Subject: CAcert Code Development list.
List archive
- From: Sascha Ternes <sat AT cacert.org>
- To: cacert-devel AT lists.cacert.org
- Subject: Re: Security Issue https://bugs.cacert.org/view.php?id=1473
- Date: Mon, 6 Jan 2020 16:09:29 +0100
- Autocrypt: addr=sat AT cacert.org; keydata= xsFNBF3mDboBEADCFrMeQtMPuCQg81RuZfwftCh+KMu7O/DGpE6xoc+r6RqgyX6hu9m+FClN 3pi3j/9tKl4XmNoY/AlnebH4/taT4SPZJd3XVIiB/Eh4YEG2ynIm13pcqoCDFEH5ennigDzb iO31TqU6yKBQyNKnWItJ6WZHjW39GCpJ71qiE19jxfZ/q7GOCNrQHwzzfHFpzBuOZ4PcAEQV L0ClRjD+bCuR7kKK+6PWanz6Z40MDSDVprzWN67URdaBIHuqE9UbhrzfsBMZHLzy0DGJ672l K1olJP32ObFEJpz/a7YJCWe63a4UG3CD3ow+q6/2TkYuz0jgiiiFxrxkhFJNAWmpevF7VlTM HyPV2V0sZsaqCuYorljUif746mOFKn/X7WyiY3WIO10P+BYVKtwbaInzvm+67qVvDxIRn6A0 wsRVjh0cuHxD51cGhkp8Us4j8bwdVKDCwLoJRy3suLm0g2S9I7mpedgwf3I5LVFaqfwCdDvb ZxoZ4ZgTHaZrYE4awAJAunQ08HVY8k2frqNYSx9K+YP0lqVx7zDIqBv9d+Jd3YxKzK06ULg7 laca8J4NH5OkHzB5ZL5bS8OJGWUI5MhXe/kIxu9q2XR5ovbhE1YJNQZDOkCBtH3aRWoiexGm Fi+3QSpE7lEEZJ2zbX/1wXvLjynpfy78b+sR6y0YehQ8vGgnFQARAQABzShTYXNjaGEgVGVy bmVzIDxzYXNjaGEudGVybmVzQGNhY2VydC5vcmc+wsGoBBMBCgA7AhsjBQsJCAcCBhUKCQgL AgQWAgMBAh4BAheAFiEEnNaHSGb9qAwU49O5ezF+UmxGb8AFAl3mDl0CGQEAIQkQezF+UmxG b8AWIQSc1odIZv2oDBTj07l7MX5SbEZvwLeuEACLW4iBjN7qMxy6aOgJm+nULhgWf92q2t1O jyM0GtXXy33JobUGSfLcVvnlVIe2n5TdCH4UZ7KYBqXFuj8kn5LoY+386dWzVK1VxBXNjUu1 ktAH/qTABn5lQHYyvEXhsfqevZl4QXNXcAdVOsUl31Pu+B23A9D/xUmUUqMvbc5M5g6H8jZi M3NYTClmJ6vDcBStOe9HzVB/LTkJku+NJ31l42E979LgKquR/lA107jf6cBlj/luAEKz6pjI jkUOYZ4++MKbL9gYF0SFSkzYE6RM38ie5019Stim/THDm4M5/0ckPRMIYmND98HX6wlbfjC9 t6daz1GNC1Ubw4eu0jbuGiLz81/Sm8s3h77vmpJv7HKPniQVEtAotcTjP+RGvss7vS7fP/VL 5bbffi4ECswMwl13+2mrYBkOssM/rPBZhFG79tYQ8vK1xGECiREtA4biR/hskcAoygGW1xrq sp2LyMiLlUTH/Kf9MXHWbRoMfhMaOrx6h3GMNydA9EPpEMgTMzzV9nIyAeu0Tvhyl/4k6GBv Vs5eWp+cCam3B842OlcS5XevR9Ec9xPKnaUSIM4pWMQmt5uGqQ0xVHXdTZ5x6hTUMFsUWzut MgmZIjToZEDkGFD+Wkzose707KFyhkoDgkvHAwb3ce3xuhL6dSBB3Da3kRox05R44hAn7k4y 7c7BTQRd5g26ARAA1M6akgMtL7/ooZtDddEUBPJxxzmnAzI6eiqqzx/D456D7Vryg/19xALH sBU++nAs0RWsaZ3hK6lEczdtnik1Pkau8Lg4fufeOhC/4ZlAkVxO2jaLApeB/bPiQzOMLYTE 6MlQ0AB4XujIUwxPpVa+xQCYAFXDMIy/Lvvum129snopB3aG6qN5P9GK5bIsWTmPN00SDFKY j9tW81o0TBHNeRWb5ZIzQiHB6ZCkjv9rlLIgnqF7KNtZfbi44SBNZAo/0Ew2Eo/2voiettEy Km8hTob+zSorRRLICgvZ2BN7AEi+5fDk7n14hLreoZ/HRzPoC+ApU7N7rbGHbVD8UUqApHJc jj/kN3yKIsnivyLbxwcK8x+P/skuSAz1SnGpVbwIaS+lJ1peQuYhIYZtxNPanF17QR9t2bTn dFTtETDtJ3/mIHphZnYVGRRde0GCCRQ4qntjHYk80FpgF/oOEc4+MT69sCcV6QFGrLf3v8nl wHLEBifOO5bTO0+MEPSAeOaaUA3X9uFDPfnGZoV4mFj0Bed8T6H+pzOj0r2qv5c6dAKxjvlT ZANgGUbnviWtTLSo/xjICJg3RGQ4Pnztbf0FFSMaGoTg5tC8bjVEvND314uLFQZthDot3hKN K86L2HN16haqoc16JGbyvwjNMl2Z/FXXwdsNb2kHYnBEIB9MkBcAEQEAAcLBjQQYAQoAIBYh BJzWh0hm/agMFOPTuXsxflJsRm/ABQJd5g26AhsMACEJEHsxflJsRm/AFiEEnNaHSGb9qAwU 49O5ezF+UmxGb8AipRAAr4/RTLYUlFLGwoViEHAnVmi5XESVufB1W0Qoz0i5ON+oIq2hrqqY wn17HJZtLFbgdEjCCmtGSFt7mBHpLSq36+Nx3dNUp+vAMiesv7uaQy6ouri5YTw1gDJIWaR7 a+UNcJLopmocNL9zJvZXE4+lRYQ2UKr1tBLnAxXI73zRpEe1CR+OAeFmSuX5dUXWfnuqZXsb QpEDsTzPvmBvMmX/KzuQkooL7bwhrMUw9xsW+UWzK1KYCNnaIs5IeStxDppQdSeHZ7y6X4Qi S2Ugp2Owu4+B/uuR0ca2bcVGCag9rZrE91w5VYibIg0hFSfshWlbuDCsQpqZ0tfprAwTmeZl qBXwJIhrGFcTixy6wSS/LZzsKlDyRxQptqhKuSrDVrA6RWPq8YFHk+RJhSI3e3AJzFSTyfgk PDBUficnvknoMm/glCea91qTJ66JnJFQj0VwWcB3wJTH6zwJ1zwQ51OdFyfNhdDN3HTZ4dJL 9JaeFcaglXiY7Cjv8AJrQF9YFjCjflW64gcc9Gd6bF6KfkicksTjAFzdhHca+mQNmD4hIRi9 +1iOQ6+2PNk1O8UJsrxiE/KbhD0cLEVHOZIVVSMCa08zEyiEStgI/37UuxAxcGTSGNQJ9jCO 9tXiepazreZlQjBVFQVqgBXsbVMBthk9u69VPdQcKMSCDA4WNm5UqS0=
- Organization: CAcert Inc.
Hi Gero and all,
Am 06.01.20 um 13:57 schrieb Gero Treuner:
>> An alternative to fixing the problem would also be to disable GPG signing,
>> temporarily or forever. This would be a "political" decision made by board
>> or policy group, but they'll need some "technical opinions" to discuss
>> about.
>>
>> As far as I am concerned, GPG signing is not very useful for me. And some
>> chatter seems to imply that at least key servers and "large scale key
>> signing" is being deprecated more and more. So are there any other
>> opinions?
>
> I know people who sign their keys with CAcert. Although the PGP WoT and
> keyservers are not widely accepted, signing by CAs seems to be among
> most useful applications left for PGP (maybe besides autocrypt, which is
> a different story).
>
> So I propose to keep it.
let us have a look into our issue tracker: We have at least three major
issues and quite a bunch of minor issues in the GPG category that are
not yet solved or reported as new.
So I plead to disable it temporarily (remove the GPG menu from the
website) until the bigger issues with GPG signing have been fixed. We
should simultaneously communicate this in our news to show that we are
concerned.
--
Sascha Ternes
CAcert Inc. Board member
CAcert Software development team
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Security Issue https://bugs.cacert.org/view.php?id=1473, Bernhard Fröhlich, 01/06/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Gero Treuner, 01/06/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Sascha Ternes, 01/06/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Karl-Heinz Gödderz, 01/07/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Bernhard Fröhlich, 01/08/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Karl-Heinz Gödderz, 01/07/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Sascha Ternes, 01/06/2020
- Re: Security Issue https://bugs.cacert.org/view.php?id=1473, Gero Treuner, 01/06/2020
Archive powered by MHonArc 2.6.18.