User Tools

Site Tools


blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
blug-canary-1 [2019/01/19 04:35]
BLUG Admin
blug-canary-1 [2024/02/29 07:33] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for January 2019.+Issued for February 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-wnereiz  0xFDFF2E13AA25BE72+vimacs   0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of February 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of March 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-None.+1. We've found a workaround for importing keys on https://keys.openpgp.org 
 +without User-ID. The instructions for verifying persmule's signatures have 
 +been added. 
 + 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyservers, persmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it's 
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usual. Debian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing a "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. 
 + 
 +    b. Use the latest GnuPG in any operating system.
  
 Proof of Freshness Proof of Freshness
Line 75: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- RobertMueller's office denies report Trump ordered Cohen to lie + Wednesday evening news briefing: Christian Horner cleared of allegations of inappropriate behaviour 
- Police pick up two penguins stolen from a zoo + Secondary National Offer Day 2024: What to do if your child misses out on their first choice 
- Social media allowing women to cheat botox screening questionnaireswarns NHS + Post Office scandal: I was victim of smear campaignHenry Staunton tells MPs 
- It's not too late to have flu jab, pleads country's top doctor + Tuesday evening news briefing: Prince William pulls out of godfathers memorial service 
- R. Kelly dropped by record label amid 'sex cult' accusations+ Three men charged with Right-wing terrorism planned to attack Islamic centre
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Trump and Kim Jong-un to Hold Second Summit Meeting Next Month + Middle East Crisis: Parties to Cease-Fire Talks Offer Mixed Signals 
- 4,141 Latvians Were Just Outed as K.G.B. Informants + Bosnia Was Once Emptied by War and Now Faces Peacetime Emigration 
- Pipeline Erupts in Fiery Explosion in MexicoKilling 20 + Back From WarReserve Soldiers Set Their Sights on Israels Politics as Usual 
- After a Crash, Prince Philip, 97, Stokes Debate on Older Drivers + K-Pop Stars Lonely Downward Spiral 
- Afghan Presidential Race Takes Shape as Ghanis Challengers Emerge+ Navalnys Funeral Is Planned for Fridayif Authorities Dont Block It
  
 $ date -R -u $ date -R -u
-Sat19 Jan 2019 04:19:42 +0000+Thu29 Feb 2024 07:31:51 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAlxCpY4ACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmXgMyIACgkQ+tPrBeiO 
-jW3pvA//RZdJRfCUN7ILcwUMqLmpI+DHxHU9yQZtfGmuiqD02x03DMqKzd2+JEBp +jW3MDQ//TMoEfx4iU8Q7utf/zI3eId37WA5ZHmEIH/za8AidHsRsW8FhQfOZgotZ 
-iTdPJpekinXHigaMvdTXDKiAfkXGPgCUUeWXod5u/E3f3GB31FZ46uq7swDHyt3R +nRIuvb8rucDJ/Q/yPu8D+hiYafVwbRsw8URCG12KAAdrGI2orAWtylgFj0uAgAtQ 
-KiCu71pxOe6JzB1QUrN4SzjGH9xL0Cj4pBV11X9G+/okWrdZmC5/X9gZ0SE+3feI +6t3UEv8WUSrsYB5mf/P6sbEP/Uyp7tUBhDMsQfxk9ipV+nXd7OaDhj+W+sSIaWRy 
-AsPlP57XZoXDWJlL40LuFeiFg5pu3MwEJgkvLskPF9MmxeOIanPAT04U5soXi+uv +do0Kg7lJ8w4FPcIKwwxqV89QBHOC9ooUmflOBEcaisu9NKaXKZ6Bh75UCs31ymAl 
-K6VXUs7gnAOMKiq+048S4qUnuQv3TX9JuWu/148aR60KA46TX3HoqtJu3LDhGWgX +yHqpcN6Uth3KaYgQbLar0KH4cnwrLytGe9nWSyPS+rxjMNv3xkxGGbOodo3vomX1 
-OVb9k4M70vmLKRfBQ1X3OsF5K//hFwk6W0C08cpbt+IWuKxjaFPRymeuq+H3ZCcf +pDmHEs3P5oCvFPTiUKUPVbJjMTGjq31lt3W6e0SGpzwQHrwpNRqmNERdK0NIlT1W 
-prN4rl2dwpmMz+7xK4i/MAFtUZbK+s5EelovChvGM9ifPLe7hYChA55pUQ5tD3pB +WszscUI7/cF95G/5WRy61FX+Y9vemLooNPtBz6EUqTrB0MT52IID0Bm7dubQombB 
-YDLFMZGK8lslG6oEKNCtP90SZMLNNz91CDMlq7wVgkaZU/3FXLzB7b0CoH9aE3TX +vkqXnJO4tDyiLoj4k4f0wfnUjVyi/nkj0bKTEHuopZQhFR8AY4MmCeFB+Z9AG265 
-/RWwililsgXZUoegRC1kQ1BQObHVAwrsUP5iGIsleCRVK14i9FpYBVcn1X9jFCSE +qsoCiD2oXN/BON68bkQ4PoGidWZIsgJPeZig6y+FEN3WTr6RTnMC3GW/fdxxBybP 
-bycpPus9i6+vPpcimpmW3vwhJ+RjwqmkHcjTbEujBIWxzDBtim5tQXWqMfFyApN5 +2DlFHRn7E/MKVhXfoQO/6tUl63p7tIe4nbHDgIaTbh/62cGnYgHvlTCz4NmwUkU9 
-0u10e+9z1zcSrQM3lzk/bz0GtR5vVc7BAyJY6PFN/MoWeCZhuO4+wjdLzP2w7Vd9EnL971gj6grz5lLPV4PTiUcb3mA+ezrQXtuK3NM
-=EcJX+=HhpS
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1547872507.txt.gz · Last modified: 2019/01/19 04:35 by BLUG Admin