BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blug-canary-1 [2019/07/11 15:51]
BLUG Admin 		blug-canary-1 [2024/03/30 20:52] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for June 2019.+Issued for March 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-wnereiz  0xFDFF2E13AA25BE72+vimacs   0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 32: Line 32:
 one is located at: one is located at:
  
-* https://beijinglug.club/wiki/doku.php?id=blug-canary-1+* https://beijinglug.club/wiki/doku.php?id=blug-canary-2
  
 It is possible that the signatures are not updated at the same time, It is possible that the signatures are not updated at the same time,
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of July 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of April 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-None.+1. We've found a workaround for importing keys on https://keys.openpgp.org 
 +without User-ID. The instructions for verifying persmule's signatures have 
 +been added. 
 + 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyservers, persmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it's 
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usual. Debian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing a "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. 
 + 
 +    b. Use the latest GnuPG in any operating system.
  
 Proof of Freshness Proof of Freshness
Line 75: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- Donald Trump 'approved strikes on Iran over downing of drone before aborting plan' + Thursday evening news briefing: Michael Goves no-fault evictions ban thrown into doubt 
- Burglar dubbed 'Wimbledon prowler' to be sentenced more than a decade after his thieving spree began + Wednesday evening news briefing: Landlords could be banned from raising rent under radical SNP crackdown 
- Jewish Board of DeputiesBBC treatment of imam's anti-semitism 'deeply problematic' + Tuesday evening news briefingBiden vows to move heaven and earth to rebuild Baltimore bridge 
- Royal Ascot's famously strict dress code + Monday evening news briefing: UK unveils sanctions after MPs targeted by China 
- Debate at schools is being shut down by a 'worrying trend towards an intolerance of different opinions', warns Ofsted chief+ Thursday evening news briefing: Waspi scandal compensation branded betrayal
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Trump Approves Strikes on Iranbut Then Abruptly Pulls Back + How African Immigrants Have Revived a Remote Corner of Quebec 
- Irans Gambit: Force the World to Rein In Trump + A Storka Fisherman and Their Unlikely Bond Enchant Turkey 
- Xi Jinping Arrives in North Korea, With Many Eyes on Trump + Kings College Chapel, 438 Solar Panels and an Architectural Squabble in Cambridge 
- Erdogan Says He Will Meet With Trump to Resolve Weapons Disagreement + Troop-Starved Ukrainian Brigades Turn to Marketing to Attract Recruits 
- Paul Whelan, Held in Russia for Spying, Pleads for Help from Trump+ Dispute in Israel Over Drafting Ultra-Orthodox Jews Threatens Netanyahu
  
 $ date -R -u $ date -R -u
-Fri23 Jun 2019 23:28:13 +0000+Sat30 Mar 2024 20:51:12 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl0Q9BwACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmYIe28ACgkQ+tPrBeiO 
-jW1/nhAAi3flCEqmL/lY6UNfjhtDqYu2ANEx+fiah72j0JlDQJu1Ex7PKcD5kteK +jW1yghAAkUYMlYuGg3ihG1uBw417y2oNvBGvCk4HYtIElrbd2DNL/JV/+/LkQW/Z 
-oGlWhFc6qRSv3jnWmaKaH7OMKaYw+5YgylGYxvSsBMtmIqaUf2uaQ88RakGfHWP3 +rKMBgGtYHk/xGj9lZEmt1te6Mj+w+dS91ykoHAlNCAQ6RdNe9AQLvQd2Up9JlSTr 
-eEhjm4UrCg3qa1/t1938a9Q0tnY/3fYUfkCFGoIg6DTNivY5LyvruviCtJX6IUSc +obl/GMRBmJQNjaZf+mPWVbogmGq83lcoLK806ObfHPYBqRg+nxNQ85b19YUm2o5T 
-Mv74II23UShRSQZwytLosvZwS1B6qjYuuY6UABtxqfTAo7ifh0oP9pntusjoUuf8 +JH7EsqEUBpCdrzyv7uYWLNOru2t6IvSXNcjB1Ay5CpwO3Bchu8EIhp433Wd5x/yb 
-q3nvQeY7biLeYQ+nGcfCyLa1zyKla4dFt4dRPrYsSDGvR3OHgFfzV+op5X0P9z9u +xTPKkdC8yuusZCR/zLIUX7cJWYH7VH+chWf1RxAlkNQ5CCd51I741wY7/rYB5ZSU 
-zOqdZYGWKVQlJXsmBbetvkedE783+eVXVz3JXepzD1bT8qnMMGKexbXMfunCah6q +r4wib3+hnWYIktr4GC7QSeRhxocJcMHuKHWz6SgOQWqQDf8dYRiPGr72xtiZD2w9 
-3JonuHDXqFSoqJuMgSaAUHxqS/PLIPTKbvjIBJBUP49Jdqj5k0En913s6cjAXMiH +9W13osDpdkZkULD3lKxp/dwpklOlciComr1xGOk0wQoC7QpRlY+2wpUyIfAKxjaM 
-ATny7WJadDwdgtuayRbboxIZXYu1DUfnwt3dsRuaNMnVxWrGyZ60HSkVYwlABATI +oWsUYeIw8nWnxXljk8jNgSJ0XOnB4Po85xtWLk3MpAViy+s/RwwVEyam0CokgVw8 
-xlt0omcWazUH4dOddC8QIlZ0Rg+UM7qsXQ9AmZ0h5m1O4E/H7lIrGA71Xu2iCTSr +dcUjL3ZZquPGUzhDCD/s/4Hb3HCGABKhd0rpWEsTL8DOaRahwBoGU7s9g07zQZal 
-N+mpvAx60jP4DRWhG2ctObY7az8p+DA98AtBknCZfTHDBuj9g+WUxEisrGIi34Td +J7XHj8bGfbwmvBJoFO9jUFt+o2M7g+G00GsqPhQ7eIIKzFcuqMlR41ajWYUUHmD9 
-y5Wx3o9HeyMTrTKclq0wLJ9iqeMK9+rFk/qERmqZ8lm+4wkNCXU+Jq6fwrZZ+zgyKnjZ75E94uQqd7e54DF8wcpYoV/W1FEBSVBJgco
-=2rcU+=5M8V
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1562860317.txt.gz · Last modified: 2019/07/11 15:51 by BLUG Admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed