From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CC52D1384B4 for ; Tue, 29 Dec 2015 15:02:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D0E2221C02B; Tue, 29 Dec 2015 15:02:44 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D504621C004 for ; Tue, 29 Dec 2015 15:02:41 +0000 (UTC) Received: from [172.31.99.93] (static-108-46-66-100.nycmny.fios.verizon.net [108.46.66.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: blueknight) by smtp.gentoo.org (Postfix) with ESMTPSA id A3AFF34070F for ; Tue, 29 Dec 2015 15:02:40 +0000 (UTC) Subject: Re: [gentoo-dev] [RFC] New project: Crypto To: gentoo-dev@lists.gentoo.org References: <5655EBF0.9000804@gentoo.org> <56560A11.8030700@gentoo.org> <56561851.2020900@gentoo.org> <20151228014934.e94250f4670cde139dbc7867@gentoo.org> <21A8380F-6010-4CDD-8DEF-02FA11217D21@gentoo.org> <20151228145813.40343a43@symphony.aura-online.co.uk> <9AB9A178-B4A1-4493-A3A4-0B3A855E603F@gentoo.org> From: Yury German Message-ID: <5682A085.1020102@gentoo.org> Date: Tue, 29 Dec 2015 10:02:29 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <9AB9A178-B4A1-4493-A3A4-0B3A855E603F@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GbAti9JNtQsnSCTFhFUnv8pknpncQPgxs" X-Archives-Salt: a63d3397-78f1-486b-900e-528921155698 X-Archives-Hash: bf8457da7819e73abb90d4d53309249f This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GbAti9JNtQsnSCTFhFUnv8pknpncQPgxs Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable I have talked to the YubiKey people at a few shows (BlackHat), and they told me that they are looking at Bluetooth key store. To work with iPad and Android. That would be great, but the problem is programs that can use that. On 12/28/15 10:07 AM, Kristian Fiskerstrand wrote: >=20 >=20 > [Sent from my iPad, as it is not a secured device there are no cryptogr= aphic keys on this device, meaning this message is sent without an OpenPG= P signature. In general you should *not* rely on any information sent ove= r such an unsecure channel, if you find any information controversial or = un-expected send a response and request a signed confirmation] >=20 >> On 28 Dec 2015, at 15:58, James Le Cuirot wrote: >> >> On Mon, 28 Dec 2015 09:42:40 -0500 >> Rich Freeman wrote: >>> >=20 > .. >=20 >>> And this would be why I don't bother to sign my emails any longer. >>> The FOSS world is still stuck in the days when people ran X11-based >>> MUAs and stored their mail in conventional folders. I've yet to see = a >>> decent browser-based MUA or Android client which does signing. >>> Squirrelmail does, but it is really lacking compared to something lik= e >>> Gmail. >> >> I haven't tried the feature myself but K9 Mail, which is highly >> regarded, does it via APG on Android. >=20 >=20 > iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things = happening with OpenKeychain (https://www.openkeychain.org/k-9/ ) in that = regard. We actually discussed it a bit during last OpenPGP summit in zuri= ch.=20 >=20 > The main issue is key storage, though. For signatures you can use a ded= icated signing subkey, however you get in problem with encrypted emails a= s mobile devices are not really secure devices and should never have cryp= tographic material. What could work in this case is a NFC (or for that ma= tter bluetooth, although it needs to be properly paired etc etc) channel = with a separate device with a separate keychain and display so you can ve= rify the request, and never actually expose private key material to the c= ellphone. >=20 > In the mean time I just include the notice whenever I don't sign, at le= ast some people notice it and gives it another thought. >=20 --=20 --GbAti9JNtQsnSCTFhFUnv8pknpncQPgxs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWgqCMAAoJEDkRiObnjK1yxuQIAKxK40UgdmkP8Xrgnv4s/Av2 g6DhaofwAPqnhAc9IRmJ54MjZz14bnHszzm1dMSqDdfmXXxC++WIOEf+Xb0+U37z /CUP5SASsMQfYbjNFv0k2sFrGW7Mhw134zrBFRsYL8eEwk/xdwG82BsRvQ6/2N06 ZCD5AEoy3x6TEWoaglKQloGB60vTfFLum83HPbP1CCnl1L0Uhe3vc2mZJwBmFOuE 0Fly07ce12kJrXheaoq5amExg7AVZCaOtCluI+DIvm6zefhK4YcLIgOVMO2bM2eV RE+rrcB+TtQZj0SqBKPVPpe+YTyzPLiZghvTiCGXmR8w71So7W6iOI/rMjtKe6g= =U82f -----END PGP SIGNATURE----- --GbAti9JNtQsnSCTFhFUnv8pknpncQPgxs--