Sender | Message | Time |
---|---|---|
23 May 2024 | ||
andrewg | In reply to @Valodim:stratum0.orgIMO we should specify the desired behaviour in HKP v1, and leave the current behaviour as a legacy mode. | 08:16:13 |
Valodim | that will soon also be standardized behavior :) https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#section-10.1.3 | 08:18:32 |
andrewg | for v6 only! | 08:42:41 |
Valodim | it's a MUST there, but it's allowed for v4 | 08:44:16 |
andrewg | "allowed" is probably not strong enough | 08:45:55 |
Valodim | what matters in that regard is that it's not allowed in librepgp | 08:46:19 |
Valodim | werner flip flopped on this change a couple of times. it was in the last version of rfc4880bis since it was part of derek atkins' device certificates draft that was merged. but he removed it again later when it became associated with hagrid. I think it was actually in there during most of the T4393 discussion 🤷 | 08:53:18 |
heiko | In reply to @Valodim:stratum0.orggnupg is certainly going out of its way to declare loudly that it's extremely disinterested in considering anyone else's design ideas or preferences. which is sad. | 08:53:41 |
Valodim | andrewg: so what is hockeypuck's position on librepgp and v6 support these days? will you just wait it out? | 08:55:07 |
Valodim | glad to see btw that the user deletion and replacement mechanisms are deprecated, they just never made sense in the way it was implemented | 09:05:44 |
andrewg | I plan to support both, it should be easy enough given that proton already support both in their go-crypto fork. However I may implement v4 PQC first, depending on demand from clients. | 09:23:48 |
andrewg | * I plan to support both, it should be easy enough given that proton already support both in their go-crypto fork. However I may implement v4 PQC first, depending on demand from client implementations. | 09:29:03 |
vanitasvitae | Do you happen to know, whether there are EdDSALegay keys over curve448 floating around? Its not specified in either rfc4880, C-R nor LibrePGP, yet I found some support for this in BC and am now wondering whether completing support for it might be a good/bad idea. | 09:58:24 |
vanitasvitae | Meh, ofcooooourse LibrePGP defines such keys -.- | 11:51:55 |
heiko | I'd expect that some versions of gpg could produce them, at least on git main (already half a decade or so ago). It might be interesting to check if any releases can make them, with some combination of "expert" options 🤷 | 12:01:19 |
Aroop Roelofs | In reply to @heiko:mtrx.hkos.cloudNice, makes it a lot easier to get my keys out instead of having to tell people to use a specific server. :') | 15:11:31 |
24 May 2024 | ||
Valodim | yeah, people love to micromanage stuff like that | 06:55:33 |
ForeverNoob | In reply to @finlaydag33k:finlaydag33k.nl Yep. Luckily not all of them. It's amazing how GPG is one of the very few pieces of software (maybe even the only one) that the more I learn about the more confused I get.
I think from now on I'm just going to make a directory, set | 23:46:28 |
25 May 2024 | ||
Aroop Roelofs | In reply to @forevernoob:matrix.org Public keys can be derived from them again (in theory), just not easily. Personally, I'd call upon the might revocation certificate (if you made one) and start with a new key pair, having learned your lessons about backups. :') | 00:01:16 |
ForeverNoob | In reply to @finlaydag33k:finlaydag33k.nlBut if one of the inputs is literally a timestamp, then how can one possibly derive a pubkey unless you exactly know the timestamp or are fine with brute-forcing it? I haven't had to use those revocation certs yet but if I'm not mistaken the revocation certs are also inside the relevant $GNUPGHOME , right? | 00:08:52 |
Aroop Roelofs | In reply to @forevernoob:matrix.org I do not know where revocation certs are stored. regarding the timestamp bit: That's why I said in theory. XD Basically I treat my | 00:12:29 |
Aroop Roelofs | In reply to @forevernoob:matrix.org* I do not know where revocation certs are stored. regarding the timestamp bit: That's why I said in theory. XD Basically I treat my | 00:12:48 |
ForeverNoob | In reply to @finlaydag33k:finlaydag33k.nlHeh ok that kind of makes sense. But instead of backing the privkey, pubkey and revocert separately, wouldn't backing up the entire $GNUPGHOME also just work? | 00:15:17 |
Aroop Roelofs | According to the documentation:
It should in theory be enough to backup these (hint: Have someone more knowledgeable confirm or deny my statement) but I just like to do things manually that way because that way, I can be sure I didn't screw up. | 00:22:10 |
ForeverNoob | That's an odd thing to make legacy. AFAIK the .kbx isn't even ASCII armored. Almost all of the tutorials I've come across so far refer to those legacy files :/ | 00:25:35 |
andrewg | Ascii armor and traditional binary keyring files scale very badly; they’re OK as a transfer format but not as an on-disk database because they aren’t efficiently searchable | 00:29:37 |
ForeverNoob | Ah I see, I guess that make sense. So if scalability is the only issue, would that mean that the legacy ASCII armored .gpg systems still exist in the future or will they be obsoleted and phased out? | 00:35:13 |
ForeverNoob | * Ah I see, I guess that make sense. So if scalability is the only issue, would that mean that the legacy ASCII armored .gpg systems will still exist in the future or will they be obsoleted and phased out? | 00:35:28 |
andrewg | No, they won’t because they’re the only ones with an official specification. | 00:36:50 |
ForeverNoob | Oh that's good to hear. That means those tutorials would still be valid in the future 👍️ | 00:45:06 |