diff options
| author | Owen Jacobson <owen.jacobson@grimoire.ca> | 2015-12-09 20:40:42 -0500 |
|---|---|---|
| committer | Owen Jacobson <owen.jacobson@grimoire.ca> | 2015-12-09 20:40:42 -0500 |
| commit | f82d259e7bda843fb63ac1a0f6ff1d6bfb187099 (patch) | |
| tree | 502ebf27ea72cf8c6025b880bfdb35db00ce8b92 /.html/gpg | |
| parent | 75a219a061b60bb32948b8a2b71c8ccf1dc19a62 (diff) | |
Remove HTML from the project. (We're no longer using Dokku.)
Diffstat (limited to '.html/gpg')
| -rw-r--r-- | .html/gpg/_list.html | 92 | ||||
| -rw-r--r-- | .html/gpg/cool.html | 146 | ||||
| -rw-r--r-- | .html/gpg/index.html | 92 | ||||
| -rw-r--r-- | .html/gpg/keys.html | 271 | ||||
| -rw-r--r-- | .html/gpg/terrible.html | 198 |
5 files changed, 0 insertions, 799 deletions
diff --git a/.html/gpg/_list.html b/.html/gpg/_list.html deleted file mode 100644 index 8f54701..0000000 --- a/.html/gpg/_list.html +++ /dev/null @@ -1,92 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - ls /gpg - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - <span class="list-crumb">list</span> - - </li> - - </ol> - - - - <div id="listing"> - <h1><code>ls /gpg</code></h1> - - - - - <div id="pages"> - <h2>Pages</h2> - <ul> - - <li><a href="cool">GPG Is Pretty Cool</a></li> - - <li><a href="terrible">GPG Is Terrible</a></li> - - <li><a href="keys">GPG Keys</a></li> - - </ul> - </div> - - - - </div> - - - - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg">See this directory on Bitbucket</a>. - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/gpg/cool.html b/.html/gpg/cool.html deleted file mode 100644 index 528ce0c..0000000 --- a/.html/gpg/cool.html +++ /dev/null @@ -1,146 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - GPG Is Pretty Cool - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - cool - - </li> - - </ol> - - - - <div id="article"> - <h1 id="gpg-is-pretty-cool">GPG Is Pretty Cool</h1> -<p>The GPG software suite is a pretty elegant cryptosystem. It provides:</p> -<ul> -<li> -<p>A standard, well-maintained set of tools for creating and storing keys, and - associating them with identities</p> -</li> -<li> -<p>A suite of reliable tools for encrypting, signing, decrypting, and - verifying data that can be easily assembled into any combination of - integrity checks, authenticity checks, and privacy management</p> -</li> -<li> -<p>A key distribution network that does not rely on hierarchal authority and - that can be bootstrapped from scratch quickly and easily</p> -</li> -</ul> -<p>While GPG <a href="terrible">sucks in a number of important ways</a>, it's also the best -tool we have right now for restoring privacy to private correspondance over -the internet.</p> -<h2 id="code-signing">Code Signing</h2> -<p>Pretty much every Linux distribution relies on GPG for code signing. Rather -than using GPG's web-of-trust model for key distribution, however, code -signing with GPG usually creates a hierarchal PKI so that the root keys can -be shipped with the operating system.</p> -<p>This works shockingly well, and support for GPG is extremely well integrated -into common package management systems such as apt and yum.</p> -<h2 id="source-control">Source Control</h2> -<p>Which is basically code signing, admittedly, but even Git's support for GPG -is basically great. Tools like Fossil embed it even deeper, and work quite -well.</p> -<h2 id="email">Email</h2> -<p>GPG's integration with email is surprisingly clever, follows a number of -long-standing best practices for extending email, and does a <em>very</em> good job -of providing some guarantees that make sense in a not-terribly-long-ago view -of email as a communications medium. In particular, if</p> -<ul> -<li>who you talk to is not a secret, and</li> -<li>what, broadly, you are talking about is not a secret, but</li> -<li>the specifics of the discussion <em>are</em> a secret, and</li> -<li>all participants are using GPG on their own mailers</li> -</ul> -<p>then GPG works brilliantly and modern GPG integration is very effective.</p> -<p>These assumptions pretty accurately reflect the majority of email use up -through the late 90s and early 2000s: technical or personal correspondence -between known acquaintences.</p> -<p>The internet has moved on from email for casual correspondence, but that -doesn't invalidate the elegance of GPG's integration for GPG users.</p> -<h2 id="distributed-verification">Distributed Verification</h2> -<p>Even though GPG's trust model has some serious privacy costs and concerns, it -works as a great proof of concept for CA-free identity management. That's -huge: centralized CAs have even more onerous costs and worse risks than GPG's -trust network, while offering less transparency to help offset those costs.</p> -<p>Others have written some pretty interesting things on how to improve GPG's -trust model and make it less succeptible to errors or key leaks by -small-to-middling numbers of participants. <a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">This -post</a> -to tor-talk last year is probably the most complete.</p> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/cool.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/cool.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/gpg/index.html b/.html/gpg/index.html deleted file mode 100644 index 8f54701..0000000 --- a/.html/gpg/index.html +++ /dev/null @@ -1,92 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - ls /gpg - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - <span class="list-crumb">list</span> - - </li> - - </ol> - - - - <div id="listing"> - <h1><code>ls /gpg</code></h1> - - - - - <div id="pages"> - <h2>Pages</h2> - <ul> - - <li><a href="cool">GPG Is Pretty Cool</a></li> - - <li><a href="terrible">GPG Is Terrible</a></li> - - <li><a href="keys">GPG Keys</a></li> - - </ul> - </div> - - - - </div> - - - - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg">See this directory on Bitbucket</a>. - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/gpg/keys.html b/.html/gpg/keys.html deleted file mode 100644 index 9fe112b..0000000 --- a/.html/gpg/keys.html +++ /dev/null @@ -1,271 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - GPG Keys - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - keys - - </li> - - </ol> - - - - <div id="article"> - <h1 id="gpg-keys">GPG Keys</h1> -<p>If you've read <a href="terrible">GPG Is Terrible</a> and <a href="cool">GPG Is Pretty Cool</a>, -and their references, and for some reason still feel the need to use GPG, my -key fingerprint is <code>77BD C4F1 6EFD 607E 85AA B639 5023 2991 F10D FFD0</code>. The -key itself is below.</p> -<pre><code>-----BEGIN PGP PUBLIC KEY BLOCK----- - -mQENBFOWElgBCADSFR0SmdJX5yOFjejxTpjdyc2UwjglM4WqFNne7C9rYkbLGj8U -y6aVdLop4kFdiZrtuAyJrZnKawZglMar6erBgoNXe3vrbEzopPI1Uev/kY7UHSR+ -dA8EYw50/FOvDYlrJxntvIEfNYskIvhS+c8Y0HSrK9VnKfkfi7hYJP+93sqP/4Lz -oCnCWQCJSOaOdpora241/bsEU7w8MCiexCdm2NaPc6q445K5XAO5CoLkTwcJxJHM -xbPH7prSgqdDz5Y00hUDqm+ByLCMVyAFu4/6sEMWZMaOIIEh0a/kpD+xJVkXKszh -5SsLNZ5oADj9DWHvFoemj1gOixzYlEMdqL3PABEBAAG0KU93ZW4gSmFjb2Jzb24g -PG93ZW4uamFjb2Jzb25AZ3JpbW9pcmUuY2E+iQEcBBMBCgAGBQJT8kqMAAoJENKx -mZ8cUdIj7jIIAIamt/VdAr9BB835knMQ48QQaqQr1KrpvL8QCMWen/lcgMBz5FSM -ZmPImroQKakjKqNbJV5OLKOZGQxNNGxOSP6WSbUEDCiP1J4XddTCogPH2ePL0g+y -YjoaO24uY6VIjNaY9plf8DQqD3gkcZBX0QjVT+q3MxvhFG8Ox4S+kXDV5qYXDLiB -PZM1Jv1PDY777Ml6J1Zv4z5oveaKVZfCjdJ7h00QQ+nnKBWIeE4rqqNwtCnM0SoX -T5zlogZKdCK9mTFzmTMaVmASjYO7xWhIy3bSy2Ke/cyCup2zdc/IhLJio4D/2HRm -DURsMj8MhIJN4eJymtGw2VQYB300k0cSUWuJAUAEEwEKACoCGwMFCwkIBwMFFQoJ -CAsFFgIDAQACHgECF4ACGQEFAlR9+1UFCQHjt30ACgkQUCMpkfEN/9AnYwgAju6I -dWaWEdujxXJS+d2I2bsfraoxu0wlltlX4Z5MDh8h2OAV90fQKJTXx4mSzYgmGL0v -/2RMnBciSQWskmpHMBGY+dLi0uIb5WOeqttUoLMyq/L7ENhCksKgI/g6RqWCM7+W -M6LjA09GcCLZMSpZ2xpDyjibtJh4WaO+h+JT6O0UonhMszGgeUf4UH5zIvmkA+Su -b4mG8tQtBwqEjikXhMsOa27dWj+f+c0Oth3WwFBTfbucw0aSkwDC3L9geyKInJGZ -W2IC5f7gXJ8MID/aDKNrAOLRGJpqv7d+LZhtyNx6MUh+mNmwplYytEmqdmz2fWss -l+8arRPUbjA5QdQlH4kCHAQSAQIABgUCU5nlmQAKCRAaK96qaP2zTPShEACNaECa -WC4qUT+5SJsVPU3skeWd+jp7FVk1P2+IU6pIbB65F04Q+vDbYPR6WVjtuqoxLd5D -QYcTsUlOE7k1LQlel3FU/8PH0QfhOw6/VMnFpprYns9QISQVuvQUHgl6kWMh2CiJ -cBB0XQnd7DwRfdR79sOr6UHNBZGYbcKjgq67qq2H7oGuBfzAihYx0ZaJPBGb2QC9 -Efy2xYnEKWHaeI5FpjjcaZKftAe7kDL9T0zMdEicH5txbYNDVB5gBNyhhHakBakl -phb2rnnbtwsk4pEaPYq/eNxwv/VcJypySlRk+eCCHDlWUhbgRlmr4600EdFNnmCF -y3rA4nYX9kLu/JYzBwj4VCNkJYDyTCdSCnv8zoLJ/bBFWUEmX0Pvz6gIEQ2Tr5D6 -4t3dn4fIHcdDXAyZb4xj0jJoG+ebDp9uezm1/KFQo7N45yYvWXZGhM515YQZ09nU -KTgjE1v5H5NThEsw8pn0a6mi+mcHq/V8Au5/EQwh/Ch2KEquQ/MSjCsGOoJOgQTc -+XrzmhUkd2ukxVPXvXE8G+/khT+RRGs6Fttc7b8op/TuTdZCKK+xskyAzmAfc7BB -RbxVckQs77B3sFJgzgFpxNOuHwVkJN0ZQSTe84DVN80b8JGXrnuCf9EYQiAF4Vw9 -JVorLLif999+JZ3wlGqDTWqeUtElzZfP38ftmYkBHAQQAQIABgUCVMx03gAKCRBg -rwNo53dYqIvXB/9jGFivwG+s0tMdYB1HJ6OdxRu5cOnBRZNwxJP14VQ0dQlW+Ypv -cQu0iVb0hA3L/80fw4rx1ul5yrxS6chUUcC1Kz7hIapWa2uMluUZYAfvGTutZ9g1 -uRJzW8+DkMYNowc4wpuprAZqxhcMbjcSomhROBphl7o8kcrn2eNbCIkV/oEE/8Yi -e01vrDaBsqbH0PcHlP0WK05dswF7VYZLOa7RzUnTXTRRewE5XwzOgBDMWigRWlJv -wtcgAXUTTzH68G8gmN5TZVw5MMwrKOSfAOLQ0H+R/sdfK/zqLUrTkt//Rdyedh4s -urNJxtbFgHhv3izZx4gUBkmZzgKbPXqhGfqjtCZPd2VuIEphY29ic29uIDxhbmdy -eWJhbGRndXlAZ21haWwuY29tPokBHAQTAQoABgUCU/JKmAAKCRDSsZmfHFHSI2n1 -CACDZwumtVBJ6eGS6rySvj+lgH0HDX0KpdL/I0a3N7a/G/xGgJLBdn/vBaSNnvr8 -jAbdUXKMTMbd3Y0VxDFFS0u9lbiryjaljCaNFydXK+auY4HzE0PoOfTb5iPMyfXt -O3e+CmyAfhP5Q5Tz+HP8gWhi1IvC1UGbfe0VTepUgssw02WHEb8zZ3rOvDpCBFdX -YUvwbw1lkUyvlrc3hBGsOrWqIqlRO8TR2tgZakThkfgVIZi+ZfZKfmSgHzjnb/xM -XF7hT/qdCkcSklxSGUTP434nxwVhhr1dEQYP+soaMliusuBO05wJoxQvtav9FGNd -tteAi24RT+aT9JYQ2UtBXxMYiQE9BBMBCgAnAhsDBQsJCAcDBRUKCQgLBRYCAwEA -Ah4BAheABQJUfftaBQkB47d9AAoJEFAjKZHxDf/QLzAH/1r5JGeD7jf5+vMKNyLj -DXcnbALFe1XyD2tXNQSsj2SDKL3FQmzpFuL5O2XXk6xbCGja2daaDyWvo/FMYg9t -a1DEmPxeWhiFjb1faxya5OA7Be+wqEf7184AK0wO2iTS8ZydOYiibaPBkIC7LPSK -TPFOHuB0OMKBfAyhRe0z404yxX9DoArU6MsBdxndLdgG0Z5s8EzBme+TsV5Y/cNt -+zx0a/+N3CdFZw5eyNM+bzsO/OiSxma9k4rSqMSm/whuiGydRwefufXwJZPITfPB -o0itsZ+r7HBiBY6QR+qqiRjwWGqA6DPuOSRwdObM7XNMc2kvRg4P5w+UPH+y6VPe -C9yJAhwEEgECAAYFAlOZ5aYACgkQGiveqmj9s0z0Fg//cnnBLqytM02vmj7ltvJe -EjdOjwooa8TXGLnkjWqdRtzPCPsCeUWuIJyvsoJDxv5eGkI3MRD5b+2JxE2C+iU6 -NKWE1tbaPnvVn61RgLvi2mDo2j5nHa/AfrLubONWFydwZTc5tsNFvURr7zGWIoac -G01YApHu0JpmUkrZA2nnW/lpPo/1cHVFqvWge5jnJ/4ZBpEhnFedfRe9DYnpKQvs -r/EzZtkCklrL3LjnrrdSg2id29VBWWyG6/SvEl2l53c2Cejo2DNrWBhr1PLslHhr -l2g19xqlf5h+jeqqeLXSzEbEaAJWhH+uk8xHGfrEQ68jWnS1Dd+aSq/6A/MCIV85 -8b/NamZ+RX6qwGs21f9WXZHEhGCcSiQFHr7vK5YjzpirTt1giZFmQ30duPNB3SsQ -6MwNWFz4cXtOiSSUE0bJyjNoNDMOh7jPsnbJEfNM5eKzUPRZvk6fMqsCIvPc5JUt -JOvhSPdrvK7SREDgze79u51sf2sZ79yZ9ryNrCHsnu2heQxnC5PgTTXXULg93I+a -AHPIgVOk4SG+/bpluOpou0M+teAqvUHtaKVv6+EIebkAhgVpH50EvxMgI2N9ivU7 -SW6hAz1FbPOEZAd2uJhs95AbkUxJPG5ETEAy5JOBdmX2BlJ91PVDt+jF7QB/NH57 -y7Or49b0dietE1YsqvyH8fOJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKjK7Qf9 -EXsoNPndlKjUkzxRe3zFZ+rQmqjI9mz9VQrsoFsYctDvCIel//ScsG3pQT+9Jmp2 -j7a/HhrxDwTdOdWR2za7DdfIM4XtaiVFwboltFx9l9a1X5u+1xUgv7xi9+GHIHxf -T5FOI/Bquamu6S87o/kYXq6d7ek1nfrsveEfzpCzI9jpiovy1KgupGR1w7dKIOvA -aqWDcwRM//zvuZudeXziGjGcrGoNL/FQbtVP8haC6ESVugEZcuppV90AbJ9i/syb -mNx5O0/7FDuLAYtEUbzeMmZhe7OA4FjwlowXi+mYYy+76jbIGq0maaU5h9vIS1g4 -6Tl1lrIsDubHwe/5LGtsTbQtT3dlbiBKYWNvYnNvbiA8b3dlbi5qYWNvYnNvbkB1 -bnJlYXNvbmVudC5jb20+iQEcBBMBCgAGBQJT8kuKAAoJENKxmZ8cUdIjD8gH/iGs -DAt4tyVOm6zVVyHlo0nggFJTC9dJsaJH+P8K9OIrWlRE461bXHGmiL13KjNaSPyo -+XFz8rq5aK/rEWwHnZWX6PnyLtCaoTbKdB7LvEOhZpacDGrY7fKBdekwzszVzqCL -s8cBwYRPrUnD0OYPt72qGCMtLaZ3w1Q4dZS8rv5i9LxszUmRwZ407P6r8B5uE5Vm -mZkJf3Fdme+th4hxG1jsqh9rXBLIlGZnhIXC0Llovgj6bLsMvtpKlC6qHj07+7rH -GWnz75xvJ6PnKnhxLgJoEzrn0WMaXCyYADTLiLgJr/X+cFkF1/Al6Yx9VbwIWgA1 -uXFRAZTlCRa1Avja1xuJAT0EEwEKACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC -F4AFAlR9+1oFCQHjt30ACgkQUCMpkfEN/9AvfwgAhIKjmchMT5JqBdW9k2LyiOTA -Iipw5C6UbiAOSWJ+QXzXEwizQIY+0W9xJeID4UCrainfcfS7C07sfL24sx2bDxfE -di1J2gqu4imtVT8nclXGUancYa7RaWAaqefAKpFUASct2njcIPLCN3HQN09BNVml -iZ5cbHRSKKc3Eg+yIlIcHRczV5tJnpxzTN0swkHCBNYqWmIq0DTZlg24m7eijYpO -Sfru304lDbr6psgvPdjr42uBZcTrwqJfXQdw71/JPRbjPVexJfCahFfISZgCaWIK -thD1bxKRnHs3xLjwUUDl0156mLeGw6ZvGVssRhkWexyONytWAahXWtHzgFByGYkC -HAQSAQIABgUCU5nlpgAKCRAaK96qaP2zTJHXEAChvXef4fRUUIRAZi/pJaX5yexb -IgVfGB9+EBbKwJc/Bj58BUXANdIAIUer85gTkqtxjWGbIuUnABgRcHT6x8BgY3Dk -yAbZZ57r9CxXEnAmzUZFFrSzdIK3yDQbON+Z0zfvozME4OiOP+B8s5uU3jGhzkXZ -32IBCctfGGgqOfdz58HU/DuDBBOI9z5QRZfgn53xzJXJIIOvuGZMFUr/NqvtUqUq -EWJWb0rzvbtTzgYS4hv9vtpMj89UWSf5t+0Rikgo9tTgQoIr1y7jLn1B3JQNzJG3 -ngFNUKuBaR6U683MlR2IXsdv3ysUhkPZj+7+Z5ibTzx6V9DnYaKJ9ZkjqVR4Jmdo -025CDoKuXaCWU5tsAhUxLTi+aGfvgt6cZ1+yy3ICvGbs51cQaaoYnRd4fQtMjWDp -Rm0Cctr1ShVJb/8XlsbLMnkeOSuIlofQfcIbbktl33fMe3tc+dzGTG26YM9Oss9X -dB0oew8MLglpz8o28fBEVCkKolW1aKRftUpGiv/qjH8+URdo3XIxnKuzDxTRI63n -SXPvs9jgPPKnx/Pgbiw2hsEtTQDbvOPRU+32XEnIb557I7nwcMmKCrw0K1AgICz4 -6lGAj/O/IQr7dfS02pmpEItcEwXRr91UzHf3k/kHG46rQX2DF4koXodgy+rDKtDg -oCRrhh7P8Az0DOMph4kBHAQQAQIABgUCVMx03gAKCRBgrwNo53dYqJspB/9z9dG4 -xsHJ0VtaJwqR15fWvhLHnQHuMXlmS340/czebCuJDXwVuhUMRVURBgbTvIieAWhg -dO/xyUeRsbAaMQL38wKM5le1NmY1M9QiryVaJaz23oPQlb1WE8NdIOX28Oz8Iug0 -WjaU1H/ZPTbGO7traUyXfpd/Opha3DGnxzap9mnZMLVMTT97Kj+wbRrDwfHw3sg8 -9VlqKkaQJ0sAhGxAzkyBKf+8V63pE3i8ZHTfG36ot5ssUIX+pKeA1ROhmNeHQ9et -rgBvTSsdXzF5WgegkvgFwjeJ3/d9HFWCZMg/8lJvcLE9GvvAKWh55Vs+6dAXBZo4 -bqTkxeEOd5Bu1asYtCtPd2VuIEphY29ic29uIDxodHRwOi8vdHdpdHRlci5jb20v -ZGVyc3Bpbnk+iQE9BBMBCgAnBQJUv/G4AhsDBQkB47d9BQsJCAcDBRUKCQgLBRYC -AwEAAh4BAheAAAoJEFAjKZHxDf/QytgH/i4C6rgXMr1xR+3PPqO/ruWukA+rs9LP -Kfh/M2fcvPnDFcyDmpP2okL0En0c3HrPMx4983EtMK+10eTxf2nwZfiyId+ze5K2 -lzZmIBEjDfrUon3ls7E3MuRXoqVKhnhywalLynqzE0atFcA9wW6TR0yd/7Q/FWHt -4r2vNsP7BURUh2BSJ5FZuEK2iJojHIz+dyZURPUE8U9wAFAB0ddwOgcSM85SCNIP -UNnGU39VVWWrYf1xMDgzYrfX9mlw/6EES1qL7JU/SDlUX584NJuJ5aHZv2r1bglW -4o9oW7xORb4ABfel4ATuk6MsbJVf1p3EsLlJ87KW3+KEynQN/Ku8MLuJAhwEEgEC -AAYFAlTGi1AACgkQGiveqmj9s0xeEg/+N8kWlLNd7LxWR5WQF3MQl1QdJm2Z/pox -xCIQIyqKoeOHfS+NkyFK0E0MKtXR9PHNARxgr2eCFtDV55bjPgQMJTGO1aLOmoDj -/cXIWiMV52d1Ijw07fZtFGBa/+FsySxzyEe1h8ika/lsfnw0m42UP7IgXezhaZQV -TwFXfglbjc98XYswIwtprtj+AuZKIR6ig7XveF17bjJkXmOiaYSBDPHxVN2vUaQS -aLJlaFOtUNn+NioN6HWNUSzuDPVWy9ck3qMj6CgyrGdlGGdqoQHxNN7RLxCywnHP -KfzWwdX+7asO5dMcMwnHxUHJ+3pVm0myr56Lveica3VAg70N8u99xXCV3Vdx2htu -0gtz2GlfJQeKuSEGPU+gdK86XFNGV8JM/y0OR4GrTnApsmX/FGgcQZynbBJ2/8UH -6WA29Lffp+/pz0jilj3hwSsK6wwPN49/m9qszoOPyT8WJhDt0Vj6YA64N8NOzKLq -XZa4MwnaCZiChjjCPrmElQPcR4RQZwAhm0t+8uw1/6hyZkjHJ5uO/7LsEgxwYCU/ -idqTSf3DQMcvk4MEaWuDwRZ3Nm6tj+F2oaqkqT1LcyB4OYa2PKpgxvLDwSNFmG75 -d7uXJHbAlg6t9ysmWkxah7/L8eNsmU32eXFuNP6detR7zCOLYARaTLe2CWOF0OI/ -8nSng+hSUf+JARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKg2BAf/Qn0BNlGfhL/f -YcTYWgTRkehVBXRaQ/hSjrdcyfMc4IXPeSXrZ8WZUi4QHLauFx1XtKTzVPWx8ggU -reZPo50wwev1N/iOPvQhh8Q+Y0SNHY1S824AHDjDnLp7+XuBX/oYArtxorUufdxA -G6jtkSabUm1ucGGs6ccF+UXs4E/NMiVkXfP1GCCm+Upgwhunk/9Mr6BaSJKZLYK3 -3NdwmiNlMLSnVxXBaZHzs/dLdqRKZF11fkRfBWpBaIUjOMEwjuHakoUmDONeDmv7 -+DlK46V2jIL2r6f+39XeAsnxvCF5mNJGPGnMMtaEuCqMcDbdQMnZdRE3rqLGQE43 -BPvwCDXvArQjT3dlbiBKYWNvYnNvbiA8aHR0cDovL2dyaW1vaXJlLmNhLz6JAT0E -EwEKACcFAlS/8c8CGwMFCQHjt30FCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ -UCMpkfEN/9AG0wf+O39YDA32Qrx9VqpKeJhx/m/s6kaux7cDPZmehMQOCts5UAZi -oXZyDYUWcpHSZJEcmzUnKYO/8xAJSLUQvmVvcEUg2mQ72Xs4OsFta2DMw3tue3OY -ZZZfhUqkG/zoUGAVYZz3hhTbvTaUMbnVrm1GiRhdAFVrnzSh/AxMV+krB1c0O8h+ -ses2Yk4L1edBVxMqqwzjGBupI/q1NXTnkwXZ7+gBG8XlapuQ309Sa+ufk8W/bo4T -Q92ZOQReM1b4IdwCX4IwPinT0KAQ0eqVRNCsFYy7KuvkxUoqhHWFXia9QSeuY8E7 -1m59xt4rIiUcEn2i+CWYpydPy6zLTBtqCYY1ookCHAQSAQIABgUCVMaLRgAKCRAa -K96qaP2zTBqkD/9VkcEyaeYkYrU34oaeWfOR93MZS4DEBIsKjUD0QVTvVb0CLXRU -+92POUCSQlqhv9nF4emrLCjDQTXgW/TmM6gl9UTDGsWMpmfIuTlJcQHGkqhXKN/i -Egb0Xkutt+q6tnvpgX1lWOBGO6upmVqnQYRcKVdfkArmD3tGoaIZsb/vWOgp4OGY -DvGYpuaasdkLaBFGPGYEuyofkgrU8ssO4xq9SdGUOhgAkFrl78iTXIpe5VTOy3Lo -VwWSUv10JKK3Yz+LxlYDUTiXKFm/mkvV6NhZMDMsCyXPJcsGZlpP7fT2JrJJ5Akf -PMw+6FXTuY54hBtZEze+ukrnhXd8QV7e149UYpMT+9OHYysLRmQ7//2HUsPGwlvQ -zVTzee2D/LTtFUiwt2b6aU/7yvJRTraqCaZlotOuPM5ZlimbPUTsqahP46Y7NNx/ -oE/vcEAJu+C2r48gcLmf6g9IK5WUEsX8ZcSY/UhTECsMOqQUqmuNRRaqvujLV22V -5oMKHDb8fzG0Cbgm/qP5o5RpAgCG7iL/xeKfi7XZJ582wpIoV4JJrGjVrzgK0Ljf -/xntdCL/2hUbxM93+djJFWIaqerAkbzEYznt+N/ZCqSApiDwedukyiJkCPm0Zz1D -owd29g3SJsUDzroaSAEMRYkMH8EdFeOJFcmrMjQhQJIEypdZ5Ll3JK1v0YkBHAQQ -AQIABgUCVMx03gAKCRBgrwNo53dYqJfTB/wPZvD8enoGEU4ZeXTXYQ53wYqYF13F -JNikrmj8Ze+IsYuZprXJKzLRkL2DnbdNW91BudibPJo0DeLiyXGA8pw2IGCllfkp -a6ZtxalPJWJLAbiOmXzui/HJ2Md1tnSDGfKCZ6MiaQQ0ceKoqOhPP7d3Vtcc5uQk -zSYQu6SqKmCrjicnu+hWKAT9Iy21wvBCLJkYMit/Bzue7NRV+PwYLdD24ZXwKfny -P9I33gcxEMIeG6L042NVUY1vsySYrcXRsXyIvYvd2CH1FqQY1GPTcUEQbQH21v5z -/PtgYv/UCckRJvEJUDE8DCF168FnflVB1ZHLmFNCrcLlrSKwydmuzNIUtCJPd2Vu -IEphY29ic29uIDxkZXJzcGlueUBnbWFpbC5jb20+iQE9BBMBCgAnBQJUyqInAhsD -BQkB47d9BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFAjKZHxDf/Q5+8H/2kX -yOTkDbO2Ik6oH149341k8GiLPiMMSj0WS8OBquBc3Hi+Upr2jOvl5KljkPU3qshb -O2ry6yLWFC38C3PjIRdBYpUfoUVKAoVRaTUMuO7RGgZuMzQFajMM+dcDZxRsfFoW -aInjFDxlwqFwF+AAvT9rsK/3t/MF9WdM6B+XhEsApY0zu6xdT8eXM08y3iVoYHbD -hVs1/czc3qBhG3IJGI1N7dU+fHDpdQSYf8zCifgLGridPQDkqAeLQE6QtoIw/r+I -NeYuCnl+zrGdlF7yyWlQUGulGUF4XRDt50WIIzAhtrCeVwdV5/EkGmXyA17KU3EP -KrBWUu00itxZyKljSIqJARwEEAECAAYFAlTMdN4ACgkQYK8DaOd3WKhmNggAlyWL -vhQdffZpuhL0Wd7Kyz8hB0WxXABQr03WCwtzCY5d+SwvjpI7RvHVRxOLcz6CISXT -DTVVQXzcYXyENSQSxqiRUEaOl4dlnGXQx/h6KVQ4akBu/hLo/nz5vfiN0YPqa98G -tT2J1SL0wRX6w6KtMqONmThKoiVYpbl39vjf4PvGzmptUvMSFlq7xHUQ0KGyfya9 -ZdLOZwqmhonwIdL8MIXAZqFpIXaP9az8IX9ecr9Kq02U7P9hNlrM9G8QiSdCEfss -JS3YPQRso0NjEFdKIyTKwl+hWYyvMJqtRyM6XIi8gbUSIu5GvqZqMkRN8beiRcfg -2glvXeccQtoLeK7NF7kBDQRTlhJYAQgA16Y1Y1+c7RmV5cpPRr8kn7kp8ecsow6Y -5A2IFN6kx+cNrkzH0TbEswLTwUQEmYEJfNmBwEy3LJER4IV5MRMZmEwdbwAu/2k7 -DolcNvfeIhbQtWtNq9EuI5meEeQTFf5Lpo4OqcCyPtMy7jE+1bs0f415SMuRZgWE -btecQNst8BNSV73CGNtatIa535hN2RN4IjiujOs5iDR7U2KNeEe0xfBxOG3JKqJD -Q9JAKWGE9qY4ZiGQjX9YC/4QOwT+jZQZJHZgL86Sdq07x/d9QA2r6ZGK4kpu1zEf -ABO+oMUSG+7M5Rqdgf5QOlNEbRT/PocAH4NIbg5JW+VNqgd9n8E+/QARAQABiQEf -BBgBCgAJAhsMBQJUq17dAAoJEFAjKZHxDf/Q7CIH/2WmlrHQKycRSoLTjav6PXWq -7Zt2XyvVa+TbgXy/xtvUYhRJLlVSNM8Fux6xnW5ndwwoV41yYKLTdTOkZD3GF8GB -k01xwThp5T+Xex9jzo97UdMnIrBc8uQSM3LUdH/aivQLQW2cElTQ1EiGA+ytMpHG -kCbMHm0ZL0ATSuYEJB8ngTl3a3nCUXNH3eDAYaSwCAxtR/97E/VbT8VRdIIuwj74 -+8mQwbK0xMJwk3rX3DU5KA7KeRXxrV/pvrrMJpVEVzviHYCdRpna2OEFx7fGTSEv -5TR10QF6ZmN/hqnihFFDzFM9lOhaAfB1/u7WgYK+KzCTQETvdxYIccjQvryc4E4= -=EdOy ------END PGP PUBLIC KEY BLOCK----- -</code></pre> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/keys.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/keys.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file diff --git a/.html/gpg/terrible.html b/.html/gpg/terrible.html deleted file mode 100644 index 59f4afb..0000000 --- a/.html/gpg/terrible.html +++ /dev/null @@ -1,198 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title> - The Codex » - GPG Is Terrible - </title> - - <link - rel='stylesheet' - type='text/css' - href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'> - <link - rel="stylesheet" - type="text/css" - href="../media/css/reset.css"> - <link - rel="stylesheet" - type="text/css" - href="../media/css/grimoire.css"> -</head> -<body> - -<div id="shell"> - - <ol id="breadcrumbs"> - - <li class="crumb-0 not-last"> - - <a href="../">index</a> - - </li> - - <li class="crumb-1 not-last"> - - <a href="./">gpg</a> - - </li> - - <li class="crumb-2 last"> - - terrible - - </li> - - </ol> - - - - <div id="article"> - <h1 id="gpg-is-terrible">GPG Is Terrible</h1> -<p>A discussion at work reminded me that I hadn't looked at the state of the art -for email and communications security in a while. Turns out the options -haven't changed much: S/MIME, which relies on x.509 PKI and is therefore -unusable unless you want to pay for a certificate from someone with lots of -incentives to screw you, or GPG.</p> -<p>S/MIME in the wild is a total non-starter. GPG, on the other hand, is merely -really, <em>really</em> bad.</p> -<p>(You may want to take this with a side of <a href="cool">the other perspective</a>.)</p> -<h2 id="body-security-and-nothing-else">Body Security And Nothing Else</h2> -<p>GPG encrypts and signs email message bodies. That's it, that's all it does -when integrated with email. Email messages contain lots of other useful, -potentially sensitive data: the subject line, for example. GPG still exposes -all of the headers for the world to see, and conversely does nothing to -detect or prevent header tampering by idiot mailers.</p> -<p>(Yes. Signed headers <em>would</em> mean that mailing lists can no longer inject -<code>[listname]</code> crud into your messages. Feature, not bug; we should be, and in -many cases already are, storing that in a header of its own, not littering -the subject line. We also need to keep improving mail tooling, to better -handle those headers.)</p> -<p>In return for doing about half of its One Job, GPG demands a <em>lot</em> from its -users.</p> -<h2 id="the-real-name-policy">The Real Name Policy</h2> -<p>The GPG community has a massive “legal names” fixation. <a href="http://cryptnet.net/fdp/crypto/keysigning_party/en/extra/signing_policy.html">Widespread GPG -documentation</a>, -and years of community inertia, stand behind expecting people to put their -legal name in their GPG key, and conversely expecting people to verify the -identity in a GPG key (generally by checking government ID) before signing it.</p> -<p>As the <a href="http://www.jwz.org/blog/2011/08/nym-wars/">#nymwars</a> folks can tell -you, this policy is harmful and limiting. There are good theoretical reasons -to validate <em>an</em> identity before using its keys to secure messages, but legal -identities can be anywhere from awkward to dangerous to use.</p> -<p>GPG does not <em>technically</em> restrict users from creating autonymous keys, but -the community at large discourages their use unless they can be traced back -to some legal identity. Autonyms keys tend to go unsigned by any other key, -cutting them off from the GPG trust network's validation effect.</p> -<p>As <a href="https://twitter.com/wlonk/">@wlonk</a> put it:</p> -<blockquote> -<p>I care about communicating with the coherent theory of mind behind @so-and-so.</p> -</blockquote> -<h2 id="issuing-identities">Issuing Identities</h2> -<p>GPG makes issuing new identities simultaneously too easy and too hard for users. -It's hard, because the <em>only</em> way to issue a new identity on an existing key -(and thus associated with and able to share correspondence with an existing -identity) requires that the user have access to their personal root key. There's -no way to create ad-hoc identities and bind them after the fact, making it hard -to implement opportunistic tools. (OTR's on-demand key generation fails to the -opposite extreme.) It's easy, because there's no mechanism beyond the web of -trust itself to vet newly-created keys or identities; the GPG community -compounds this by demanding that everyone carefully vet legal identities, making -it <em>very</em> time-consuming to deploy a new name.</p> -<h2 id="finding-paul-revere">Finding Paul Revere</h2> -<p>It turns out autonymity in GPG would be pretty fragile even if GPG's user -community <em>didn't</em> insist on puncturing it at every opportunity, since GPG -irrevocably publishes the social graph of its users to every keyserver they -use. You don't even have to publish it yourself; anyone who has a copy of -your public key can upload a copy for you, revealing to the world the -identities of everyone who knows you well enough to sign your key, and when -they signed it.</p> -<p>A lot of people can be meaningfully identified by that information alone, -even without publishing their personal identity.</p> -<h2 id="the-web-of-vulnerable-cas">The Web Of Vulnerable CAs</h2> -<p>Each GPG user is also a unilateral signing authority. GPG's trust model means -that a compromised key can be used to confer validity onto <em>any</em> other key, -compromising potentially many other users by causing them to trust -illegitimate keys. GPG assumes everyone will be constantly on watch for -unusual signing activity, and perfectly aware of the safety of their own keys -at all times.</p> -<p>Given that the GPG signature graph is largely public, it should be possible to -moderate signatures using clique analysis, limiting the impact of a trusted -party who signs inauthentic identities. Unfortunately, GPG makes it challenging -to implement this by providing almost no support for iteratively deepening the -local keyring by downloading signers' keys as needed.</p> -<h2 id="interoperability">Interoperability</h2> -<p>Sending a GPG-signed message to a non-GPG-using normal human being is a great -way to confuse the hell out of them. You have two options:</p> -<ul> -<li>In-band “cleartext” signing, which litters the email body with technical - noise, or</li> -<li>PGP/MIME, which delivers a meaningless-looking “signature.asc” attachment.</li> -</ul> -<p>In both cases, the recipient is left with a bunch of information they (a) -can't use and (b) can't hide or remove. It might as well say “virus.dat” for -all the meaning it conveys.</p> -<p>Some of this is not GPG's fault, exactly, but after over a decade, surely -either advocacy or compromise with major mail vendors should have been -possible.</p> -<p>(Accidentally sending an <em>encrypted</em> email to a non-GPG-using recipient is, -thankfully, hard enough to be irrelevant unless someone is actively spoofing -their identity.)</p> -<h2 id="webmail-need-not-apply">Webmail Need Not Apply</h2> -<p>Well, unless you want to write the message text in an editor, copy and paste -it into GPG, and copy and paste the encrypted blob back out into your -message. (Hope your webmail's online editor doesn't mangle dashes or quotes -for you!)</p> -<p>Apparently Google's <a href="https://code.google.com/p/end-to-end/">finally fixing that for Chrome -users</a>, so that's something.</p> -<h2 id="mobile-need-not-apply">Mobile Need Not Apply</h2> -<p><del>Safely distributing GPG keys to mobile applications is more or less -impossible, and integration with mobile mail applications is nonexistant. -Hope you only ever read your mail from a Real Computer!</del></p> -<p>vollkorn points out that the above is inaccurate. He posted a couple of -options for GPG on Android, and the state of the art for iOS GPG apps is -apparently better than I was able to find. See <a href="#comment-1422227740">his -comment</a> for details.</p> -<h2 id="further-reading">Further Reading</h2> -<ul> -<li><a href="http://secushare.org/PGP">Secushare.org's “15 reasons not to start using PGP”</a></li> -<li><a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">Mike Perry's “Why the Web of Trust Sucks”</a></li> -</ul> - </div> - - - -<div id="comments"> -<div id="disqus_thread"></div> -<script type="text/javascript"> - /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */ - var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname - - /* * * DON'T EDIT BELOW THIS LINE * * */ - (function() { - var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; - dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js'; - (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); - })(); -</script> -<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript> -<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a> -</div> - - - - <div id="footer"> - <p> - - The Codex — - - Powered by <a href="http://markdoc.org/">Markdoc</a>. - -<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gpg/terrible.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gpg/terrible.md">history</a>). - - </p> - </div> - -</div> -</body> -</html>
\ No newline at end of file |