blug-canary-2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
blug-canary-2 [2019/08/23 04:27] Xie Tianming |
blug-canary-2 [2020/02/21 02:10] (current) Xie Tianming |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| ==================================== | ==================================== | ||
| - | Issued for August 2019. | + | Issued for February 2020. |
| Don't just trust the contents of this file blindly! Verify the | Don't just trust the contents of this file blindly! Verify the | ||
| Line 16: | Line 16: | ||
| ~~~~~~~~~~~~~ | ~~~~~~~~~~~~~ | ||
| - | * biergaizi: 0xFAD3EB05E88E8D6D | + | * biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D |
| - | * persmule : 0x2987A25DAC8454A5 | + | * persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 |
| - | * wnereiz : 0xFDFF2E13AA25BE72 | + | * wnereiz : 0x0A6A91990AC98712274AA18DFDFF2E13AA25BE72 |
| THREE DOCUMENTS IN TOTAL. | THREE DOCUMENTS IN TOTAL. | ||
| Line 55: | Line 55: | ||
| 8. Our personal safety and security is not threatened. | 8. Our personal safety and security is not threatened. | ||
| - | 9. To avoid security breaches and emphasize the clarity of the warrent canary | + | 9. To avoid security breaches and emphasize the clarity of the warrant canary |
| documents, if a signer is temporarily unavailable, only existing signers in the | documents, if a signer is temporarily unavailable, only existing signers in the | ||
| "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD | "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD | ||
| NOT be considered a valid canary document) until the signer becomes available | NOT be considered a valid canary document) until the signer becomes available | ||
| - | again and signs the missed documents. A new signer SHOULD NOT sign a warrent | + | again and signs the missed documents. A new signer SHOULD NOT sign a warrant |
| canary document only due to the temporary unavailability of a existing signer. | canary document only due to the temporary unavailability of a existing signer. | ||
| 10. We plan to publish the next of these canary statements in the first three | 10. We plan to publish the next of these canary statements in the first three | ||
| - | weeks of September 2019. Special note should be taken if no new canary is published | + | weeks of March 2020. Special note should be taken if no new canary is published |
| by that time or if the list of statements changes without plausible explanation. | by that time or if the list of statements changes without plausible explanation. | ||
| Line 69: | Line 69: | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| - | None. | + | 1. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has |
| + | expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been | ||
| + | created and uploaded to https://keys.openpgp.org/, it can be obtained from | ||
| + | this keyserver. | ||
| + | |||
| + | 2. The new key will be used by persmule to sign future warrant canary | ||
| + | documents. You can verify the signature by crosschecking the other two | ||
| + | documents signed by biergaizi and wnereiz for consistency. | ||
| + | |||
| + | 3. Due to this key rollover, the October message was not signed by persmule. | ||
| + | This did/does not indicate a security incident, all of the statements above | ||
| + | were valid, and are still valid. | ||
| + | |||
| + | 4. Recent attacks on OpenPGP keyservers have raised great security concerns | ||
| + | within the community, as a countermeasure, persmule's personal User-ID has | ||
| + | not published to the https://keys.openpgp.org/ keyserver. Instead, only | ||
| + | cryptographic information can be obtained from the keyserver, without any | ||
| + | User-ID. Currently, it's impossible to import a OpenPGP public key without | ||
| + | User-ID to a standard GnuPG installation, as a result, it's not possible | ||
| + | for a 3rd-party to verify the canary document signed by persmule. | ||
| + | |||
| + | 5. We are looking for a solution. But for now, we decided that the best | ||
| + | option is starting publishing new canary documents using the new key. | ||
| + | As a temporary measure, you can check the canary documents signed by | ||
| + | biergaizi and wnereiz to decide the validity of the Statements. By signing | ||
| + | their own copies, it indicates that the new key has been verified privately | ||
| + | by them as valid. | ||
| + | |||
| + | 6. This effectively reduced the number of signers to two people. It reduces | ||
| + | the level of confidence, but currently there is no alternative option yet. | ||
| + | |||
| + | 7. Once the technical problem of OpenPGP public key without User-ID is | ||
| + | resolved, you can check the previous signatures retroactively, and this | ||
| + | would effectively restore the level of confidence. You can archive | ||
| + | persmule's signature as soon as it's published to your own machine to | ||
| + | ensure no data tampering has occured. | ||
| + | |||
| + | 8. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged, | ||
| + | but the Key-IDs have been changed to its full fingerprint format in the | ||
| + | canary document for clarity. | ||
| + | |||
| + | 9. When new information is available, it will be published in the "Special | ||
| + | Announcements" section in future warrant canary documents. | ||
| Proof of Freshness | Proof of Freshness | ||
| Line 75: | Line 117: | ||
| $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml | $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml | ||
| - | Family of UK Hong Kong consulate worker reject 'made-up' report about arrest over prostitution | + | US intelligence chief replaced 'after clash with Donald Trump over Russian bid to boost re-election' |
| - | Mother arrested after child found dead in caravan inBirmingham | + | Windrush draft report that called Home Office institutionally racist 'was watered down' |
| - | Brazilian president hits out at criticism over Amazon fires as Macron warns of 'international crisis' | + | Grace Millane killer sentenced to life in prison in New Zealand for murder of British backpacker |
| - | 'Worthless' sculpture from BBC's Fake or Fortune is actually priceless Giacometti worth more than 500,000 | + | Regent's Park mosque stabbing: man in his 70s attacked during prayers |
| - | Cannabis oil too expensive to prescribe to epileptic children on NHS, advisory body finds | + | Thursday evening news briefing: Stabbing in London mosque |
| $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml | $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml | ||
| - | With Amazon Ablaze, Brazil Faces Global Backlash: Lungs of the Earth Are in Flames | + | Coronavirus Live Updates: Clusters in Japan May Hint at How Virus Spreads |
| - | Massacred at Home, in Misery Abroad, 730,000 Rohingya Are Mired in Hopelessness | + | Far-Right Shooting Shatters an Already Fragile Sense of Security in Germany |
| - | South Korea Says It Will End Intelligence-Sharing Deal With Japan, Adding to Tensions | + | A Police State With an Islamist Twist: Inside Hifters Libya |
| - | Israeli Airstrike Hits Weapons Depot in Iraq | + | U.S. and Allies Blame Russia for Cyberattack on Republic of Georgia |
| - | Bold Women. Scandalized Viewers. Its Sex and the City, Senegal Style. | + | Suspect Arrested in Stabbing at London Mosque |
| $ date -R -u | $ date -R -u | ||
| - | Fri, 23 Aug 2019 04:20:36 +0000 | + | Fri, 21 Feb 2020 02:01:48 +0000 |
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | ||
| - | iQIzBAEBCgAdFiEEfpRElbj/BG3RcF+YQmooAO3Wsm0FAl1faoQACgkQQmooAO3W | + | iQEzBAEBCgAdFiEEwonfPqgFyacM7J3iwYAPuUJ74CEFAl5POx0ACgkQwYAPuUJ7 |
| - | sm36zQ/+JtxdjWA+ChBi/TDNOZEx87aYIsBUnh0hVqPlGBBvhorv87mV4vl4AQhQ | + | 4CFEBAgAzvltWGMHElouFtnWIfb5EU0LL9Zlfhg2V8KZ/fe+bL6mKw1H9gxwTo08 |
| - | ssES0INFM+tjHqJeaCh/YOc0jUamXHxyuEtxGUKS7GAJM85i06nogSsrYpp/pKzo | + | oi+GBRYQz8l4AVU1YTDO2aZNUYATIxsiBhFAEpGe1xoh3ui/9bZbUAtMZBHfoHK3 |
| - | QCk1h1F8agtXGLHmUG88P8mx+SQ9iD+xhy8S8gs8XRtWyQ2esK8rApVsDO5JCLnv | + | ff6UnbfbHZOWUyfh03UNllZ3cdVBzQ9c64LrFlPmu2zNaif2/QTvESOpuDfNwRoR |
| - | fkbyawNQ+wBjBfrDvlEkr6KcTvfOP7FocVW/aWoGh10uwfM48cGUZFAfRdDMqOuL | + | CDsOg434SMB5T8mruLDy7NPyqey+03BpkhEMalskn6ra8FQWmct7q2xVfkB5HRhy |
| - | kUxhmOnD7/IoBnJPXBnnznJDV/B57h4zqdeEq4Fp0RJ1IfgwZGbHs4yzUG2NJTgD | + | l4SGWGNI8eE9+atyH/wKM46Ytdx0zgBCHQ95yeWa4kwAn6EP9kYMEqMRCSAdHauW |
| - | wGVY4BmwvUEYuVzpuHUrQTHMaqK3mTFtnSU0ITd3w0f3tuwsHzC8SHvj0UvRwPGH | + | Mp4GAH94izVkxwDQ6R7X9o2WdmZh7w== |
| - | jVI9oprH2LMjATZ7YmdjgleVYP9Dx2Cj+ICaCYd6XbbwCjB7PCbUILDnMqjtN+Bg | + | =1OSg |
| - | 1VkpXdaf9KVkvK/rXG0ibKPy/lQOtnjO0rZffa9u3ftrU3cZMwpNtFyYPARZCXUX | + | |
| - | jQ2dDcyYcTlP6pKUIhavv+/nJWcHJI+E9lriML9X5S5O9R7cZdgaZdSuPUmXtMuB | + | |
| - | i5GKOOa2DauA5nn2+81Dd/SAyLAS+wlrzNFFUE1DEoyXa9hJL/+75AQRjXoLDMSa | + | |
| - | AdevBN6C84e/lcQi0EX2jci6qQXswSytbI/d1TLo816UKbt+QpI= | + | |
| - | =ldAe | + | |
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | ||
| </code> | </code> | ||
blug-canary-2.1566534432.txt.gz · Last modified: 2019/08/23 04:27 by Xie Tianming
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
