[Ach] Ach Digest, Vol 7, Issue 21

Leon Letto leon at vectronic.ca
Mon Mar 31 15:25:12 CEST 2014


Thanks for the other lists Aaron - more food for my new appetite for crypto.

Thank you for the typo correction H as well as the link to Hoylen's article
on the Comodo process Axel.  That made me feel a little better.

I have updated the article.   Next I have to work out the steps on windows
since I work for a company where we deploy on windows servers.

I do think there is some value in the comodo process as long as its
cryptographically sound since:
1) unless you are actually physically in Toronto, there is no way for you
to personally verify that I am the person at leon.letto at gmail.com.
2) because of 1 when I say on my github/blog/signature that this is my
email address and post my self signed key, you mileage may vary (because of
many indefinite links between the chain of trust)
3) because of 2 when Comodo is saying I am who I say I am (at least that
they have verified my e-mail)  that adds an extra link in this chain which
is significant I think.

https://bettercrypto.org/  is an amazing project and I hope that adding
some guides to make it easier for end-users to use crypto is somewhat
related (and definitely needed).  Lots more work to do there for many, many
people.

This whole web of trust thing is going to be a hard nail to drive home IMHO.

Leon


On Mon, Mar 31, 2014 at 6:00 AM, <ach-request at lists.cert.at> wrote:

> You can reach the person managing the list at
>         ach-owner at lists.cert.at
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Ach digest..."
>
>
> Today's Topics:
>
>    1. Please verify this is OK (Leon Letto)
>    2. Re: Please verify this is OK (Aaron Zauner)
>    3. Re: Please verify this is OK (Axel H?bl)
>    4. Re: Please verify this is OK (Aaron Zauner)
>    5. Re: Please verify this is OK (Axel H?bl)
>    6. Re: Please verify this is OK (Axel H?bl)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 30 Mar 2014 14:54:17 -0400
> From: Leon Letto <leon at vectronic.ca>
> To: ach at lists.cert.at
> Subject: [Ach] Please verify this is OK
> Message-ID:
>         <CAORU=
> MBSR8mPGLu9fzc1Vt9a6wGdNqx1sgL+pu7jJgtAjJg7XA at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi there,
>
> I just created a new blog post about using a Comodo key for more than just
> e-mail signing.
>
> http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/
>
> Would someone here mind validating that I am not telling people to do
> something incredibly dumb?
>
> I apologize in advance for posting to an unrelated group but I don't know
> any other crypto mailing lists and I trust what you guys say.
>
> Thank you,
>
> Leon
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.cert.at/pipermail/ach/attachments/20140330/9f56641e/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 31 Mar 2014 11:05:41 +0200
> From: Aaron Zauner <azet at azet.org>
> To: Leon Letto <leon at vectronic.ca>
> Cc: ach at lists.cert.at
> Subject: Re: [Ach] Please verify this is OK
> Message-ID: <53392FE5.6030703 at azet.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
>
> Leon Letto wrote:
> > Hi there,
> >
> > I just created a new blog post about using a Comodo key for more than
> > just e-mail signing.
> >
> http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/
> >
> > Would someone here mind validating that I am not telling people to do
> > something incredibly dumb?
> I'm not sure why you want to use a comodo e-mail key for SSH. The
> configuration looks ok, though. I would not trust a key that I have not
> generated on my own.
>
>
> > I apologize in advance for posting to an unrelated group but I don't
> > know any other crypto mailing lists and I trust what you guys say.
> There's:
>
> http://www.metzdowd.com/mailman/listinfo/cryptography
> http://lists.randombit.net/mailman/listinfo/cryptography
> https://cpunks.org/mailman/listinfo/cypherpunks
> ...
>
> Aaron
>
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 801 bytes
> Desc: OpenPGP digital signature
> URL: <
> http://lists.cert.at/pipermail/ach/attachments/20140331/09a28847/attachment-0001.pgp
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 31 Mar 2014 11:14:19 +0200
> From: Axel H?bl <axel.huebl at web.de>
> To: ach at lists.cert.at
> Subject: Re: [Ach] Please verify this is OK
> Message-ID: <533931EB.4060907 at web.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> If I am not mistaken, the key gets generated by your browsers crypto
> api during the comodo key generation.
>
> isn't it?
>
> Axel
>
> On 31.03.2014 11:05, Aaron Zauner wrote:
> > Hi,
> >
> >
> > Leon Letto wrote:
> >> Hi there,
> >>
> >> I just created a new blog post about using a Comodo key for more
> >> than just e-mail signing.
> >>
> http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/
> >>
> >>
> >>
> Would someone here mind validating that I am not telling people to do
> >> something incredibly dumb?
> > I'm not sure why you want to use a comodo e-mail key for SSH. The
> > configuration looks ok, though. I would not trust a key that I have
> > not generated on my own.
> >
> >
> >> I apologize in advance for posting to an unrelated group but I
> >> don't know any other crypto mailing lists and I trust what you
> >> guys say.
> > There's:
> >
> > http://www.metzdowd.com/mailman/listinfo/cryptography
> > http://lists.randombit.net/mailman/listinfo/cryptography
> > https://cpunks.org/mailman/listinfo/cypherpunks ...
> >
> > Aaron
> >
> >
> >
> >
> >
> > _______________________________________________ Ach mailing list
> > Ach at lists.cert.at
> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQJ8BAEBCgBmBQJTOTHrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
> RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lP+MP/A5xGp7WXW3fFKZYQIyfKCCj
> 2GiAY2wB+Xn9/O2EltT7I1ZspkNmeIvp7/2kW/u6OHzagEdckgvJORYCJEdQ0g6Y
> vwlHj5dfOEnHx14iHTIV9tKd1N2VzJ4lZVPiCOwc4WKz/woWaCe0uPDPAgY3wn+W
> JO8ATp1bcMbfgZM/uZwUAAG5DHisEJpy9z6bc2jPyFMRfPGWTIU7PYKUfsjzxBcL
> lBmK4+rwmFqTX+lzOzHEk6sauuIYr+4qIsq4JFCp3ryswGyh+gfDIZySC1f6SiP0
> aJpKReDRZ+Wx1jDBgpjvlPYh276nqw4RdDh/TS12Tfu59CzAy89d36xiaQQ+ZDcJ
> jqiaQtG321FwRsCy4eEO58uWhQoOhb7KFJXSmKVgQke0ubkk/R2wQNZ9kGjU7WvY
> lYWiMAImHx64Q8mmEDXBi6GfUAPGwtH9vFoaUZs9XJgxNyqkvbgedRn9W8xRMsTt
> qpSmcDfhZRfp4Jz5NAveyTTTfY/4pIYLvLX+MnSau2kA1W1bT7krbQMj7YarOCLK
> ML6GZyTj3Sx0DmMohBkZuJgh8KHgEAMVchuLaoq0FoCxMvXdodSR9YenuDbChfwi
> b82eWuU75wVRwaSfGwyO+JhgBnF4Oukx8b/q+i0U0qDJH8ZiPXEEgllrW4iHmP1y
> wXxIRYUD2X+tgpgNrtiV
> =sDVT
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 31 Mar 2014 11:18:46 +0200
> From: Aaron Zauner <azet at azet.org>
> To: Axel H?bl <axel.huebl at web.de>
> Cc: ach at lists.cert.at
> Subject: Re: [Ach] Please verify this is OK
> Message-ID: <533932F6.2080206 at azet.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
>
> Axel H?bl wrote:
> > If I am not mistaken, the key gets generated by your browsers crypto
> > api during the comodo key generation.
> >
> Well, you get e-mailed a certificate/PKCS12 file, I cannot confirm how
> these were produced, right?
>
> https://en.wikipedia.org/wiki/Kleptography
>
> Just saying.
>
> Aaron
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 801 bytes
> Desc: OpenPGP digital signature
> URL: <
> http://lists.cert.at/pipermail/ach/attachments/20140331/41c98a9e/attachment-0001.pgp
> >
>
> ------------------------------
>
> Message: 5
> Date: Mon, 31 Mar 2014 11:38:57 +0200
> From: Axel H?bl <axel.huebl at web.de>
> To: ach at lists.cert.at
> Subject: Re: [Ach] Please verify this is OK
> Message-ID: <533937B1.4000108 at web.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Nej,
>
> you create the pub/private pair in your browser and send them the
> public key.
>
> they don't email you anything.
>
> anyway, I do not think that is very transparently stated/done there...
>
> Axel
> On 31.03.2014 11:18, Aaron Zauner wrote:
> >
> >
> > Axel H?bl wrote:
> >> If I am not mistaken, the key gets generated by your browsers
> >> crypto api during the comodo key generation.
> >>
> > Well, you get e-mailed a certificate/PKCS12 file, I cannot confirm
> > how these were produced, right?
> >
> > https://en.wikipedia.org/wiki/Kleptography
> >
> > Just saying.
> >
> > Aaron
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQJ8BAEBCgBmBQJTOTexXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
> RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lhSYP/ilnpaFmW++dhbptmgfdGEF/
> o4eQUUZqxc9ObU4tkWmT1WFAhcDnBDhU7vcHpZgV0xN1XHhVLfqY7Vy4l5GInfoi
> 2MQeCcoBtpj2cKOdmzHfnBMn4uCrafrdFmYRSzl8A1Fswxj/b7X3tdRiSIQKmlOe
> ZH0cYvXzbJuMifxIZa4XWdHmxkpJa3hKdpxmdX1xQx0b+w/QQilriuc1dtyu2e9a
> 4qow0o6Ek0ZJ8S/oWbZkZbO1JgzRqFZ8BRJ9UoWb4PfvsWGea8OcQK/9PcAq85vF
> Va3lh6J3QrHXCJPxyM/X+ns3n+2/XD/e4aMy6GAcX1TnvGQK3xX2KJSiBWE1/KFf
> gjo0KAys7aLMyCcew0yRyG5n1f8DCwY80iSqySb0UZPUmPQwh28a4k1S1N/mdCKk
> NeOeP5+RlFuKWxv2YbqKHWEWFlIivPu9ysKzTtS0K0xxtHy34SFNBjqqqCVgHQh4
> iz8x9O1EqWT3U+aqJsFeMwlwBF24ZoaGU7s/VidQtYAqm9IguQib35ewxaeYVBw1
> QCCgIe9XeLNU1iua1OupLV7J9FNMEWWJmab5Bwm3xmfrrK3RS98sqP8AmXvmkvhj
> MOC6oxDVJNKziVKK/A0VwvdkFdpRjSTmASDJjdVSRp4koU/XS+LFxfagJIxze57B
> MGMPLcWHiu9vFkFJ3wCJ
> =pp0s
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 31 Mar 2014 11:42:42 +0200
> From: Axel H?bl <axel.huebl at web.de>
> To: ach at lists.cert.at
> Subject: Re: [Ach] Please verify this is OK
> Message-ID: <53393892.10101 at web.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> > they don't email you anything.
>
> Well that was not very precise. One has to verify the mail adress at
> least via mail :)
>
> I think that is the work flow still:
>   http://www.hoylen.com/articles/it/email/security/cert-comodo.html
>
>
> Axel
>
> On 31.03.2014 11:38, Axel H?bl wrote:
> > Nej,
> >
> > you create the pub/private pair in your browser and send them the
> > public key.
> >
> > they don't email you anything.
> >
> > anyway, I do not think that is very transparently stated/done
> > there...
> >
> > Axel On 31.03.2014 11:18, Aaron Zauner wrote:
> >
> >
> >> Axel H?bl wrote:
> >>> If I am not mistaken, the key gets generated by your browsers
> >>> crypto api during the comodo key generation.
> >>>
> >> Well, you get e-mailed a certificate/PKCS12 file, I cannot
> >> confirm how these were produced, right?
> >
> >> https://en.wikipedia.org/wiki/Kleptography
> >
> >> Just saying.
> >
> >> Aaron
> >
> > _______________________________________________ Ach mailing list
> > Ach at lists.cert.at
> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQJ8BAEBCgBmBQJTOTiSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE
> RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9la1wQAJAhPVwaEvdTeRyJTLLLNVyI
> J+YEt5dqPNJMRRbtvewLl3lQFJo3N7xbeVXoM5Ra/j1S+++cL0rhap+q9TzknCz/
> uw4TuqOSS7ESiBXybxWhRiEcri03UU876G5WKrXGOjKQw7+nH6jbk6Q2S95eRRKe
> 1DCM81fUm7GceY0DfdvMn2peTFCXk5NDYz/yA7YVK0bYytQv1Zcy8DlJBP+CCLrr
> VBEz0F5bODqAOZEBO9+S6xa4cQxpRosTpgnhaQejuFNofG5TVZOJWQpbqdMQ442J
> PMyi56rq855iOG5fyP3DE47uLlRSiWx8jrSTYHhzd+UemFewUv8B4fxdc4hMq9oW
> V3wPTzcGVshIsCcoRMGAL8cTLs4G63i2G0Sp+Iy7FmYrW7iPEEgK2NFyrPN6s3eK
> F0ko/MX48E3cp1ONA7izaTQ71pSmhzBCkmZkUV1s8JcXxySfuOmC5qVVYB/tz7kV
> baaCbwfUTD3mWYm6bfDcWn1sZmV/FUwq7Lgkj0fnb8p2itVjjvwk+xtymT8cIvu/
> Q59bUhorAo++KG+pkKy+C2lG08NCwPn6Y5U7xgrkuoNVMHCSr9rzU2jwdxHZ4Rg6
> yUsoc4ml8n2hq/JCO9PpNl3TjAcdy4lyl9pQIwEYVvTdJJ0rEkURI9W7Lr2BB0Zh
> 5bgoLkgQ5xJz/SR2jZBg
> =mKBz
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> _______________________________________________
> This mail is a publicly readable mailing list!
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
> End of Ach Digest, Vol 7, Issue 21
> **********************************
>



-- 
Leon Letto
178 Reiner Road
North York
ON M3H 2L9
Ph. 647-504-9503
e-mail: leon.letto at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140331/acf597fd/attachment.html>


More information about the Ach mailing list