Mike Gerwitz's GNU Social Instance
  • Login

  • Public

    • Groups
    • Recent tags

Conversation

Notices

  1. Andrew Ridgway (armistace)'s status on Saturday, 04-Jun-2016 00:07:43 UTC Andrew Ridgway Andrew Ridgway
    • GNU social
    have you guys heard about this! https://lwn.net/Articles/689792/rss I have had the same pgp key for years now does this I mean I possibly need to change? !gnusocial #privacy #pgp
    Saturday, 04-Jun-2016 00:07:43 UTC from aridgwayweb.com permalink
    • Mike Gerwitz (mikegerwitz)'s status on Saturday, 04-Jun-2016 01:18:59 UTC Mike Gerwitz Mike Gerwitz
      in reply to
      @armistace There's two practical problems: using someone else's PGP key without realizing it, and software (stupidly) using only the last eight digits of the fingerprint.

      The latter is a serious issue. The former isn't necessarily practical to exploit if you're paying attention; if I download someone's GPG key, I'm usually getting it for a particular purpose, such as verifying an existing signature (e.g. e-mail, software packages). Not only would someone have to create a key with the same last eight digits, but it'd have to be the correct name and e-mail address. Even then, when I go to verify signatures, the check would fail.

      So I wouldn't be worried if you're using, say, GPG from the command line or your mail client, so long as it implements it properly.
      Saturday, 04-Jun-2016 01:18:59 UTC permalink
      Bob Mottram likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Mike Gerwitz's GNU Social Instance is a social network, courtesy of Mike Gerwitz. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.

Creative Commons Attribution-ShareAlike 3.0 Unported All Mike Gerwitz's GNU Social Instance content and data are available under the Creative Commons Attribution-ShareAlike 3.0 Unported license.

Switch to mobile site layout.