Explore >> Select a destination
|
You are here 
|
dkg.fifthhorseman.net | ||
| | | | |
lwn.net
|
|
| | | | | [AI summary] The discussion revolves around the limitations and vulnerabilities of the Web of Trust (WoT) in OpenPGP systems. Key points include: 1) The WoT is inherently broken due to scalability issues and lack of user-friendliness, as noted by Werner Koch. 2) There is a proposal to require signers to prove ownership of the private key before uploading signatures to keyservers, which could reduce spam and invalid signatures. 3) The process of distributing third-party certifications is complex and requires better tooling and user experience design. 4) Concerns about security vulnerabilities in OpenPGP, such as NULL pointer dereferences and potential for exploitation, are raised. 5) Alternatives like Trust On First Use (TOFU) are suggested, but the community... | |
| | | | |
blog.oddbit.com
|
|
| | | | | In today's post, we look at KeyOxide, a service that allows you to cryptographically assert ownership of online resources using your GPG key. Some aspects of the service are less than obvious; in response to some questions I saw on Mastodon I though I would put together a short guide to making use of the service. We're going to look at the following high-level tasks: Create a GPG key Publish the GPG key | |
| | | | |
daniel-lange.com
|
|
| | | | | ||
| | | | |
danielpecos.com
|
|
| | | Tutorial on how to generate a new PGP / GPG key pair and properly rotate from your old one. | ||
