Dark Photon Studio<p>A nice thing about <a href="https://metalhead.club/tags/Manjaro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Manjaro</span></a> is that it holds back updates for a week. I see Manjaro haters roll out this fact like it's a bad thing. Whatever. Here's the "fun" part of all this: I didn't need to do it. The problem isn't <a href="https://metalhead.club/tags/Majaro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Majaro</span></a>, there's something wrong with <a href="https://metalhead.club/tags/Arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arch</span></a> mirrors and <a href="https://metalhead.club/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a>. Huge swaths of the mirrors are inaccessible. Keyservers are also often unavailable. Why? Who the fuck knows. So, I have a tarted up Arch install that may or may not update correctly. Oh, and I installed KDE because connecting to a sever to download something else wasn't working at the time. That's my <a href="https://metalhead.club/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> Spring Adventure. 4/4</p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.6Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#keyservers
0 posts · 0 participants · 0 posts today
PGPkeys EU<p>First steps towards more robust sync! </p><p><a href="https://infosec.exchange/tags/Hockeypuck" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hockeypuck</span></a>’s dataset normalisation rules (or “filters”) were updated between v2.1 and v2.2, meaning that <a href="https://infosec.exchange/tags/SKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SKS</span></a> recon did not work between <a href="https://infosec.exchange/tags/openpgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openpgp</span></a> <a href="https://infosec.exchange/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> running the older and newer versions. The keyservers could not all be updated simultaneously, and a few keyservers still run v2.1 today for compatibility reasons, so we had to find a way to prevent the network from split-braining.</p><p>The quick and dirty solution was a small script that runs on each side of the filter discontinuity, polls for local changes, and submits them to the other side over HKP (the protocol your <a href="https://infosec.exchange/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> client uses). But this is effectively the same idea as the old PKS sync model, just over HTTP(S) instead of email. And sks-keyserver used to support PKS-over-email, so shouldn’t hockeypuck be able to do PKS-over-HTTP natively?</p><p>The short answer is, it can! It was long intended for hockeypuck to support PKS email, but only a fraction of the necessary code was written, and there were no tests. Today, the pgpkeys test swarm has just performed its first sync using the completed PKS code, which supports *both* HTTP and email transport.</p><p>It’s not ready for production yet though. Further testing is required, and then the second part of the PKS code can be written: automatic failover from SKS to PKS when filter mismatch is detected (and just as importantly, automatic fail*back*).</p><p>This will mean that keyserver operators will be able in the future to upgrade across filter discontinuities without risking a split brain scenario. It should also mean that key updates submitted to the hockeypuck network could be automatically synced to <span class="h-card" translate="no"><a href="https://floss.social/@keys_openpgp_org" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>keys_openpgp_org</span></a></span> … watch this space! 😎</p><p>(Hockeypuck v2.3 development is kindly supported by <span class="h-card" translate="no"><a href="https://mastodon.xyz/@NGIZero" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>NGIZero</span></a></span> Core)</p>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://mastodon.ml/@Xeniax" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Xeniax</span></a></span> Totally nerdsniped :D I'd love to be a part of the study.</p><p>I don't think that <a href="https://tenforward.social/tags/KeyServers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyServers</span></a> are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at <a href="https://keys.openpgp.org/about" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">keys.openpgp.org/about</span><span class="invisible"></span></a> . More generally, I believe that <a href="https://tenforward.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> / <a href="https://tenforward.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> / <a href="https://tenforward.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like <a href="https://tenforward.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matrix</span></a>, <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalMessenger</span></a>) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the <a href="https://tenforward.social/tags/KeyOxide" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyOxide</span></a> project).</p><p>Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: <a href="https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crypto.stackexchange.com/quest</span><span class="invisible">ions/9268/is-asynchronous-perfect-forward-secrecy-possible</span></a>).</p><p>To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with <a href="https://tenforward.social/tags/PKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PKI</span></a> leaves me green with envy.</p>
xeniax ⏚<p><a href="https://mastodon.ml/tags/survey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>survey</span></a> <a href="https://mastodon.ml/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> <a href="https://mastodon.ml/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a> <a href="https://mastodon.ml/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> </p><p>PART 3 OF THE KEYSERVER STUDY</p><p>(see Part 1 here: <a href="https://mastodon.ml/@Xeniax/114273355035626553" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.ml/@Xeniax/1142733550</span><span class="invisible">35626553</span></a>)</p><p>❓QUESTION 3: WHY HAVE YOU STOPPED USING KEYSERVERS</p>
xeniax ⏚<p><a href="https://mastodon.ml/tags/survey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>survey</span></a> <a href="https://mastodon.ml/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> </p><p>🔒🔑 PART 2 of the Keyservers Study<br>(see part 1 here: <a href="https://mastodon.ml/@Xeniax/114273355035626553" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.ml/@Xeniax/1142733550</span><span class="invisible">35626553</span></a>)</p><p>❓QUESTION 2: HOW DO YOU MAINLY USE KEYSERVERS?</p><p>✨✨ if you have used them in the past, you can also answer here!</p>
xeniax ⏚<p>Dear Fedi friends. I want to make a short <a href="https://mastodon.ml/tags/survey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>survey</span></a> to understand who actively uses <a href="https://mastodon.ml/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> today. I am interested in understanding the meaning and the value that people attribute to keyservers nowadays, and the shift in perceptions of email <a href="https://mastodon.ml/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> 🔑🔒</p><p>📊 I will be making several polls (follow the thread!)</p><p>💌 I also would be happy if some of you agree to talk with me more in depth over an e2ee encrypted channel of your choice, no need to make a call, just messages are enough</p><p>👾 Feel free to share the polls and reach out in comments if you can and want to be part of this study.</p><p>👩🏽🎓 If this ever leads to any kind of publication, I will be following the standard ethical protocol adopted in the academic research community, which is to 1. ask informed consent for quoting; 2. quoting anonymously by default, unless the person wants to be named and 3. right to withdraw from the study even after responding to the questions</p><p>QUESTION 1: DO YOU USE KEYSERVERS?</p>
PGPkeys EU<p>(New blog) The State of the Keyservers in 2024</p><p>“In the two and a half years since the sks-keyservers.net shutdown in June 2021, the concept of <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> <a href="https://infosec.exchange/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> has been called into question. However, keyservers still provide a vital service to the OpenPGP ecosystem. <br>…<br>OpenPGP is one of only two widely-used cryptography standards to include a full Public Key Infrastructure”</p><p><a href="https://blog.pgpkeys.eu/state-keyservers-2024.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.pgpkeys.eu/state-keyserve</span><span class="invisible">rs-2024.html</span></a></p>
Dick Smiths Fair Go Supporters<p><span class="h-card"><a href="https://mastodon.social/@DrPen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>DrPen</span></a></span><br>Yes, <a href="https://activism.openworlds.info/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> is good but in some ways <a href="https://activism.openworlds.info/tags/I2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>I2P</span></a> is better.</p><p>We would like <a href="https://activism.openworlds.info/tags/universities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>universities</span></a> to not only run Tor and I2P relays but they should also provide <a href="https://activism.openworlds.info/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a>, code repositories, mid-scale <a href="https://activism.openworlds.info/tags/internetArchives" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetArchives</span></a>, jump services (a sort of DNS for I2P).</p><p>We need to return to a world where universities don't just pander to the corporate world for <a href="https://activism.openworlds.info/tags/funding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>funding</span></a> also.</p><p>Maybe we cannot get there.</p>
Norman Wilson<p>TIL the protocol everyone uses for <a href="https://mstdn.ca/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> <a href="https://mstdn.ca/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> appears to be documented only in an Internet Draft that expired about 20 years ago. Why did it never become an RFC if not an STD? Is it hiding in some hard-to-find RFC, or more-stably documented in some non-IETF place?</p>
Damien Goutte-Gattat<p>Just when I thought that I couldn’t possibly be more disappointed by <a href="https://social.incenp.org/search?tag=Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a>'s tooling and environment, now <a href="https://social.incenp.org/search?tag=PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> is no longer supporting <a href="https://social.incenp.org/search?tag=OpenPGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenPGP</span></a> signatures: <a href="https://blog.pypi.org/posts/2023-05-23-removing-pgp/" rel="nofollow noopener" target="_blank">blog.pypi.org/posts/2023-05-23…</a></p><p>Their rationale for doing so is one of the stupidest things I‘ve ever read about OpenPGP — and I’ve read a lot of stupid takes about OpenPGP over the years!</p><p>It basically boils down to two points:</p><p>1) One-third of the public keys used “were not discoverable on major public <a href="https://social.incenp.org/search?tag=keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a>, making it difficult or impossible to meaningfully verify those signatures”.</p><p>2) Half of the other keys “were unable to be meaningfully verified at the time of the audit“.</p><p>On the first point: just because you can‘t find a key on keyservers doesn‘t mean the key can’t be used. Keyservers have never been the one and only way to distribute keys. Actually, the OpenPGP world has been moving <em>away</em> from keyservers for several years already, and most keyservers are slowly dying. The keyserver from the Sequoia-PGP folks is one of the few exceptions.</p><p>On the second point: WTF? Just because <em>you</em> were unable to verify to “meaningfully verify” a key doesn’t mean <em>anything</em>! The validity of an OpenPGP key is not something absolute that can be verified by an auditor and then held true for everybody. The entire point of OpenPGP, compared to the X.509 world, is that it is up to each individual user to verify the validity of keys (possibly using the <a href="https://social.incenp.org/search?tag=web-of-trust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web-of-trust</span></a>, but that’s not the only way, and actually, as for the keyservers, the OpenPGP world has been moving away from the WoT). A key that is unverified for Alice may very well be perfectly valid for Bob.</p>
Dick Smiths Fair Go Supporters<p><span class="h-card"><a href="https://gnusocial.net/dcent" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dcent</span></a></span><br>We are not seeing the other half? Only this post.</p><p>1) Sounds good.</p><p>2) There's no point talking to a bank about investments and loans if communications are leaky. Imagine communicating re a possible <a href="https://activism.openworlds.info/tags/homeLoan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeLoan</span></a> and Google/M$/Blackrock, seeing that an using that info against you.</p><p>We need secure comms. Therefore banks should use/store ppl's public encryption keys. They need to act as a <a href="https://activism.openworlds.info/tags/keyserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyserver</span></a> also, because a) there's not enough good <a href="https://activism.openworlds.info/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a>, b) also stops ppl knowing where yu <a href="https://activism.openworlds.info/tags/bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bank</span></a>.</p>
Dick Smiths Fair Go Supporters<p>For reference (see above toot and child-toots of above toot) <a href="https://activism.openworlds.info/tags/banksAsKeyStores" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>banksAsKeyStores</span></a> <a href="https://activism.openworlds.info/tags/banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>banks</span></a> <a href="https://activism.openworlds.info/tags/keyStores" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyStores</span></a> <a href="https://activism.openworlds.info/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> <a href="https://activism.openworlds.info/tags/reinventBanks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reinventBanks</span></a> <a href="https://activism.openworlds.info/tags/localConnections" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>localConnections</span></a> <a href="https://activism.openworlds.info/tags/makeBanksBetter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>makeBanksBetter</span></a> <a href="https://activism.openworlds.info/tags/realJobs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>realJobs</span></a> <a href="https://activism.openworlds.info/tags/eepsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eepsites</span></a> <a href="https://activism.openworlds.info/tags/decentralisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralisation</span></a> <a href="https://activism.openworlds.info/tags/certificateAuthorities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificateAuthorities</span></a> <a href="https://activism.openworlds.info/tags/localJobs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>localJobs</span></a></p>
Dick Smiths Fair Go Supporters<p><span class="h-card"><a href="https://stereophonic.space/users/flabbonix" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>flabbonix</span></a></span> <span class="h-card"><a href="https://campaign.openworlds.info/@Ludo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Ludo</span></a></span></p><p>3/3<br>g) making <a href="https://activism.openworlds.info/tags/banks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>banks</span></a> better (see <a href="https://activism.openworlds.info/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a>),<br>h) ensuring that <a href="https://activism.openworlds.info/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://activism.openworlds.info/tags/sovereignty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sovereignty</span></a> remain <a href="https://activism.openworlds.info/tags/humanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>humanRights</span></a>, and that such rights extend to our devices.</p>
Dick Smiths Fair Go Supporters<p><span class="h-card"><a href="https://awkward.company/users/vidak" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vidak</span></a></span><br>New idea for a <a href="https://activism.openworlds.info/tags/song" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>song</span></a>.</p><p>"I wanna talk to you,<br>I had to write something,<br>But its that time again,<br>When all the <a href="https://activism.openworlds.info/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> are dowwwn</p><p>(Down Down Down Oouu Oouu Oouu)"</p><p><a href="https://activism.openworlds.info/tags/techSong" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>techSong</span></a> <a href="https://activism.openworlds.info/tags/skit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>skit</span></a> <a href="https://activism.openworlds.info/tags/funny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>funny</span></a> <a href="https://activism.openworlds.info/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> <a href="https://activism.openworlds.info/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a> <a href="https://activism.openworlds.info/tags/fediLyrics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fediLyrics</span></a></p>
tallship<p>Well there's been a lot of frenetic discussion and misunderstandings about the latest SPAMming of the <a href="https://mastodon.social/tags/sks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SKS</span></a> <a href="https://mastodon.social/tags/keyservers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keyservers</span></a> recently.</p><p>It's going to get bad before it gets worse lol. The article I've linked to has some really divisive points - I'm not posting it to start a debate, but<br>the two parts that even a neophyte should pay attention to in the article are - use <a href="https://mastodon.social/tags/signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> and <a href="https://mastodon.social/tags/magic_wormhole" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magic_Wormhole</span></a>.</p><p>I hope that helps!</p><p><a href="https://bit.ly/2JC8N9B" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/2JC8N9B</span><span class="invisible"></span></a></p><p><a href="https://youtu.be/oFrTqQw0_3c" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/oFrTqQw0_3c</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.social/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload