[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PGP and Signed Messages,

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] PGP and Signed Messages,
From: Suphanat Chunhapanya <haxx.pop@xxxxxxxxx>
Date: Fri, 19 Feb 2016 19:58:07 +0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Feb 2016 07:58:27 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=pxPSAfeq+Hsizn5mjvMKEirUiklJWMnK/ZZC/RXsdho=; b=vU1YbGHA2zZ8do/EwP3B2sOQsB6+ub9SAnAqpaRfwRmhv+rkAyLlG+cw8bnV5MHPg2 EetfSQ2A6BbaXhu/uxQpdJawHBbSxPEtNvJaR98cmTkjxrriyShzus6YpW2sFSDJJmhr bHMXw8DJ/J/Bk+33JRIB7l7haIbjxKWcGYRIKvk6Ov5R6vDNiMT8319svOJeo95Qa4gL TLuM2LK57XJvZu7tYmdRpdzUYxBpIkHvf+BCVcvERZw5N2HixEi2xNsDVskp/kZYRpcw 916JQ5yA9h+PEJXzx0OB3ax2x9QQPI1w/r0z4UfIxc/oLjUd6PSnug0F08mTWaBRhppv +9mw==
In-reply-to: <56C70E62.10206@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD--ZDVZECJ+gcx5MF51VTJ97pMzzROSVrDmpR7L1F-_hOF1OA@xxxxxxxxxxxxxx> <56C70E62.10206@xxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Another way is to use Keybase (https://keybase.io). It will bind many
different social media (twitter, reddit, github) to the key. This
means that the attacker needs to compromise all of your accounts of
those media to forge the key.

On 02/19/2016 07:45 PM, Josef 'veloc1ty' Stautner wrote:
> Hi,
> 
> this is a basic problem of PKI - is the key the correct one to
> use. There is nothing to stop you from copying for example my key 
> information. That's why you need to check the received key over
> another channel. For example I put my fingerprint on my website and
> it's also on my business card.
> 
> A second way is looking at the signatures from other users thus
> it's not the best method for validating an identity.
> 
> ~Josef
> 
> Am 19.02.2016 um 13:34 schrieb Nathaniel Suchy:
>> I've noticed a lot of users of Tor use PGP. With it you can
>> encrypt or sign a message. However how do we know a key is real?
>> What would stop me from creating a new key pair and uploading it
>> to the key servers? And from there spoofing identity?
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWxxFfAAoJEGyq803SvUvTCYMP/0KGON0QoE4ZilVqTxHZV4kB
Gg0mjg3nNr42mz/GVlF6eh2vktbrTX7rge9/YRvSIc2/HdLdyNRf6wf8bfYQo0/W
o+IndxquAFMne++kykMmluCk1KVRXoW5IVsAVBw0MXBI6YP4HaCEwQAC2vhx5Dmn
h4zIzYQkOsbBDitVLVKNFxsCWqAnlHdZUZ81U/tdCGsAuAohS5fCIKzmkxKdPPag
F3c4MGv1nKI+IO2LFAN2tIqAG630BEkgwu+y8eUbmIzE42QnRqu2a9k7lowRXnOh
vzL5jKbMyp00TULTIt4PR9+y61i4G0nOUvmZUBJ5ur2jhEMEBhAWywJHGYfL4+/H
2eiGR1hVGR15Z/j0Tpy015VUbo0wnNWbVBDEvfE0IfrZAmX6cfsNRKMpHrCBoQts
aS/JNG4xDVhzkrcrkzZH7UQkHcTZWSAgTbPNDsQXUYeIZyRAm7wJiKwuB26avZPF
EbqweRQFSCzKC7+BogxNFdr6R+h2o21yYTT/O5AeDt1/QSU5UBQVpaBmb8N+CoqP
wseiR0AvZ4Mu9+6uEyaYFQh32yDUPaIi2u6YnJq9L5UjSGIx3gJNNzrmnX0GOmPA
yVcxdjxi20etYqfbm/tvGYpHA6e30r9PqQ4hBpfg515zBVPDgrk9dg+QJHJ5K7n4
HOVs4cLk0GGpzf2CHjtM
=vwo9
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] PGP and Signed Messages,
  - From: Anthony Papillion

References:
- [tor-talk] PGP and Signed Messages,
  - From: Nathaniel Suchy
- Re: [tor-talk] PGP and Signed Messages,
  - From: Josef 'veloc1ty' Stautner

Prev by Author: [tor-talk] large increase in .onion domains
Next by Author: Re: [tor-talk] Cicada 3301: 2016
Previous by thread: Re: [tor-talk] PGP and Signed Messages,
Next by thread: Re: [tor-talk] PGP and Signed Messages,
Index(es):
- Author
- Thread