BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blug-canary-1 [2019/07/20 13:51]
BLUG Admin 		blug-canary-1 [2024/04/30 16:36] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for July 2019.+Issued for April 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-* vimacs   : 0xEA2DB82FE04A9403+* vimacs   : 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of August 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of May 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-1. Due to personal reasonwnereiz (0xFDFF2E13AA25BE72) is no longer available +1. We've found a workaround for importing keys on https://keys.openpgp.org 
-and couldn't sign the warrent canary before the end of June 2019This is not +without User-ID. The instructions for verifying persmule's signatures have 
-result of any incidentAll statements of the warrent canary documents are +been added. 
-still valid.+ 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyserverspersmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it'
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usualDebian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403.
  
-2A new member, vimacs (0xEA2DB82FE04A9403) has became a new signer since this +    bUse the latest GnuPG in any operating system.
-month. You can validate the new keys by cross-checking the other two copies of +
-this document, signed by biergaizi and persmule. Or by checking the Web of Trust.+
  
 Proof of Freshness Proof of Freshness
Line 82: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- US pushes for talks as North Korea hints it may lift nuclear test moratorium + Introducing Latest  a new section of your Telegraph app 
- Nazanin Zaghari-Radcliffe transferred to hospital psychiatric ward in Iran, says husband + Monday evening news briefing: Kate Forbes seriously mulling run to replace Yousaf as SNP leader 
- Donald Trump condemned by Congress as he says he does not have 'racist bone' in his body + Friday evening news: King to resume public duties as doctors pleased with cancer treatment briefing 
- UK enjoys partial lunar eclipse on 50th anniversary of Apollo 11 moon mission launch + Thursday evening news briefing: Yousafs political future could lie in Alex Salmonds hands 
- R Kelly pleads not guilty as singer denied bail on US charges of sex crimes+ Wednesday evening news briefing: Teenage girl arrested after two teachers and pupil stabbed
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- A Prosperous China Says Men Preferred, and Women Lose + Middle East Crisis: Netanyahu Again Vows to Invade Rafah With or Without Cease-Fire Deal 
- Epsteins Ties to Former Israeli Leader Shake Up Election Campaign + Georgia Bill Targeting Foreign Interests Draws Protests 
- A Runaway Train Explosion Killed 47but Deadly Cargo Still Rides the Rails + Surrounded by Fighters and Haunted by FamineSudan City Fears Worst 
- Irans Top Leader Strikes Defiant Tone as Trump Says Were Not Looking for Regime Change + How Capitalists in Communist Cuba Are an Economic Lifeline 
- Turkeys Erdogan Goes His Own Way as Distrust With U.S. Grows+ Mali Claims Death of Abu Huzeifa, Terrorist Who Helped Lead Fatal Ambush in Niger
  
 $ date -R -u $ date -R -u
-Wed17 Jul 2019 04:56:55 +0000+Tue30 Apr 2024 16:34:02 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl0zG+gACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmYxHZQACgkQ+tPrBeiO 
-jW10VA//T5gyg2+EnF8eqBC/C7zHbjlMA4TCA/txSfJjasrr7BbygvZdMLYlkUo2 +jW1i1Q/9Exd6Er9/1Kuau3YNnARce6tmrlbSNwK/TOl8Qm22rtXPxqsbtdWccHHQ 
-UzZDsoVk3hFtEFLQxXsICp2Yji8utHdYvTjS5b8HC0jJaMUzvsUAjKlBugUTLwQa +uz2NuDmIk5ygnxjhy1leGb8XRRimbMKgKL/K6/tdGKUqYXDm+dm/I+g8pwhKmSTe 
-TM17kG8Wnobvmgcz/hW8FysiN9yS67Air9ZcN5YPaWs0gseqMlJZ2JLlH+HGbV52 +8GY/GYPCl52VtG7kwLYw9HzvlwGZrTFWeOuSBqvETZhesxWmXWxEJH4is9vXHLIv 
-sMkCgaGofvJCIijC1R5CXIZ6zKA78Rn7ItZPFbQmgrdiUjbdNhlecYv9fHL/sAON +4PPmBZIqscJStKHlo52xJWEb1zd/JGrE1XcPlIoWz4xDGc1c5qC6pcYV5SBADPd5 
-jY3lD37piqHSQxjIB6EX8BxDUN85D8thoQbdbe6XMMuG5LkStFZjrqJ9G6UcD1ME +OT60xdVqvuTKShlyENwQqIR2oCjTBBXIdyMZyrXKxHqPKk4UKyrcQI2L5S4CX9xk 
-JDMt5ffIgKE5+s8+fHZ3rGjD0Vu929f4v7UdRK6lncbjUF8UH40N45qk698T0cj3 +pnLqn3vrr7RMLkwo7wFLQQfKfKmp5Z83BdXdcagS9miLOXFi82OOxGKLSzq+KZ/t 
-rIgy/uOt03xi6EqThhLcJvQLCZU8U3aH4oCC4hArlIw2yiO7yZXeNcH040uP935o +YWQzYozCFC6uvXNc8WY5EV46Z0E/vUsY5oqZC90aLhS1TDwl/7Bh2u/jVtlsdpSQ 
-hQZ4CfukOuAOTQ2Ar4c4gQpBr+K5pPRfFVZBg2ZLJ3QvC7cH/T6rqEQDn9vyz/7f +rBtZPyHkywguwFfL/+Cb4XGN7OapdyBscrC6VmyPXb37txEZpqYFMz6duwukJXO4 
-hp3YdMsN4E+769yBx0l3ByeMYrII3KPO+CYgWc8Hyvn74/jJzBlx7GP5aohQG/Gk +s9WTgX/61DWCusrZLo9RuIIiyGprfGfzb0MOrAU78ePDOZng2CCnXnwT4ErN6pw1 
-uFKLYqA6dVEy611j8o6l0P0QXbVywMPE+ZfW8ncK3MQmzL1wfOeOWUz4OTR4xXOd +4xiALByAwvYFPLzuJRlhSxzZPILXSmFrG4zQ6MgbmFX8lcRc1M9dMT23IeO4ZpIg 
-Zgz2oCg6ZnMr5XsbVCymik8e10Z9WAZk7kNSXO16z8alXVhIWWc+FHsfe3tRW87N8PkjJ4hAjbmf9V4206HIEzWPPrpniAxgzAkrp+c
-=qwGD+=YG7W
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1563630660.txt.gz · Last modified: 2019/07/20 13:51 by BLUG Admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed