[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #31090 [Webpages]: stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org

To: undisclosed-recipients: ;
Subject: [tor-bugs] #31090 [Webpages]: stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 06 Jul 2019 10:07:23 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 06 Jul 2019 06:07:35 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#31090: stop using gpg keyservers / provide OpenPGP keys for download as files from
torproject.org
-----------------------+--------------------------
 Reporter:  adrelanos  |          Owner:  (none)
     Type:  defect     |         Status:  new
 Priority:  Medium     |      Component:  Webpages
  Version:             |       Severity:  Normal
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
 Reviewer:             |        Sponsor:
-----------------------+--------------------------
 [https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f Quote]
 (bold not added by me)

 > **High-risk users should stop using the keyserver network immediately.**

 Originator of quote, again quoting directly:

 > Robert J. Hansen <rjh@xxxxxxxxxxxxxxx>. I maintain the GnuPG FAQ and
 unofficially hold the position of crisis communicator. This is not an
 official statement of the GnuPG project, but does come from someone with
 commit access to the GnuPG git repo.

 See also:
 https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html

 Other reasons:

 * Apart from this, keyservers have been unreliable for a long time now.
 This alone is a reason for at least providing an optional download of
 public keys.
 * While https://support.torproject.org/tbb/how-to-verify-signature/ can be
 viewed in Tor Browser, doing networking outside of Tor Browser (gpg
 --recv-keys) is non-trivial to do torified. Also for that reason it would
 be better if users could get both, the information how to verify and the
 gpg public key from the same source.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31090>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #31090 [Webpages]: stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window
Next by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #30321, #30429, #10760, #28238, ...
Previous by thread: Re: [tor-bugs] #31089 [Core Tor/Tor]: Consider using data-URI to embed how_tor_works_thumb.png image into tor-exit-notice.html
Next by thread: Re: [tor-bugs] #31090 [Webpages]: stop using gpg keyservers / provide OpenPGP keys for download as files from torproject.org
Index(es):
- Author
- Thread