peerio.com

odinn odinn.cyberguerrilla at riseup.net
Fri Jan 16 01:11:05 PST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On this whole point of Gnupg (gpg) and some of the issues with using
it (and transitions etc), may I (well, I just will) recommend this,
from sources I've compiled in a way that people seem to like and have
found helpful:

Crazy Strong: @gnupg "learn or die" in 2015 #31c3 All systems
https://securityinabox.org/thunderbird_main
See also http://futureboy.us/pgp.html#GettingStarted
http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/

on twitter as:
https://twitter.com/AnonyOdinn/status/550826144014934016

which has caused Gnupg / thunderbird / etc. awareness to reach 14,685
accounts that might otherwise not have seen it.

based on an analysis from http://tweetreach.com/reports/12801475
Learn or die folks.

but you may ask, what about the transitions? new machine? older key
issues? proper use? getting stronger new key? etc.

valid questions! which is what I am asking myself right now (since I
have some old key issues that I am trying to work through and I didn't
have good answers).

fortunately, rysiek came to the rescue in a very timely way, and gave
me permission to republish (rysiek's) statement which appears below:
rysiek explains:
GPG Key Transition: http://rys.io/en/147
Zmieniam klucz GPG: http://rys.io/pl/147

twitter:
https://twitter.com/AnonyOdinn/status/552630836747456512

The instructions are very clear and helpful.  (Thank you rysiek!)

I'll be developing my own transition statement at some point soon
using rysiek's page as a guide. Not sure of when, but rysiek's page
will be my guide.


Cathal Garvey:
>> So far, as far as I can see, you're not even inflicting PGP on
>> us here, let alone your friends.
> 
> I did for a while, but then I moved hardware and didn't see any
> reason to set up PGP again. At best, it was a signal to people that
> I cared about security/privacy, at worst it was making everything I
> posted non-repudiable for no useful reason.
> 
> The fact that miniLock is authenticated but repudiable makes it a
> better bet for PGP-usecase purposes *anyway*, and my minilock ID is
> in my signature (again, had lapsed by accident) for people who want
> to use miniLock outside of peerio.
> 
> But, miniLock isn't (opportunistic pun) "turn-key", it requires 
> launching, authenticating, dropping a file to encrypt, typing in a 
> miniLock ID to encrypt to (encrypting to yourself probably makes
> it non-repudiable if someone acquires your private key, beware!), 
> downloading the encrypted file, and then transmitting the encrypted
> file out-of-band.
> 
> Now, implementing Peerio server is something I endorse. If I
> weren't too busy, I'd investigate doing it myself, it looks like
> fun. If anyone does feel like it, they have miniLock for JS-based
> servers, and deadLock for Python-based servers (needs some
> work/bugfixes).
> 
> On 15/01/15 16:44, rysiek wrote:
>> Dnia czwartek, 15 stycznia 2015 11:20:22 Cathal Garvey pisze:
>>> If the server code were open, how would you know the server was
>>> actually running that code anyway?
>> 
>> Not much. But it would allow others to run the server code and
>> offer similar service, at the very least.
>> 
>>> Having the protocol documented so thoroughly makes the task of 
>>> writing an alternative server trivial if time-consuming. I'd
>>> obviously prefer the server were AGPL, and I hope someone will
>>> write an AGPL'd server and federation.
>> 
>> Of course. The "time-consuming" part is what bothers me. I
>> *could* throw in an hour or two to set-up a peerio server had the
>> code been available; I have absolutely *no way in hell* of
>> throwing in days or weeks of work to implement their protocol.
>> 
>>> For now though, the client is open source, the crypto doesn't
>>> suck, the UX is excellent, and the threat model is pretty
>>> transparent. I'm *never* going to inflict PGP on friends, but
>>> I'll happily inflict this on them.
>> 
>> So far, as far as I can see, you're not even inflicting PGP on
>> us here, let alone your friends.
>> 
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUuNWoAAoJEGxwq/inSG8Cww8H/1EwN1FZ9ghrvsNlf+BcfoO4
EGVz2zuT7fkz6zNUahf6VPHIWeYJszspEv3e6a9Kn7m9Hbt6YPPBc22o/aeadaFi
jQjgj7dSfx5eYJbhw+fNANh4VLgpgxhqTn6rmkj+VuFveebYoFkAivGok7hX8B7r
nO4jgAy9xq4jyw6ovWSpCkBfC7YemmZeYQbFtuxlTBHe4/RBbwG0xNukYvxfWZbM
SA0a7RQTFXWN3r0YhPSbKGlsToyhdYK+f6wCqbzQQUpCmG7mZ+mk/VatV3dYsM84
OzIjrLzSHYM+0Ds9SG2X+PVsSkPjYlTQ3qWbRFgVrc3ypTDOjfUx+yXVngUN24Q=
=6gAV
-----END PGP SIGNATURE-----

More information about the cypherpunks mailing list