This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blug-canary-1 [2020/07/28 22:36] BLUG Admin |
blug-canary-1 [2025/06/30 05:44] (current) BLUG Admin |
||
---|---|---|---|
Line 15: | Line 15: | ||
==================================== | ==================================== | ||
- | Issued for July 2020. | + | Issued for June 2025. |
Don't just trust the contents of this file blindly! Verify the | Don't just trust the contents of this file blindly! Verify the | ||
Line 24: | Line 24: | ||
* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D | * biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D | ||
- | * persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 | + | * persmule : 0x7636112A33805777A0646B1BFA7C50B699AC61D2 |
* vimacs | * vimacs | ||
Line 70: | Line 70: | ||
10. We plan to publish the next of these canary statements in the first three | 10. We plan to publish the next of these canary statements in the first three | ||
- | weeks of August 2020. Special note should be taken if no new canary is published | + | weeks of July 2025. Special note should be taken if no new canary is published |
by that time or if the list of statements changes without plausible explanation. | by that time or if the list of statements changes without plausible explanation. | ||
+ | |||
+ | 11. Due to the ongoing security issues of OpenPGP keyservers, it makes signature | ||
+ | verification an issue and somewhat a challenge. For completeness, | ||
+ | procedures for canary verification is included here. | ||
Special Announcements | Special Announcements | ||
~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~ | ||
- | 1. Due to personal reasons, wnereiz (0xFDFF2E13AA25BE72) voluntarily decided | + | None. |
- | to quit from the warrant canary team and he is no longer a signer of the | + | |
- | warrant canary documents since April 15th, 2020. All statements from the | + | |
- | warrant canary documents before this date are still valid. This is an official | + | |
- | decision that can be verified by checking the warrant canary document in April, | + | |
- | signed by wneriez. | + | |
- | + | ||
- | 2. In the previously mentioned document designed by wneriez in April 2020, | + | |
- | the date in its statements was mistakenly written as "April 15th, 2019", | + | |
- | which was a typo, but cannot be changed due to the nature of digital signature. | + | |
- | We declare that it's hereby corrected to "April 15th, 2020" | + | |
- | + | ||
- | 3. A new member, vimacs (0xEA2DB82FE04A9403) has became a new signer since this | + | |
- | month. You can validate the new keys by cross-checking the other two copies of | + | |
- | this document, signed by biergaizi and persmule. | + | |
- | + | ||
- | 4. Due to the ongoing security issues of OpenPGP keyservers, it makes signature | + | |
- | verification an issue and somewhat a challenge. For completeness, | + | |
- | procedures for canary verification has been added. | + | |
Canary Verification Procedures | Canary Verification Procedures | ||
Line 109: | Line 95: | ||
2. To verify persmule' | 2. To verify persmule' | ||
- | a. Unfortunately, | + | a. Due to the previous |
- | | + | the OpenPGP |
- | countermeasure, | + | |
- | | + | |
- | it's impossible to import a OpenPGP public key without User-ID | + | |
- | | + | |
- | b. We are looking for a solution. But for now, you should check the | + | b. Obtain the dummy public key from any traditional OpenPGP Keyserver, |
- | | + | such as https:// |
- | | + | |
- | to two people. It reduces | + | |
- | | + | |
+ | technical problem, Using "gpg --recv-key" | ||
+ | | ||
- | c. Once the technical problem of using a public key without | + | c. This is a special dummy public key with its User-IDs and subkeys stripped |
- | | + | |
- | | + | |
- | | + | |
- | tampering has occurred. | + | |
- | 3. To verify vimacs' | + | d. Next, with the stub key already imported, obtain the public key from |
+ | https:// | ||
+ | Because the dummy key with its stub User-ID is already in presence, it's | ||
+ | now possible to import the https:// | ||
- | | + | |
- | | + | |
- | | + | |
- | these steps. | + | |
- | b. Use Debian GNU/Linux operating system and install GnuPG. Other operating | + | 3. To verify vimacs' |
- | systems may lack the necessary out-of-tree GnuPG patches required, Debian | + | |
- | must be used. | + | |
- | | + | |
- | | + | https:// |
- | is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. You should see an expired | + | is 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403. |
- | public key. | + | |
- | | + | |
- | fingerprint, | + | |
- | key has been updated. | + | |
- | + | ||
- | e. Please note that the key is still shown as " | + | |
- | has no UID associated. But you should be able to see a new, valid (not | + | |
- | expired) subkey by... | + | |
- | + | ||
- | $ gpg --list-options show-unusable-subkeys --list-keys 0x7079B481F04B5D8B65A0ECDEEA2DB82FE04A9403 | + | |
- | + | ||
- | f. Now, it's possible to verify the signature by following the standard | + | |
- | procedures. Ignore the "key expired" | + | |
- | not published, only the expired UIDs are available). | + | |
Proof of Freshness | Proof of Freshness | ||
Line 162: | Line 134: | ||
$ rsstail -1 -n5 -N -u https:// | $ rsstail -1 -n5 -N -u https:// | ||
- | How would Heathrows coronavirus test work? | + | Anti-migrant riots erupt in Northern Ireland after alleged sexual assault |
- | | + | King and Prince |
- | Phantom | + | Britain strikes Houthis for first time since Trumps re-election |
- | How many coronavirus cases are in your area? Use our tool to find out | + | Man killed |
- | How many coronavirus cases are in the UK - and where are they? | + | |
$ rsstail -1 -n5 -N -u https:// | $ rsstail -1 -n5 -N -u https:// | ||
- | In Russias Far East, a New Face of Resistance to Putins Reign | + | Conquering Soccer and Arming Warlords |
- | Najib Razak, Malaysias Former Prime Minister, Found Guilty | + | The Beatboxing, Dancing Nuns Expanding the Flock in Brazil |
- | Australia Says Chinese Students Are Targets in Virtual Kidnapping Scams | + | After War With Israel and U.S., Iran Rests on a Knife Edge |
- | North Korea Thinks He Brought Covid-19. South Korea Wants to Arrest Him. | + | Europe Heat Wave Drives Record-High Temperatures, |
- | South Korea Says It Will Launch Spy Satellites as Missile Deal Is Revised | + | |
$ date -R -u | $ date -R -u | ||
- | Tue, 28 Jul 2020 22:34:45 +0000 | + | Mon, 30 Jun 2025 05:43:43 +0000 |
-----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | ||
- | iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl8gqDIACgkQ+tPrBeiO | + | iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAmhiJB8ACgkQ+tPrBeiO |
- | jW1Cgg/+PJxskuV9neMfW05djtnWufoBScFyfH/NyNzwyYoVfzN6hfXKLHlEi70K | + | jW0/bQ/+P7V3TyskmWXK1V8kc33geQmtV6f0q1dtI6RiPvI/1TgdoMrUjGFZ2SRZ |
- | W5PXPugJikhomzNp7amDNUwup+iLxCPb7n6bnxLB7WPBYUpWYq7sSC0Inbd5UZzt | + | XSC2QATvvV5L4+j7vdan0Iqagezrvvn1+V7I3nSsxO8V2VT+BsVfWZEHwRsoNRxA |
- | 0TTNjXtTMOrf15iHwAJ3oL0ZsYIwm5TQR35mtnkUdsRtkns1tazPhTdEMe2zXsLl | + | do+fUGDChbYOZHfJZu8Ef9UPEq0+6WoReAkShV93eX46qDvehEqGbrBncEoSKoNR |
- | USQhsKx3t8dZg7/ | + | fX/ZTjfv6wdFq3UptMAkviSLaBNSGpycLa+pBmA+Nw28Tmch/ |
- | +Tj6+vYeEW8He8Oy7csKeKQgX0JHFisRJd7InwFaarmQejky8EFPcWPNY+1PebGw | + | k0B72S8N5KVjnPbLmEJM5BajGfwJ4nqsxta9EcRxX75ghjiC3vcfjIoxNoHT92s3 |
- | hsZTZnZrDA0p5omZKv3nIqjxiTm0i0teq/96gMaH6KLoFRyRCRYnIUGektPbxcOd | + | 7cpDwyeVrZmnslvvI8QNS+z2N0FSueTIUgYX3b0U4cmW3HPQUzXx2hMehNJfZGNd |
- | mpqE4WU6DjxCkS5qtEav9HDRqzHBw2CISYZ8K1ggLeSPffqo+YMU8wd7ncpg2YCf | + | 56YWisMn0VWHN6//dxvN0eeFPYJVquOExW/ |
- | do8Tz4Wv5ZvWc0yRP9xybYxmslifFW/H93VOZxTJUeE0/KQr0jn8YePMxMtDuvyv | + | owVBgRwm4dS8lS1arAeKL20l6Z/ |
- | MN2n2uhDy3pZcVXHuNtiB84ULrs6B7r5zgyitWMB5NRsvbVuuUQWq2wyKGnIdLR7 | + | nJX3m7sD40PrSjeiRaZ3cQxPm6MsEZ1nGvBHIf3JI1oNwGoG6wOLWbXE3sg1G6VF |
- | 559tPh8nyynA1NMsK7DzUh5M3XCFeab+zHrlig7FV4AlluwxnIbJeJbIwpYk2p0L | + | YDR8hQruAt9BTj6qFkvIlzUZo4ymil869XsEUIIIDluXTMzGu+rtsY4eQi8L+pft |
- | TNzwMlym3ClaTLetCpWfaohqCZX4WT/ | + | DcfqY2NyCZ1VZqX9mwjo0xNEPlRXehEChZdpkf1tH7Rb3yhHhVA= |
- | =WE/Y | + | =6KRM |
-----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | ||
</ | </ |