Changes between Version 41 and Version 42 of doc/TorifyHOWTO/GnuPG


Ignore:
Timestamp:
Jul 18, 2013, 7:51:51 PM (7 years ago)
Author:
proper
Comment:

update links

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO/GnuPG

    v41 v42  
    4141 * hkps.pool.sks-keyservers.net : supports HKP (11371), HKPS (443). Root cert will be added soon.
    4242 * pgp.webtru.st : supports multi-protocols: HKP (11371), HKPS (11372) (coming soon), HTTP (80), HTTPS (443). Uses Startcom SSL Cert, usually pre-included in most OS/platform. Root/CA-cert is [here].
    43  * {{{hkp://2eghzlv2wwcq7u7y.onion}}} : [https://tails.boum.org/ Tails] ([https://tails.boum.org/contribute/design/#index42h3 source and reasons: Tails Design]), [http://whonix.sf.net Whonix] (source: [https://github.com/adrelanos/Whonix/blob/master/whonix_workstation/home/user/.gnupg/appendto_gpg.conf gpg.conf]) and [wiki:torbirdy Torbirdy] prefer 2eghzlv2wwcq7u7y.onion
     43 * {{{hkp://2eghzlv2wwcq7u7y.onion}}} : [https://tails.boum.org/ Tails] ([https://tails.boum.org/contribute/design/#index42h3 source and reasons: Tails Design]), [https://www.whonix.org Whonix] (source: [https://github.com/adrelanos/Whonix/blob/master/whonix_workstation/home/user/.gnupg/appendto_gpg.conf gpg.conf]) and [wiki:torbirdy Torbirdy] prefer 2eghzlv2wwcq7u7y.onion
    4444 * subkeys.pgp.net : server pool. supports HKP (11371).
    4545 * pgp.mit.edu : supports HKP (11371).
     
    5858 * (Bry8Star's opinion) Keyservers which supports '''HKPS''' (Secured HTTP Keyserver Protocol) should be preferred & used, over HTTPS or TLS/SSL (port 443 or 11371 or other port) protected connections, (instead of using, HTTP based HKP (port 80 or 11371), which is non-encrypted and uses less-secured communication with keyserver), and because, "unknown" proxies and middle nodes and gateways (and possible MITM) exists in the path (of Web of Trust([https://en.wikipedia.org/wiki/Web_of_trust WoT])), with "unknown" level of chance of alteration at various stages & components, DNS cache poisoning, etc.  Various client software automatically starts to download keys/certs in various client software, HKPS makes sure, such client software has at least connected securely with that keyserver, its about connection security and accuracy.  So a non-lazy user must try alternative WoT paths & inquiries (which can provide authentic verification of who is the actual owner of what KeyID or fingerprint) : goto sender's (or author's or signer's) website directly, connect over HTTPS (SSL/TLS), and find GPG or Cert fingerprint or KeyID etc (if sender or author has shared it over https website), (or visit sender's or author's site multiple time via using multiple different Tor-circuits by utilizing Vidalia's Tor Network Map). More users now publish their fingerprint(s), key(s) & certificate(s) on their own domain's DNS-Records. So use GnuPG accordingly to authenticate against such keys/certs. Some authors also share fingerprint over phone, visiting-card, some users have phone#, website, etc on yellow-pages, white-pages, etc as well, an active user should exhaust all alternative for verification.
    5959
    60  * [https://tails.boum.org/ Tails] ([https://tails.boum.org/contribute/design/#index42h3 source and reasons: Tails Design]), [http://whonix.sf.net Whonix] (source: [https://github.com/adrelanos/Whonix/blob/master/whonix_workstation/home/user/.gnupg/appendto_gpg.conf gpg.conf]) and [wiki:torbirdy Torbirdy] prefer 2eghzlv2wwcq7u7y.onion.
     60 * [https://tails.boum.org/ Tails] ([https://tails.boum.org/contribute/design/#index42h3 source and reasons: Tails Design]), [https://www.whonix.org Whonix] (source: [https://github.com/adrelanos/Whonix/blob/master/whonix_workstation/home/user/.gnupg/appendto_gpg.conf gpg.conf]) and [wiki:torbirdy Torbirdy] prefer 2eghzlv2wwcq7u7y.onion.
    6161
    6262 * (adrelanos's opinion) You should blend in and use the same keyserver as many other people and projects do.