
<div dir="ltr">Thanks for the other lists Aaron - more food for my new appetite for crypto.<div><br></div><div>Thank you for the typo correction H as well as the link to Hoylen's article on the Comodo process Axel.  That made me feel a little better.</div>

<div><br></div><div>I have updated the article.   Next I have to work out the steps on windows since I work for a company where we deploy on windows servers.</div><div><br></div><div>I do think there is some value in the comodo process as long as its cryptographically sound since:</div>

<div>1) unless you are actually physically in Toronto, there is no way for you to personally verify that I am the person at <a href="mailto:leon.letto@gmail.com">leon.letto@gmail.com</a>.</div><div>2) because of 1 when I say on my github/blog/signature that this is my email address and post my self signed key, you mileage may vary (because of many indefinite links between the chain of trust)</div>

<div>3) because of 2 when Comodo is saying I am who I say I am (at least that they have verified my e-mail)  that adds an extra link in this chain which is significant I think.</div><div><br></div><div><a href="https://bettercrypto.org/">https://bettercrypto.org/</a>  is an amazing project and I hope that adding some guides to make it easier for end-users to use crypto is somewhat related (and definitely needed).  Lots more work to do there for many, many people.</div>

<div><br></div><div>This whole web of trust thing is going to be a hard nail to drive home IMHO.<br><div><br></div><div>Leon</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 31, 2014 at 6:00 AM,  <span dir="ltr"><<a href="mailto:ach-request@lists.cert.at" target="_blank">ach-request@lists.cert.at</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You can reach the person managing the list at<br>

        <a href="mailto:ach-owner@lists.cert.at">ach-owner@lists.cert.at</a><br>

<br>

When replying, please edit your Subject line so it is more specific<br>

than "Re: Contents of Ach digest..."<br>

<br>

<br>

Today's Topics:<br>

<br>

   1. Please verify this is OK (Leon Letto)<br>

   2. Re: Please verify this is OK (Aaron Zauner)<br>

   3. Re: Please verify this is OK (Axel H?bl)<br>

   4. Re: Please verify this is OK (Aaron Zauner)<br>

   5. Re: Please verify this is OK (Axel H?bl)<br>

   6. Re: Please verify this is OK (Axel H?bl)<br>

<br>

<br>

----------------------------------------------------------------------<br>

<br>

Message: 1<br>

Date: Sun, 30 Mar 2014 14:54:17 -0400<br>

From: Leon Letto <<a href="mailto:leon@vectronic.ca">leon@vectronic.ca</a>><br>

To: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: [Ach] Please verify this is OK<br>

Message-ID:<br>

        <CAORU=<a href="mailto:MBSR8mPGLu9fzc1Vt9a6wGdNqx1sgL%2Bpu7jJgtAjJg7XA@mail.gmail.com">MBSR8mPGLu9fzc1Vt9a6wGdNqx1sgL+pu7jJgtAjJg7XA@mail.gmail.com</a>><br>

Content-Type: text/plain; charset="iso-8859-1"<br>

<br>

Hi there,<br>

<br>

I just created a new blog post about using a Comodo key for more than just<br>

e-mail signing.<br>

<a href="http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/" target="_blank">http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/</a><br>

<br>

Would someone here mind validating that I am not telling people to do<br>

something incredibly dumb?<br>

<br>

I apologize in advance for posting to an unrelated group but I don't know<br>

any other crypto mailing lists and I trust what you guys say.<br>

<br>

Thank you,<br>

<br>

Leon<br>

-------------- next part --------------<br>

An HTML attachment was scrubbed...<br>

URL: <<a href="http://lists.cert.at/pipermail/ach/attachments/20140330/9f56641e/attachment-0001.html" target="_blank">http://lists.cert.at/pipermail/ach/attachments/20140330/9f56641e/attachment-0001.html</a>><br>

<br>

------------------------------<br>

<br>

Message: 2<br>

Date: Mon, 31 Mar 2014 11:05:41 +0200<br>

From: Aaron Zauner <<a href="mailto:azet@azet.org">azet@azet.org</a>><br>

To: Leon Letto <<a href="mailto:leon@vectronic.ca">leon@vectronic.ca</a>><br>

Cc: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: Re: [Ach] Please verify this is OK<br>

Message-ID: <<a href="mailto:53392FE5.6030703@azet.org">53392FE5.6030703@azet.org</a>><br>

Content-Type: text/plain; charset="iso-8859-1"<br>

<br>

Hi,<br>

<br>

<br>

Leon Letto wrote:<br>

> Hi there,<br>

><br>

> I just created a new blog post about using a Comodo key for more than<br>

> just e-mail signing.<br>

>  <a href="http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/" target="_blank">http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/</a><br>

><br>

> Would someone here mind validating that I am not telling people to do<br>

> something incredibly dumb?<br>

I'm not sure why you want to use a comodo e-mail key for SSH. The<br>

configuration looks ok, though. I would not trust a key that I have not<br>

generated on my own.<br>

<br>

<br>

> I apologize in advance for posting to an unrelated group but I don't<br>

> know any other crypto mailing lists and I trust what you guys say.<br>

There's:<br>

<br>

<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>

<a href="http://lists.randombit.net/mailman/listinfo/cryptography" target="_blank">http://lists.randombit.net/mailman/listinfo/cryptography</a><br>

<a href="https://cpunks.org/mailman/listinfo/cypherpunks" target="_blank">https://cpunks.org/mailman/listinfo/cypherpunks</a><br>

...<br>

<br>

Aaron<br>

<br>

<br>

<br>

-------------- next part --------------<br>

A non-text attachment was scrubbed...<br>

Name: signature.asc<br>

Type: application/pgp-signature<br>

Size: 801 bytes<br>

Desc: OpenPGP digital signature<br>

URL: <<a href="http://lists.cert.at/pipermail/ach/attachments/20140331/09a28847/attachment-0001.pgp" target="_blank">http://lists.cert.at/pipermail/ach/attachments/20140331/09a28847/attachment-0001.pgp</a>><br>

<br>

------------------------------<br>

<br>

Message: 3<br>

Date: Mon, 31 Mar 2014 11:14:19 +0200<br>

From: Axel H?bl <<a href="mailto:axel.huebl@web.de">axel.huebl@web.de</a>><br>

To: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: Re: [Ach] Please verify this is OK<br>

Message-ID: <<a href="mailto:533931EB.4060907@web.de">533931EB.4060907@web.de</a>><br>

Content-Type: text/plain; charset=ISO-8859-1<br>

<br>

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA512<br>

<br>

If I am not mistaken, the key gets generated by your browsers crypto<br>

api during the comodo key generation.<br>

<br>

isn't it?<br>

<br>

Axel<br>

<br>

On <a href="tel:31.03.2014%2011" value="+13103201411">31.03.2014 11</a>:05, Aaron Zauner wrote:<br>

> Hi,<br>

><br>

><br>

> Leon Letto wrote:<br>

>> Hi there,<br>

>><br>

>> I just created a new blog post about using a Comodo key for more<br>

>> than just e-mail signing.<br>

>> <a href="http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/" target="_blank">http://leonletto.com/2014/03/30/how-to-use-your-comodo-e-mail-key-for-work-with-ssh/</a><br>

>><br>

>><br>

>><br>

Would someone here mind validating that I am not telling people to do<br>

>> something incredibly dumb?<br>

> I'm not sure why you want to use a comodo e-mail key for SSH. The<br>

> configuration looks ok, though. I would not trust a key that I have<br>

> not generated on my own.<br>

><br>

><br>

>> I apologize in advance for posting to an unrelated group but I<br>

>> don't know any other crypto mailing lists and I trust what you<br>

>> guys say.<br>

> There's:<br>

><br>

> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>

> <a href="http://lists.randombit.net/mailman/listinfo/cryptography" target="_blank">http://lists.randombit.net/mailman/listinfo/cryptography</a><br>

> <a href="https://cpunks.org/mailman/listinfo/cypherpunks" target="_blank">https://cpunks.org/mailman/listinfo/cypherpunks</a> ...<br>

><br>

> Aaron<br>

><br>

><br>

><br>

><br>

><br>

> _______________________________________________ Ach mailing list<br>

> <a href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>

> <a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>

><br>

-----BEGIN PGP SIGNATURE-----<br>

Version: GnuPG v1<br>

<br>

iQJ8BAEBCgBmBQJTOTHrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w<br>

ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE<br>

RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lP+MP/A5xGp7WXW3fFKZYQIyfKCCj<br>

2GiAY2wB+Xn9/O2EltT7I1ZspkNmeIvp7/2kW/u6OHzagEdckgvJORYCJEdQ0g6Y<br>

vwlHj5dfOEnHx14iHTIV9tKd1N2VzJ4lZVPiCOwc4WKz/woWaCe0uPDPAgY3wn+W<br>

JO8ATp1bcMbfgZM/uZwUAAG5DHisEJpy9z6bc2jPyFMRfPGWTIU7PYKUfsjzxBcL<br>

lBmK4+rwmFqTX+lzOzHEk6sauuIYr+4qIsq4JFCp3ryswGyh+gfDIZySC1f6SiP0<br>

aJpKReDRZ+Wx1jDBgpjvlPYh276nqw4RdDh/TS12Tfu59CzAy89d36xiaQQ+ZDcJ<br>

jqiaQtG321FwRsCy4eEO58uWhQoOhb7KFJXSmKVgQke0ubkk/R2wQNZ9kGjU7WvY<br>

lYWiMAImHx64Q8mmEDXBi6GfUAPGwtH9vFoaUZs9XJgxNyqkvbgedRn9W8xRMsTt<br>

qpSmcDfhZRfp4Jz5NAveyTTTfY/4pIYLvLX+MnSau2kA1W1bT7krbQMj7YarOCLK<br>

ML6GZyTj3Sx0DmMohBkZuJgh8KHgEAMVchuLaoq0FoCxMvXdodSR9YenuDbChfwi<br>

b82eWuU75wVRwaSfGwyO+JhgBnF4Oukx8b/q+i0U0qDJH8ZiPXEEgllrW4iHmP1y<br>

wXxIRYUD2X+tgpgNrtiV<br>

=sDVT<br>

-----END PGP SIGNATURE-----<br>

<br>

<br>

------------------------------<br>

<br>

Message: 4<br>

Date: Mon, 31 Mar 2014 11:18:46 +0200<br>

From: Aaron Zauner <<a href="mailto:azet@azet.org">azet@azet.org</a>><br>

To: Axel H?bl <<a href="mailto:axel.huebl@web.de">axel.huebl@web.de</a>><br>

Cc: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: Re: [Ach] Please verify this is OK<br>

Message-ID: <<a href="mailto:533932F6.2080206@azet.org">533932F6.2080206@azet.org</a>><br>

Content-Type: text/plain; charset="iso-8859-1"<br>

<br>

<br>

<br>

Axel H?bl wrote:<br>

> If I am not mistaken, the key gets generated by your browsers crypto<br>

> api during the comodo key generation.<br>

><br>

Well, you get e-mailed a certificate/PKCS12 file, I cannot confirm how<br>

these were produced, right?<br>

<br>

<a href="https://en.wikipedia.org/wiki/Kleptography" target="_blank">https://en.wikipedia.org/wiki/Kleptography</a><br>

<br>

Just saying.<br>

<br>

Aaron<br>

<br>

-------------- next part --------------<br>

A non-text attachment was scrubbed...<br>

Name: signature.asc<br>

Type: application/pgp-signature<br>

Size: 801 bytes<br>

Desc: OpenPGP digital signature<br>

URL: <<a href="http://lists.cert.at/pipermail/ach/attachments/20140331/41c98a9e/attachment-0001.pgp" target="_blank">http://lists.cert.at/pipermail/ach/attachments/20140331/41c98a9e/attachment-0001.pgp</a>><br>

<br>

------------------------------<br>

<br>

Message: 5<br>

Date: Mon, 31 Mar 2014 11:38:57 +0200<br>

From: Axel H?bl <<a href="mailto:axel.huebl@web.de">axel.huebl@web.de</a>><br>

To: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: Re: [Ach] Please verify this is OK<br>

Message-ID: <<a href="mailto:533937B1.4000108@web.de">533937B1.4000108@web.de</a>><br>

Content-Type: text/plain; charset=ISO-8859-1<br>

<br>

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA512<br>

<br>

Nej,<br>

<br>

you create the pub/private pair in your browser and send them the<br>

public key.<br>

<br>

they don't email you anything.<br>

<br>

anyway, I do not think that is very transparently stated/done there...<br>

<br>

Axel<br>

On <a href="tel:31.03.2014%2011" value="+13103201411">31.03.2014 11</a>:18, Aaron Zauner wrote:<br>

><br>

><br>

> Axel H?bl wrote:<br>

>> If I am not mistaken, the key gets generated by your browsers<br>

>> crypto api during the comodo key generation.<br>

>><br>

> Well, you get e-mailed a certificate/PKCS12 file, I cannot confirm<br>

> how these were produced, right?<br>

><br>

> <a href="https://en.wikipedia.org/wiki/Kleptography" target="_blank">https://en.wikipedia.org/wiki/Kleptography</a><br>

><br>

> Just saying.<br>

><br>

> Aaron<br>

><br>

-----BEGIN PGP SIGNATURE-----<br>

Version: GnuPG v1<br>

<br>

iQJ8BAEBCgBmBQJTOTexXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w<br>

ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE<br>

RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9lhSYP/ilnpaFmW++dhbptmgfdGEF/<br>

o4eQUUZqxc9ObU4tkWmT1WFAhcDnBDhU7vcHpZgV0xN1XHhVLfqY7Vy4l5GInfoi<br>

2MQeCcoBtpj2cKOdmzHfnBMn4uCrafrdFmYRSzl8A1Fswxj/b7X3tdRiSIQKmlOe<br>

ZH0cYvXzbJuMifxIZa4XWdHmxkpJa3hKdpxmdX1xQx0b+w/QQilriuc1dtyu2e9a<br>

4qow0o6Ek0ZJ8S/oWbZkZbO1JgzRqFZ8BRJ9UoWb4PfvsWGea8OcQK/9PcAq85vF<br>

Va3lh6J3QrHXCJPxyM/X+ns3n+2/XD/e4aMy6GAcX1TnvGQK3xX2KJSiBWE1/KFf<br>

gjo0KAys7aLMyCcew0yRyG5n1f8DCwY80iSqySb0UZPUmPQwh28a4k1S1N/mdCKk<br>

NeOeP5+RlFuKWxv2YbqKHWEWFlIivPu9ysKzTtS0K0xxtHy34SFNBjqqqCVgHQh4<br>

iz8x9O1EqWT3U+aqJsFeMwlwBF24ZoaGU7s/VidQtYAqm9IguQib35ewxaeYVBw1<br>

QCCgIe9XeLNU1iua1OupLV7J9FNMEWWJmab5Bwm3xmfrrK3RS98sqP8AmXvmkvhj<br>

MOC6oxDVJNKziVKK/A0VwvdkFdpRjSTmASDJjdVSRp4koU/XS+LFxfagJIxze57B<br>

MGMPLcWHiu9vFkFJ3wCJ<br>

=pp0s<br>

-----END PGP SIGNATURE-----<br>

<br>

<br>

------------------------------<br>

<br>

Message: 6<br>

Date: Mon, 31 Mar 2014 11:42:42 +0200<br>

From: Axel H?bl <<a href="mailto:axel.huebl@web.de">axel.huebl@web.de</a>><br>

To: <a href="mailto:ach@lists.cert.at">ach@lists.cert.at</a><br>

Subject: Re: [Ach] Please verify this is OK<br>

Message-ID: <<a href="mailto:53393892.10101@web.de">53393892.10101@web.de</a>><br>

Content-Type: text/plain; charset=ISO-8859-1<br>

<br>

-----BEGIN PGP SIGNED MESSAGE-----<br>

Hash: SHA512<br>

<br>

> they don't email you anything.<br>

<br>

Well that was not very precise. One has to verify the mail adress at<br>

least via mail :)<br>

<br>

I think that is the work flow still:<br>

  <a href="http://www.hoylen.com/articles/it/email/security/cert-comodo.html" target="_blank">http://www.hoylen.com/articles/it/email/security/cert-comodo.html</a><br>

<br>

<br>

Axel<br>

<br>

On <a href="tel:31.03.2014%2011" value="+13103201411">31.03.2014 11</a>:38, Axel H?bl wrote:<br>

> Nej,<br>

><br>

> you create the pub/private pair in your browser and send them the<br>

> public key.<br>

><br>

> they don't email you anything.<br>

><br>

> anyway, I do not think that is very transparently stated/done<br>

> there...<br>

><br>

> Axel On <a href="tel:31.03.2014%2011" value="+13103201411">31.03.2014 11</a>:18, Aaron Zauner wrote:<br>

><br>

><br>

>> Axel H?bl wrote:<br>

>>> If I am not mistaken, the key gets generated by your browsers<br>

>>> crypto api during the comodo key generation.<br>

>>><br>

>> Well, you get e-mailed a certificate/PKCS12 file, I cannot<br>

>> confirm how these were produced, right?<br>

><br>

>> <a href="https://en.wikipedia.org/wiki/Kleptography" target="_blank">https://en.wikipedia.org/wiki/Kleptography</a><br>

><br>

>> Just saying.<br>

><br>

>> Aaron<br>

><br>

> _______________________________________________ Ach mailing list<br>

> <a href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>

> <a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>

><br>

-----BEGIN PGP SIGNATURE-----<br>

Version: GnuPG v1<br>

<br>

iQJ8BAEBCgBmBQJTOTiSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w<br>

ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjAzN0EzNzlGM0JGMzFGQ0VFOTJDNENE<br>

RDNGNjFFNUYxMTMyRjY1AAoJEN0/YeXxEy9la1wQAJAhPVwaEvdTeRyJTLLLNVyI<br>

J+YEt5dqPNJMRRbtvewLl3lQFJo3N7xbeVXoM5Ra/j1S+++cL0rhap+q9TzknCz/<br>

uw4TuqOSS7ESiBXybxWhRiEcri03UU876G5WKrXGOjKQw7+nH6jbk6Q2S95eRRKe<br>

1DCM81fUm7GceY0DfdvMn2peTFCXk5NDYz/yA7YVK0bYytQv1Zcy8DlJBP+CCLrr<br>

VBEz0F5bODqAOZEBO9+S6xa4cQxpRosTpgnhaQejuFNofG5TVZOJWQpbqdMQ442J<br>

PMyi56rq855iOG5fyP3DE47uLlRSiWx8jrSTYHhzd+UemFewUv8B4fxdc4hMq9oW<br>

V3wPTzcGVshIsCcoRMGAL8cTLs4G63i2G0Sp+Iy7FmYrW7iPEEgK2NFyrPN6s3eK<br>

F0ko/MX48E3cp1ONA7izaTQ71pSmhzBCkmZkUV1s8JcXxySfuOmC5qVVYB/tz7kV<br>

baaCbwfUTD3mWYm6bfDcWn1sZmV/FUwq7Lgkj0fnb8p2itVjjvwk+xtymT8cIvu/<br>

Q59bUhorAo++KG+pkKy+C2lG08NCwPn6Y5U7xgrkuoNVMHCSr9rzU2jwdxHZ4Rg6<br>

yUsoc4ml8n2hq/JCO9PpNl3TjAcdy4lyl9pQIwEYVvTdJJ0rEkURI9W7Lr2BB0Zh<br>

5bgoLkgQ5xJz/SR2jZBg<br>

=mKBz<br>

-----END PGP SIGNATURE-----<br>

<br>

<br>

------------------------------<br>

<br>

_______________________________________________<br>

This mail is a publicly readable mailing list!<br>

Ach mailing list<br>

<a href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>

<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>

<br>

<br>

End of Ach Digest, Vol 7, Issue 21<br>

**********************************<br>

</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Leon Letto</div><div>178 Reiner Road</div><div>North York</div><div>ON M3H 2L9</div><div>Ph. 647-504-9503</div><div>e-mail: <a href="mailto:leon.letto@gmail.com" target="_blank">leon.letto@gmail.com</a></div>

</div>

</div>