BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
blug-canary-1 [2019/07/20 13:51]
BLUG Admin 		blug-canary-1 [2024/03/30 20:52] (current)
BLUG Admin
Line 15: Line 15:
 ==================================== ====================================
  
-Issued for July 2019.+Issued for March 2024.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 23: Line 23:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: 0xFAD3EB05E88E8D6D +* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-* vimacs   : 0xEA2DB82FE04A9403+* vimacs   : 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 62: Line 62:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. We plan to publish the next of these canary statements in the first three +9. To avoid security breaches and emphasize the clarity of the warrant canary 
-weeks of August 2019. Special note should be taken if no new canary is +documents, if a signer is temporarily unavailable, only existing signers in the 
-published by that time or if the list of statements changes without plausible explanation.+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD 
 +NOT be considered a valid canary document) until the signer becomes available 
 +again and signs the missed documents. A new signer SHOULD NOT sign a warrant 
 +canary document only due to the temporary unavailability of a existing signer. 
 + 
 +10. We plan to publish the next of these canary statements in the first three 
 +weeks of April 2024. Special note should be taken if no new canary is published 
 +by that time or if the list of statements changes without plausible explanation
 + 
 +11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature 
 +verification an issue and somewhat a challenge. For completeness, complete 
 +procedures for canary verification is included here.
  
 Special Announcements Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-1. Due to personal reasonwnereiz (0xFDFF2E13AA25BE72) is no longer available +1. We've found a workaround for importing keys on https://keys.openpgp.org 
-and couldn't sign the warrent canary before the end of June 2019This is not +without User-ID. The instructions for verifying persmule's signatures have 
-result of any incidentAll statements of the warrent canary documents are +been added. 
-still valid.+ 
 +Canary Verification Procedures 
 +~~~~~~~~~~~~~~~~~~~~~~~~ 
 + 
 +1. To verify biergaizi's signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D. 
 + 
 +    b. Use the latest GnuPG in any operating system. 
 + 
 +2. To verify persmule's signature... 
 + 
 +    a. Due to the previous attacks on OpenPGP keyserverspersmule has published 
 +    the OpenPGP public key to https://keys.openpgp.org without a User-ID. Using 
 +    the standard method, it's impossible to import a OpenPGP public key without 
 +    User-ID. But since April 2013, we have developed a workaround, described 
 +    below. 
 + 
 +    b. Obtain the dummy public key from any traditional OpenPGP Keyserver, 
 +    such as https://keyserver.ubuntu.com, and import the public key. The 
 +    fingerprint is 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60. Note that, to 
 +    import this key, one must copy and paste the key in ASCII from the Keyserver 
 +    website to a file or console and use the command "gpg --import". Due to a 
 +    technical problem, Using "gpg --recv-key" or "gpg --search-keys" does not 
 +    work. 
 + 
 +    c. This is a special dummy public key with its User-IDs and subkeys stripped 
 +    that we specifically created, leaving only a "stub" User-ID (with an invalid 
 +    E-mail address, "glahamm <yiam5Od@gliwrad.invalid>"). Its sole purpose is 
 +    allowing the subsequent import of additional subkeys. 
 + 
 +    d. Next, with the stub key already imported, obtain the public key from 
 +    https://keys.openpgp.org using the same fingerprint, and import this key. 
 +    Because the dummy key with its stub User-ID is already in presence, it'
 +    now possible to import the https://keys.openpgp.org public key directly. 
 + 
 +    e. Use the latest GnuPG in most operating system, the signatures made by 
 +    persmule's key can now be verified as usualDebian is known to work, most 
 +    other systems should work just fine, but not Fedora. The subkeys contains 
 +    signatures made with Brainpool curves, which are disabled on Fedora due to 
 +    potential patent-licensing problems, causing "Unknown elliptic curve" 
 +    error. 
 + 
 +3. To verify vimacs' signature... 
 + 
 +    a. Obtain the public key from any traditional OpenPGP Keyserver, such as 
 +    https://keyserver.ubuntu.com, and import the public key. The fingerprint 
 +    is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403.
  
-2A new member, vimacs (0xEA2DB82FE04A9403) has became a new signer since this +    bUse the latest GnuPG in any operating system.
-month. You can validate the new keys by cross-checking the other two copies of +
-this document, signed by biergaizi and persmule. Or by checking the Web of Trust.+
  
 Proof of Freshness Proof of Freshness
Line 82: Line 140:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- US pushes for talks as North Korea hints it may lift nuclear test moratorium + Thursday evening news briefing: Michael Goves no-fault evictions ban thrown into doubt 
- Nazanin Zaghari-Radcliffe transferred to hospital psychiatric ward in Iran, says husband + Wednesday evening news briefing: Landlords could be banned from raising rent under radical SNP crackdown 
- Donald Trump condemned by Congress as he says he does not have 'racist bone' in his body + Tuesday evening news briefing: Biden vows to move heaven and earth to rebuild Baltimore bridge 
- UK enjoys partial lunar eclipse on 50th anniversary of Apollo 11 moon mission launch + Monday evening news briefing: UK unveils sanctions after MPs targeted by China 
- R Kelly pleads not guilty as singer denied bail on US charges of sex crimes+ Thursday evening news briefing: Waspi scandal compensation branded a betrayal
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Prosperous China Says Men Preferred, and Women Lose + How African Immigrants Have Revived a Remote Corner of Quebec 
- Epsteins Ties to Former Israeli Leader Shake Up Election Campaign + Storka Fisherman and Their Unlikely Bond Enchant Turkey 
- A Runaway Train Explosion Killed 47but Deadly Cargo Still Rides the Rails + Kings College Chapel438 Solar Panels and an Architectural Squabble in Cambridge 
- Irans Top Leader Strikes Defiant Tone as Trump Says Were Not Looking for Regime Change + Troop-Starved Ukrainian Brigades Turn to Marketing to Attract Recruits 
- Turkeys Erdogan Goes His Own Way as Distrust With U.S. Grows+ Dispute in Israel Over Drafting Ultra-Orthodox Jews Threatens Netanyahu
  
 $ date -R -u $ date -R -u
-Wed17 Jul 2019 04:56:55 +0000+Sat30 Mar 2024 20:51:12 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2 
  
-iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl0zG+gACgkQ+tPrBeiO +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmYIe28ACgkQ+tPrBeiO 
-jW10VA//T5gyg2+EnF8eqBC/C7zHbjlMA4TCA/txSfJjasrr7BbygvZdMLYlkUo2 +jW1yghAAkUYMlYuGg3ihG1uBw417y2oNvBGvCk4HYtIElrbd2DNL/JV/+/LkQW/Z 
-UzZDsoVk3hFtEFLQxXsICp2Yji8utHdYvTjS5b8HC0jJaMUzvsUAjKlBugUTLwQa +rKMBgGtYHk/xGj9lZEmt1te6Mj+w+dS91ykoHAlNCAQ6RdNe9AQLvQd2Up9JlSTr 
-TM17kG8Wnobvmgcz/hW8FysiN9yS67Air9ZcN5YPaWs0gseqMlJZ2JLlH+HGbV52 +obl/GMRBmJQNjaZf+mPWVbogmGq83lcoLK806ObfHPYBqRg+nxNQ85b19YUm2o5T 
-sMkCgaGofvJCIijC1R5CXIZ6zKA78Rn7ItZPFbQmgrdiUjbdNhlecYv9fHL/sAON +JH7EsqEUBpCdrzyv7uYWLNOru2t6IvSXNcjB1Ay5CpwO3Bchu8EIhp433Wd5x/yb 
-jY3lD37piqHSQxjIB6EX8BxDUN85D8thoQbdbe6XMMuG5LkStFZjrqJ9G6UcD1ME +xTPKkdC8yuusZCR/zLIUX7cJWYH7VH+chWf1RxAlkNQ5CCd51I741wY7/rYB5ZSU 
-JDMt5ffIgKE5+s8+fHZ3rGjD0Vu929f4v7UdRK6lncbjUF8UH40N45qk698T0cj3 +r4wib3+hnWYIktr4GC7QSeRhxocJcMHuKHWz6SgOQWqQDf8dYRiPGr72xtiZD2w9 
-rIgy/uOt03xi6EqThhLcJvQLCZU8U3aH4oCC4hArlIw2yiO7yZXeNcH040uP935o +9W13osDpdkZkULD3lKxp/dwpklOlciComr1xGOk0wQoC7QpRlY+2wpUyIfAKxjaM 
-hQZ4CfukOuAOTQ2Ar4c4gQpBr+K5pPRfFVZBg2ZLJ3QvC7cH/T6rqEQDn9vyz/7f +oWsUYeIw8nWnxXljk8jNgSJ0XOnB4Po85xtWLk3MpAViy+s/RwwVEyam0CokgVw8 
-hp3YdMsN4E+769yBx0l3ByeMYrII3KPO+CYgWc8Hyvn74/jJzBlx7GP5aohQG/Gk +dcUjL3ZZquPGUzhDCD/s/4Hb3HCGABKhd0rpWEsTL8DOaRahwBoGU7s9g07zQZal 
-uFKLYqA6dVEy611j8o6l0P0QXbVywMPE+ZfW8ncK3MQmzL1wfOeOWUz4OTR4xXOd +J7XHj8bGfbwmvBJoFO9jUFt+o2M7g+G00GsqPhQ7eIIKzFcuqMlR41ajWYUUHmD9 
-Zgz2oCg6ZnMr5XsbVCymik8e10Z9WAZk7kNSXO16z8alXVhIWWc+Jq6fwrZZ+zgyKnjZ75E94uQqd7e54DF8wcpYoV/W1FEBSVBJgco
-=qwGD+=5M8V
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.1563630660.txt.gz · Last modified: 2019/07/20 13:51 by BLUG Admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed