BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blug-canary-1 [2018/12/27 09:54]
Tom Li 		blug-canary-1 [2024/04/30 16:36] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for December 2018.+Issued for April 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-wnereiz  0xFDFF2E13AA25BE72+vimacs   0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of January 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of May 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-None.+1. We've found a workaround for importing keys on https://keys.openpgp.org 
 +without User-ID. The instructions for verifying persmule's signatures have 
 +been added. 
 + 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyservers, persmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it's 
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usual. Debian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing a "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. 
 + 
 +    b. Use the latest GnuPG in any operating system.
  
 Proof of Freshness Proof of Freshness
Line 75: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- Hundreds of residents forced to evacuate Sydney'new Opel Tower again after 'cracking' sounds + Introducing Latest new section of your Telegraph app 
- Tributes to British couple who died within hours of each other in Australia + Monday evening news briefing: Kate Forbes seriously mulling run to replace Yousaf as SNP leader 
- Gurkhas son threatens to sue UK government for discrimination amid passport delay row + Friday evening news: King to resume public duties as doctors pleased with cancer treatment briefing 
- Pictures of the Day27 December 2018 + Thursday evening news briefingYousafs political future could lie in Alex Salmonds hands 
- Search for British cruise entertainer who fell overboard from Royal Caribbean ship on Christmas Day+ Wednesday evening news briefing: Teenage girl arrested after two teachers and pupil stabbed
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Trek Into Congo Forest Reveals an Ebola Crisis Fueled by Violence + Middle East Crisis: Netanyahu Again Vows to Invade Rafah With or Without Cease-Fire Deal 
- Irans Economic Crisis Drags Down the Middle Class Almost Overnight + Georgia Bill Targeting Foreign Interests Draws Protests 
- Syria Faces Brittle Future, Dominated by Russia and Iran + Surrounded by Fighters and Haunted by Famine, Sudan City Fears Worst 
- Japan to Resume Commercial WhalingDefying International Ban + How Capitalists in Communist Cuba Are an Economic Lifeline 
- Afghanistan Likely to Delay Election as Trump Presses for Peace Talks+ Mali Claims Death of Abu HuzeifaTerrorist Who Helped Lead Fatal Ambush in Niger
  
 $ date -R -u $ date -R -u
-Thu27 Dec 2018 09:53:29 +0000+Tue30 Apr 2024 16:34:02 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAlwkoSMACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmYxHZQACgkQ+tPrBeiO 
-jW2MzA/+OZo4FSBgGJbgs0fs23VU6QH81WU4FaLgaNrr+2qgTwJG0SZ/dgqDMLTh +jW1i1Q/9Exd6Er9/1Kuau3YNnARce6tmrlbSNwK/TOl8Qm22rtXPxqsbtdWccHHQ 
-ESmF3hbf7INGhxR+7kbCwybQnkW+U+FIKHd3MEV2v2Sjkzc2GLuZvqa2Z0Ekh7VG +uz2NuDmIk5ygnxjhy1leGb8XRRimbMKgKL/K6/tdGKUqYXDm+dm/I+g8pwhKmSTe 
-k7/CHKhWTvsm+avwzJe7RrvabZG30zzNtMF9Ab21mI8kgwNCDeiGTXtriqCgH6gS +8GY/GYPCl52VtG7kwLYw9HzvlwGZrTFWeOuSBqvETZhesxWmXWxEJH4is9vXHLIv 
-FZD1Dt+06cTwsQt7evIXc7+jxZ+rI5iO+W5WN//7X8XQKrmlB0eaJOmtt6/yvutW +4PPmBZIqscJStKHlo52xJWEb1zd/JGrE1XcPlIoWz4xDGc1c5qC6pcYV5SBADPd5 
-lE3xZPsZtAxjVnUQHYBV38sjzoYHiJzw8YTBC7qnO1eC99PtKzBvGOw7XXplmB+I +OT60xdVqvuTKShlyENwQqIR2oCjTBBXIdyMZyrXKxHqPKk4UKyrcQI2L5S4CX9xk 
-h3pclTJamtlZ9Kahk12hwKt4C+4b+7EWDkcmk2hv+FAlZaHFFxoL+Ihe81ZEUl/O +pnLqn3vrr7RMLkwo7wFLQQfKfKmp5Z83BdXdcagS9miLOXFi82OOxGKLSzq+KZ/t 
-822k6stlJMpPbW50ek50qnvxhnetv2xRlFLOopVAJZIqf97g38tvPgcbVNhSY0s5 +YWQzYozCFC6uvXNc8WY5EV46Z0E/vUsY5oqZC90aLhS1TDwl/7Bh2u/jVtlsdpSQ 
-sEx+1yWRjmVd9xvkVfCkK7eF9tGnAJvaPJo3vEX66WbxtgSk/xdCQ8Uyr1TN9TaJ +rBtZPyHkywguwFfL/+Cb4XGN7OapdyBscrC6VmyPXb37txEZpqYFMz6duwukJXO4 
-czZhPs3efWsqv9UzgyV815xlcD3pJS8arMRsSJ4Rpdeg0HfIuU86jC41NzjcbJGc +s9WTgX/61DWCusrZLo9RuIIiyGprfGfzb0MOrAU78ePDOZng2CCnXnwT4ErN6pw1 
-A6trypcfjCVeu1uecUO9hk/q9uVfBiZk/b+EeJdD1sxF+TmEky9CpD7s1hhnvBOc +4xiALByAwvYFPLzuJRlhSxzZPILXSmFrG4zQ6MgbmFX8lcRc1M9dMT23IeO4ZpIg 
-D90nN+3dnIGHTkCBpAOzGZU404qv94YD3syPKREcKiUNudLE354+FHsfe3tRW87N8PkjJ4hAjbmf9V4206HIEzWPPrpniAxgzAkrp+c
-=aZX++=YG7W
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1545904497.txt.gz · Last modified: 2018/12/27 09:54 by Tom Li

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed