TID: FMail-lnx64 2.1.0.18-B20170815
RFC-X-No-Archive: Yes
TZUTC: 0100
CHRS: UTF-8 2
PID: GED+LNX 1.1.5-b20161221
MSGID: 2:280/464 5e0f7e8d
REPLY: 2:221/360.0 5e0f69ce
Hi August,
On 2020-01-03 18:20:39, you wrote to me:
WvV>> I can now verify your message had a correct signature made with
WvV>> this key:
WvV>> wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
WvV>> 5789589B: public key "August Abolins
WvV>> " imported gpg: Total number
WvV>> processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5
AA> Cool! I still have to learn how to do that here.
This was done by hand. I exported the message from golded to a file. Imported
the key from it, and then did the verify as the commands show...
AA> I have used the pgp signing process in the long ago past, but now and
AA> I am rusty and have only begun figuring out "the process" to use in
AA> this new environment.
There are configuration lines in my golded config to do gpg/pgp functions, but
I can't remember when I last used them. Maybe never...
AA> I like the Enigmail/OpenPGP integration in Thunderbird.
AA> When pgp first came out found, I found it fascinating.
Me too.
AA> I immediately wondered why *wouldn't* anyone want to use it on a
AA> regular basic for email exchanges.
And in fidonet some systems wouldn't allow encrypted routed netmail messages to
pass their systems... I remember there was a lot of discussion going on about
that at the time.
AA> I think my old public key is still out there. (I have not really
AA> looked for it though. I don't remember the servers I used.)
Afaik most key-servers are connected to each other these days, and exchange
keys on a regular basis. So if your key is out there, it might be "everywhere".
;)
When I search for "abolins" on my (default) key-server it finds 27 keys as old
as from 1994. But none include a mention of "august".
AA> The private key is probably still on a 3½ diskette, somewhere.
I have a lot of them still around (mainly Amiga formatted). Haven't tried them
in a few decades, and it would surprise me if they are still readable. ;)
WvV>> The trust thing is sort of an issue. I can't just sign your key
WvV>> (technically I could of course), because I can't verify it's
WvV>> really you. Anyone could login to Tommy's nntp server
WvV>> as 'August Abolins'. and "fake" email addresses are also easy
WvV>> to create/get. And since you are not a node we can't even
WvV>> exchange some crash netmails...
AA> Well.. there *is* the email clue above. ;) A few email exchanges, and
the
AA> analysis of the headers could be one way to get confidence whether the
AA> email I claim to use above is really me or suspicious.
It would establish some trust I suppose. ;)
It would have helped if we already had email exchanges before this conversation
about keys though! ;)
AA> There is still a trust issue in this whole process for sure. At least
AA> one other person who could actually vouch that I am who I am would be
AA> needed.
That would help!
AA> W.r.t nntp, another "August Abolins" could come from many different
AA> outside systems. True. But since registering on Tommi's system
AA> requires human intervention, I don't think he would permit another me
AA> to register on his system with exactly the same FN LN. So, technically
AA> you could be confident that once you grab my public key from here,
AA> future correspondences are from "the August Abolins originally seen on
AA> Tommi's system." ? :)
AA> As a minimum, if Tommi were to sign my key, (since my messages are
AA> originating on *his* system, and we can be sure that he's the *real deal*
AA> operating his *own* system, and I had to be registered manually to have
AA> access) then that would be a nice vote of confidence.
That would help. I already have Tommi's key(s):
wilfred@wilnux5:~/tmp> gpg -kv koivula
gpg: using PGP trust model
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
gpg: NOTE: signature key 2442E762 expired di 03 dec 2019 11:00:00 CET
pub 1024R/2442E762 2015-11-20 [revoked: 2019-12-02]
uid [ revoked] Tommi Koivula
uid [ revoked] Tommi Koivula
uid [ revoked] Tommi Koivula
sub 1024R/B8627807 2015-11-20 [revoked: 2019-12-02]
gpg: can't handle public key algorithm 22
gpg: can't handle public key algorithm 18
pub 4096R/56CDF35B 2017-10-27 [revoked: 2019-12-29]
uid [ revoked] Tommi Koivula
uid [ revoked] Tommi Koivula
uid [ revoked] Tommi Koivula
sub 4096R/3ECEC94C 2017-10-27 [revoked: 2019-12-29]
pub 4096R/B1F9FF53 2017-06-16 [expires: 2023-09-10]
uid [ unknown] Tommi Koivula <0405009611@koivula.iki.fi>
uid [ revoked] Tommi Koivula
uid [ unknown] Tommi Koivula
uid [ unknown] Tommi Koivula <0407680500@koivula.iki.fi>
uid [ revoked] Tommi Koivula
sub 4096R/7289F937 2017-06-16 [expires: 2023-09-10]
And I can already exchange (crash) netmail with him on a secure binkp
connection (we have a link).
AA> There is another verification process I can suggest. I'll cover that
AA> later. And maybe I'll encrypt that message!
Cliffhanger! ;)
Bye, Wilfred.
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)
SEEN-BY: 1/123 15/0 2 19/36 34/999 90/1 104/115 106/201 114/224 702
SEEN-BY: 114/705 706 116/18 120/331 123/140 128/2 73 187 253 153/7715
SEEN-BY: 218/700 222/2 227/114 229/426 1014 230/150 152 240/1120 5832
SEEN-BY: 249/206 307 317 400 250/1 261/38 100 266/512 267/155 275/100
SEEN-BY: 280/464 282/1031 1056 291/1 111 292/854 298/25 305/1 3 310/2
SEEN-BY: 312/2 317/3 320/119 219 322/757 340/400 342/13 200 396/45
SEEN-BY: 640/1321 712/848 801/161 189 2320/105 3005/1 3634/12 5020/1042
PATH: 280/464 2452/250 240/1120 261/38 15/0 317/3 229/426
|
