peer request for pgp.uplinklabs.net

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

peer request for pgp.uplinklabs.net

Steven Noonan
Resending this message with a key that isn't revoked. Doh!

And thank you to those who have peered with me so far.


I'm looking for peers for a new SKS keyserver installation.

Hostname: pgp.uplinklabs.net
Location: Bellevue, WA, USA
 Version: 1.1.6
    IPv6: Supported

This is a privately owned machine.

I have loaded the 2016-08-29 dump from pgp.key-server.io, which puts me at
4,415,399 keys.

For operational issues, please contact me directly.

pgp.uplinklabs.net 11370 # Steven Noonan <[hidden email]> 0x7EACB44BA7B30DB9

Thanks!

--
F8D5 F819 8DEB 0703 1565  1A90 7EAC B44B A7B3 0DB9
I am tycho (https://keybase.io/tycho) on keybase.




_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Chris Boot
On 31/08/16 06:12, Steven Noonan wrote:
> Resending this message with a key that isn't revoked. Doh!

Except now, because it's an ECC key, nobody can verify your mail unless
they're running GPG 2.1... :-)

Cheers,
Chris

--
Chris Boot
[hidden email]


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (968 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Hillebrand van de Groep
apt-get upgrade or the alternative on your distro helps ;)

On August 31, 2016 10:29:48 AM GMT+02:00, Chris Boot <[hidden email]> wrote:
On 31/08/16 06:12, Steven Noonan wrote:
Resending this message with a key that isn't revoked. Doh!

Except now, because it's an ECC key, nobody can verify your mail unless
they're running GPG 2.1... :-)

Cheers,
Chris

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Chris Boot
GnuPG 2.1 is not available on Debian stable (jessie) at all at the
moment. And no, 3rd party repos are not the answer for this,
particularly not for sensitive crypto software.

On 31/08/16 09:50, Hillebrand van de Groep wrote:

> apt-get upgrade or the alternative on your distro helps ;)
>
> On August 31, 2016 10:29:48 AM GMT+02:00, Chris Boot <[hidden email]>
> wrote:
>
>     On 31/08/16 06:12, Steven Noonan wrote:
>
>         Resending this message with a key that isn't revoked. Doh!
>
>
>     Except now, because it's an ECC key, nobody can verify your mail unless
>     they're running GPG 2.1... :-)
>
>     Cheers,
>     Chris
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.


--
Chris Boot
[hidden email]

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Andrew Gallagher
I'm sceptical of the utility of ECC keys personally. They were first proposed as a way of reducing work and storage space (because the space of usable ECC keys is more compact than the sparsely distributed RSA primes). But they've taken so long to catch on that technology advancement has made their original justification largely irrelevant (the only exception to my knowledge being DNSSEC, where signature length restrictions are still important). And because the ECC keyspace is more efficiently packed, it is theoretically *more* susceptible to quantum attacks.

It's notable that the NSA no longer recommends ECC keys. Personally, I'm sticking to RSA until post-quantum encryption is ready. :-)

A

> On 31 Aug 2016, at 10:00, Chris Boot <[hidden email]> wrote:
>
> GnuPG 2.1 is not available on Debian stable (jessie) at all at the
> moment. And no, 3rd party repos are not the answer for this,
> particularly not for sensitive crypto software.
>
>> On 31/08/16 09:50, Hillebrand van de Groep wrote:
>> apt-get upgrade or the alternative on your distro helps ;)
>>
>> On August 31, 2016 10:29:48 AM GMT+02:00, Chris Boot <[hidden email]>
>> wrote:
>>
>>    On 31/08/16 06:12, Steven Noonan wrote:
>>
>>        Resending this message with a key that isn't revoked. Doh!
>>
>>
>>    Except now, because it's an ECC key, nobody can verify your mail unless
>>    they're running GPG 2.1... :-)
>>
>>    Cheers,
>>    Chris
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> --
> Chris Boot
> [hidden email]
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Gunnar Wolf
Andrew Gallagher dijo [Wed, Aug 31, 2016 at 10:14:01AM +0100]:
> I'm sceptical of the utility of ECC keys personally. They were first
> proposed as a way of reducing work and storage space (because the
> space of usable ECC keys is more compact than the sparsely
> distributed RSA primes). But they've taken so long to catch on that
> technology advancement has made their original justification largely
> irrelevant (the only exception to my knowledge being DNSSEC, where
> signature length restrictions are still important). And because the
> ECC keyspace is more efficiently packed, it is theoretically *more*
> susceptible to quantum attacks.

I'm far from a worthy crypto geek myself, but still — Storage space is
not the decisive issue; storing a million 4096-bit keys is only an
order of magnitude more than storing a million 256-bit keys (the same
proportion would naturally apply for a single key), and information
appended to the keys themselves (such as photo attributes and the
signatures that constitute the web of trust) make the difference quite
unnoticeable.

What is really a difference is the arithmetic operations upon which
they are based: Encryption and decryption under RSA are based on long
series of multiplications (or rather, huge exponentiation). Under ECC,
the operations are "just" series of additions. Adding is way cheaper
for a computer than multiplying, so your hardware will be able to
perform many, many more cryptographic operations with ECC than with
RSA.

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Christoph Egger-9
Gunnar Wolf <[hidden email]> writes:

> Andrew Gallagher dijo [Wed, Aug 31, 2016 at 10:14:01AM +0100]:
>> I'm sceptical of the utility of ECC keys personally. They were first
>> proposed as a way of reducing work and storage space (because the
>> space of usable ECC keys is more compact than the sparsely
>> distributed RSA primes). But they've taken so long to catch on that
>> technology advancement has made their original justification largely
>> irrelevant (the only exception to my knowledge being DNSSEC, where
>> signature length restrictions are still important). And because the
>> ECC keyspace is more efficiently packed, it is theoretically *more*
>> susceptible to quantum attacks.
>
> I'm far from a worthy crypto geek myself, but still — Storage space is
> not the decisive issue; storing a million 4096-bit keys is only an
> order of magnitude more than storing a million 256-bit keys (the same
> proportion would naturally apply for a single key), and information
> appended to the keys themselves (such as photo attributes and the
> signatures that constitute the web of trust) make the difference quite
> unnoticeable.
It also affects the size of each signature, certificate

| :signature packet: algo 22, keyid 1BB721A4B254D8E1
| version 4, created 1472657540, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fd 82
| hashed subpkt 2 len 4 (sig created 2016-08-31)
| subpkt 16 len 8 (issuer key ID 1BB721A4B254D8E1)
| data: [256 bits]
| data: [256 bits]

vs

| :signature packet: algo 1, keyid ABFFEDB24008C6F9
| version 4, created 1472657570, md5len 0, sigclass 0x00
| digest algo 8, begin of digest c8 06
| hashed subpkt 2 len 4 (sig created 2016-08-31)
| subpkt 16 len 8 (issuer key ID ABFFEDB24008C6F9)
| data: [4095 bits]

Christoph

--
9FED 5C6C E206 B70A 5857  70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (815 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: peer request for pgp.uplinklabs.net

Andrew Gallagher
In reply to this post by Gunnar Wolf
On 31/08/16 16:18, Gunnar Wolf wrote:
> Adding is way cheaper
> for a computer than multiplying, so your hardware will be able to
> perform many, many more cryptographic operations with ECC than with
> RSA.

That's a good argument for using EECDH in TLS, which is fair enough -
with ephemeral keys it's legitimate to prioritise speed. But it's less
applicable to PGP or x509, where the processing cost of the asym
sig/crypt is comparatively small.

A



_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (817 bytes) Download Attachment