blug-canary-2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
blug-canary-2 [2019/09/30 17:44] BLUG Admin old revision restored (2019/09/20 01:52) |
blug-canary-2 [2019/11/21 16:06] (current) Xie Tianming |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| ==================================== | ==================================== | ||
| - | Issued for September 2019. | + | Issued for November 2019. |
| Don't just trust the contents of this file blindly! Verify the | Don't just trust the contents of this file blindly! Verify the | ||
| Line 16: | Line 16: | ||
| ~~~~~~~~~~~~~ | ~~~~~~~~~~~~~ | ||
| - | * biergaizi: 0xFAD3EB05E88E8D6D | + | * biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D |
| - | * persmule : 0x2987A25DAC8454A5 | + | * persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 |
| - | * wnereiz : 0xFDFF2E13AA25BE72 | + | * wnereiz : 0x0A6A91990AC98712274AA18DFDFF2E13AA25BE72 |
| THREE DOCUMENTS IN TOTAL. | THREE DOCUMENTS IN TOTAL. | ||
| Line 55: | Line 55: | ||
| 8. Our personal safety and security is not threatened. | 8. Our personal safety and security is not threatened. | ||
| - | 9. To avoid security breaches and emphasize the clarity of the warrent canary | + | 9. To avoid security breaches and emphasize the clarity of the warrant canary |
| documents, if a signer is temporarily unavailable, only existing signers in the | documents, if a signer is temporarily unavailable, only existing signers in the | ||
| "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD | "Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD | ||
| NOT be considered a valid canary document) until the signer becomes available | NOT be considered a valid canary document) until the signer becomes available | ||
| - | again and signs the missed documents. A new signer SHOULD NOT sign a warrent | + | again and signs the missed documents. A new signer SHOULD NOT sign a warrant |
| canary document only due to the temporary unavailability of a existing signer. | canary document only due to the temporary unavailability of a existing signer. | ||
| 10. We plan to publish the next of these canary statements in the first three | 10. We plan to publish the next of these canary statements in the first three | ||
| - | weeks of October 2019. Special note should be taken if no new canary is published | + | weeks of December 2019. Special note should be taken if no new canary is published |
| by that time or if the list of statements changes without plausible explanation. | by that time or if the list of statements changes without plausible explanation. | ||
| Line 69: | Line 69: | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~ | ||
| - | None. | + | 1. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has |
| + | expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been | ||
| + | created and uploaded to https://keys.openpgp.org/, it can be obtained from | ||
| + | this keyserver. | ||
| + | |||
| + | 2. The new key will be used by persmule to sign future warrant canary | ||
| + | documents. You can verify the signature by crosschecking the other two | ||
| + | documents signed by biergaizi and wnereiz for consistency. | ||
| + | |||
| + | 3. Due to this key rollover, the October message was not signed by persmule. | ||
| + | This did/does not indicate a security incident, all of the statements above | ||
| + | were valid, and are still valid. | ||
| + | |||
| + | 4. Recent attacks on OpenPGP keyservers have raised great security concerns | ||
| + | within the community, as a countermeasure, persmule's personal User-ID has | ||
| + | not published to the https://keys.openpgp.org/ keyserver. Instead, only | ||
| + | cryptographic information can be obtained from the keyserver, without any | ||
| + | User-ID. Currently, it's impossible to import a OpenPGP public key without | ||
| + | User-ID to a standard GnuPG installation, as a result, it's not possible | ||
| + | for a 3rd-party to verify the canary document signed by persmule. | ||
| + | |||
| + | 5. We are looking for a solution. But for now, we decided that the best | ||
| + | option is starting publishing new canary documents using the new key. | ||
| + | As a temporary measure, you can check the canary documents signed by | ||
| + | biergaizi and wnereiz to decide the validity of the Statements. By signing | ||
| + | their own copies, it indicates that the new key has been verified privately | ||
| + | by them as valid. | ||
| + | |||
| + | 6. This effectively reduced the number of signers to two people. It reduces | ||
| + | the level of confidence, but currently there is no alternative option yet. | ||
| + | |||
| + | 7. Once the technical problem of OpenPGP public key without User-ID is | ||
| + | resolved, you can check the previous signatures retroactively, and this | ||
| + | would effectively restore the level of confidence. You can archive | ||
| + | persmule's signature as soon as it's published to your own machine to | ||
| + | ensure no data tampering has occured. | ||
| + | |||
| + | 8. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged, | ||
| + | but the Key-IDs have been changed to its full fingerprint format in the | ||
| + | canary document for clarity. | ||
| + | |||
| + | 9. When new information is available, it will be published in the "Special | ||
| + | Announcements" section in future warrant canary documents. | ||
| Proof of Freshness | Proof of Freshness | ||
| Line 75: | Line 117: | ||
| $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml | $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml | ||
| - | Almost 100,000 children are leaving school without five good GCSEs, Children's commissioner reveals | + | 'Designer babies' may not be as smart or tall as parents expect, study warns |
| - | BBC and father who challenged Prime Minister step in to defend Laura Kuenssberg | + | Cambridge University students cry fowl over 17th century painting that upsets vegetarians |
| - | Girls school runs stand up comedy classes for pupils so they have courage to ask for pay rises in the future | + | Indian businessman wore pilot disguise to get upgrades and special treatment |
| - | Child sex abuse victims "re-traumatised by frustrating, hostile and futile' battle for compensation, inquiry finds | + | Russia 'ruined' Ukrainian naval vessels before handing them back, says Ukrainian navy |
| - | Premier League footballer fled hotel window in his underpants after being filmed on bed with woman who wasn't his partner, blackmail trial hears | + | Killer of Helen McCourt to be released despite refusing to reveal location of her body |
| $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml | $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml | ||
| - | Attack on Saudi Arabia Tests U.S. Guarantee to Defend Gulf | + | At Odds With Labour, Britains Jews Are Feeling Politically Homeless |
| - | Brownface, Blackface and About-Face. Is Trudeau Who He Says He Is? | + | Prince Andrews Friendship With Epstein Joins a List of Royal Scandals |
| - | Syrian Children Saved a German Village. And a Village Saved Itself. | + | Afghanistans Curse: A Bomb From 2 Wars Ago Crushes a Family Today |
| - | Netanyahu and Gantz Agree on Unity, but Not on What It Means | + | Arab Thinkers Call to Abandon Boycotts and Engage With Israel |
| - | New Video Surfaces Showing Trudeau in Blackface, Compounding Scandal | + | Rodrigo Duterte Calls for Ban on Public Vaping in the Philippines |
| $ date -R -u | $ date -R -u | ||
| - | Fri, 20 Sep 2019 01:47:02 +0000 | + | Thu, 21 Nov 2019 16:03:28 +0000 |
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | ||
| - | iQIzBAEBCgAdFiEEfpRElbj/BG3RcF+YQmooAO3Wsm0FAl2EMB4ACgkQQmooAO3W | + | iQEzBAEBCgAdFiEEwonfPqgFyacM7J3iwYAPuUJ74CEFAl3WtYsACgkQwYAPuUJ7 |
| - | sm1Bkg/+NNLBpjN2wwrpqFVIo0SmJtEdXUhSIXW4rdj1OVfF+EJUXyx2Hfw5H/Gb | + | 4CFi3ggA3x0ZIMF9pLOSagf+9JVbk7zTAzUK3BMKZTGR8CZ/TebkaSX72/SSLGEQ |
| - | GDGwAmWPHWiTEIZrdiGKq53dcfReROkpixcS+BboaDSQlhRLmlTg5e0UQqrMz/zk | + | g9KNf7ZxhdjKXUlU93Ori6C90yfLfGQ/mOGNjj/pcWx/s3kR9q6r/fLjG3D2UpAF |
| - | 7zCnDe2vE9FamSDc26NKc+nlo4rT1NGuNrD0gD/ULQn/HPnRwZ44xnuxQYFTTqwM | + | izX1t76YSBoAoDQ2PJbRNmpZpsGTz51CLIgEdkH+javtqqcIfhJUF+71XKdU8BNv |
| - | fNIC+n69NvmkEXSiig3hiQ3n8ZwgLndXuPuUoqD6vQCFjBmtMLbuuxPVWzxJFJd0 | + | IEtHvO9j0pD3m9mbiXW768B+R8LEQc6UKrxUc7u8aX/rXSRjcHg+F5iK8ED91fSy |
| - | eiRP3ZmQyxlR8AdfoCaG3gRWLqM/CfDWm/dTG27qKw661j1VQ5xl/dHfEc/O1ZG3 | + | 7zs2ls4VYs2m2S8slyMm8YlKWiFZUEcVGwCvhyqNTlTvg9MVIh8ol4yFuAZ+PTfK |
| - | Kum7pzaMmgJeTXwkGigBb6QHbj4NioBz/SbMFNdOqyktYu6/akyQ1LUD6pUefVlX | + | tXPOvb75y1ghdqYAE7xROoMvc2jQqA== |
| - | Sz9ZwnBUZbzBdnuFIckblu+7XO47ZtNhgVLaEq8lcDTgHwE26lOgjAZSIZlbJqQz | + | =yM0h |
| - | Rx8zkZvTDpsy7q3bjVs8mYrbuh+8fJuP0Th59xwSrqbLfhRHx7h/UcOEWUzuJedj | + | |
| - | 7fe81M59cf+Qhkm2ywhXuVDqHf3eNsMgcJ0HBb/v20D8ew75edtvWtI9f+/kR/u+ | + | |
| - | qBhKZeVcFVdxWnS70C13bSgjC3eSu1Yt1xJdW21v52cvtCa5TapM7cCKL1I/kb5i | + | |
| - | A0oxb7BrzNi8KbvMwhTQUkkejcqciBIuSOtJOu0WYhHQ9Jadbis= | + | |
| - | =O4TO | + | |
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | ||
| </code> | </code> | ||
blug-canary-2.1569865479.txt.gz · Last modified: 2019/09/30 17:44 by BLUG Admin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
