BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blug-canary-1 [2019/02/26 18:25]
Tom Li 		blug-canary-1 [2024/03/30 20:52] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for February 2019.+Issued for March 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-wnereiz  0xFDFF2E13AA25BE72+vimacs   0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of March 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of April 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-None.+1. We've found a workaround for importing keys on https://keys.openpgp.org 
 +without User-ID. The instructions for verifying persmule's signatures have 
 +been added. 
 + 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyservers, persmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it's 
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usual. Debian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing a "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. 
 + 
 +    b. Use the latest GnuPG in any operating system.
  
 Proof of Freshness Proof of Freshness
Line 75: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- Journalists detained for hours after showing Nicolas Maduro images of poverty in Venezuela + Thursday evening news briefing: Michael Goves no-fault evictions ban thrown into doubt 
- Venezuela deports US-based anchor Jorge Ramos after infuriating Nicolas Maduro during interview + Wednesday evening news briefing: Landlords could be banned from raising rent under radical SNP crackdown 
- Dame Emma Thompson letter reveals she quit film in protest at 'second chance' for John Lasseter + Tuesday evening news briefing: Biden vows to move heaven and earth to rebuild Baltimore bridge 
- Oscars 2019 after-party highlights, in pictures + Monday evening news briefing: UK unveils sanctions after MPs targeted by China 
- Cardinal George Pell could face 50 year prison sentence after conviction for sexually abusing two choirboys+ Thursday evening news briefing: Waspi scandal compensation branded a betrayal
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Cozy Up to U.S., Vietnam Tells North Korea. Look What It Did for Us. + How African Immigrants Have Revived a Remote Corner of Quebec 
- After Indias Strike on PakistanBoth Sides Leave Room for De-escalation + A Storka Fisherman and Their Unlikely Bond Enchant Turkey 
- Germany Dispatch: Where Kale Is King (at LeastWhen Its Stewed in Schmaltz and Bacon) + Kings College Chapel438 Solar Panels and an Architectural Squabble in Cambridge 
- George Pell Sex Abuse Conviction Unsealed in Australia + Troop-Starved Ukrainian Brigades Turn to Marketing to Attract Recruits 
- 2019 Is a Sensitive Year for China. Xi Is Nervous.+ Dispute in Israel Over Drafting Ultra-Orthodox Jews Threatens Netanyahu
  
 $ date -R -u $ date -R -u
-Tue26 Feb 2019 18:24:25 +0000+Sat30 Mar 2024 20:51:12 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAlx1hHYACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmYIe28ACgkQ+tPrBeiO 
-jW0w+hAApQz8DwkhwvEsu6UOffkpBZxJ2hCWNDA4iGHdnwuF/8TK9B5D0NkDZFg5 +jW1yghAAkUYMlYuGg3ihG1uBw417y2oNvBGvCk4HYtIElrbd2DNL/JV/+/LkQW/Z 
-ui76SxsAhcIquSLLrzorWWOpOcwEI43zE1JGUwgmOkyn/YzDbsMQ5/e3n4VCu/Rr +rKMBgGtYHk/xGj9lZEmt1te6Mj+w+dS91ykoHAlNCAQ6RdNe9AQLvQd2Up9JlSTr 
-g/mFYZ+zoy5iLTRMocrz5QsismYcBwXxryFvd/VeG992iIVX5URF7+R8BcKVVgRV +obl/GMRBmJQNjaZf+mPWVbogmGq83lcoLK806ObfHPYBqRg+nxNQ85b19YUm2o5T 
-1jvuqJ4sGRpzDk4tWsIl/b4iBnH5dwbfIdTtkIOPn9oHnp/FFiH/xcXYZmSFwGXR +JH7EsqEUBpCdrzyv7uYWLNOru2t6IvSXNcjB1Ay5CpwO3Bchu8EIhp433Wd5x/yb 
-hOo134voHRuOdg0oFi6Ui4ilWwgKqYqhZiRYOuRSZ1Uh4x32ApuhheMcUTcjPesS +xTPKkdC8yuusZCR/zLIUX7cJWYH7VH+chWf1RxAlkNQ5CCd51I741wY7/rYB5ZSU 
-QmJ3/exmNc/5/ltNk6Yf+iTqSdY4FHt+map6TsBBu3yyhOSGOFxB0eMZmotXaaat +r4wib3+hnWYIktr4GC7QSeRhxocJcMHuKHWz6SgOQWqQDf8dYRiPGr72xtiZD2w9 
-u1oJG+8kicLgc5IGLlLRfcSnkeh3VBaW+AZp3v5uZ95J4s0QZd5QRSUVcRjLI542 +9W13osDpdkZkULD3lKxp/dwpklOlciComr1xGOk0wQoC7QpRlY+2wpUyIfAKxjaM 
-nXCKJ/DnLZRqhuX1mPYDAzn9n7thE8OIuJfWYOuTmx0bvid9s5zex13iIL2KEMyu +oWsUYeIw8nWnxXljk8jNgSJ0XOnB4Po85xtWLk3MpAViy+s/RwwVEyam0CokgVw8 
-yfxsgOdOg9CAO13HieKSuLVkovqctBzY5nZX/3SLWttpifO+pKSYwy1VRZxgf7rK +dcUjL3ZZquPGUzhDCD/s/4Hb3HCGABKhd0rpWEsTL8DOaRahwBoGU7s9g07zQZal 
-rYsb8/eoN2KSRo6S39R8HRnyCMHp02p6vObPcdzUGcPkCLLoj6AWiXZn6NbGnUs4 +J7XHj8bGfbwmvBJoFO9jUFt+o2M7g+G00GsqPhQ7eIIKzFcuqMlR41ajWYUUHmD9 
-mAVxlMEYe/m7P/2yaiTZ5/Np1O6n9dOk+B0UuD4Q36OkwD9k+bI+Jq6fwrZZ+zgyKnjZ75E94uQqd7e54DF8wcpYoV/W1FEBSVBJgco
-=C2IB+=5M8V
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1551205558.txt.gz · Last modified: 2019/02/26 18:25 by Tom Li

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed