should be nobody's business except yours and your friends. Before PGP was invented nobody had key signatures. If OpenPGP could be used for business, like shopping etc. You would probably agree that in dispute cases etc. a CA sig from a Government has more weight than a couple of sigs nobody can really verify. We both can probably discuss until we get blue in the face, but you see my points. Regards Stefan On Mon, Oct 25, 2021 at 5:40 AM grarpamp <grarpamp@gmail.com> wrote:
This CA Service is run by Governikus, on behalf of our German Government (BSI)
You don't need to create keep grow prop up digitize worship and in general foolishly continue to put governments in power over you for this, or anything else.
PGP WoT works entirely independent of and has no need for Government database bullshit.
Create whatever keys for whatever nyms you aspire to, demonstrate and hold them out for others to sign to whatever degree they wish, hit send, and around the globe it goes. No Govt "authorities" DB's Bio-ID's etc needed.
even Werner Koch (Germany) the author of GnuPG does not use this system
Perhaps that's why he doesn't, and shouldn't.
for free
Nothing is ever free except charity, but you gave away that personal responsibility to Govt too, now they steal many times the amount from you, and fuck it up.
And in this case, "free" is being used as a scam to lure people into permanent central Bio-ID dependency structures GovCorp digital slavery and control systems, lifetime tracking spyveillance and datamining, and worse... and you're falling for it. That's very bad and never ends well, ever.
On Mon, Oct 25, 2021, 11:04 AM Stefan Claas < spam.trap.mailing.lists@gmail.com> wrote:
I give you now some ideas you may think about, or not.
As you may know modern sequoia-pgp (Testimonials by Mr Zimmermann) no longer uses the stupid WoT. Stupid keyservers like SKS are thankfully also dead.
Do you call them stupid, and say thankfully, because you've been hurt in the ways you describe further in your email? A person, say a left-winger uploads his pub key to SKS and asks a
How are left-right politics relevant?
Is the backing of your arguments that governments are greater sources of trust than communities?
On Mon, Oct 25, 2021 at 5:46 PM Karl <gmkarl@gmail.com> wrote:
On Mon, Oct 25, 2021, 11:04 AM Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
I give you now some ideas you may think about, or not.
As you may know modern sequoia-pgp (Testimonials by Mr Zimmermann) no longer uses the stupid WoT. Stupid keyservers like SKS are thankfully also dead.
Do you call them stupid, and say thankfully, because you've been hurt in the ways you describe further in your email?
I call not people stupid, I call the WoT stupid. People were personally hurt and got in rage, when things happened to their pub keys. One person, I remember, was short before ending his work in the ecosystem because of that.
A person, say a left-winger uploads his pub key to SKS and asks a
How are left-right politics relevant?
As you may know grass-roots organizations, like Mr. Zimmermann mentioned once, are the reason why he created PGP to protect them. With (green party) left-wingers I mean for example people in Germany, which act differently like say a conservative patriot, who would probably use not PGP or crypto. Look for example at EFF, they are also not considered as conservative etc. And those people I call left-wingers would (I strongly assume) not be happy to be in some sort affiliated with persons, like in my example, when this would be public.
Is the backing of your arguments that governments are greater sources of trust than communities?
No, of course not. What I described with the CA example or eIDAS is that people wishing to use those services have a 100 percent guarantee that the pub key really belongs to that person and due to its technically and cryptographically nature you only need one signature. If I created now a key pair, fire it up, and someone else signs it, how much would you trust my key, if you do not know the signees and their procedure used? Regards Stefan
No, of course not. What I described with the CA example or eIDAS is that people wishing to use those services have a 100 percent guarantee that the pub key really belongs to that person and due to its technically and cryptographically nature you only need one signature.
Stefan, I received an unsigned email from you containing false cryptographic information.
Please post the headers of the original message here. Regards Stefan On Mon, Oct 25, 2021 at 6:07 PM Karl <gmkarl@gmail.com> wrote:
No, of course not. What I described with the CA example or eIDAS is that people wishing to use those services have a 100 percent guarantee that the pub key really belongs to that person and due to its technically and cryptographically nature you only need one signature.
Stefan,
I received an unsigned email from you containing false cryptographic information.
Here's a copy-paste: Delivered-To: gmkarl@gmail.com Received: by 2002:a2e:571b:0:0:0:0:0 with SMTP id l27csp5093415ljb; Mon, 25 Oct 2021 08:59:51 -0700 (PDT) X-Received: by 2002:a63:b502:: with SMTP id y2mr14122827pge.214.1635177591549; Mon, 25 Oct 2021 08:59:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635177591; cv=none; d=google.com; s=arc-20160816; b=gLq6hxMiNYZmX2Pi55s3GbY6fAxGKsQVNcSPv6SNtJgHQNuzIHvS1IqFaFFGeMRROv zqej7GN6Tb6YIn6ySLL9HUGG54YrZb5AmnsDiXXzq2ghZ6w1IZhX0/Eq7PXHz4cEvzoE VDvLm5iSf31xBx4SU7wlA4PbJ1x07WgECN73Zs8sVnIK8J89dYfXAOg9s9UEaq/IRx+y 8mbqr4WDw8sn/z6R61/o/Cd7STTXWp+EfT8R6Btl4ybhpHWoCqrYuMorH9I65N3e4UQS RDOAuMOsmPDBnxyK1eAeyUz6EoOoqmAM40etT/guuK0rg5QLK1RmyGL16dRqClkWV8Za zDgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=vERjgXxa9qAy4CHpdPMOG5Y748uKJnxPCKXdCHEcJcU=; b=SJH1seI9RFF7DCai1MaviV2CwNYviRbgaHVwwsvcE+OaPRk0KlYAPK6JdlZ6eMhNpH zfeqsIcLvs4vkqnpRT+ml9FLPC1oT+TdJucTnN4nhsmG+w9RR7my7PTNssqaos1VVl5h g6LhVGHnQ0kYrcGHAKRnf4u4gi6AcQ4bOwEYD5sy4Oajp+SZJS9Dqdah/PLN1sFcSLSS k7jKxE3PH9LnAKeh6YK5kYN/K1+pN7NmvnR0MwD4un9ElcdyEe3ClJ7K68ZsxGOSvABa uyuu7EnxGJIKbs1xeGwSNa0SIJdSMl5WefGS8jO/UoYWmObX23ChDvcpSe/y7hEAPiXS 74NQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cQx0AbyA; spf=pass (google.com: domain of spam.trap.mailing.lists@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=spam.trap.mailing.lists@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: <spam.trap.mailing.lists@gmail.com> Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id ob17sor10138626pjb.25.2021.10.25.08.59.51 (Google Transport Security); Mon, 25 Oct 2021 08:59:51 -0700 (PDT) Received-SPF: pass (google.com: domain of spam.trap.mailing.lists@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cQx0AbyA; spf=pass (google.com: domain of spam.trap.mailing.lists@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=spam.trap.mailing.lists@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vERjgXxa9qAy4CHpdPMOG5Y748uKJnxPCKXdCHEcJcU=; b=cQx0AbyAwEzOpyS4gCTEUyKZq/xToZNfjOSOJm7fD72eZpj7s6oq7zIMGlJVD8TFKG x3vLqcJaGH6NzE9EplWUO2z/aObNdvX4mo0fsXvXSz9mWcchaMB8eiwTTVe9i5G/1JQV C7lFd4Mp2JxSqByfIBQ/ClD6OLvm5ByLW5ViiqsN3b0+xkD37bsh+WqO1jIp9uf7XAJo hC1V3tB+oyuxXqcY5Gf6ltc00395OqOiKkrZ6v4iw8s+xfnluSodMXxU4/BKK+rGwR+J I+/h6o7iFgiDPYSdzlptlv2/UYqeJD6sJGk2XpzTm28pbWC5NfNe5RgUYTdXUHVcjBWN rMyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vERjgXxa9qAy4CHpdPMOG5Y748uKJnxPCKXdCHEcJcU=; b=44V3sBxuxd+kDRLuDQHvFFQ/HD4j2JPfuaUJiu9q9U81zFz7sj2LVCyEgqhznySD82 xWjQOQnyFXOr9R7iMOxyZUE0wUCSUbRbDhm5iEGAvRwwWRrZY3GkYGdvxosKF1If9OIb WgXr0HnomhZT1W41mEzUIsjjri0y8anEbHDDx0e6t1/li4eWaATK5p+7EqlaH+/NYs3m 3DzRGdQG9xHVbJR2Bx3nDi8t2qxnZtWi1KRXT/kbDylgTeB6REZLla0GEfvw703A7g6t U8vIJ0Rqq55cNMGdi3kat7LjXFI5fUMVysUQJO36UjvExB9yP2mLm3Aovwamtmojt1KB Yp0g== X-Gm-Message-State: AOAM533JrCE16q3KD8JUZmiN5fVglaV/eT5eDDKoki3erehJufiAnUXQ XZ5PWf7kf1/hlNzKcJMLEHai640Eat3EmSLacnlM0NKf X-Google-Smtp-Source: ABdhPJyORzFTN4r0Gc/0UccgC07kgPYXHYfqbmFxzpLa8xX7OsDXe6LaXh14Q03YnM6GFpvkEA71qffeWvOtShLa30M= X-Received: by 2002:a17:90a:4b85:: with SMTP id i5mr1340056pjh.25.1635177590912; Mon, 25 Oct 2021 08:59:50 -0700 (PDT) MIME-Version: 1.0 References: <CALL-=e7_PcmatoLOyco8cG9mVATKLLWX-2PUti9LV6k-Lkw8yg@mail.gmail.com> <20211024165236.7041311C087D@pglaf.org> <CAC6FiZ58QTO-gnseP1uKMZiOj1jm4y3DayeX2vp06iXrDDNOzg@mail.gmail.com> <CAC6FiZ7ZDJ6ZO_WKSZcBjJU65y53eA-N7qpD2baY2QA0e2ECFg@mail.gmail.com> <CAD2Ti293-+G0sRuaRwiq+gLupgsU1V6vMJvPOLVm+Rrsh6SYLw@mail.gmail.com> <CAC6FiZ40mrnA10dQRyQkUiTidX8=tT8r+YiT_WMTst6=_6xivg@mail.gmail.com> <CALL-=e7+YD2MTZDEgb1cPRJ6d7cXb_d1f-EumxsMEGsJfNdkBg@mail.gmail.com> In-Reply-To: <CALL-=e7+YD2MTZDEgb1cPRJ6d7cXb_d1f-EumxsMEGsJfNdkBg@mail.gmail.com> From: Stefan Claas <spam.trap.mailing.lists@gmail.com> Date: Mon, 25 Oct 2021 17:59:39 +0200 Message-ID: <CAC6FiZ4_8q94=J+gcUJxfCrj0avJCpWtwyZJhEG_Wg9T=vG41A@mail.gmail.com> Subject: Re: List Archival To: Karl <gmkarl@gmail.com> Cc: grarpamp <grarpamp@gmail.com>, cypherpunks <cypherpunks@lists.cpunks.org> Content-Type: text/plain; charset="UTF-8"
participants (4)
-
grarpamp -
Karl -
Punk-BatSoup-Stasi 2.0 -
Stefan Claas