[talk] How I stopped worrying, and learned to love GPG

Isaac (.ike) Levy ike at blackskyresearch.net
Sat Feb 21 20:45:27 EST 2015


On 02/21/15 20:33, Brian Callahan wrote:
> 
> On 02/21/15 20:23, Isaac (.ike) Levy wrote:
>> On 02/21/15 20:02, Brian Callahan wrote:
>>> Hi Ike --
>>>
>>> For reasons I can't figure out, Thunderbird has totally mangled
>>> your email so I'll reproduce the relevant parts here and reply.
>> I couldn't post about GPG without signing it, and enigmal/thunderbird
>> mangling it for you :)
>>
>>>> Who really trusts GPG these days?
>>> I guess I do, by way of the fact that I keep myself running the
>>> latest GPG-modern (2.1.2 as of now). I'll be excited when more make
>>> it over to this side of the fence and I can start using my EC keys
>>> for real.
>> EC.  Rad.  The future.
>>
>>>> And, my last question- the *BSD world is filled with so many
>>>> impacting cryptographers, and some of the most prolific
>>>> security-minded programmers in the world.  Why are we all still
>>>> OK with this gnu-pg stuff, and all this RMS-ware?
>>> tedu@ has a "simple, semi-modern wannabe PGP clone" called reop. I
>>> think it's in FreeBSD's ports tree. Code is here:
>>> https://github.com/tedu/reop Post about it:
>>> http://www.tedunangst.com/flak/post/reop With that said, I only
>>> know about it. Not used it. Would be interested in hearing Ted's
>>> thoughts on the current version of the code and future directions
>>> (but no idea if he's on this list or reads it).
>>>
>>> ~Brian
>> I'd be very interested in hearing about users practical experiences
>> with 'reop'!
>>
>> Yet, this OpenBSD key,
>> http://www.openbsd.org/advisories/pgpkey.txt
>>
>> Appears to be created using,
>> http://www.pa.msu.edu/reference/pgp-readme-1st.html
>> "PGP 2.6.3i is not an official PGP version. It is based on the source
>> code for MIT PGP 2.6.2 (the latest official version of PGP) and has
>> been modified for international use."
> 
> That key was generated in 1997 :-)
> The newest item in that directory dates from mid-2002. I don't think
> that key is still in use.

Shall I use it to send a bug report and ask for it to be removed?

I'm not kidding :)

> 
> These days, we sign everything with our signify tool (also written by tedu@)
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/signify.1

Pretty darned nifty, for what it's designed to do, I must say.

Best,
.ike


> 
> ~Brian





More information about the talk mailing list