BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
blug-canary-1 [2019/07/30 19:03]
Tom Li 		blug-canary-1 [2020/03/27 18:40]
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for July 2019.+Issued for February 2020, retroactively.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-* wnereiz 0xFDFF2E13AA25BE72+* wnereiz 0x0A6A91990AC98712274AA18DFDFF2E13AA25BE72
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. To avoid security breaches and emphasize the clarity of the warrent canary+9. To avoid security breaches and emphasize the clarity of the warrant canary
 documents, if a signer is temporarily unavailable, only existing signers in the documents, if a signer is temporarily unavailable, only existing signers in the
 "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD
 NOT be considered a valid canary document) until the signer becomes available NOT be considered a valid canary document) until the signer becomes available
-again and signs the missed documents. A new signer SHOULD NOT sign a warrent+again and signs the missed documents. A new signer SHOULD NOT sign a warrant
 canary document only due to the temporary unavailability of a existing signer. canary document only due to the temporary unavailability of a existing signer.
  
 10. We plan to publish the next of these canary statements in the first three 10. We plan to publish the next of these canary statements in the first three
-weeks of August 2019. Special note should be taken if no new canary is published+weeks of March 2020. Special note should be taken if no new canary is published
 by that time or if the list of statements changes without plausible explanation. by that time or if the list of statements changes without plausible explanation.
  
Line 76: Line 76:
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-1. Due to personal reasons, wnereiz (0xFDFF2E13AA25BE72) was not available and +1. Due to personal reasons, biergaizi (0xFAD3EB05E88E8D6D) was not available 
-couldn't sign the warrent canary before the end of June 2019.+and couldn't sign the warrent canary before the end of February, 2020. This 
 +was not a result of any incident. All statements of the warrent canary documents 
 +are still valid. A canary for February, 2020 has been signed by biergaizi 
 +retroactively.
  
-2. We determined that this was not a result of any incident. All statements of +2. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has 
-the warrent canary documents are still validFurthermorewnereiz will continue +expiredA new key0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been 
-to sign the canary documents in the future.+created and uploaded to https://keys.openpgp.org/, it can be obtained from 
 +this keyserver.
  
-3. We determined that the decision of asking vimacs (0xEA2DB82FE04A9403) to +3. The new key will be used by persmule to sign future warrant canary 
-replace wnereiz and sign a substitution of the canary document was flawedThis +documentsYou can verify the signature by crosschecking the other two 
-decision is thus revoked.+documents signed by biergaizi and wnereiz for consistency.
  
-4. To avoid future incidentswe have amended the procedure on signing warrant +4. Due to this key rollover, the October message was not signed by persmule. 
-canary documents, and added a new Statement to prevent similar issues.+This did/does not indicate a security incident, all of the statements above 
 +were valid, and are still valid.
  
-5. The previous warrent canary documents issued for July 2019 are revokedOnly +5. Recent attacks on OpenPGP keyservers have raised great security concerns 
-this version is valid.+within the community, as a countermeasure, persmule's personal User-ID has 
 +not published to the https://keys.openpgp.org/ keyserver. Instead, only 
 +cryptographic information can be obtained from the keyserver, without any 
 +User-ID. Currently, it's impossible to import a OpenPGP public key without 
 +User-ID to a standard GnuPG installation, as a result, it's not possible 
 +for a 3rd-party to verify the canary document signed by persmule. 
 + 
 +6. We are looking for a solutionBut for now, we decided that the best 
 +option is starting publishing new canary documents using the new key. 
 +As a temporary measure, you can check the canary documents signed by 
 +biergaizi and wnereiz to decide the validity of the Statements. By signing 
 +their own copies, it indicates that the new key has been verified privately 
 +by them as valid
 + 
 +7. This effectively reduced the number of signers to two people. It reduces 
 +the level of confidence, but currently there is no alternative option yet. 
 + 
 +8. Once the technical problem of OpenPGP public key without User-ID is 
 +resolved, you can check the previous signatures retroactively, and this 
 +would effectively restore the level of confidence. You can archive 
 +persmule's signature as soon as it's published to your own machine to 
 +ensure no data tampering has occured. 
 + 
 +9. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged, 
 +but the Key-IDs have been changed to its full fingerprint format in the 
 +canary document for clarity. 
 + 
 +10. When new information is available, it will be published in the "Special 
 +Announcements" section in future warrant canary documents.
  
 Proof of Freshness Proof of Freshness
Line 97: Line 130:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- Home Secretary is urged to launch independent inquiry into Scotland Yard following Operation Midland scandal + What essential shops are open during the coronavirus lockdown? 
- Scientists decode brain speech signals into text in breakthrough for patients with severe disabilities + What is coronavirus, how did it start and how big could it get? 
- Bruce Lee's daughter accuses Quentin Tarantino of unfair 'caricature' of father + Friday evening news briefing: Boris Johnson has coronavirus - what now? 
- India launches murder inquiry after minister's rape accuser is hurt in lorry crash that killed her aunts + How does a coronavirus home test kit work, and how do I get one? 
- US pressures Germany to send warships to Persian Gulf+ How can I join the NHS coronavirus volunteer army, and what would I do?
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- China Says Most Muslims Have Been Released From Camps. Others SayProve It. + Coronavirus Live UpdatesHouse Passes $2 Trillion Relief Bill 
- They Survived Colonization and War. But Venezuelas Collapse Was Too Much. + For France, Coronavirus Tests a Vaunted Health Care System 
- Body of Concertgoer Found in France Fuels Anger Over Use of Force + The Virus Is Coming to Myanmar, but the Pain Has Already Begun 
- Hong Kong Charges Dozens of Protesters With Rioting + Australia Says Goodbye to the Worlds Longest Boom 
- Chinese Nationalists Bring Threat of Violence to Australia Universities+ Migrant Farmworkers Whose Harvests Feed Europe Are Blocked at Borders
  
 $ date -R -u $ date -R -u
-Tue30 Jul 2019 19:03:07 +0000+Fri27 Mar 2020 18:29:16 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl1AlHEACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl5+SIIACgkQ+tPrBeiO 
-jW0WaRAAmwFu4bJSPQcH00xAdQfbzw+WIDbG+zk8H5At3q8qIEqr02ouNYohkdWc +jW2T1Q/9FOc48gHCAJVoIzez7S6AfxQDpvLzL4y7yPed+grGh1AJfbcUPR+0Jmwo 
-7HqgLTDNtbbGoiExPPRj3oE25rMav3eb0gtZhkZrXjz6yC2YCWtP2XzxTr6V8s1Q ++1BUVFmmKFP+7Hro3t71ynHEfb50F6Q7YAnWNG3SqSLHxHOKpbvnIOQL1IYTnP3Q 
-ul0iKbfZclnBEMo+Ti1C3sSHVB31PLLdaKqdRuhl9Nzx1yKjZF3sn3ax6k/HKxeq +tSN7S1C/9d4IotOtkLu+jMGpqLEWyAB3yRmKUI1maaeLhVal+tlXjDDQpw7IwNUW 
-DpSu4bwiXXS+kjF0Hntdc4ICois3bztNtATTBp5xyWPM0wRSGjw4rHVErBGEdzrZ +j5gZlW2gs7CFsHD5hChFzX+EcyDI/cCYECbK2Uo9GwcL22pUETTCI6dhqH6wAtyR 
-4xt86TFq1Gev03OX7guBJjnr4cNfFtQJJ0jbT/LpJfalWxZfxZqpIACEJtwP6F9E +2u5s37JDC8OT4LdyWvfoBoHewi6igBDyeiIeeHOgXUHeTH63XiNlNlXGVu1ihawr 
-bAZBYAL6PWz9523N61k4TJ8um2RRhviXWlGY/7VhHVFl8YFI4MT/8NHO5fntj7qP +4bNwesvnAsG8dIS1mhnLe7D78roaXA0AGcTPw3bd1f6hkjfYjs3+KKBmUlL8C0ut 
-dDaW30HyJRbnOtL+vQD5WOp+LjGM403P3z+RmjYI6/ZVBz0sJ4LrvXSn/2wU1Zst +tJyEtTEWwVdpGglHqZaw5BOQiOKV6wXxPRVdqgqGmNWKoJBSEWSrq/HcYzcd5kte 
-pmt/UI/emMtujLCH2NTo9rfrQhUf/+b17Y9XWPcNvLDqIeXYyx3D2GJHwVx7/fwg +vVOEFagUEdsuWC0dcFw37bmhwszVV+tT/+D0I/hM0LPxp7qsEtHCALn44fWweL9Y 
-Mdzp8LdnDJumkAkwXw/21GggBMOo1z3065a64kMpGxKvv0ldk+odaCfk8xmHwAJE +4urdVJCdD/neb+JJvHSFu/2xFEApUKDH4hsBEFJpcU8nO7Fi231T4oVCGIzw/ipL 
-4jOA87nnPZj5L/QBZlKK5uOzHigDe06rMebwWxQXpfw1vVeClB01mucTMccjYyjG +4qBe88XWsLQCvRCkZgTef1OAFzJAdw9IuYdH6m7AC/chq+QH5Ry9+kgzK0LC9Ks0 
-Y8TbtUBbRdVFgJod/QDuyCypQRM5x1Vg27eh98QZzXNPtz0PTtQ+EQ65VVY8FF97544bkGE5QFl0sRtNyEbBRVkjwlmUkCe2Kabzjg0
-=yPv1+=u/cv
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.txt · Last modified: 2024/04/30 16:36 by BLUG Admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed