Domain: g10code.com
Stories and comments across the archive that link to g10code.com.
Comments · 8
-
Re:FOSS Funding
He does sell support.
Evidently that's not gone well. With things like this and OpenSSL the whole FOSS funding model really is being shown to not be viable, even now that OpenSSL was found to be so buggy and under-resourced it is now being funded mostly by proprietary vendors.
How can people still keep trying to sell the FOSS model under the guise of viability when it is proven to not be so outside of a few enterprise edge cases?
-
Re:FOSS Funding
Can't he just sell support or something? Isn't there supposed to be viable funding models for FOSS projects?
He does sell support.
However, I suspect he's been offered many contracts and never knew about them:
Please do not send any attachments with ZIP files or any HTML in it. They are all silently discarded. Note, that this includes messages send as plain text plus HTML.
There is something I'd like to do with GPG that isn't a standard yet. I'll have to remember to scrutinize Thunderbird's settings before sending him a solicitation.
-
Re:Dump SSL / Certificate-based Security
Endpoint weakness is also important, and a good point. There are cryptographic tokens, but GPG realistically doesn't support them (I've tried), so one would have to use the commercial version of Symantec's product to generate/store/use tokens. However, tokens do provide a security increase since the key never leaves the device, and the device does the signing/decryption.
What I'd like to see is an "open source" cryptographic token that can work with gpg. This way, the worst an attacker can do is intercept the token's PIN and generate a bogus signature, but the key material is kept secure regardless.
The OpenPGP smartcard was developed by the primary developer of GnuPG. Pretty much any smartcard reader will work without issues -- I have an SCR355 reader for my desktop (it was plug-and-play on Windows and Linux) and the built-in reader in my Lenovo laptop and both work fine.
There's also the GPF Crypto Stick, which is the same smartcard in a USB token form factor. I also have one, and it works well (though I prefer the card form factor as cards fit in my wallet better).
-
Re:A collision in a 32 bit key space? Unpossible!
The a commenter in the bug report explains the importance of this:
Even when you give gpg a long key-id (or even the full fingerprint) the program (which has no "plans for a new release") truncates and uses the short key-id.
So even if you say "gpg, look up this [long key-id]" it truncates silently.
See an example here:
https://bugs.g10code.com/gnupg/msg4026 -
i am + STEED
... and while i won't go as far as signing this comment (i admire the dedication folks, but really...), i try to use it as much as possible. I have done PGP trainings for the masses (see this and this, in french) and I'm doing my best to strenghten the web of trust.
I am also very curious to see where the STEED project leads us, it looks like a nice way to popularize PGP.
-
Re:Encrypt your email
I'm about 20 hours into an encryption client, and I've already got people using it. I initially wanted to use GPG, but realized that most technophobes won't go for a command line application. So I pulled out FLUID (the FLTK design utility) and had a prototype working within hours.
I'm all with you, and would also like to send and receive encrypted e-mails from my friends and family. However, how do you solve these issues:
* How do you decrypt at an Internet cafe running a closed down system, or on your mobile phone browser. How do you get your private key there?
* How do you get most of your friends and family to register and send encrypted e-mails with their Hotmail and Gmail accounts?
There are several GUIs for PGP and GPG, but that still does not solve the problems above: Enigmail for Thunderbird, GpgOL for Outlook and more. However, I have seen none that integrates with browser e-mail. A Greesmonkey plugin or something like that would be nice (although, I don't know if it would be secure). -
Rumor mill
The developers are working on it slowly now, although one is arranging to get funds to work on it a substantial fraction of his time.
Interesting. Which developer is hoping to get funding? Is it one of the current Hurd contributors like Marcus Brinkmann, Neal Walfield, Ognyan Kulev or Michael Banck? What would they want to work on? The port to L4? Who's sponsoring him? Is it the g10code people? They've collected donations for Hurd development in the past. How close is this to happening? I haven't seen anything on the hurd mailing lists (although I unsubscribed a year ago when they became 95+% spam).Please include you rampant unsubstantiated speculations below.
-
Compiling Gaim MSN plugin properlyIn order to compile Gaim 0.71 and greater the best library to install is GNUTls. I compile all my programs from source and got GUNTls to work with the MSN plugin. In order to install GNUTls you need the following libraries:
libgcrypt-1.1.43
libpgp-error-0.5 (libgcrypt requires it).
opencdk-0.5.1 (This is required for the proper compilation of gnutls, since it doesn't properly check for the --no-opengpg flag in the configure script).
gnutls-0.9.90 (This version is reuired for the proper handshaking in the Gaim MSN plugin).I know that also had to change some of the source code of gaim-0.71 (specifically file plugins/ssl/ssl-gnutls.c), since some of the functions in libgcrypt-1.1.43 had changed the number of parameters. The extra parameter is a size_t of the size of the buffer being passed. The older version of libgcrypt had done a sizeof inside the function, but now require the coder to supply the function with the size. I did this by passing the sizeof of the buffer to the function as a parameter.
The reason I went through all this is because the Gaim plugin would not handshake with GNUTls-0.8.11 because of a capability not being installed for certificate checking, which is found in 0.9.90, but 0.9.90 requires the libgcrypt-0.1.43 library. I am sending this post to the Gaim maintainers to let them know about the extra parameter needed to use the 0.9.90 GNUTls library.
After all this I got the handshaking to work (I checked the debug code for Gaim), and am happily able to log on MSN properly.