From ner@alphatech.com Mon Jun 1 08:36:12 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0194128C0F0 for ; Mon, 1 Jun 2009 08:36:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -19.296 X-Spam-Level: X-Spam-Status: No, score=-19.296 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_HOST_EQ_D_D_D_D=0.765, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HELO_EQ_SK=1.35, HOST_EQ_SK=0.555, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rHoRvYjnOo3 for ; Mon, 1 Jun 2009 08:36:05 -0700 (PDT) Received: from adsl-dyn160.91-127-121.t-com.sk (adsl-dyn160.91-127-121.t-com.sk [91.127.121.160]) by core3.amsl.com (Postfix) with SMTP id 1B9013A70FD for ; Mon, 1 Jun 2009 08:36:02 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Last time... From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090601153603.1B9013A70FD@core3.amsl.com> Date: Mon, 1 Jun 2009 08:36:02 -0700 (PDT)

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 9, 26884 AZ Amsterdam, The Netherlands

From leif@aktiv-reklame.no Mon Jun 1 13:59:36 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 300853A6EC7 for ; Mon, 1 Jun 2009 13:59:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.428 X-Spam-Level: X-Spam-Status: No, score=-6.428 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DIALUP=0.862, HELO_EQ_DSL=1.129, HOST_EQ_DIALUP=0.862, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7nwFeEiXzWUm for ; Mon, 1 Jun 2009 13:59:30 -0700 (PDT) Received: from r190-135-170-159.dialup.adsl.anteldata.net.uy (r190-135-170-159.dialup.adsl.anteldata.net.uy [190.135.170.159]) by core3.amsl.com (Postfix) with SMTP id 87C133A6EA0 for ; Mon, 1 Jun 2009 13:59:24 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Re: Your subscribe #389256 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090601205926.87C133A6EA0@core3.amsl.com> Date: Mon, 1 Jun 2009 13:59:24 -0700 (PDT)

Tell a friend Â· Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Unsubscribe Â· Lost Password Â· Account Settings Â· Help Â· Terms of Service Â· Privacy

Ottho Heldringstraat 1, 36811 AZ Amsterdam, The Netherlands

From mah@aerofina.ro Mon Jun 1 16:31:29 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 103AC3A6F93 for ; Mon, 1 Jun 2009 16:31:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.919 X-Spam-Level: X-Spam-Status: No, score=-14.919 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_RELAY_NODNS=1.451, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ou+wYlcOGX9p for ; Mon, 1 Jun 2009 16:31:23 -0700 (PDT) Received: from airmalta.com.mt (unknown [189.245.30.38]) by core3.amsl.com (Postfix) with SMTP id 082FD3A6919 for ; Mon, 1 Jun 2009 16:31:17 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Your registration #140519 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090601233119.082FD3A6919@core3.amsl.com> Date: Mon, 1 Jun 2009 16:31:17 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 3, 10580 AZ Amsterdam, The Netherlands

From nyagweta@africaonline.co.zw Tue Jun 2 05:03:17 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD4663A6D00 for ; Tue, 2 Jun 2009 05:03:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -18.424 X-Spam-Level: X-Spam-Status: No, score=-18.424 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tp8mXvRudMDi for ; Tue, 2 Jun 2009 05:03:11 -0700 (PDT) Received: from activemember.net (unknown [88.224.148.203]) by core3.amsl.com (Postfix) with SMTP id 6F82D3A67F0 for ; Tue, 2 Jun 2009 05:03:05 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Your iTunes Account #357356 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090602120309.6F82D3A67F0@core3.amsl.com> Date: Tue, 2 Jun 2009 05:03:05 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 8, 67379 AZ Amsterdam, The Netherlands

From lgarrettnn@alexlee.com Tue Jun 2 08:36:11 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 25B3B3A69DB for ; Tue, 2 Jun 2009 08:36:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -43.078 X-Spam-Level: X-Spam-Status: No, score=-43.078 tagged_above=-999 required=5 tests=[BAYES_60=1, HELO_EQ_JP=1.244, HELO_EQ_NE_JP=1.244, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghz5S8WZt9pw for ; Tue, 2 Jun 2009 08:36:04 -0700 (PDT) Received: from p3134-ipbf204hiraide.tochigi.ocn.ne.jp (p3134-ipbf204hiraide.tochigi.ocn.ne.jp [124.84.104.134]) by core3.amsl.com (Postfix) with SMTP id 2BA2C3A693A for ; Tue, 2 Jun 2009 08:36:01 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Your Buy.com order #569622 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090602153602.2BA2C3A693A@core3.amsl.com> Date: Tue, 2 Jun 2009 08:36:01 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 2, 06295 AZ Amsterdam, The Netherlands

From nadornn@alsayra.com Thu Jun 4 02:55:50 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40DF23A6DE7 for ; Thu, 4 Jun 2009 02:55:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -21.331 X-Spam-Level: X-Spam-Status: No, score=-21.331 tagged_above=-999 required=5 tests=[BAYES_50=0.001, GB_I_INVITATION=-2, HELO_EQ_CZ=0.445, HOST_EQ_BROADBND=1.118, HOST_EQ_CZ=0.904, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b4CumSIXHoNG for ; Thu, 4 Jun 2009 02:55:44 -0700 (PDT) Received: from 5.31.broadband13.iol.cz (5.31.broadband13.iol.cz [90.180.31.5]) by core3.amsl.com (Postfix) with SMTP id 3DF4C3A6BCC for ; Thu, 4 Jun 2009 02:55:42 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Invitation: 06 June From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090604095543.3DF4C3A6BCC@core3.amsl.com> Date: Thu, 4 Jun 2009 02:55:42 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 3, 12732 AZ Amsterdam, The Netherlands

From owner-ietf-openpgp@mail.imc.org Thu Jun 4 06:12:00 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67F223A6F18 for ; Thu, 4 Jun 2009 06:12:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGi3y8+pkgmm for ; Thu, 4 Jun 2009 06:11:59 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 263CC3A68AD for ; Thu, 4 Jun 2009 06:11:58 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n54CqG2l046538 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 4 Jun 2009 05:52:17 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n54CqG5Z046537; Thu, 4 Jun 2009 05:52:16 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n54Cq5Jh046528 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 4 Jun 2009 05:52:16 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n54Cq4EK011301 for ; Thu, 4 Jun 2009 08:52:04 -0400 Message-Id: <270EC2A8-DF10-49DA-A990-B9B1AD5FBE50@jabberwocky.com> From: David Shaw To: IETF OpenPGP Working Group Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Camellia for OpenPGP RFC published Date: Thu, 4 Jun 2009 08:52:04 -0400 X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: A new Request for Comments is now available in online RFC libraries. RFC 5581 Title: The Camellia Cipher in OpenPGP Author: D. Shaw Status: Informational Date: June 2009 Mailbox: dshaw@jabberwocky.com Pages: 3 Characters: 5129 Updates: RFC4880 I-D Tag: draft-ietf-openpgp-camellia-04.txt URL: http://www.rfc-editor.org/rfc/rfc5581.txt This document presents the necessary information to use the Camellia symmetric block cipher in the OpenPGP protocol. This memo provides information for the Internet community. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. From ouquin@abbaye-liguge.com Fri Jun 5 06:24:50 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D0263A69D7 for ; Fri, 5 Jun 2009 06:24:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.984 X-Spam-Level: X-Spam-Status: No, score=-12.984 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_INVITATION=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DYNAMIC=1.144, HOST_EQ_BR=1.295, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBPbX5JeuSv3 for ; Fri, 5 Jun 2009 06:24:49 -0700 (PDT) Received: from 189-041-135-125.xd-dynamic.ctbcnetsuper.com.br (189-041-135-125.xd-dynamic.ctbcnetsuper.com.br [189.41.135.125]) by core3.amsl.com (Postfix) with SMTP id 2A3233A6857 for ; Fri, 5 Jun 2009 06:24:43 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Invitation: 06 June From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090605132446.2A3233A6857@core3.amsl.com> Date: Fri, 5 Jun 2009 06:24:43 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 6, 99876 AZ Amsterdam, The Netherlands

From mtorchia@agdavis.com Fri Jun 5 14:42:28 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C18E53A6886 for ; Fri, 5 Jun 2009 14:42:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.491 X-Spam-Level: X-Spam-Status: No, score=-11.491 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aln2dPIlAIZn for ; Fri, 5 Jun 2009 14:42:28 -0700 (PDT) Received: from user-89-108-230-12.mobile.playmobile.pl (user-89-108-230-12.mobile.playmobile.pl [89.108.230.12]) by core3.amsl.com (Postfix) with SMTP id DF2A83A687A for ; Fri, 5 Jun 2009 14:42:24 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Pre-register info #036772 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html X-Antivirus: avast! (VPS 081012-0, 2008-10-12), Outbound message X-Antivirus-Status: Clean Message-Id: <20090605214225.DF2A83A687A@core3.amsl.com> Date: Fri, 5 Jun 2009 14:42:24 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 6, 46247 AZ Amsterdam, The Netherlands

From guadalquivirp@mtsthelensglass.com Mon Jun 8 22:59:17 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6776B3A6A86; Mon, 8 Jun 2009 22:59:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.734 X-Spam-Level: * X-Spam-Status: No, score=1.734 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HS_INDEX_PARAM=0.001, HTML_IMAGE_RATIO_04=0.172, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_URI_VDRUG_GIF=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QhmzLasVfgo5; Mon, 8 Jun 2009 22:59:16 -0700 (PDT) Received: from 42-156.77-83.cust.bluewin.ch (42-156.77-83.cust.bluewin.ch [83.77.156.42]) by core3.amsl.com (Postfix) with ESMTP id BDCC53A6A80; Mon, 8 Jun 2009 22:59:09 -0700 (PDT) Date: Tue, 9 Jun 2009 07:58:58 +0100 Message-Id: From: openpgp-archive@ietf.org To: openpgp-archive@ietf.org Subject: Slow down your aging process , Try Acai Berry. Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

Daily Update from Your Subscriptions!

Date: June 8, 2009
Username: openpgp-archive@ietf.org

Latest Updates

This email was sent to openpgp-archive@ietf.org, the current email address on your Account, input when you created your account or edited your Account Info. It is a recurring email, although we'll send it only on days when there are new updates from your subscriptions.

If you'd like to edit the email address on your account, please visit your Account Info.
To unsubscribe or edit your subscription settings, please visit your Email Update Options.
If you have additional questions about this email or your Account, please email us or send a letter to:
Getamqas Inc., Attn: Subscription Services, P.O. Box 584 Jdvyrln Ejen, New York, NY 81359

From ospf-bounces@ietf.org Mon Jun 8 22:59:19 2009 Return-Path: X-Original-To: openpgp-archive@ietf.org Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CA1A3A6A80 for ; Mon, 8 Jun 2009 22:59:19 -0700 (PDT) Subject: The results of your email commands From: ospf-bounces@ietf.org To: openpgp-archive@ietf.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0855131727==" Message-ID: Date: Mon, 08 Jun 2009 22:59:18 -0700 Precedence: bulk X-BeenThere: ospf@ietf.org X-Mailman-Version: 2.1.9 List-Id: The Official IETF OSPG WG Mailing List X-List-Administrivia: yes Sender: ospf-bounces@ietf.org Errors-To: ospf-bounces@ietf.org --===============0855131727== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit The results of your email command are provided below. Attached is your original message. - Results: Ignoring non-text/plain MIME parts - Done. --===============0855131727== Content-Type: message/rfc822 MIME-Version: 1.0 Return-Path: X-Original-To: ospf-request@core3.amsl.com Delivered-To: ospf-request@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6776B3A6A86; Mon, 8 Jun 2009 22:59:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.734 X-Spam-Level: * X-Spam-Status: No, score=1.734 tagged_above=-999 required=5 tests=[BAYES_80=2, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HS_INDEX_PARAM=0.001, HTML_IMAGE_RATIO_04=0.172, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_URI_VDRUG_GIF=1.666, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QhmzLasVfgo5; Mon, 8 Jun 2009 22:59:16 -0700 (PDT) Received: from 42-156.77-83.cust.bluewin.ch (42-156.77-83.cust.bluewin.ch [83.77.156.42]) by core3.amsl.com (Postfix) with ESMTP id BDCC53A6A80; Mon, 8 Jun 2009 22:59:09 -0700 (PDT) Date: Tue, 9 Jun 2009 07:58:58 +0100 Message-Id: From: openpgp-archive@ietf.org To: openpgp-archive@ietf.org Subject: Slow down your aging process , Try Acai Berry. Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

Daily Update from Your Subscriptions!

Date: June 8, 2009
Username: openpgp-archive@ietf.org

Latest Updates

--===============0855131727==-- From villainsv20@pousadadotio.com.br Tue Jun 9 13:51:45 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 851613A6DA5; Tue, 9 Jun 2009 13:51:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.284 X-Spam-Level: X-Spam-Status: No, score=-15.284 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HELO_EQ_HU=1.35, HOST_EQ_HU=1.245, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMbmy85Y3RBv; Tue, 9 Jun 2009 13:51:44 -0700 (PDT) Received: from 3e44a541.adsl.enternet.hu (3e44a541.adsl.enternet.hu [62.68.165.65]) by core3.amsl.com (Postfix) with ESMTP id 3AE093A6CBE; Tue, 9 Jun 2009 13:51:43 -0700 (PDT) Message-ID: <000d01c9e944$1527d630$6400a8c0@villainsv20> From: ntdp@ietf.org To: Subject: Don't fear the measuring tape anymore , Acai Berri. Date: Tue, 9 Jun 2009 22:51:37 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9E944.1527D630" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9E944.1527D630 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable View online version here: here =20 =20 =20 =20 =20 =20 June=20 8, 2009 =20 =20 =20 =20 Sign up Forward Archive Advertise =20 =20 =20 =20 fitness and good lucks are not far Enter bravely =20 This=20 Newsletter was created for ntdp@ietf.org =20 =20 =20 =20 =20 =20 =20 Subscriber=20 Tools =20 Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0fri= endly=A0format=A0| Web=A0version=A0 =20 ¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information =A0 ------=_NextPart_000_0007_01C9E944.1527D630 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable View online version here: here

June=20 8, 2009 Sign up Forward Archive Advertise

fitness and good lucks are n= ot far

Enter bravely

This=20 Newsletter was created for ntdp@ietf.org Subscriber=20 Tools
¿=20 1999-2009 Qsofo, Inc.=AE=A0Legal=20 Information

Update=A0account=A0information=A0|=20 Change=A0e-mail=A0address=A0| Unsubscribe=A0| Print=A0friendly=A0format=A0| Web=A0version=A0

=A0

------=_NextPart_000_0007_01C9E944.1527D630-- From owner-ietf-openpgp@mail.imc.org Thu Jun 11 19:28:16 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B92E3A6897 for ; Thu, 11 Jun 2009 19:28:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ycEAGOxef3T for ; Thu, 11 Jun 2009 19:28:14 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 5442F28C14C for ; Thu, 11 Jun 2009 19:28:13 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2FB65063165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 19:15:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C2FB8c063164; Thu, 11 Jun 2009 19:15:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C2F0BG063147 for ; Thu, 11 Jun 2009 19:15:10 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 63791 invoked from network); 12 Jun 2009 02:14:58 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay01.pair.com with SMTP; 12 Jun 2009 02:14:58 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31BA19.5010905@fifthhorseman.net> Date: Thu, 11 Jun 2009 22:14:49 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: openpgplint: encouraging best practices for OpenPGP keys today X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig4AF5005E42E5756B979B7A5C" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4AF5005E42E5756B979B7A5C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi OpenPGP folks-- Between the recent SHA-1 development, MD5 attacks against other PKI infrastructure, advances in computing power, and various nuances of the protocol, it has occurred to me that most users of OpenPGP could probably use some help in determining ways to increase the security of their keys. Following the model of lint [0], it occurred to me that it might be nice to have a tool that scans an openpgp key and suggests changes or options that the keyholder might want to consider. I'm calling this (entirely hypothetical) tool "openpgplint" at the moment. I'm aware one size does not fit all, and different situations warrant different configurations. But maybe there's a way to present a comprehensible range of situations, and then offer a series of realizable best-practices recommendations to users based on their choice of situation. So i'm hoping to create a list of (a) typical situations where openpgp keys are used, and (b) best practices for keyholders in those situations. If i can assemble something that looks reasonably useful, i'd be willing to write some code to implement the checks. Some checks might require network access -- i assume that those checks could be easily disabled by any automated tool, if a user wants privacy. Suggestions and criticism are both welcome! Here's a proposal for defining a well-secured, OpenPGP key that seems reasonable for use by an individual communicating with other people with modern OpenPGP clients over the next 3 years, as i understand the situation (for reference, test names in preceding brackets): [v4key] The key should in OpenPGPv4 format [key-type] The primary key should be either DSA or RSA [key-size] The primary key should have at least 2048 bits. [valid-uid] The key should have at least one valid, non-expired, non-revoked User ID in an RFC-822-compliant e-mail address form. (maybe a network check to see that mail can be delivered for the domain in question at least?). [selfsig-strong-digest] The most recent self-sig over each user ID should be made over a digest from the SHA-2 family (SHA224, SHA256, SHA384, or SHA512). [selfsig-expiration] The most recent self-sig over each user ID should include an expiration date no more than 10 years in the future (or maybe 10 years from key creation?). [selfsig-strong-digest-advertisement] The most recent self-sig over each User ID should list preferred digest algorithms including at least one digest from the SHA-2 family. [selfsig-primary] The most recent self-sig over the User ID identified in [valid-uid] should be marked as the primary User ID. [self-sig-usage-sign-and-certify] The most recent self-sig over each User ID should indicate that the primary key is usable only for signing and/or certification. [subkey-encryption] There should be at least one properly-bound, non-expired, non-revoked subkey marked for use with encrypted communications and/or storage. [subkey-encryption-type] All encryption-capable subkeys should be either RSA or ElGamal. [subkey-encryption-size] All encryption-capable subkeys should be at least 2048 bits. [subkey-encryption-binding-strong-digest] The most recent binding signature for each encryption-capable subkey should use a digest algorithm from the SHA-2 family. [subkey-encryption-binding-expiration] The most recent binding signature for each encryption-capable subkey should have an expiration date no more than 5 years in the future (or maybe 5 years from key creation?). [wot-published] The key and associated [valid-uid] and [subkey-encryption] (and their most recent binding signatures) should be visible from keyservers in the current Web of Trust (maybe this would be a network check against the SKS pool?). [wot-other-sig] The UID specified by [valid-uid] should be certified by at least one other key also visible in the public WoT (another network check?). [wot-other-sig-strong-digest] At least one certification meeting the criteria for [wot-other-sig] should be made over a digest from the SHA-2 family. What other tests would you do? which of the above tests do you think is bad or wrong? What improvements would you make? Any suggestions for other situation profiles to consider? A failure of each test could be associated with help text or instructions about how to address the concern using a particular OpenPGP-compliant tool. Perhaps specific failures or specific tests could be ranked for each situation as well (e.g. critical, bad, warning, pedantic). Suggestions for help text (either generic for a test, or for a specific tool for a test) would also be welcome. Thanks for any feedback you might have, --dkg [0] http://en.wikipedia.org/wiki/Lint_programming_tool --------------enig4AF5005E42E5756B979B7A5C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjG6H8zS7ZTSFznpAQpG2A//dYF08e3hfPLn1w4EJtup4Vg02x/O8qph jEmmGLlbP1U8VyL2PS43mIKP2WkAi0M2cb3btOv5tmaHgYOBJv4uMCYgRwnvHgdD FYQutCLS7KGKjvnEKDt78/DS2Tuu4zXrz7QfwQAmXz3QQ0WHqg6txdTGEBb6rXIj XYZYWoVCAaATqZWrvZRclWuCRHJnc8/ecGmCmMlpw3inaKNoSxjqtgyRRuw9AKer VcGEz+Icj0CWGVDyYtKKcrxEkH0OwGDTiwDJLzQUhcGzybB7zzVxmuF8tTzL3PeR oPuOVkACVfgokN1O6dZc26o5CGmY3EOnp2KF3bHAXhdifYS5wX2XtCwsxoNYYO8N rfRWTXGnlS4+BL8LPj/jkAqqJQpSjRSNmf5qCg8YMc/+O3lz2EFzo7xBROZYmglo dxlTjbiicNPs50QvG075mUz/AZbZhdPQCR21S8N5VXNBcZ9vjmzBlkcTXimY7yu/ roVZjiUiG/Lr+6/f88T/bjRltz2pN6bu7F+D5AVQRrsEEi6wrkrc1mhGNvQzdf5L 2KwXa+wUrQQsIcD/ukqygeA8HlZiDMAUj+ZC+L+e+TKPcLRifSQ6dVCAamVJWIpU BboX+kBJgDHP1RQXlZfGH8y6JgpGVmcooKrQ+Yz28jVXU3Nk+7VcBriGmIIEqLzf IlPFf9BhqIU= =FZy/ -----END PGP SIGNATURE----- --------------enig4AF5005E42E5756B979B7A5C-- From owner-ietf-openpgp@mail.imc.org Thu Jun 11 20:01:57 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 491163A6ABC for ; Thu, 11 Jun 2009 20:01:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UVl5F8MzqyDj for ; Thu, 11 Jun 2009 20:01:56 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 076053A6A88 for ; Thu, 11 Jun 2009 20:01:55 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2r7bY064621 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C2r74b064620; Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2qrCE064603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from dfranke@feanor.dfranke.us) Received: from adsl-99-185-244-26.dsl.pltn13.sbcglobal.net ([99.185.244.26] helo=feanor.dfranke.us) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1MEwsv-000DcM-1F; Fri, 12 Jun 2009 02:52:53 +0000 Received: by feanor.dfranke.us (Postfix, from userid 1000) id 443982D63EB; Thu, 11 Jun 2009 19:52:49 -0700 (PDT) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 99.185.244.26 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX198dp7dJ+Zw/0K+jIOwF/Q2 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dfranke.us; s=default; t=1244775169; bh=U87Q4aIJa5dX4mPUaapUbJ7mRMdxrMvKZWvDsDU4J8w=; h=From:To:Cc:Subject:References:Date:In-Reply-To:Message-ID: MIME-Version:Content-Type; b=oAkF+VpuMCXYDtxxPsYnti9Tr8M04xRYAF7mh VntqWFGgomZ12EOrPk8DGjgqaiXegm5hOVCI7iMKQaE9F1bEjAF5yFH8qyv3Db89O44 a/TNpm26Lm8O/XPdhqmQ40Hz58HXapZNQkAeVklk8FTnzRQmmhn2hAQksc0r88zDvOT Eh6VPFwiizkC9Dwr2PQ7vm/spkaS5XmfhtsOITlEbYulWTybAOjwMyleeV0zuXeitWp L+UJsufIoAzlDeCHGydoNZKs5Y4KU1RT32IWHgo3CIXbFiUmmQgmXObHknJ3gCO/EbH jWSjACiZGe2olaijBHNZ3Q0WBYnf9G4d+cMAQ== From: Daniel Franke To: Daniel Kahn Gillmor Cc: IETF OpenPGP Working Group Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today References: <4A31BA19.5010905@fifthhorseman.net> X-Hashcash: 1:26:090612:dkg@fifthhorseman.net::9dJu0191HtlkAi6J:00000000000000000000000000000000000000000+bs X-Hashcash: 1:26:090612:ietf-openpgp@imc.org::U1ci30/8jYiZt3MI:00000000000000000000000000000000000000001IDqn Date: Thu, 11 Jun 2009 19:52:49 -0700 In-Reply-To: <4A31BA19.5010905@fifthhorseman.net> (sfid-20090611_19231_D5F99169) (Daniel Kahn Gillmor's message of "Thu, 11 Jun 2009 22:14:49 -0400") Message-ID: <873aa6w4ce.fsf@feanor.dfranke.us> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Kahn Gillmor writes: > [selfsig-primary] > The most recent self-sig over the User ID identified in [valid-uid] > should be marked as the primary User ID. This expectation doesn't make sense. I have multiple IDs representing my personal and work addresses. My primary address is my personal one, but I've had it longer than I've had my current, hence this ID is not the newest. > [wot-published] > The key and associated [valid-uid] and [subkey-encryption] (and their > most recent binding signatures) should be visible from keyservers in the > current Web of Trust (maybe this would be a network check against the > SKS pool?). Many people have no wish to have their key on public keyservers; there's even a flag you can set (no-ks-modify) to request that others not upload it. Some people might only use PGP among a small, well-delineated group and exchange keys by sneakernet. Also, from when I ran a keyserver a few years back, I'm fairly sure I remember seeing logs of it being perused by spammers. -- Daniel Franke df@dfranke.us http://www.dfranke.us |----| =|\ \\\\ || * | -|-\--------- Man is free at the instant he wants to be. -----| =| \ /// --Voltaire From owner-ietf-openpgp@mail.imc.org Thu Jun 11 20:29:44 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F0523A6AC4 for ; Thu, 11 Jun 2009 20:29:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXmw8AZ+nvmV for ; Thu, 11 Jun 2009 20:29:41 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 22C7C3A6AC1 for ; Thu, 11 Jun 2009 20:29:40 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3Joj6065989 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 20:19:50 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C3Jn0J065988; Thu, 11 Jun 2009 20:19:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C3JmW5065981 for ; Thu, 11 Jun 2009 20:19:49 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 73044 invoked from network); 12 Jun 2009 03:19:48 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay01.pair.com with SMTP; 12 Jun 2009 03:19:48 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31C94C.2000008@fifthhorseman.net> Date: Thu, 11 Jun 2009 23:19:40 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> In-Reply-To: <873aa6w4ce.fsf@feanor.dfranke.us> X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigE003C9B51021878112973C12" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE003C9B51021878112973C12 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks for the feedback, Daniel. On 06/11/2009 10:52 PM, Daniel Franke wrote: > Daniel Kahn Gillmor writes: >=20 >> [selfsig-primary] >> The most recent self-sig over the User ID identified in [valid-uid] >> should be marked as the primary User ID. >=20 > This expectation doesn't make sense. I have multiple IDs representing > my personal and work addresses. My primary address is my personal one,= > but I've had it longer than I've had my current, hence this ID is not > the newest. Right; this test checks for the most recent self-sig *over the given uid*, not the self-sig over the most recent uid. My intent with the "most recent" terminology was to acknowledge this clause in RFC 4880 (in section 5.2.3.3): An implementation that encounters multiple self-signatures on the same object may resolve the ambiguity in any way it sees fit, but it is RECOMMENDED that priority be given to the most recent self- signature. I've probably phrased it poorly; suggestions for how to rephrase it? >> [wot-published] >> The key and associated [valid-uid] and [subkey-encryption] (and thei= r >> most recent binding signatures) should be visible from keyservers in t= he >> current Web of Trust (maybe this would be a network check against the >> SKS pool?). >=20 > Many people have no wish to have their key on public keyservers; there'= s > even a flag you can set (no-ks-modify) to request that others not uploa= d > it. Some people might only use PGP among a small, well-delineated grou= p > and exchange keys by sneakernet. Also, from when I ran a keyserver a > few years back, I'm fairly sure I remember seeing logs of it being > perused by spammers. True, there are many people who do not their keys on public keyservers. Should this be represented as a different situation than the normal case? Or would it be OK to this issue "pedantic", and include the detail about why some folks might prefer to avoid it in the explanation? =46rom the perspective of being able to find a trust path to an third party through mutual acquaintances, it seems advantageous to encourage people to publish to the WoT. But there are downsides, as you say, such as spammers and social/transactional surveillance by third parties. I should note that i'm a bit confused about the keyserver-no-modify flag. recent versions of GPG seem to set it by default. But the spec sa= ys: http://tools.ietf.org/html/rfc4880#section-5.2.3.17 the key holder requests that this key only be modified or updated by the key holder or an administrator of the key server. And yet, i can upload gpg-created keys to keyservers with no warnings (whether or not i hold the secret key) and the keyservers accept them anyway. How is the keyserver supposed to tell who is making the upload? Or are clients expected to interpret this flag, and behave honorably with it? is gnupg behaving poorly? Should i have to override something to force such a key into the keyservers? --dkg --------------enigE003C9B51021878112973C12 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjHJUczS7ZTSFznpAQr8bg/+OCfkoL56RwCJY9YZuJLqyVh1UjOtk5Pn UT0BLOrtu27ZM+ihGGtLHuel2/D6hx6B2NR3ntzqHyhkBq95vseyGo7vV4NV24E2 O1kJRpDXc1WbYYiRZL6WFkufcQS5zWlNbPFY/Ei5Vam4DFBXd/dOKuD9Kn2YBCk5 rYphbhu2hEicLT6wPAXAip5kEhPkid14Sjq+3DcZWG0GfuCrs66XxnIpqWNLZSDx JFY8akPQDyRKYyZ5USVveBrhphYOdrhY893+rdeCqXCB2N/h4/HskIw6SkFACvwD DwUy1wgrVd/gpM89Een1WwUV8CNS/Tr4NzQ/p0PqvCpAdkz3XPdPxLbp7ZxLWDpn TIOcSkIqxwYHnLHtqQQyWHwC3HjuzM+CAINLzc+CrrNKVJOsZboRs7aEvBHTYuvx UkCwxnKqQCl+bGNF31zOmqEEohBrk29s1ytbJKT8WzIMychvv+hiIG0hyAt1xbfM GhM1Mg3BlbcXl+uzZSgCDJQzwRkMJf7vajODix/xUz4WzRYDGpl6cbDXqThAyvs3 9UDOMPx+DP5kOUm/alAqEySkqYuKcphXsF3nGTJUZp5yIPy/NT9SXutJZza6TKZt c99B0+n9sND0C3oXpsZ1vpzNLEG0n9cH4bHVKtsfE7Tx6pdFNAzZzVsCQn775+LD LqzpzApesCk= =IcgO -----END PGP SIGNATURE----- --------------enigE003C9B51021878112973C12-- From owner-ietf-openpgp@mail.imc.org Thu Jun 11 21:10:48 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 082313A6C7F for ; Thu, 11 Jun 2009 21:10:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0sjDv5dIp5V for ; Thu, 11 Jun 2009 21:10:47 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D0BFD3A6C68 for ; Thu, 11 Jun 2009 21:10:46 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3v77E067479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 20:57:08 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C3v7Jh067478; Thu, 11 Jun 2009 20:57:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3uuH1067466 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 20:57:07 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n5C3utA5001273 for ; Thu, 11 Jun 2009 23:56:55 -0400 Message-Id: From: David Shaw To: IETF OpenPGP Working Group In-Reply-To: <4A31C94C.2000008@fifthhorseman.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today Date: Thu, 11 Jun 2009 23:56:55 -0400 References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Jun 11, 2009, at 11:19 PM, Daniel Kahn Gillmor wrote: > I should note that i'm a bit confused about the keyserver-no-modify > flag. recent versions of GPG seem to set it by default. But the > spec says: > > http://tools.ietf.org/html/rfc4880#section-5.2.3.17 > > the key holder requests that this key only be modified or > updated > by the key holder or an administrator of the key server. > > And yet, i can upload gpg-created keys to keyservers with no warnings > (whether or not i hold the secret key) and the keyservers accept them > anyway. The keyserver no-modify flag is effectively a no-op. GPG lets you set or unset it, but since no keyserver actually looks at it, the flag isn't all that useful. David From owner-ietf-openpgp@mail.imc.org Thu Jun 11 21:44:13 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB1633A6CEF for ; Thu, 11 Jun 2009 21:44:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.142 X-Spam-Level: X-Spam-Status: No, score=-3.142 tagged_above=-999 required=5 tests=[AWL=-0.458, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_LOW=-1, SARE_MILLIONSOF=0.315] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rh5BfevonB8v for ; Thu, 11 Jun 2009 21:44:13 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 94B683A63CB for ; Thu, 11 Jun 2009 21:44:12 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4Y0Co069360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 21:34:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C4Y0JI069359; Thu, 11 Jun 2009 21:34:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C4Xntm069349 for ; Thu, 11 Jun 2009 21:33:59 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 78094 invoked from network); 12 Jun 2009 04:33:45 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay02.pair.com with SMTP; 12 Jun 2009 04:33:45 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31DA92.7000402@fifthhorseman.net> Date: Fri, 12 Jun 2009 00:33:22 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: how to respect keyserver no-modify ? [was: Re: openpgplint] References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA38797289E0C0497241873A8" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA38797289E0C0497241873A8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Over in ietf-openpgp@imc.org on 06/11/2009 11:56 PM, David Shaw wrote: > The keyserver no-modify flag is effectively a no-op. GPG lets you set > or unset it, but since no keyserver actually looks at it, the flag isn'= t > all that useful. Should we try to address this? What would it mean to make this flag meaningful? Say a keyserver decided to try to respect it: how would it do so? let's assume that key server admin can directly tamper with the key store, and not worry about that part of the RFC directly. That leaves us with: how does the keyserver know that it was being updated by the key holder? One approach would be to use OpenPGP client-side certificates (with authentication flag set?) for an RFC 5081-compliant TLS connection to the keyserver. This seems far-fetched with the current state of tools. It also wouldn't cleanly address keyserver propagation (only the initial keyserver received and could verify the TLS connections). Alternately, a keyserver could only append signatures to a key/uid marked "no-modify" if the new signature arriving is itself wrapped in a 0x50-style "third-party confirmation" signature, where the "third-party" is in fact the original keyholder (the "third party" =3D=3D the "first party", if you will). Then the workflow for adding certifications to a key in the public keyservers might look like: * Alice publishes her key (with the keyserver-no-modify flag set) to the public keyservers. they accept the primary key, user ID, and self-sig because the self-sig is validated by the primary key. * Alice shows Bob her key fingerprint and her identification. * Bob fetches Alice's key from the keyserver, verifies the fingerprint and user ID, and signs the UID+key, creating signature X. * Bob tries to post X to the public keyservers, but they reject it because the key is set no-modify. Bob's client offers to mail X directly to Alice instead, and he lets it do so. * Alice receives X, looks it over, verifies that it was properly made by Bob, and decides that she wants to publish it. * Alice creates a 0x50 "third-party" certification over X, creating Y. * Alice feeds Y to the keyservers, who verify that her signature is attributed to the key being signed by X, so they accept X. * when the keyservers propagate new signatures, they propagate not only X, but Y, allowing other keyservers to verify that X is acceptable to the original keyholder. It seems that an architecture like this (if it was the standard for keyservers) could prevent a lot of bogus signatures from accumulating on a given key, and could nicely prevent the kind of denial of service attacks that are possible against a key by loading up millions of bgus certifications on that key. Are there other proposed ways one could implement a keyserver which respects the intent of keyserver no-modify? --dkg --------------enigA38797289E0C0497241873A8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjHamMzS7ZTSFznpAQrIjBAAlMNrZtzyjOkI05/tLZ91talAB3eT/WQA NNZ2GccQi5mrYEKr7RIHWQHP4manE5pUeBZrPpk98hL78Wc7uwjB76JYzFlx/OxY 8x3CO+0viync6IYV6aJ6+9OIlBsTwqPo7fp9Ec9Pqk2IAC0DzOmaT23Ln0EO5+lp svHvJNHYFgGcd7S7G94cLoo6eElYDbhCdWjNiCZPixWqeD/DMowRQV71WtD0Zx4y uQsM2CQE8bFc79EFsiH74jkyzUJv0R4saEVBZ7ysgL4YaD6n4yRK8+h7myb5Xown uJypJbr0ivrQVJrP/mI+bmcDvONxTKeKqAZsJR0jToLpJxPyIAZ8MI1rRtO8y8ln qBr0JP1RGyfg5/RyG33UM25o85Nlyg5u47dV7pv5IcQ+AUi0uaP2XS/cdFcUeK+i lLDAZhB1xTa0njSgYHGMKqcM6WdDgg+RsAtsUkfytxGauOA971jWxj9y0JNzBLU8 p+rbwSig/sWwbXuvX87strIvNljdoMzJilzvCU7tU+B94zo8+4nGFSDhp9/NbS2X 6rT6+ZPf6RRUN0c1qUQKUivHRv0nv1126psRBPGeIIu2pm6f9l9opRnYjSbUz2+6 7146zhUJaHyC82y+Hz2MBDbQ8ou8vG8aPWmP1qYFDTrSJ/WsG4KDWnjSoiLvncUH mGmTKEqr+GU= =AdaB -----END PGP SIGNATURE----- --------------enigA38797289E0C0497241873A8-- From owner-ietf-openpgp@mail.imc.org Thu Jun 11 22:07:48 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9A2D3A6938 for ; Thu, 11 Jun 2009 22:07:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBZjQqBUyPgM for ; Thu, 11 Jun 2009 22:07:47 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 30C803A63CB for ; Thu, 11 Jun 2009 22:07:46 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4svj3070019 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 21:54:57 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C4svlH070018; Thu, 11 Jun 2009 21:54:57 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from fmailhost05.isp.att.net (fmailhost05.isp.att.net [207.115.11.55]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4skk0070008 for ; Thu, 11 Jun 2009 21:54:56 -0700 (MST) (envelope-from jmoore3rd@bellsouth.net) DKIM-Signature: v=1; q=dns/txt; d=bellsouth.net; s=dkim01; i=jmoore3rd@bellsouth.net; a=rsa-sha256; c=relaxed/relaxed; t=1244782486; h=Content-Type:In-Reply-To:References:Subject:To: MIME-Version:From:Date:Message-ID; bh=LGMbOy2WfUcJqvoPRqKuf5OOXfJPz QLFtEOWMOAS2tw=; b=P5cgU5+3O4tzhuexPw1422SCEscSv+UHAEijvsnFd4FmhdlA E1na3rshbmUNZxxHCgSMi3uNMK4Ax/VSs54B1g== Received: from [192.168.1.96] (adsl-176-68-190.asm.bellsouth.net[74.176.68.190]) by isp.att.net (frfwmhc05) with ESMTP id <20090612045445H0500qeve8e>; Fri, 12 Jun 2009 04:54:45 +0000 X-Originating-IP: [74.176.68.190] Message-ID: <4A31DF92.8010200@bellsouth.net> Date: Fri, 12 Jun 2009 00:54:42 -0400 From: "John W. Moore III" Organization: Gossamer Spider Web of Trust User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090611 Lightning/0.9 Thunderbird/2.0.0.22pre Mnenhy/0.7.6.0 MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? [was: Re: openpgplint] References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> In-Reply-To: <4A31DA92.7000402@fifthhorseman.net> X-Enigmail-Version: 0.96b OpenPGP: id=80B42B0F; url=http://tinyurl.com/8cpho Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig9966962E1BA8B07F914CFB3A" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9966962E1BA8B07F914CFB3A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Daniel Kahn Gillmor wrote: > Are there other proposed ways one could implement a keyserver which > respects the intent of keyserver no-modify? Rather than attempt to introduce this much complexity into the Keyserver system [an impossibility] if such a scheme must be implemented then simply introduce into the Key Generation Wizard the --keyserver command and then have the individual specify where they desire their Key to be retrieved from. [Big Lumber, Personal Web page, etc.] Of course this pre-supposes that all other Users have the --honor-keyserver-url preference specified in gpg.conf or their Options file. [possibly excluding PGP & other OpenPGP implementations] :-\ The bottom line is that it is too late to re-invent the Keyserver System/Network for Key distribution. Sufficient tools exist already to mitigate 'Key pollution' from Keyservers but education of the User Base in proper implementation is sorely lacking. IMO the dilemma of --no-ks-modify falls under the heading of "Accept the things I cannot Change" & "Wisdom to know the difference." JOHN :-\ Timestamp: Friday 12 Jun 2009, 00:53 --400 (Eastern Daylight Time) --------------enig9966962E1BA8B07F914CFB3A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5042: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKMd+SAAoJEBCGy9eAtCsP/7wIAJYKV2VCYJay6ORGvYvcK9jN do7eEtc80cz0u8iXneM6v4N2J8vujo34VS0qoipYhm7bwySkG7G3y6t43IAy/mfX AB95nNStFHQqwHFMLa6G+W4yAddbV+KYHUDNY5WvGdIYRaOnAlnYWqIxjRqN3KBA mxHIblHe4DujD14s/Urzp0ZTp+y4wy7KKqTj253EEcOAJPwEj5fEazkpXaEmdwes DqBVla5oV5WUbwdQG1PUAwZYNLnSAr3WimH1eFIS0Mw6uKBZd/9YnB/Z2X5i+XWA llgGi0Zxdmv+RKteYrw3kSCQGarM5FpE35oCT8MdZ+asrjiTW830k+q8UTwWKy0= =OTrM -----END PGP SIGNATURE----- --------------enig9966962E1BA8B07F914CFB3A-- From owner-ietf-openpgp@mail.imc.org Thu Jun 11 22:53:33 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A82B83A688F for ; Thu, 11 Jun 2009 22:53:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KaEFN54vDkpZ for ; Thu, 11 Jun 2009 22:53:32 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 76C923A63CB for ; Thu, 11 Jun 2009 22:53:32 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C5f7vQ072499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 22:41:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C5f7AV072498; Thu, 11 Jun 2009 22:41:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C5etGd072484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 22:41:06 -0700 (MST) (envelope-from dfranke@feanor.dfranke.us) Received: from adsl-99-185-244-26.dsl.pltn13.sbcglobal.net ([99.185.244.26] helo=feanor.dfranke.us) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1MEzVX-0003OY-EV for ietf-openpgp@imc.org; Fri, 12 Jun 2009 05:40:55 +0000 Received: by feanor.dfranke.us (Postfix, from userid 1000) id DB02C2D63EB; Thu, 11 Jun 2009 22:40:51 -0700 (PDT) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 99.185.244.26 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX186t5mb74t0U62hEQXgfUJo DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dfranke.us; s=default; t=1244785251; bh=AjEXV91UBv1TwKuTtQaotFkNQnLt7HWUXeCvVQXozSI=; h=From:To:Subject:References:Date:In-Reply-To:Message-ID: MIME-Version:Content-Type; b=fftBAZ9vPxbCE7xkagf+xdty9PGcCziCUAMUO truFwRJksW57LB1zQMUBVKJm6b0isJ6FNbJJ6OWYsjb8VIi7IKtkJ8wAUhyeRm1kxml SMyNZK4KWPhQHBXS52vfJPC57sb1q0cemKuyHTfA9AHJXP48VIbTilsGEi6jhJ+G89q 0sOw+shIr6M2gGQYcJjFoMof2e/x9vpK6oO+vrJutINOkBm9MtaGqL61aUXGRS7rXBa OWBnhW/300H9TEVTIStBkq3VjRAtesANtEskA02kUgrDjYtre93+c3KMtBq54qyvD8s 87BfZlw+aKdhtEoJPGTPjhtiOedmRPPevCIjg== From: Daniel Franke To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> X-Hashcash: 1:26:090612:ietf-openpgp@imc.org::fbyIZhIvKPych0WS:00000000000000000000000000000000000000000GqNN Date: Thu, 11 Jun 2009 22:40:51 -0700 In-Reply-To: <4A31DA92.7000402@fifthhorseman.net> (sfid-20090611_21395_1621E0E3) (Daniel Kahn Gillmor's message of "Fri, 12 Jun 2009 00:33:22 -0400") Message-ID: <87y6ryuhzw.fsf@feanor.dfranke.us> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Kahn Gillmor writes: > Should we try to address this? What would it mean to make this flag > meaningful? Say a keyserver decided to try to respect it: how would it > do so? Since, as you note, the keyserver admin has the ability to tamper with public keys regardless, I don't see wisdom in trying to securely enforce the semantics of ks-no-modify. I think a better and simpler approach would be to check it client-side: prompt the user for confirmation if he tries to upload [modifications to] a public key for which ks-no-modify is set and for which the correspond private key is not in his keyring. -- Daniel Franke df@dfranke.us http://www.dfranke.us |----| =|\ \\\\ || * | -|-\--------- Man is free at the instant he wants to be. -----| =| \ /// --Voltaire From owner-ietf-openpgp@mail.imc.org Fri Jun 12 03:37:10 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD0C93A68D5 for ; Fri, 12 Jun 2009 03:37:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0pT1JoB4unuC for ; Fri, 12 Jun 2009 03:37:10 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 9A10E3A6403 for ; Fri, 12 Jun 2009 03:37:09 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CAJi7H086950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 03:19:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CAJiYZ086949; Fri, 12 Jun 2009 03:19:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CAJgnj086940 for ; Fri, 12 Jun 2009 03:19:43 -0700 (MST) (envelope-from dacrick@gmail.com) Received: by fxm11 with SMTP id 11so205234fxm.10 for ; Fri, 12 Jun 2009 03:19:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=QpRdLgpIA9246FONbR+ih4A63qPhcl0JWS2P+pXpUtA=; b=hK5zQbtrkn/34z2gUor0gpcelLupkYXSEqD8T3APBRTyRiyqooOaO6jL+Cm8Q1YuLK ofal/YpEtGoI1kIBcPgddGyrB0/Up4cMXd/xy3wpHhlXArN6hCP/3oHPscYGYMU5ya7M yhg5veCMJP0lz4gP4MAd7RUPL9UopXCLn+trA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ON2gDUlqKEtzWXT2I7/UCamleYLdmqofBxZYvjm3XGcswRnRUJc9uoQk+Pv22BSQK1 2etlJHVMwNazRqbJfh6w0LotGWll51ogkZtSbbxP7fDO4z24vdf07V9iELWYQVdEoBnc 6ntk4lOIaT7xIrNrQrb403C5CLgKSYcYCrU4Y= MIME-Version: 1.0 Received: by 10.204.67.66 with SMTP id q2mr3464030bki.161.1244801981678; Fri, 12 Jun 2009 03:19:41 -0700 (PDT) In-Reply-To: <4A31BA19.5010905@fifthhorseman.net> References: <4A31BA19.5010905@fifthhorseman.net> Date: Fri, 12 Jun 2009 11:19:41 +0100 Message-ID: <117bad160906120319j5c445675vfc046902065ad823@mail.gmail.com> Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today From: David Crick To: Daniel Kahn Gillmor Cc: IETF OpenPGP Working Group Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jun 12, 2009 at 3:14 AM, Daniel Kahn Gillmor wrote: > [subkey-encryption] > =A0There should be at least one properly-bound, non-expired, non-revoked > subkey marked for use with encrypted communications and/or storage. No, we need to allow primary key only "signature" keys > [subkey-encryption-type] > [subkey-encryption-size] > [subkey-encryption-binding-strong-digest] all N/A if key is primary only > [subkey-encryption-binding-expiration] > =A0The most recent binding signature for each encryption-capable subkey > should have an expiration date no more than 5 years in the future (or > maybe 5 years from key creation?). I would say that this - as well as the primary key expiry checking - is a "recommendation" only. I fully agree with keys having expiration times, and even that there might be grounds for there being an *application*-level default for one, but I *also* agree that people should be free not to have one set. Your primary key "guideline" (if I may now refer to it as such) of 10 years seems sensible. I feel that the encryption one is more arbitrary, although I agree with your premise that there could/should be shorter life-times for encryption sub keys. I think there are certain differences of compliance and/or usage when discussing OpenPGP: 1. the RFC 2. "best practises" - what I think you're aiming for 3. application-level defaults 4. What the user/organisation wants to do Note, that's not (necessarily) a hierarchy, some may overlap, and point 4 may not necessarily agree or comply with any of the other three. > [wot-published] may not apply > [wot-other-sig] > [wot-other-sig-strong-digest] may be within a closed and/or offline set of users, but they certainly apply as sub-ideals if the key *is* wot-published as above. > What other tests would you do? =A0which of the above tests do you think i= s > bad or wrong? =A0What improvements would you make? =A0Any suggestions for > other situation profiles to consider? > > A failure of each test could be associated with help text or > instructions about how to address the concern using a particular > OpenPGP-compliant tool. =A0Perhaps specific failures or specific tests > could be ranked for each situation as well (e.g. critical, bad, warning, > pedantic). =A0Suggestions for help text (either generic for a test, or fo= r > a specific tool for a test) would also be welcome. > > > Thanks for any feedback you might have, > > =A0 =A0 =A0 =A0--dkg This actually all reminds me a bit of the early "HTML verifiers" - and indeed would still apply to the WWW today, with its various forms of HTML compliance (or not!). The W3C brought out a verification tool, which eventually was taken over and maintained by an outside party (it's called "HTML tidy" from memory). At first this tool was highly useful, but after a while it became *so* pedantic that it became useless in practise. I'm all for a "best practises" document (that would have to evolve over time), which people of course would be allowed to deviate from. I think this sort "on the ground consensus" would be a more real-world reflection of the RFC, and at the same time would have a two-way relationship between the defaults in ["desktop"(?)] OpenPGP applications (e.g. PGP, GnuPG). Just my thoughts. From ojedapar@vtr.net Fri Jun 12 07:07:12 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1DD783A6926 for ; Fri, 12 Jun 2009 07:07:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -96.488 X-Spam-Level: X-Spam-Status: No, score=-96.488 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SBL=1.551, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99VCH7V4vnf3 for ; Fri, 12 Jun 2009 07:07:11 -0700 (PDT) Received: from vtr.net (mail-vtr.cgp.vtr.net [200.83.2.210]) by core3.amsl.com (Postfix) with ESMTP id E0F773A67E7 for ; Fri, 12 Jun 2009 07:07:10 -0700 (PDT) Received: from [192.168.5.9] (HELO av8.vtr.cl) by fe4.vtr.net (CommuniGate Pro SMTP 5.1.16) with ESMTP id 532710023 for ietfarch-openpgp-archive@core3.amsl.com; Fri, 12 Jun 2009 10:07:17 -0400 X-ASG-Debug-ID: 1244815607-3e2301e5000c-cbOhn9 X-Barracuda-URL: http://192.168.5.9:8000/cgi-bin/mark.cgi Received: from vtr.net (localhost [127.0.0.1]) by av8.vtr.cl (Spam & Virus Firewall) with ESMTP id 2EAB87FD7DB; Fri, 12 Jun 2009 10:06:48 -0400 (CLT) Received: from vtr.net (mxfe3.cgp.vtr.net [192.168.6.4]) by av8.vtr.cl with ESMTP id k9EecDbRcmw4dmBs; Fri, 12 Jun 2009 10:06:48 -0400 (CLT) X-Barracuda-Envelope-From: ojedapar@vtr.net Received: by fe3.vtr.net (CommuniGate Pro PIPE 5.1.16) with PIPE id 533627079; Fri, 12 Jun 2009 10:06:47 -0400 X-NHContentFiltered: yes X-SOLRELAY: 192.168.6.66 Received: from [41.220.75.3] (account ojedapar@vtr.net) by be3.vtr.net (CommuniGate Pro WEBUSER 5.1.16) with HTTP id 17340829; Fri, 12 Jun 2009 10:06:22 -0400 From: Webmail Help team X-ASG-Orig-Subj: WEBMAIL Maintenance Notice Subject: WEBMAIL Maintenance Notice X-Mailer: CommuniGate Pro WebUser v5.1.16 Date: Fri, 12 Jun 2009 10:06:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1;format="flowed" X-Barracuda-Connect: mxfe3.cgp.vtr.net[192.168.6.4] X-Barracuda-Start-Time: 1244815608 X-Barracuda-Virus-Scanned: by Barracuda8 at vtr.cl X-Barracuda-Spam-Score: 1.58 X-Barracuda-Spam-Status: No, SCORE=1.58 using global scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.5 tests=MISSING_HEADERS, TO_CC_NONE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.693 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 1.58 MISSING_HEADERS Missing To: header 0.00 TO_CC_NONE No To: or Cc: header Content-Transfer-Encoding: quoted-printable To: undisclosed-recipients:; Dear Webmail User, The Helpdesk Program that periodically checks the size of your e-mail spa= ce is=20 sending you this information. The program runs weekly to ensure your inbo= x=20 does not grow too large, thus preventing you from receiving or sending ne= w=20 e-mail. As this message is being sent, you have 18 megabytes (MB) or more= =20 stored in your inbox. To help us reset your space in our database, please enter your current user name(_________________) password=20 (_______________) You will receive a periodic alert if your inbox size is between 18 and 20= MB.=20 If your inbox size is 20 MB, a program on your Webmail will move your old= est=20 e-mails to a folder in your home directory to ensure you can continue=20 receiving incoming e-mail. You will be notified this has taken place. If = your=20 inbox grows to 25 MB, you will be unable to receive new e-mail and it wil= l be=20 returned to sender. All this is programmed to ensure your e-mail continue= s to=20 function well. Thank you for your cooperation. Help Desk.Important: Email Account Verification Update ! ! ! From owner-ietf-openpgp@mail.imc.org Fri Jun 12 08:58:07 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 316F73A67DA for ; Fri, 12 Jun 2009 08:58:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.447 X-Spam-Level: X-Spam-Status: No, score=-3.447 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtnNJkK9Ni84 for ; Fri, 12 Jun 2009 08:58:06 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 74AB43A67E5 for ; Fri, 12 Jun 2009 08:58:05 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CFkiwr006401 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CFkiGf006400; Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5CFkXkV006386 for ; Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 39906 invoked from network); 12 Jun 2009 15:46:32 -0000 Received: from 216.254.70.154 (HELO ?192.168.23.207?) (216.254.70.154) by relay01.pair.com with SMTP; 12 Jun 2009 15:46:32 -0000 X-pair-Authenticated: 216.254.70.154 Message-ID: <4A327855.1040801@fifthhorseman.net> Date: Fri, 12 Jun 2009 11:46:29 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> <4A31DF92.8010200@bellsouth.net> In-Reply-To: <4A31DF92.8010200@bellsouth.net> X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9; url=http://fifthhorseman.net/dkg.gpg Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig38AF64C2410E015FF3749DB7" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig38AF64C2410E015FF3749DB7 Content-Type: multipart/mixed; boundary="------------050207060100010707060203" This is a multi-part message in MIME format. --------------050207060100010707060203 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/12/2009 12:54 AM, John W. Moore III wrote: > Rather than attempt to introduce this much complexity into the Keyserve= r > system [an impossibility] if such a scheme must be implemented then > simply introduce into the Key Generation Wizard the --keyserver command= > and then have the individual specify where they desire their Key to be > retrieved from. [Big Lumber, Personal Web page, etc.] Of course this > pre-supposes that all other Users have the --honor-keyserver-url > preference specified in gpg.conf or their Options file. [possibly > excluding PGP & other OpenPGP implementations] :-\ I think maybe we're thinking of different threats; it would be useful to have a redundant set of keyservers that would be "pollution-resistant", at least for keys which have specified that they prefer to be propagated that way. setting keyserver-url only provides redundancy if you point it to a replicating keyserver; but if you point it to a generic replicating keyserver, you lose the pollution-resistance that a privately maintained key file gives you. > The bottom line is that it is too late to re-invent the Keyserver > System/Network for Key distribution. Really? I'm not suggesting that a change like this could be done quickly, but it does seem like the infrastructure can change. For example, SKS didn't even exist when RFC 2440 came out (and included the no-modify flag for keyserver preferences), but it is now arguably the dominant keyserver using a novel synchronization protocol, and under active development. What makes you say it's too late to make changes? > Sufficient tools exist already to > mitigate 'Key pollution' from Keyservers=20 i'm glad to hear it! What tools do you suggest we use? > but education of the User Base > in proper implementation is sorely lacking. Are you suggesting that the tools we have require every single user to behave responsibly in order to avoid keyserver pollution? in that case, the problem seems like it lies in the tools or the protocols, not in the user base. There will always be one incompetent or malicious user who will abuse the tools. It would be good to ensure that two parties who are both competent and non-malicious could use the tools without interference by an arbitrary malefactor. The current keyserver infrastructure seems to be vulnerable to a range of attacks by arbitrary malefactors: https://www.informatik.uni-hamburg.de/SVS/archiv/thesis/06-08-27-BT-Holst= -PGP-Key-Servers.pdf And some of these attacks (certainly not all) seem like they could be mitigated by a wider adoption of the kind of workflow we're discussing. > IMO the dilemma of > --no-ks-modify falls under the heading of "Accept the things I cannot > Change" & "Wisdom to know the difference." You may very well be right, but i'm not wise enough yet to see why this doesn't currently fall into "the courage to change the things i can". Can you help me understand why you think it's set in stone? --dkg --------------050207060100010707060203 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="signature.asc" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC45IChH TlUvTGludXgpCkNvbW1lbnQ6IFVzaW5nIEdudVBHIHdpdGggTW96aWxsYSAtIGh0dHA6Ly9l bmlnbWFpbC5tb3pkZXYub3JnCgppUUlWQXdVQlNqSHBjY3pTN1pUU0Z6bnBBUXFrc0JBQWgw WCtxM3dqSXVwOXJScFBhcmlsYVBVandLL25UVXF0ClVOYWNRMUlxMG9BYkExQzdBaE9QaE1u YVpWT085SXJocEduV2dsOFVaN0FyTURIc3NzU2UxdThqNzZ3QkdVdmUKcWdDakd1bDlhSmZH MGwxRU9rVjF2WEVOc2h2bW1ET29FdE85WVhvMTlmeDhUM2M1UG83ZWZBcEpFNGczM0d4UAp5 bFVzSVJQWFVXbVh6bGRYUlhEbTNpSmFobzhzQzdpaDBUekwxYXFOTmRrWGxkb3lpRzBOb3VS aXdGSG1nTXluCmpyUVIvcEhXOEoyczRKQk1waENYWEMvNkdXUWNJSjc2dk9aREhBL2ZWSk5V RDkyb3NIUEk0aGN3TXJmWDNqdzgKbWFPOXJ5WkZ5TUJmS0dHR21mWWlNYnRjRjBBN0x3eFNB YTU2YS82YlFhMEh2T0NUaWxLYXZVY1Fua05SYUlzNAp1K3hybHdMTTUxbHpIcEZjdWVvOWNB cG1hNHZoQVpVMGthUHBITC84S1hFdko2TExmcUxtRDFTajZjUWpOcjc4CmluUkJFZm9KajNL QnpPN241L1plNWNaZHZrRkk1Tys2MGhsNnlscUdiNThkdkVWMDlVdWdpQWVnbGdseDJleU0K cTFJS3lFaHVFTXJObGJmYWNyOEtHSU9HR2tQTjlwM1VLVnU5Z0thYWZQOE1zV0pGZm9sdW9C UmVvWm1meXpvZApKNWRGOWRkcnJ3ZU9BYUJhSVUyVVhuRkVsS0E4QzZCMk8zYWNMa2Q2YXZW ckVJVlFtS3E3anl2M0huaWNWeHhmCnZxZEpyam83dTFVRllFK1ZuTGVhWmsxSTA5NHFtWkdn WnRzczNmZGFzV3A0VURnNmZTWHBYSTJRVlhQSU54RjgKTjlYQmt0elFZWEk9Cj03U2kvCi0t LS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQoK --------------050207060100010707060203-- --------------enig38AF64C2410E015FF3749DB7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjJ4VszS7ZTSFznpAQpYHRAAjOIpwWy34WLDZq7xHcLCaSX71WcqlIjn O4vLZpfKiI6uM/x/KO1mVqeH4fGCIWxU3du6BMQLthSZemFL1oVenrBo7CoWemcD LxhN2QLYJG4ygGV0TORQWjQhlG6ygWZIAvo5POrBbL5O4XMmP3NKoHMEyncHL/Ec eNesch2uamah2AcGues5xoZkgDByvDQKsxr9PR5j/r9ArI2mYfw2Bfgh2GOKMAOR B9FV7Tqm6UxyCMSc+cNVdI6Wu3To6D0HytIRVfHSxWgbZCzuQKFX0v8HsCY3ngol HqWnFU+a+KPf08qOd1Di67Sor6cW3Jy/AAwJ8J+0IxxCG8/QVlk+XK0DupfGdbWl 1mOWmYfLN73fttsYWHcTtyrEOBd8LtGKFDt3U/NDK4bNyK00JGsH/RM1wfdbSjYp +bJ1o+wKjXfnIbLTq7pfktXN+eOs20+IohmxSdOf16jeRdBpsiDSl1ec4/ezi5AW 52rHGf20QAVC+GpT1Vp/Bw3lXPGCaz6J/ulx0iVEP/dqpMGmdTQobynftijwuzbx 1CpAULqjJmSGTQB5gr6CthEZNUtqxE3xUX1zJVXukcwP92n0hnmCaqW8+MZxO42t Mm9uk5ZM2LNTxyylsAqaftxWKi0Kk0MfP55iBJO9SMdaEeqYUBiTAalTTba4QFGu GFw2slukBng= =YO7O -----END PGP SIGNATURE----- --------------enig38AF64C2410E015FF3749DB7-- From owner-ietf-openpgp@mail.imc.org Fri Jun 12 09:39:32 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D00F3A67AF for ; Fri, 12 Jun 2009 09:39:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mENh1fQLpgd for ; Fri, 12 Jun 2009 09:39:31 -0700 (PDT) Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 5663D3A6928 for ; Fri, 12 Jun 2009 09:39:31 -0700 (PDT) Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CGS9kn009864 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 09:28:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CGS9Gg009863; Fri, 12 Jun 2009 09:28:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CGRvc9009851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 Jun 2009 09:28:08 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from dshaw.nasuni.net (wasabi.nasuni.net [65.202.22.178]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n5CGRtgX006819 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 12 Jun 2009 12:27:56 -0400 Cc: IETF OpenPGP Working Group Message-Id: <64BF8D07-421C-4630-884F-303F164ED985@jabberwocky.com> From: David Shaw To: "John W. Moore III" In-Reply-To: <4A31DF92.8010200@bellsouth.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: how to respect keyserver no-modify ? [was: Re: openpgplint] Date: Fri, 12 Jun 2009 12:27:55 -0400 References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> <4A31DF92.8010200@bellsouth.net> X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Jun 12, 2009, at 12:54 AM, John W. Moore III wrote: > Daniel Kahn Gillmor wrote: > >> Are there other proposed ways one could implement a keyserver which >> respects the intent of keyserver no-modify? > > Rather than attempt to introduce this much complexity into the > Keyserver > system [an impossibility] if such a scheme must be implemented then > simply introduce into the Key Generation Wizard the --keyserver > command > and then have the individual specify where they desire their Key to be > retrieved from. [Big Lumber, Personal Web page, etc.] Of course this > pre-supposes that all other Users have the --honor-keyserver-url > preference specified in gpg.conf or their Options file. [possibly > excluding PGP & other OpenPGP implementations] :-\ Note that "honor-keyserver-url" is enabled by default in GPG, and has been enabled by default since preferred keyserver URL support was added back in 2004. It's possible someone has turned it off, but this would be the exception, not the rule. PGP supports preferred keyservers as well, and as far as I know, they work more or less the same way they do in GPG: when refreshing a key with a preferred keyserver set, that keyserver is used. Preferred keyserver URLs don't really address the "find me a key" problem. They only address the "keep the key I've already found up to date" problem. David From jchriste@amis.com Sat Jun 13 21:42:34 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58F163A6BEA for ; Sat, 13 Jun 2009 21:42:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.621 X-Spam-Level: X-Spam-Status: No, score=-11.621 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_RELAY_NODNS=1.451, HELO_EQ_DE=0.35, HELO_MISMATCH_DE=1.448, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5PqrXSxKlSH for ; Sat, 13 Jun 2009 21:42:28 -0700 (PDT) Received: from allgaeuer-anzeigeblatt.de (unknown [189.238.32.83]) by core3.amsl.com (Postfix) with SMTP id DCE443A684C for ; Sat, 13 Jun 2009 21:42:20 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Pre-register info #396791 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090614044221.DCE443A684C@core3.amsl.com> Date: Sat, 13 Jun 2009 21:42:20 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 6, 98929 AZ Amsterdam, The Netherlands

From workdaysv2371@planete.qc.ca Sun Jun 14 11:18:26 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3E153A69D2; Sun, 14 Jun 2009 11:18:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -22.92 X-Spam-Level: X-Spam-Status: No, score=-22.92 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DIET_1=0.083, FH_HELO_ALMOST_IP=5.417, FH_HOST_ALMOST_IP=1.889, FS_WEIGHT_LOSS=2.134, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HELO_EQ_DSL_3=1.022, SARE_UNI=0.591, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eis2c55FxzxG; Sun, 14 Jun 2009 11:18:26 -0700 (PDT) Received: from dsl-247-228-205.telkomadsl.co.za (dsl-247-228-205.telkomadsl.co.za [41.247.228.205]) by core3.amsl.com (Postfix) with ESMTP id 353633A6910; Sun, 14 Jun 2009 11:18:11 -0700 (PDT) Date: Sun, 14 Jun 2009 20:16:01 +0200 Message-Id: From: ntdp@ietf.org To: ntdp@ietf.org Subject: important discovery for all man kind, acai berry weight loss try it free Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

View online version here: here

June 14, 2009

Forward

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 9, 56547 AZ Amsterdam, The Netherlands

From snoreppa1964@nagomi.ne.jp Thu Jun 18 14:09:59 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E00523A6A7F for ; Thu, 18 Jun 2009 14:09:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.232 X-Spam-Level: X-Spam-Status: No, score=-5.232 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_DHCP=1.398, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_CPE=0.5, HOST_EQ_CPE=0.979, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znC4cxic8G5u for ; Thu, 18 Jun 2009 14:09:53 -0700 (PDT) Received: from cpe-071-068-238-115.sc.res.rr.com (cpe-071-068-238-115.sc.res.rr.com [71.68.238.115]) by core3.amsl.com (Postfix) with ESMTP id 93EDC3A6A50 for ; Thu, 18 Jun 2009 14:09:49 -0700 (PDT) From: To: openpgp-archive@ietf.org Subject: For: openpgp-archive@ietf.org Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20090618210950.93EDC3A6A50@core3.amsl.com> Date: Thu, 18 Jun 2009 14:09:49 -0700 (PDT) suwyt

If you can't read this message from peyt , then Click Here.

You are receiving this e-mail because you subscribed to ourqic Featured Offers. qlab respects your privacy. Please read our online Privacy Statement.

If you would prefer to no longer receive this Featured Offer Newsletter, please click the “Unsubscribe” link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in jihy Featured Offers. This shall not constitute an offer by kaigq. jpinom shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice. To set your contact preferences for other oaioa communications, see the communications preferences section of the elawyt Privacy Statement.

©2009 bio | Unsubscribe | More Newsletters | Privacy

qxaxa Corporation, aokyxo Way, nihqy

From g.knobloch@georgegger.at Thu Jun 18 17:51:15 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E91B3A6A43; Thu, 18 Jun 2009 17:51:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.987 X-Spam-Level: X-Spam-Status: No, score=-30.987 tagged_above=-999 required=5 tests=[BAYES_80=2, DATE_IN_PAST_03_06=0.044, HELO_DYNAMIC_HCC=4.295, HOST_EQ_DHCP=1.295, INVALID_DATE=1.245, J_CHICKENPOX_32=0.6, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjP5TtmcqclR; Thu, 18 Jun 2009 17:51:14 -0700 (PDT) Received: from c152EBF51.dhcp.bluecom.no (c152EBF51.dhcp.bluecom.no [81.191.46.21]) by core3.amsl.com (Postfix) with SMTP id 96ABB3A6A36; Thu, 18 Jun 2009 17:51:03 -0700 (PDT) Date: Thu, 18 Jun 2009 20:51:16 -0500; From: "Ted Root" To: "Evangeline Gaines" Subject: show how filthy rich you are; Message-ID: Content-Type: text/plain; Content-Transfer-Encoding: 7Bit; Exclusive rep1ca watches collection http://www.ofetwmea.cn From ennios_2006@boccardsa.ch Thu Jun 18 23:27:08 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAC103A6A72 for ; Thu, 18 Jun 2009 23:27:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.395 X-Spam-Level: X-Spam-Status: No, score=-1.395 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_ALMOST_IP=5.417, FH_HOST_ALMOST_IP=1.889, FH_HOST_EQ_DYNAMICIP=2.177, GB_I_LETTER=-2, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_DYNAMIC=1.144, HTML_IMAGE_ONLY_28=1.561, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMz8aZPyyyAB for ; Thu, 18 Jun 2009 23:27:02 -0700 (PDT) Received: from 81.red-83-61-148.dynamicip.rima-tde.net (81.Red-83-61-148.dynamicIP.rima-tde.net [83.61.148.81]) by core3.amsl.com (Postfix) with ESMTP id 4BA803A6992 for ; Thu, 18 Jun 2009 23:27:00 -0700 (PDT) From: To: openpgp-archive@ietf.org Subject: For: openpgp-archive@ietf.org Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20090619062701.4BA803A6992@core3.amsl.com> Date: Thu, 18 Jun 2009 23:27:00 -0700 (PDT) ocqw

If you can't read this message from ytjbi , then Click Here.

You are receiving this e-mail because you subscribed to enii Featured Offers. ibor respects your privacy. Please read our online Privacy Statement.

If you would prefer to no longer receive this Featured Offer Newsletter, please click the “Unsubscribe” link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in azad Featured Offers. This shall not constitute an offer by zam. qhj shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice. To set your contact preferences for other ynuxjt communications, see the communications preferences section of the ogi Privacy Statement.

©2009 yovo | Unsubscribe | More Newsletters | Privacy

iqx Corporation, jwiesj Way, obeoc

From dsteeves@gmail.com Fri Jun 19 17:07:50 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5BB63A6AD0; Fri, 19 Jun 2009 17:07:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.917 X-Spam-Level: X-Spam-Status: No, score=-10.917 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DATE_IN_PAST_03_06=0.044, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_ROLEX=5, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DYNAMIC=1.144, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, INVALID_DATE=1.245, J_CHICKENPOX_33=0.6, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_SPEC_ROLEX=1.666, SARE_SPEC_ROLEX_ORD=2.222, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEZBOvLziO+z; Fri, 19 Jun 2009 17:07:50 -0700 (PDT) Received: from 93-120-167-162.dynamic.mts-nn.ru (93-120-167-162.dynamic.mts-nn.ru [93.120.167.162]) by core3.amsl.com (Postfix) with SMTP id A86C93A6452; Fri, 19 Jun 2009 17:07:40 -0700 (PDT) Date: Fri, 19 Jun 2009 20:08:03 -0500; From: "Sherry Finch" To: "Rita Blue" Subject: tag heuer rep watch for you; Message-ID: Content-Type: text/plain; Content-Transfer-Encoding: 7Bit; Be your own boss, order Your rolex rep1ica watch http://iqdiuque.cn From bsang52@empal.com Sat Jun 20 01:29:47 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CCD13A6A7D; Sat, 20 Jun 2009 01:29:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -26.33 X-Spam-Level: X-Spam-Status: No, score=-26.33 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DATE_IN_PAST_03_06=0.044, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, INVALID_DATE=1.245, J_CHICKENPOX_33=0.6, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCxBAAddwmj8; Sat, 20 Jun 2009 01:29:46 -0700 (PDT) Received: from ppp-58-9-199-49.revip2.asianet.co.th (ppp-58-9-199-49.revip2.asianet.co.th [58.9.199.49]) by core3.amsl.com (Postfix) with SMTP id BE5E23A67EF; Sat, 20 Jun 2009 01:29:20 -0700 (PDT) Date: Sat, 20 Jun 2009 04:29:43 -0500; From: "Everett Manning" To: "Trina Elkins" Subject: just show your tag heuer watch; Message-ID: <1sJjkhzlb1tko7njWgpQEvTDcalsch-archive@megatron.ietf.org> Content-Type: text/plain; Content-Transfer-Encoding: 7Bit; Huge choice of Rep1ica watches http://ihjjatue.cn From nlvlttcg@accomline.com Sat Jun 20 13:48:59 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74AA83A6CF1 for ; Sat, 20 Jun 2009 13:48:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.159 X-Spam-Level: X-Spam-Status: No, score=-16.159 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_I_INVITATION=-2, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09F41iAG8Ta9 for ; Sat, 20 Jun 2009 13:48:53 -0700 (PDT) Received: from port-60-234-108-102.orcon.net.nz (port-60-234-108-102.orcon.net.nz [60.234.108.102]) by core3.amsl.com (Postfix) with SMTP id A973D3A6B38 for ; Sat, 20 Jun 2009 13:48:39 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Invitation: 06 June From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090620204842.A973D3A6B38@core3.amsl.com> Date: Sat, 20 Jun 2009 13:48:39 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 3, 58020 AZ Amsterdam, The Netherlands

From melnychenko@amc.gov.ua Mon Jun 22 13:48:20 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BBFA3A6BAB for ; Mon, 22 Jun 2009 13:48:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.915 X-Spam-Level: *** X-Spam-Status: No, score=3.915 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HOST_EQ_BR=1.295, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HflYD8jV7B3a for ; Mon, 22 Jun 2009 13:48:14 -0700 (PDT) Received: from 201-66-208-218.paemt700.dsl.brasiltelecom.net.br (201-66-208-218.paemt700.dsl.brasiltelecom.net.br [201.66.208.218]) by core3.amsl.com (Postfix) with SMTP id 16FAD3A6A6A for ; Mon, 22 Jun 2009 13:48:08 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Pre-register info #267833 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090622204810.16FAD3A6A6A@core3.amsl.com> Date: Mon, 22 Jun 2009 13:48:08 -0700 (PDT)

Tell a friend | Download latest version

See this email as a webpage

Hello!


	Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Ottho Heldringstraat 4, 48020 AZ Amsterdam, The Netherlands

From bridgeportu1@meatplaza.com Tue Jun 23 10:35:47 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 205183A6EC1; Tue, 23 Jun 2009 10:35:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.35 X-Spam-Level: X-Spam-Status: No, score=-16.35 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, JOIN_MILLIONS=1.777, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MILLIONSOF=0.315, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLKVJPnDTjjV; Tue, 23 Jun 2009 10:35:46 -0700 (PDT) Received: from 189-55-15-117-nd.cpe.vivax.com.br (189-55-15-117-nd.cpe.vivax.com.br [189.55.15.117]) by core3.amsl.com (Postfix) with ESMTP id 2BA2F28C3CD; Tue, 23 Jun 2009 10:35:44 -0700 (PDT) Message-ID: <000d01c9f429$12aaa6e0$6400a8c0@bridgeportu1> From: idr@ietf.org To: Subject: It is easy to get started on your new life. Date: Tue, 23 Jun 2009 14:36:00 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9F429.12AAA6E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C9F429.12AAA6E0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable start your new life today with a a free trial of Acai FLush. Press this button =A0 Join millions of Acai Berry users but do it for Free =A0 Welcome =A0 =A0 best ragards Jefferson ------=_NextPart_000_0007_01C9F429.12AAA6E0 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable

start your new life today with a a free t= rial of Acai FLush.

Press this button

=A0

Join millions of Acai Berry users but do = it for Free

=A0

Welcome

=A0

=A0

best ragards Jefferson
= ------=_NextPart_000_0007_01C9F429.12AAA6E0-- From earnypa5@sardinianfood.net Tue Jun 23 20:46:24 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 817323A6B80; Tue, 23 Jun 2009 20:46:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -41.623 X-Spam-Level: X-Spam-Status: No, score=-41.623 tagged_above=-999 required=5 tests=[BAYES_95=3, GB_I_LETTER=-2, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HS_INDEX_PARAM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_SBL=20, URI_NOVOWEL=0.5, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woHUsB8x9685; Tue, 23 Jun 2009 20:46:23 -0700 (PDT) Received: from bl5-3-106.dsl.telepac.pt (bl4-182-116.dsl.telepac.pt [81.193.182.116]) by core3.amsl.com (Postfix) with ESMTP id 224973A6D46; Tue, 23 Jun 2009 20:46:21 -0700 (PDT) Date: Wed, 24 Jun 2009 04:46:28 +0000 Message-Id: From: ntdp@ietf.org To: ntdp@ietf.org Subject: natural powers will rejuvinate your health and looks, no cost trial Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

Unable to view this newsletter?

Its easy to look great with Acai Berry.

Press this button

Copyright 2009 Extd Visit us at our site

Member Profile Privacy Subscribe Unsubscribe

From melendeza@advancedmp.com Thu Jun 25 00:07:51 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C3D43A69DE for ; Thu, 25 Jun 2009 00:07:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -32.81 X-Spam-Level: X-Spam-Status: No, score=-32.81 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_DSL=1.129, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7kXcKBNkQYy for ; Thu, 25 Jun 2009 00:07:51 -0700 (PDT) Received: from adif9.neoplus.adsl.tpnet.pl (adif9.neoplus.adsl.tpnet.pl [79.184.187.9]) by core3.amsl.com (Postfix) with SMTP id AC4E13A6836 for ; Thu, 25 Jun 2009 00:07:49 -0700 (PDT) To: openpgp-archive@ietf.org Subject: CNN NEWS. From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090625070749.AC4E13A6836@core3.amsl.com> Date: Thu, 25 Jun 2009 00:07:49 -0700 (PDT) Jessica Alba Nude! The Dark Angel returns, but this time naked! Well, maybe not.
Jessica Alba nude is a fantasy for most straight men though. From omingo.tieger@alphalan.fr Thu Jun 25 00:40:52 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5C9C3A6D71 for ; Thu, 25 Jun 2009 00:40:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -38.806 X-Spam-Level: X-Spam-Status: No, score=-38.806 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_HTML_A_BODY=0.742, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAzqbCntDsN0 for ; Thu, 25 Jun 2009 00:40:52 -0700 (PDT) Received: from org.view.net.ua (org.view.net.ua [213.186.205.154]) by core3.amsl.com (Postfix) with SMTP id C885F3A6A36 for ; Thu, 25 Jun 2009 00:40:49 -0700 (PDT) To: openpgp-archive@ietf.org Subject: CNN NEWS. From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090625074050.C885F3A6A36@core3.amsl.com> Date: Thu, 25 Jun 2009 00:40:49 -0700 (PDT) Jessica Alba Nude! The Dark Angel returns, but this time naked! Well, maybe not.
Jessica Alba nude is a fantasy for most straight men though. From new@allwebsales.be Fri Jun 26 09:41:11 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CA7D3A6B92 for ; Fri, 26 Jun 2009 09:41:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -31.849 X-Spam-Level: X-Spam-Status: No, score=-31.849 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbK1racQT8LQ for ; Fri, 26 Jun 2009 09:41:04 -0700 (PDT) Received: from d83-176-135-164.cust.tele2.de (d83-176-135-164.cust.tele2.de [83.176.135.164]) by core3.amsl.com (Postfix) with SMTP id 8A40B3A6801 for ; Fri, 26 Jun 2009 09:40:54 -0700 (PDT) To: openpgp-archive@ietf.org Subject: BestBuy.com Deal of the Day From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090626164058.8A40B3A6801@core3.amsl.com> Date: Fri, 26 Jun 2009 09:40:54 -0700 (PDT)

Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy
Ottho Heldringstraat 1, 87109 AZ Amsterdam, The Netherlands

From jwebb@aisd.net Sat Jun 27 17:45:01 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C56073A6877 for ; Sat, 27 Jun 2009 17:45:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.082 X-Spam-Level: X-Spam-Status: No, score=-9.082 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_JP=1.244, HELO_EQ_NE_JP=1.244, HOST_EQ_JP=1.265, HOST_EQ_NE_JP=2.599, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZKTkVDn1CYv for ; Sat, 27 Jun 2009 17:44:55 -0700 (PDT) Received: from p2078-ipbf1105hodogaya.kanagawa.ocn.ne.jp (p2078-ipbf1105hodogaya.kanagawa.ocn.ne.jp [122.24.125.78]) by core3.amsl.com (Postfix) with SMTP id 356C03A6847 for ; Sat, 27 Jun 2009 17:44:53 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Your registration #564780 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090628004454.356C03A6847@core3.amsl.com> Date: Sat, 27 Jun 2009 17:44:53 -0700 (PDT)

Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy
Ottho Heldringstraat 2, 22614 AZ Amsterdam, The Netherlands

From disfigure2@rvc.cc.il.us Sun Jun 28 06:05:16 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3CA8C3A6867 for ; Sun, 28 Jun 2009 06:05:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -73.307 X-Spam-Level: X-Spam-Status: No, score=-73.307 tagged_above=-999 required=5 tests=[BAYES_95=3, DIET_1=0.083, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_IP_ADDR=1.119, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZXSMyIC4nps for ; Sun, 28 Jun 2009 06:05:15 -0700 (PDT) Received: from 177.24.119.70.cfl.res.rr.com (177.24.119.70.cfl.res.rr.com [70.119.24.177]) by core3.amsl.com (Postfix) with ESMTP id 0805E3A67F6 for ; Sun, 28 Jun 2009 06:05:14 -0700 (PDT) Date: Sun, 28 Jun 2009 09:03:12 -0500 Message-Id: From: openpgp-archive@ietf.org To: openpgp-archive@ietf.org Subject: your special someone will love your new body, try free Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

You're receiving this because you have subscribed to the Vjotut Mailinglist.
Having trouble reading this email? View it in your browser.

Add Acai Berry to your Diet. Lose weight Instantly.

Super tasty and Super Healthy , Try Acai FLush Now!

Click Here

This announcement has been sent to openpgp-archive@ietf.org because you have subscribed to the aax Mailinglist. If you're not interested in receiving these kinds of emails from us in the future, you can unsubscribe instantly.

From robed51@safebond.com Mon Jun 29 20:18:37 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F16528C1DF; Mon, 29 Jun 2009 20:18:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -66.52 X-Spam-Level: X-Spam-Status: No, score=-66.52 tagged_above=-999 required=5 tests=[BAYES_60=1, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, FM_SEX_HELODDDD=10.357, FM_SEX_HOSTDDDD=10.357, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_VERIZON_POOL=1.495, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuP8ZbRmfSR3; Mon, 29 Jun 2009 20:18:36 -0700 (PDT) Received: from pool-98-111-157-44.phlapa.east.verizon.net (pool-98-111-157-44.phlapa.east.verizon.net [98.111.157.44]) by core3.amsl.com (Postfix) with ESMTP id 6532D28C131; Mon, 29 Jun 2009 20:18:33 -0700 (PDT) Date: Mon, 29 Jun 2009 23:18:52 -0500 Message-Id: From: nsis@ietf.org To: nsis@ietf.org Subject: live the active liefestyle you always wanted with Acai Berry. Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit MIME-Version: 1.0

If you experience difficulty viewing this message, you can view it in your browser.

eNews

June 2009

Acai Berry is your ticket to a slim sexy new you.

enter here

Update your details | Unsubscribe or edit options
Please forward this eNewsletter to a friends
From kgirishd@alsuwaidi.com.sa Tue Jun 30 11:08:33 2009 Return-Path: X-Original-To: ietfarch-openpgp-archive@core3.amsl.com Delivered-To: ietfarch-openpgp-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12A6F3A6EA6 for ; Tue, 30 Jun 2009 11:08:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -8.289 X-Spam-Level: X-Spam-Status: No, score=-8.289 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_UNI=0.591, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olRE1LC1xBKX for ; Tue, 30 Jun 2009 11:08:32 -0700 (PDT) Received: from c-98-210-175-95.hsd1.ca.comcast.net (c-98-210-175-95.hsd1.ca.comcast.net [98.210.175.95]) by core3.amsl.com (Postfix) with SMTP id 322E73A6E86 for ; Tue, 30 Jun 2009 11:08:30 -0700 (PDT) To: openpgp-archive@ietf.org Subject: Pre-register info #458470 From: openpgp-archive@ietf.org MIME-Version: 1.0 Importance: High Content-Type: text/html Message-Id: <20090630180831.322E73A6E86@core3.amsl.com> Date: Tue, 30 Jun 2009 11:08:30 -0700 (PDT)

Tell a friend | Download latest version See this email as a webpage

Hello!

Shipped Privately And Discreetly To Your Door!

We want to put a great big grin on your face in 2009. You'll be to rejoice all year.

Unsubscribe | Lost Password | Account Settings | Help | Terms of Service | Privacy
Ottho Heldringstraat 5, 68084 AZ Amsterdam, The Netherlands

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CGS9kn009864 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 09:28:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CGS9Gg009863; Fri, 12 Jun 2009 09:28:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CGRvc9009851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 Jun 2009 09:28:08 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from dshaw.nasuni.net (wasabi.nasuni.net [65.202.22.178]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n5CGRtgX006819 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 12 Jun 2009 12:27:56 -0400 Cc: IETF OpenPGP Working Group Message-Id: <64BF8D07-421C-4630-884F-303F164ED985@jabberwocky.com> From: David Shaw To: "John W. Moore III" In-Reply-To: <4A31DF92.8010200@bellsouth.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: how to respect keyserver no-modify ? [was: Re: openpgplint] Date: Fri, 12 Jun 2009 12:27:55 -0400 References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> <4A31DF92.8010200@bellsouth.net> X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Jun 12, 2009, at 12:54 AM, John W. Moore III wrote: > Daniel Kahn Gillmor wrote: > >> Are there other proposed ways one could implement a keyserver which >> respects the intent of keyserver no-modify? > > Rather than attempt to introduce this much complexity into the > Keyserver > system [an impossibility] if such a scheme must be implemented then > simply introduce into the Key Generation Wizard the --keyserver > command > and then have the individual specify where they desire their Key to be > retrieved from. [Big Lumber, Personal Web page, etc.] Of course this > pre-supposes that all other Users have the --honor-keyserver-url > preference specified in gpg.conf or their Options file. [possibly > excluding PGP & other OpenPGP implementations] :-\ Note that "honor-keyserver-url" is enabled by default in GPG, and has been enabled by default since preferred keyserver URL support was added back in 2004. It's possible someone has turned it off, but this would be the exception, not the rule. PGP supports preferred keyservers as well, and as far as I know, they work more or less the same way they do in GPG: when refreshing a key with a preferred keyserver set, that keyserver is used. Preferred keyserver URLs don't really address the "find me a key" problem. They only address the "keep the key I've already found up to date" problem. David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CFkiwr006401 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CFkiGf006400; Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5CFkXkV006386 for ; Fri, 12 Jun 2009 08:46:44 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 39906 invoked from network); 12 Jun 2009 15:46:32 -0000 Received: from 216.254.70.154 (HELO ?192.168.23.207?) (216.254.70.154) by relay01.pair.com with SMTP; 12 Jun 2009 15:46:32 -0000 X-pair-Authenticated: 216.254.70.154 Message-ID: <4A327855.1040801@fifthhorseman.net> Date: Fri, 12 Jun 2009 11:46:29 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> <4A31DF92.8010200@bellsouth.net> In-Reply-To: <4A31DF92.8010200@bellsouth.net> X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9; url=http://fifthhorseman.net/dkg.gpg Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig38AF64C2410E015FF3749DB7" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig38AF64C2410E015FF3749DB7 Content-Type: multipart/mixed; boundary="------------050207060100010707060203" This is a multi-part message in MIME format. --------------050207060100010707060203 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/12/2009 12:54 AM, John W. Moore III wrote: > Rather than attempt to introduce this much complexity into the Keyserve= r > system [an impossibility] if such a scheme must be implemented then > simply introduce into the Key Generation Wizard the --keyserver command= > and then have the individual specify where they desire their Key to be > retrieved from. [Big Lumber, Personal Web page, etc.] Of course this > pre-supposes that all other Users have the --honor-keyserver-url > preference specified in gpg.conf or their Options file. [possibly > excluding PGP & other OpenPGP implementations] :-\ I think maybe we're thinking of different threats; it would be useful to have a redundant set of keyservers that would be "pollution-resistant", at least for keys which have specified that they prefer to be propagated that way. setting keyserver-url only provides redundancy if you point it to a replicating keyserver; but if you point it to a generic replicating keyserver, you lose the pollution-resistance that a privately maintained key file gives you. > The bottom line is that it is too late to re-invent the Keyserver > System/Network for Key distribution. Really? I'm not suggesting that a change like this could be done quickly, but it does seem like the infrastructure can change. For example, SKS didn't even exist when RFC 2440 came out (and included the no-modify flag for keyserver preferences), but it is now arguably the dominant keyserver using a novel synchronization protocol, and under active development. What makes you say it's too late to make changes? > Sufficient tools exist already to > mitigate 'Key pollution' from Keyservers=20 i'm glad to hear it! What tools do you suggest we use? > but education of the User Base > in proper implementation is sorely lacking. Are you suggesting that the tools we have require every single user to behave responsibly in order to avoid keyserver pollution? in that case, the problem seems like it lies in the tools or the protocols, not in the user base. There will always be one incompetent or malicious user who will abuse the tools. It would be good to ensure that two parties who are both competent and non-malicious could use the tools without interference by an arbitrary malefactor. The current keyserver infrastructure seems to be vulnerable to a range of attacks by arbitrary malefactors: https://www.informatik.uni-hamburg.de/SVS/archiv/thesis/06-08-27-BT-Holst= -PGP-Key-Servers.pdf And some of these attacks (certainly not all) seem like they could be mitigated by a wider adoption of the kind of workflow we're discussing. > IMO the dilemma of > --no-ks-modify falls under the heading of "Accept the things I cannot > Change" & "Wisdom to know the difference." You may very well be right, but i'm not wise enough yet to see why this doesn't currently fall into "the courage to change the things i can". Can you help me understand why you think it's set in stone? --dkg --------------050207060100010707060203 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="signature.asc" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEuNC45IChH TlUvTGludXgpCkNvbW1lbnQ6IFVzaW5nIEdudVBHIHdpdGggTW96aWxsYSAtIGh0dHA6Ly9l bmlnbWFpbC5tb3pkZXYub3JnCgppUUlWQXdVQlNqSHBjY3pTN1pUU0Z6bnBBUXFrc0JBQWgw WCtxM3dqSXVwOXJScFBhcmlsYVBVandLL25UVXF0ClVOYWNRMUlxMG9BYkExQzdBaE9QaE1u YVpWT085SXJocEduV2dsOFVaN0FyTURIc3NzU2UxdThqNzZ3QkdVdmUKcWdDakd1bDlhSmZH MGwxRU9rVjF2WEVOc2h2bW1ET29FdE85WVhvMTlmeDhUM2M1UG83ZWZBcEpFNGczM0d4UAp5 bFVzSVJQWFVXbVh6bGRYUlhEbTNpSmFobzhzQzdpaDBUekwxYXFOTmRrWGxkb3lpRzBOb3VS aXdGSG1nTXluCmpyUVIvcEhXOEoyczRKQk1waENYWEMvNkdXUWNJSjc2dk9aREhBL2ZWSk5V RDkyb3NIUEk0aGN3TXJmWDNqdzgKbWFPOXJ5WkZ5TUJmS0dHR21mWWlNYnRjRjBBN0x3eFNB YTU2YS82YlFhMEh2T0NUaWxLYXZVY1Fua05SYUlzNAp1K3hybHdMTTUxbHpIcEZjdWVvOWNB cG1hNHZoQVpVMGthUHBITC84S1hFdko2TExmcUxtRDFTajZjUWpOcjc4CmluUkJFZm9KajNL QnpPN241L1plNWNaZHZrRkk1Tys2MGhsNnlscUdiNThkdkVWMDlVdWdpQWVnbGdseDJleU0K cTFJS3lFaHVFTXJObGJmYWNyOEtHSU9HR2tQTjlwM1VLVnU5Z0thYWZQOE1zV0pGZm9sdW9C UmVvWm1meXpvZApKNWRGOWRkcnJ3ZU9BYUJhSVUyVVhuRkVsS0E4QzZCMk8zYWNMa2Q2YXZW ckVJVlFtS3E3anl2M0huaWNWeHhmCnZxZEpyam83dTFVRllFK1ZuTGVhWmsxSTA5NHFtWkdn WnRzczNmZGFzV3A0VURnNmZTWHBYSTJRVlhQSU54RjgKTjlYQmt0elFZWEk9Cj03U2kvCi0t LS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQoK --------------050207060100010707060203-- --------------enig38AF64C2410E015FF3749DB7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjJ4VszS7ZTSFznpAQpYHRAAjOIpwWy34WLDZq7xHcLCaSX71WcqlIjn O4vLZpfKiI6uM/x/KO1mVqeH4fGCIWxU3du6BMQLthSZemFL1oVenrBo7CoWemcD LxhN2QLYJG4ygGV0TORQWjQhlG6ygWZIAvo5POrBbL5O4XMmP3NKoHMEyncHL/Ec eNesch2uamah2AcGues5xoZkgDByvDQKsxr9PR5j/r9ArI2mYfw2Bfgh2GOKMAOR B9FV7Tqm6UxyCMSc+cNVdI6Wu3To6D0HytIRVfHSxWgbZCzuQKFX0v8HsCY3ngol HqWnFU+a+KPf08qOd1Di67Sor6cW3Jy/AAwJ8J+0IxxCG8/QVlk+XK0DupfGdbWl 1mOWmYfLN73fttsYWHcTtyrEOBd8LtGKFDt3U/NDK4bNyK00JGsH/RM1wfdbSjYp +bJ1o+wKjXfnIbLTq7pfktXN+eOs20+IohmxSdOf16jeRdBpsiDSl1ec4/ezi5AW 52rHGf20QAVC+GpT1Vp/Bw3lXPGCaz6J/ulx0iVEP/dqpMGmdTQobynftijwuzbx 1CpAULqjJmSGTQB5gr6CthEZNUtqxE3xUX1zJVXukcwP92n0hnmCaqW8+MZxO42t Mm9uk5ZM2LNTxyylsAqaftxWKi0Kk0MfP55iBJO9SMdaEeqYUBiTAalTTba4QFGu GFw2slukBng= =YO7O -----END PGP SIGNATURE----- --------------enig38AF64C2410E015FF3749DB7-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CAJi7H086950 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Jun 2009 03:19:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5CAJiYZ086949; Fri, 12 Jun 2009 03:19:44 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5CAJgnj086940 for ; Fri, 12 Jun 2009 03:19:43 -0700 (MST) (envelope-from dacrick@gmail.com) Received: by fxm11 with SMTP id 11so205234fxm.10 for ; Fri, 12 Jun 2009 03:19:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=QpRdLgpIA9246FONbR+ih4A63qPhcl0JWS2P+pXpUtA=; b=hK5zQbtrkn/34z2gUor0gpcelLupkYXSEqD8T3APBRTyRiyqooOaO6jL+Cm8Q1YuLK ofal/YpEtGoI1kIBcPgddGyrB0/Up4cMXd/xy3wpHhlXArN6hCP/3oHPscYGYMU5ya7M yhg5veCMJP0lz4gP4MAd7RUPL9UopXCLn+trA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ON2gDUlqKEtzWXT2I7/UCamleYLdmqofBxZYvjm3XGcswRnRUJc9uoQk+Pv22BSQK1 2etlJHVMwNazRqbJfh6w0LotGWll51ogkZtSbbxP7fDO4z24vdf07V9iELWYQVdEoBnc 6ntk4lOIaT7xIrNrQrb403C5CLgKSYcYCrU4Y= MIME-Version: 1.0 Received: by 10.204.67.66 with SMTP id q2mr3464030bki.161.1244801981678; Fri, 12 Jun 2009 03:19:41 -0700 (PDT) In-Reply-To: <4A31BA19.5010905@fifthhorseman.net> References: <4A31BA19.5010905@fifthhorseman.net> Date: Fri, 12 Jun 2009 11:19:41 +0100 Message-ID: <117bad160906120319j5c445675vfc046902065ad823@mail.gmail.com> Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today From: David Crick To: Daniel Kahn Gillmor Cc: IETF OpenPGP Working Group Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, Jun 12, 2009 at 3:14 AM, Daniel Kahn Gillmor wrote: > [subkey-encryption] > =A0There should be at least one properly-bound, non-expired, non-revoked > subkey marked for use with encrypted communications and/or storage. No, we need to allow primary key only "signature" keys > [subkey-encryption-type] > [subkey-encryption-size] > [subkey-encryption-binding-strong-digest] all N/A if key is primary only > [subkey-encryption-binding-expiration] > =A0The most recent binding signature for each encryption-capable subkey > should have an expiration date no more than 5 years in the future (or > maybe 5 years from key creation?). I would say that this - as well as the primary key expiry checking - is a "recommendation" only. I fully agree with keys having expiration times, and even that there might be grounds for there being an *application*-level default for one, but I *also* agree that people should be free not to have one set. Your primary key "guideline" (if I may now refer to it as such) of 10 years seems sensible. I feel that the encryption one is more arbitrary, although I agree with your premise that there could/should be shorter life-times for encryption sub keys. I think there are certain differences of compliance and/or usage when discussing OpenPGP: 1. the RFC 2. "best practises" - what I think you're aiming for 3. application-level defaults 4. What the user/organisation wants to do Note, that's not (necessarily) a hierarchy, some may overlap, and point 4 may not necessarily agree or comply with any of the other three. > [wot-published] may not apply > [wot-other-sig] > [wot-other-sig-strong-digest] may be within a closed and/or offline set of users, but they certainly apply as sub-ideals if the key *is* wot-published as above. > What other tests would you do? =A0which of the above tests do you think i= s > bad or wrong? =A0What improvements would you make? =A0Any suggestions for > other situation profiles to consider? > > A failure of each test could be associated with help text or > instructions about how to address the concern using a particular > OpenPGP-compliant tool. =A0Perhaps specific failures or specific tests > could be ranked for each situation as well (e.g. critical, bad, warning, > pedantic). =A0Suggestions for help text (either generic for a test, or fo= r > a specific tool for a test) would also be welcome. > > > Thanks for any feedback you might have, > > =A0 =A0 =A0 =A0--dkg This actually all reminds me a bit of the early "HTML verifiers" - and indeed would still apply to the WWW today, with its various forms of HTML compliance (or not!). The W3C brought out a verification tool, which eventually was taken over and maintained by an outside party (it's called "HTML tidy" from memory). At first this tool was highly useful, but after a while it became *so* pedantic that it became useless in practise. I'm all for a "best practises" document (that would have to evolve over time), which people of course would be allowed to deviate from. I think this sort "on the ground consensus" would be a more real-world reflection of the RFC, and at the same time would have a two-way relationship between the defaults in ["desktop"(?)] OpenPGP applications (e.g. PGP, GnuPG). Just my thoughts. Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C5f7vQ072499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 22:41:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C5f7AV072498; Thu, 11 Jun 2009 22:41:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C5etGd072484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 22:41:06 -0700 (MST) (envelope-from dfranke@feanor.dfranke.us) Received: from adsl-99-185-244-26.dsl.pltn13.sbcglobal.net ([99.185.244.26] helo=feanor.dfranke.us) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1MEzVX-0003OY-EV for ietf-openpgp@imc.org; Fri, 12 Jun 2009 05:40:55 +0000 Received: by feanor.dfranke.us (Postfix, from userid 1000) id DB02C2D63EB; Thu, 11 Jun 2009 22:40:51 -0700 (PDT) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 99.185.244.26 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX186t5mb74t0U62hEQXgfUJo DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dfranke.us; s=default; t=1244785251; bh=AjEXV91UBv1TwKuTtQaotFkNQnLt7HWUXeCvVQXozSI=; h=From:To:Subject:References:Date:In-Reply-To:Message-ID: MIME-Version:Content-Type; b=fftBAZ9vPxbCE7xkagf+xdty9PGcCziCUAMUO truFwRJksW57LB1zQMUBVKJm6b0isJ6FNbJJ6OWYsjb8VIi7IKtkJ8wAUhyeRm1kxml SMyNZK4KWPhQHBXS52vfJPC57sb1q0cemKuyHTfA9AHJXP48VIbTilsGEi6jhJ+G89q 0sOw+shIr6M2gGQYcJjFoMof2e/x9vpK6oO+vrJutINOkBm9MtaGqL61aUXGRS7rXBa OWBnhW/300H9TEVTIStBkq3VjRAtesANtEskA02kUgrDjYtre93+c3KMtBq54qyvD8s 87BfZlw+aKdhtEoJPGTPjhtiOedmRPPevCIjg== From: Daniel Franke To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> X-Hashcash: 1:26:090612:ietf-openpgp@imc.org::fbyIZhIvKPych0WS:00000000000000000000000000000000000000000GqNN Date: Thu, 11 Jun 2009 22:40:51 -0700 In-Reply-To: <4A31DA92.7000402@fifthhorseman.net> (sfid-20090611_21395_1621E0E3) (Daniel Kahn Gillmor's message of "Fri, 12 Jun 2009 00:33:22 -0400") Message-ID: <87y6ryuhzw.fsf@feanor.dfranke.us> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Kahn Gillmor writes: > Should we try to address this? What would it mean to make this flag > meaningful? Say a keyserver decided to try to respect it: how would it > do so? Since, as you note, the keyserver admin has the ability to tamper with public keys regardless, I don't see wisdom in trying to securely enforce the semantics of ks-no-modify. I think a better and simpler approach would be to check it client-side: prompt the user for confirmation if he tries to upload [modifications to] a public key for which ks-no-modify is set and for which the correspond private key is not in his keyring. -- Daniel Franke df@dfranke.us http://www.dfranke.us |----| =|\ \\\\ || * | -|-\--------- Man is free at the instant he wants to be. -----| =| \ /// --Voltaire Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4svj3070019 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 21:54:57 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C4svlH070018; Thu, 11 Jun 2009 21:54:57 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from fmailhost05.isp.att.net (fmailhost05.isp.att.net [207.115.11.55]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4skk0070008 for ; Thu, 11 Jun 2009 21:54:56 -0700 (MST) (envelope-from jmoore3rd@bellsouth.net) DKIM-Signature: v=1; q=dns/txt; d=bellsouth.net; s=dkim01; i=jmoore3rd@bellsouth.net; a=rsa-sha256; c=relaxed/relaxed; t=1244782486; h=Content-Type:In-Reply-To:References:Subject:To: MIME-Version:From:Date:Message-ID; bh=LGMbOy2WfUcJqvoPRqKuf5OOXfJPz QLFtEOWMOAS2tw=; b=P5cgU5+3O4tzhuexPw1422SCEscSv+UHAEijvsnFd4FmhdlA E1na3rshbmUNZxxHCgSMi3uNMK4Ax/VSs54B1g== Received: from [192.168.1.96] (adsl-176-68-190.asm.bellsouth.net[74.176.68.190]) by isp.att.net (frfwmhc05) with ESMTP id <20090612045445H0500qeve8e>; Fri, 12 Jun 2009 04:54:45 +0000 X-Originating-IP: [74.176.68.190] Message-ID: <4A31DF92.8010200@bellsouth.net> Date: Fri, 12 Jun 2009 00:54:42 -0400 From: "John W. Moore III" Organization: Gossamer Spider Web of Trust User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090611 Lightning/0.9 Thunderbird/2.0.0.22pre Mnenhy/0.7.6.0 MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: how to respect keyserver no-modify ? [was: Re: openpgplint] References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> <4A31DA92.7000402@fifthhorseman.net> In-Reply-To: <4A31DA92.7000402@fifthhorseman.net> X-Enigmail-Version: 0.96b OpenPGP: id=80B42B0F; url=http://tinyurl.com/8cpho Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig9966962E1BA8B07F914CFB3A" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9966962E1BA8B07F914CFB3A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Daniel Kahn Gillmor wrote: > Are there other proposed ways one could implement a keyserver which > respects the intent of keyserver no-modify? Rather than attempt to introduce this much complexity into the Keyserver system [an impossibility] if such a scheme must be implemented then simply introduce into the Key Generation Wizard the --keyserver command and then have the individual specify where they desire their Key to be retrieved from. [Big Lumber, Personal Web page, etc.] Of course this pre-supposes that all other Users have the --honor-keyserver-url preference specified in gpg.conf or their Options file. [possibly excluding PGP & other OpenPGP implementations] :-\ The bottom line is that it is too late to re-invent the Keyserver System/Network for Key distribution. Sufficient tools exist already to mitigate 'Key pollution' from Keyservers but education of the User Base in proper implementation is sorely lacking. IMO the dilemma of --no-ks-modify falls under the heading of "Accept the things I cannot Change" & "Wisdom to know the difference." JOHN :-\ Timestamp: Friday 12 Jun 2009, 00:53 --400 (Eastern Daylight Time) --------------enig9966962E1BA8B07F914CFB3A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn5042: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKMd+SAAoJEBCGy9eAtCsP/7wIAJYKV2VCYJay6ORGvYvcK9jN do7eEtc80cz0u8iXneM6v4N2J8vujo34VS0qoipYhm7bwySkG7G3y6t43IAy/mfX AB95nNStFHQqwHFMLa6G+W4yAddbV+KYHUDNY5WvGdIYRaOnAlnYWqIxjRqN3KBA mxHIblHe4DujD14s/Urzp0ZTp+y4wy7KKqTj253EEcOAJPwEj5fEazkpXaEmdwes DqBVla5oV5WUbwdQG1PUAwZYNLnSAr3WimH1eFIS0Mw6uKBZd/9YnB/Z2X5i+XWA llgGi0Zxdmv+RKteYrw3kSCQGarM5FpE35oCT8MdZ+asrjiTW830k+q8UTwWKy0= =OTrM -----END PGP SIGNATURE----- --------------enig9966962E1BA8B07F914CFB3A-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C4Y0Co069360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 21:34:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C4Y0JI069359; Thu, 11 Jun 2009 21:34:00 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C4Xntm069349 for ; Thu, 11 Jun 2009 21:33:59 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 78094 invoked from network); 12 Jun 2009 04:33:45 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay02.pair.com with SMTP; 12 Jun 2009 04:33:45 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31DA92.7000402@fifthhorseman.net> Date: Fri, 12 Jun 2009 00:33:22 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: how to respect keyserver no-modify ? [was: Re: openpgplint] References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA38797289E0C0497241873A8" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA38797289E0C0497241873A8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Over in ietf-openpgp@imc.org on 06/11/2009 11:56 PM, David Shaw wrote: > The keyserver no-modify flag is effectively a no-op. GPG lets you set > or unset it, but since no keyserver actually looks at it, the flag isn'= t > all that useful. Should we try to address this? What would it mean to make this flag meaningful? Say a keyserver decided to try to respect it: how would it do so? let's assume that key server admin can directly tamper with the key store, and not worry about that part of the RFC directly. That leaves us with: how does the keyserver know that it was being updated by the key holder? One approach would be to use OpenPGP client-side certificates (with authentication flag set?) for an RFC 5081-compliant TLS connection to the keyserver. This seems far-fetched with the current state of tools. It also wouldn't cleanly address keyserver propagation (only the initial keyserver received and could verify the TLS connections). Alternately, a keyserver could only append signatures to a key/uid marked "no-modify" if the new signature arriving is itself wrapped in a 0x50-style "third-party confirmation" signature, where the "third-party" is in fact the original keyholder (the "third party" =3D=3D the "first party", if you will). Then the workflow for adding certifications to a key in the public keyservers might look like: * Alice publishes her key (with the keyserver-no-modify flag set) to the public keyservers. they accept the primary key, user ID, and self-sig because the self-sig is validated by the primary key. * Alice shows Bob her key fingerprint and her identification. * Bob fetches Alice's key from the keyserver, verifies the fingerprint and user ID, and signs the UID+key, creating signature X. * Bob tries to post X to the public keyservers, but they reject it because the key is set no-modify. Bob's client offers to mail X directly to Alice instead, and he lets it do so. * Alice receives X, looks it over, verifies that it was properly made by Bob, and decides that she wants to publish it. * Alice creates a 0x50 "third-party" certification over X, creating Y. * Alice feeds Y to the keyservers, who verify that her signature is attributed to the key being signed by X, so they accept X. * when the keyservers propagate new signatures, they propagate not only X, but Y, allowing other keyservers to verify that X is acceptable to the original keyholder. It seems that an architecture like this (if it was the standard for keyservers) could prevent a lot of bogus signatures from accumulating on a given key, and could nicely prevent the kind of denial of service attacks that are possible against a key by loading up millions of bgus certifications on that key. Are there other proposed ways one could implement a keyserver which respects the intent of keyserver no-modify? --dkg --------------enigA38797289E0C0497241873A8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjHamMzS7ZTSFznpAQrIjBAAlMNrZtzyjOkI05/tLZ91talAB3eT/WQA NNZ2GccQi5mrYEKr7RIHWQHP4manE5pUeBZrPpk98hL78Wc7uwjB76JYzFlx/OxY 8x3CO+0viync6IYV6aJ6+9OIlBsTwqPo7fp9Ec9Pqk2IAC0DzOmaT23Ln0EO5+lp svHvJNHYFgGcd7S7G94cLoo6eElYDbhCdWjNiCZPixWqeD/DMowRQV71WtD0Zx4y uQsM2CQE8bFc79EFsiH74jkyzUJv0R4saEVBZ7ysgL4YaD6n4yRK8+h7myb5Xown uJypJbr0ivrQVJrP/mI+bmcDvONxTKeKqAZsJR0jToLpJxPyIAZ8MI1rRtO8y8ln qBr0JP1RGyfg5/RyG33UM25o85Nlyg5u47dV7pv5IcQ+AUi0uaP2XS/cdFcUeK+i lLDAZhB1xTa0njSgYHGMKqcM6WdDgg+RsAtsUkfytxGauOA971jWxj9y0JNzBLU8 p+rbwSig/sWwbXuvX87strIvNljdoMzJilzvCU7tU+B94zo8+4nGFSDhp9/NbS2X 6rT6+ZPf6RRUN0c1qUQKUivHRv0nv1126psRBPGeIIu2pm6f9l9opRnYjSbUz2+6 7146zhUJaHyC82y+Hz2MBDbQ8ou8vG8aPWmP1qYFDTrSJ/WsG4KDWnjSoiLvncUH mGmTKEqr+GU= =AdaB -----END PGP SIGNATURE----- --------------enigA38797289E0C0497241873A8-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3v77E067479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 20:57:08 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C3v7Jh067478; Thu, 11 Jun 2009 20:57:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3uuH1067466 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 20:57:07 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n5C3utA5001273 for ; Thu, 11 Jun 2009 23:56:55 -0400 Message-Id: From: David Shaw To: IETF OpenPGP Working Group In-Reply-To: <4A31C94C.2000008@fifthhorseman.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today Date: Thu, 11 Jun 2009 23:56:55 -0400 References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> <4A31C94C.2000008@fifthhorseman.net> X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Jun 11, 2009, at 11:19 PM, Daniel Kahn Gillmor wrote: > I should note that i'm a bit confused about the keyserver-no-modify > flag. recent versions of GPG seem to set it by default. But the > spec says: > > http://tools.ietf.org/html/rfc4880#section-5.2.3.17 > > the key holder requests that this key only be modified or > updated > by the key holder or an administrator of the key server. > > And yet, i can upload gpg-created keys to keyservers with no warnings > (whether or not i hold the secret key) and the keyservers accept them > anyway. The keyserver no-modify flag is effectively a no-op. GPG lets you set or unset it, but since no keyserver actually looks at it, the flag isn't all that useful. David Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C3Joj6065989 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 20:19:50 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C3Jn0J065988; Thu, 11 Jun 2009 20:19:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C3JmW5065981 for ; Thu, 11 Jun 2009 20:19:49 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 73044 invoked from network); 12 Jun 2009 03:19:48 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay01.pair.com with SMTP; 12 Jun 2009 03:19:48 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31C94C.2000008@fifthhorseman.net> Date: Thu, 11 Jun 2009 23:19:40 -0400 From: Daniel Kahn Gillmor Reply-To: IETF OpenPGP Working Group User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today References: <4A31BA19.5010905@fifthhorseman.net> <873aa6w4ce.fsf@feanor.dfranke.us> In-Reply-To: <873aa6w4ce.fsf@feanor.dfranke.us> X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigE003C9B51021878112973C12" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE003C9B51021878112973C12 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks for the feedback, Daniel. On 06/11/2009 10:52 PM, Daniel Franke wrote: > Daniel Kahn Gillmor writes: >=20 >> [selfsig-primary] >> The most recent self-sig over the User ID identified in [valid-uid] >> should be marked as the primary User ID. >=20 > This expectation doesn't make sense. I have multiple IDs representing > my personal and work addresses. My primary address is my personal one,= > but I've had it longer than I've had my current, hence this ID is not > the newest. Right; this test checks for the most recent self-sig *over the given uid*, not the self-sig over the most recent uid. My intent with the "most recent" terminology was to acknowledge this clause in RFC 4880 (in section 5.2.3.3): An implementation that encounters multiple self-signatures on the same object may resolve the ambiguity in any way it sees fit, but it is RECOMMENDED that priority be given to the most recent self- signature. I've probably phrased it poorly; suggestions for how to rephrase it? >> [wot-published] >> The key and associated [valid-uid] and [subkey-encryption] (and thei= r >> most recent binding signatures) should be visible from keyservers in t= he >> current Web of Trust (maybe this would be a network check against the >> SKS pool?). >=20 > Many people have no wish to have their key on public keyservers; there'= s > even a flag you can set (no-ks-modify) to request that others not uploa= d > it. Some people might only use PGP among a small, well-delineated grou= p > and exchange keys by sneakernet. Also, from when I ran a keyserver a > few years back, I'm fairly sure I remember seeing logs of it being > perused by spammers. True, there are many people who do not their keys on public keyservers. Should this be represented as a different situation than the normal case? Or would it be OK to this issue "pedantic", and include the detail about why some folks might prefer to avoid it in the explanation? =46rom the perspective of being able to find a trust path to an third party through mutual acquaintances, it seems advantageous to encourage people to publish to the WoT. But there are downsides, as you say, such as spammers and social/transactional surveillance by third parties. I should note that i'm a bit confused about the keyserver-no-modify flag. recent versions of GPG seem to set it by default. But the spec sa= ys: http://tools.ietf.org/html/rfc4880#section-5.2.3.17 the key holder requests that this key only be modified or updated by the key holder or an administrator of the key server. And yet, i can upload gpg-created keys to keyservers with no warnings (whether or not i hold the secret key) and the keyservers accept them anyway. How is the keyserver supposed to tell who is making the upload? Or are clients expected to interpret this flag, and behave honorably with it? is gnupg behaving poorly? Should i have to override something to force such a key into the keyservers? --dkg --------------enigE003C9B51021878112973C12 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjHJUczS7ZTSFznpAQr8bg/+OCfkoL56RwCJY9YZuJLqyVh1UjOtk5Pn UT0BLOrtu27ZM+ihGGtLHuel2/D6hx6B2NR3ntzqHyhkBq95vseyGo7vV4NV24E2 O1kJRpDXc1WbYYiRZL6WFkufcQS5zWlNbPFY/Ei5Vam4DFBXd/dOKuD9Kn2YBCk5 rYphbhu2hEicLT6wPAXAip5kEhPkid14Sjq+3DcZWG0GfuCrs66XxnIpqWNLZSDx JFY8akPQDyRKYyZ5USVveBrhphYOdrhY893+rdeCqXCB2N/h4/HskIw6SkFACvwD DwUy1wgrVd/gpM89Een1WwUV8CNS/Tr4NzQ/p0PqvCpAdkz3XPdPxLbp7ZxLWDpn TIOcSkIqxwYHnLHtqQQyWHwC3HjuzM+CAINLzc+CrrNKVJOsZboRs7aEvBHTYuvx UkCwxnKqQCl+bGNF31zOmqEEohBrk29s1ytbJKT8WzIMychvv+hiIG0hyAt1xbfM GhM1Mg3BlbcXl+uzZSgCDJQzwRkMJf7vajODix/xUz4WzRYDGpl6cbDXqThAyvs3 9UDOMPx+DP5kOUm/alAqEySkqYuKcphXsF3nGTJUZp5yIPy/NT9SXutJZza6TKZt c99B0+n9sND0C3oXpsZ1vpzNLEG0n9cH4bHVKtsfE7Tx6pdFNAzZzVsCQn775+LD LqzpzApesCk= =IcgO -----END PGP SIGNATURE----- --------------enigE003C9B51021878112973C12-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2r7bY064621 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C2r74b064620; Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2qrCE064603 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Jun 2009 19:53:07 -0700 (MST) (envelope-from dfranke@feanor.dfranke.us) Received: from adsl-99-185-244-26.dsl.pltn13.sbcglobal.net ([99.185.244.26] helo=feanor.dfranke.us) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from ) id 1MEwsv-000DcM-1F; Fri, 12 Jun 2009 02:52:53 +0000 Received: by feanor.dfranke.us (Postfix, from userid 1000) id 443982D63EB; Thu, 11 Jun 2009 19:52:49 -0700 (PDT) X-Mail-Handler: MailHop Outbound by DynDNS X-Originating-IP: 99.185.244.26 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX198dp7dJ+Zw/0K+jIOwF/Q2 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dfranke.us; s=default; t=1244775169; bh=U87Q4aIJa5dX4mPUaapUbJ7mRMdxrMvKZWvDsDU4J8w=; h=From:To:Cc:Subject:References:Date:In-Reply-To:Message-ID: MIME-Version:Content-Type; b=oAkF+VpuMCXYDtxxPsYnti9Tr8M04xRYAF7mh VntqWFGgomZ12EOrPk8DGjgqaiXegm5hOVCI7iMKQaE9F1bEjAF5yFH8qyv3Db89O44 a/TNpm26Lm8O/XPdhqmQ40Hz58HXapZNQkAeVklk8FTnzRQmmhn2hAQksc0r88zDvOT Eh6VPFwiizkC9Dwr2PQ7vm/spkaS5XmfhtsOITlEbYulWTybAOjwMyleeV0zuXeitWp L+UJsufIoAzlDeCHGydoNZKs5Y4KU1RT32IWHgo3CIXbFiUmmQgmXObHknJ3gCO/EbH jWSjACiZGe2olaijBHNZ3Q0WBYnf9G4d+cMAQ== From: Daniel Franke To: Daniel Kahn Gillmor Cc: IETF OpenPGP Working Group Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today References: <4A31BA19.5010905@fifthhorseman.net> X-Hashcash: 1:26:090612:dkg@fifthhorseman.net::9dJu0191HtlkAi6J:00000000000000000000000000000000000000000+bs X-Hashcash: 1:26:090612:ietf-openpgp@imc.org::U1ci30/8jYiZt3MI:00000000000000000000000000000000000000001IDqn Date: Thu, 11 Jun 2009 19:52:49 -0700 In-Reply-To: <4A31BA19.5010905@fifthhorseman.net> (sfid-20090611_19231_D5F99169) (Daniel Kahn Gillmor's message of "Thu, 11 Jun 2009 22:14:49 -0400") Message-ID: <873aa6w4ce.fsf@feanor.dfranke.us> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Kahn Gillmor writes: > [selfsig-primary] > The most recent self-sig over the User ID identified in [valid-uid] > should be marked as the primary User ID. This expectation doesn't make sense. I have multiple IDs representing my personal and work addresses. My primary address is my personal one, but I've had it longer than I've had my current, hence this ID is not the newest. > [wot-published] > The key and associated [valid-uid] and [subkey-encryption] (and their > most recent binding signatures) should be visible from keyservers in the > current Web of Trust (maybe this would be a network check against the > SKS pool?). Many people have no wish to have their key on public keyservers; there's even a flag you can set (no-ks-modify) to request that others not upload it. Some people might only use PGP among a small, well-delineated group and exchange keys by sneakernet. Also, from when I ran a keyserver a few years back, I'm fairly sure I remember seeing logs of it being perused by spammers. -- Daniel Franke df@dfranke.us http://www.dfranke.us |----| =|\ \\\\ || * | -|-\--------- Man is free at the instant he wants to be. -----| =| \ /// --Voltaire Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n5C2FB65063165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Jun 2009 19:15:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n5C2FB8c063164; Thu, 11 Jun 2009 19:15:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n5C2F0BG063147 for ; Thu, 11 Jun 2009 19:15:10 -0700 (MST) (envelope-from dkg@fifthhorseman.net) Received: (qmail 63791 invoked from network); 12 Jun 2009 02:14:58 -0000 Received: from 216.254.116.241 (HELO ?192.168.13.75?) (216.254.116.241) by relay01.pair.com with SMTP; 12 Jun 2009 02:14:58 -0000 X-pair-Authenticated: 216.254.116.241 Message-ID: <4A31BA19.5010905@fifthhorseman.net> Date: Thu, 11 Jun 2009 22:14:49 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: IETF OpenPGP Working Group Subject: openpgplint: encouraging best practices for OpenPGP keys today X-Enigmail-Version: 0.95.7 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig4AF5005E42E5756B979B7A5C" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4AF5005E42E5756B979B7A5C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi OpenPGP folks-- Between the recent SHA-1 development, MD5 attacks against other PKI infrastructure, advances in computing power, and various nuances of the protocol, it has occurred to me that most users of OpenPGP could probably use some help in determining ways to increase the security of their keys. Following the model of lint [0], it occurred to me that it might be nice to have a tool that scans an openpgp key and suggests changes or options that the keyholder might want to consider. I'm calling this (entirely hypothetical) tool "openpgplint" at the moment. I'm aware one size does not fit all, and different situations warrant different configurations. But maybe there's a way to present a comprehensible range of situations, and then offer a series of realizable best-practices recommendations to users based on their choice of situation. So i'm hoping to create a list of (a) typical situations where openpgp keys are used, and (b) best practices for keyholders in those situations. If i can assemble something that looks reasonably useful, i'd be willing to write some code to implement the checks. Some checks might require network access -- i assume that those checks could be easily disabled by any automated tool, if a user wants privacy. Suggestions and criticism are both welcome! Here's a proposal for defining a well-secured, OpenPGP key that seems reasonable for use by an individual communicating with other people with modern OpenPGP clients over the next 3 years, as i understand the situation (for reference, test names in preceding brackets): [v4key] The key should in OpenPGPv4 format [key-type] The primary key should be either DSA or RSA [key-size] The primary key should have at least 2048 bits. [valid-uid] The key should have at least one valid, non-expired, non-revoked User ID in an RFC-822-compliant e-mail address form. (maybe a network check to see that mail can be delivered for the domain in question at least?). [selfsig-strong-digest] The most recent self-sig over each user ID should be made over a digest from the SHA-2 family (SHA224, SHA256, SHA384, or SHA512). [selfsig-expiration] The most recent self-sig over each user ID should include an expiration date no more than 10 years in the future (or maybe 10 years from key creation?). [selfsig-strong-digest-advertisement] The most recent self-sig over each User ID should list preferred digest algorithms including at least one digest from the SHA-2 family. [selfsig-primary] The most recent self-sig over the User ID identified in [valid-uid] should be marked as the primary User ID. [self-sig-usage-sign-and-certify] The most recent self-sig over each User ID should indicate that the primary key is usable only for signing and/or certification. [subkey-encryption] There should be at least one properly-bound, non-expired, non-revoked subkey marked for use with encrypted communications and/or storage. [subkey-encryption-type] All encryption-capable subkeys should be either RSA or ElGamal. [subkey-encryption-size] All encryption-capable subkeys should be at least 2048 bits. [subkey-encryption-binding-strong-digest] The most recent binding signature for each encryption-capable subkey should use a digest algorithm from the SHA-2 family. [subkey-encryption-binding-expiration] The most recent binding signature for each encryption-capable subkey should have an expiration date no more than 5 years in the future (or maybe 5 years from key creation?). [wot-published] The key and associated [valid-uid] and [subkey-encryption] (and their most recent binding signatures) should be visible from keyservers in the current Web of Trust (maybe this would be a network check against the SKS pool?). [wot-other-sig] The UID specified by [valid-uid] should be certified by at least one other key also visible in the public WoT (another network check?). [wot-other-sig-strong-digest] At least one certification meeting the criteria for [wot-other-sig] should be made over a digest from the SHA-2 family. What other tests would you do? which of the above tests do you think is bad or wrong? What improvements would you make? Any suggestions for other situation profiles to consider? A failure of each test could be associated with help text or instructions about how to address the concern using a particular OpenPGP-compliant tool. Perhaps specific failures or specific tests could be ranked for each situation as well (e.g. critical, bad, warning, pedantic). Suggestions for help text (either generic for a test, or for a specific tool for a test) would also be welcome. Thanks for any feedback you might have, --dkg [0] http://en.wikipedia.org/wiki/Lint_programming_tool --------------enig4AF5005E42E5756B979B7A5C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSjG6H8zS7ZTSFznpAQpG2A//dYF08e3hfPLn1w4EJtup4Vg02x/O8qph jEmmGLlbP1U8VyL2PS43mIKP2WkAi0M2cb3btOv5tmaHgYOBJv4uMCYgRwnvHgdD FYQutCLS7KGKjvnEKDt78/DS2Tuu4zXrz7QfwQAmXz3QQ0WHqg6txdTGEBb6rXIj XYZYWoVCAaATqZWrvZRclWuCRHJnc8/ecGmCmMlpw3inaKNoSxjqtgyRRuw9AKer VcGEz+Icj0CWGVDyYtKKcrxEkH0OwGDTiwDJLzQUhcGzybB7zzVxmuF8tTzL3PeR oPuOVkACVfgokN1O6dZc26o5CGmY3EOnp2KF3bHAXhdifYS5wX2XtCwsxoNYYO8N rfRWTXGnlS4+BL8LPj/jkAqqJQpSjRSNmf5qCg8YMc/+O3lz2EFzo7xBROZYmglo dxlTjbiicNPs50QvG075mUz/AZbZhdPQCR21S8N5VXNBcZ9vjmzBlkcTXimY7yu/ roVZjiUiG/Lr+6/f88T/bjRltz2pN6bu7F+D5AVQRrsEEi6wrkrc1mhGNvQzdf5L 2KwXa+wUrQQsIcD/ukqygeA8HlZiDMAUj+ZC+L+e+TKPcLRifSQ6dVCAamVJWIpU BboX+kBJgDHP1RQXlZfGH8y6JgpGVmcooKrQ+Yz28jVXU3Nk+7VcBriGmIIEqLzf IlPFf9BhqIU= =FZy/ -----END PGP SIGNATURE----- --------------enig4AF5005E42E5756B979B7A5C-- Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n54CqG2l046538 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 4 Jun 2009 05:52:17 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n54CqG5Z046537; Thu, 4 Jun 2009 05:52:16 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org) X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n54Cq5Jh046528 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 4 Jun 2009 05:52:16 -0700 (MST) (envelope-from dshaw@jabberwocky.com) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) by walrus.jabberwocky.com (8.14.3/8.14.3) with ESMTP id n54Cq4EK011301 for ; Thu, 4 Jun 2009 08:52:04 -0400 Message-Id: <270EC2A8-DF10-49DA-A990-B9B1AD5FBE50@jabberwocky.com> From: David Shaw To: IETF OpenPGP Working Group Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Camellia for OpenPGP RFC published Date: Thu, 4 Jun 2009 08:52:04 -0400 X-Mailer: Apple Mail (2.935.3) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: A new Request for Comments is now available in online RFC libraries. RFC 5581 Title: The Camellia Cipher in OpenPGP Author: D. Shaw Status: Informational Date: June 2009 Mailbox: dshaw@jabberwocky.com Pages: 3 Characters: 5129 Updates: RFC4880 I-D Tag: draft-ietf-openpgp-camellia-04.txt URL: http://www.rfc-editor.org/rfc/rfc5581.txt This document presents the necessary information to use the Camellia symmetric block cipher in the OpenPGP protocol. This memo provides information for the Internet community. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.