Differences

This shows you the differences between two versions of the page.

--- blug-canary-3 [2019/07/23 11:18]
Wu Delin Update for Jun 2019
+++ blug-canary-3 [2020/02/17 08:09]
Wu Delin
@@ Line 1: / Line 1: @@
 ====== Beijing GNU/Linux User Group Canary (3/3) ======
-<code>
+<code>-----BEGIN PGP SIGNED MESSAGE-----
------BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
@@ Line 8: / Line 7: @@
 ====================================
-Issued for June 2019.
+Issued for February 2020.
 Don't just trust the contents of this file blindly! Verify the
@@ Line 16: / Line 15: @@
 ~~~~~~~~~~~~~
-* biergaizi: 0xFAD3EB05E88E8D6D
+* biergaizi: 0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D
-* persmule : 0x2987A25DAC8454A5
+* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60
-* wnereiz  : 0xFDFF2E13AA25BE72
+* wnereiz  : 0x0A6A91990AC98712274AA18DFDFF2E13AA25BE72
 THREE DOCUMENTS IN TOTAL.
@@ Line 55: / Line 54: @@
 . Our personal safety and security is not threatened.
-. We plan to publish the next of these canary statements in the first three
+. To avoid security breaches and emphasize the clarity of the warrant canary
-weeks of July 2019. Special note should be taken if no new canary is
+documents, if a signer is temporarily unavailable, only existing signers in the
-published by that time or if the list of statements changes without plausible explanation.
+"Signer" list SHALL sign a special placeholder notice (this notice itself SHOULD
+NOT be considered a valid canary document) until the signer becomes available
+again and signs the missed documents. A new signer SHOULD NOT sign a warrant
+canary document only due to the temporary unavailability of a existing signer.
+. We plan to publish the next of these canary statements in the first three
+weeks of March 2020. Special note should be taken if no new canary is published
+by that time or if the list of statements changes without plausible explanation.
 Special Announcements
 ~~~~~~~~~~~~~~~~~~~~~~~~
-None.
+. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has
+expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been
+created and uploaded to https://keys.openpgp.org/, it can be obtained from
+this keyserver.
+. The new key will be used by persmule to sign future warrant canary
+documents. You can verify the signature by crosschecking the other two
+documents signed by biergaizi and wnereiz for consistency.
+. Due to this key rollover, the October message was not signed by persmule.
+This did/does not indicate a security incident, all of the statements above
+were valid, and are still valid.
+. Recent attacks on OpenPGP keyservers have raised great security concerns
+within the community, as a countermeasure, persmule's personal User-ID has
+not published to the https://keys.openpgp.org/ keyserver. Instead, only
+cryptographic information can be obtained from the keyserver, without any
+User-ID. Currently, it's impossible to import a OpenPGP public key without
+User-ID to a standard GnuPG installation, as a result, it's not possible
+for a 3rd-party to verify the canary document signed by persmule.
+. We are looking for a solution. But for now, we decided that the best
+option is starting publishing new canary documents using the new key.
+As a temporary measure, you can check the canary documents signed by
+biergaizi and wnereiz to decide the validity of the Statements. By signing
+their own copies, it indicates that the new key has been verified privately
+by them as valid.
+. This effectively reduced the number of signers to two people. It reduces
+the level of confidence, but currently there is no alternative option yet.
+. Once the technical problem of OpenPGP public key without User-ID is
+resolved, you can check the previous signatures retroactively, and this
+would effectively restore the level of confidence. You can archive
+persmule's signature as soon as it's published to your own machine to
+ensure no data tampering has occured.
+. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged,
+but the Key-IDs have been changed to its full fingerprint format in the
+canary document for clarity.
+. When new information is available, it will be published in the "Special
+Announcements" section in future warrant canary documents.
 Proof of Freshness
@@ Line 68: / Line 116: @@
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- Fast & Furious stuntman in hospital with serious head injuries after accident on set of film in UK
+ Storm Dennis: Hundreds of flood warnings remain after weekend of chaos
- North Korea's Kim Jong-un inspects new submarine, points out weapons systems
+ Monday morning news briefing: Dennis wreaks havoc
- UK heatwave:Britain could experience hottest night on record, as NHS advises people to keep windows shut
+ Shamima Begum says 'whole world fell apart' after losing citizenship appeal
- Andy Murray's gold postbox knocked down in car accident
+ Three stabbings in under 90 minutes in London leave three men in life-threatening condition
- GP receptionists will offer patients appointments at chemists, in bid to take pressure off family doctors
+ Storm Dennis latest news: 'Life-threatening' situation as major incident declared in South Wales
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Mob Attack at Hong Kong Train Station Heightens Seething Tensions in City
+ Coronavirus Updates: Evacuated Americans Carried Virus From Cruise Ship to Airplane
- Even as Tensions With Iran Rise Over Seized Ship, U.K. Stays Committed to Nuclear Deal
+ Rate of New Fatalities Drops in China
- India Launches Chandrayaan-2 Moon Mission on Second Try
+ Coronavirus Infection Found After Cruise Ship Passengers Disperse
- With Guns, Cash and Terrorism, Gulf States Vie for Power in Somalia
+ U.S. Passengers Evacuate Quarantined Cruise Ship in Japan
- Venezuela Blackout Leaves Caracas, and Much of the Country, Without Power
+ Young Somalis Step in Where Government Fails
 $ date -R -u
-Tue, 23 Jul 2019 01:38:16 +0000
+Mon, 17 Feb 2020 08:10:04 +0000
 -----BEGIN PGP SIGNATURE-----
-iQIzBAEBCgAdFiEE3n2KYOSW/nkFgy0Or5D/NPDHQYQFAl023hcACgkQr5D/NPDH
+iQIzBAEBCgAdFiEE3n2KYOSW/nkFgy0Or5D/NPDHQYQFAl5KSmsACgkQr5D/NPDH
-QYQRzQ/9EYudy2Fxn+kllCcJqTroDhMr9fqr9zOt60TUlT8kPsj8w8jzl3x8HI9b
+QYSkHw//dsLRF+0Ud5bxIiQVBB19hFvgGL7c0gzvl/6xveRheS8yH3KPslivsFvz
-elhcwQnR7UPUPbOv+oV/JBs4cwpeJ9m5FBrQ/qE7XwRUGp+pQhVNbOskys1OJa0S
+cq2eO2GJccVQLkt+nSkM0CxdcYE+v6uXEieQDo1jpR72GZekQJ6Rvd3UDCamXDFU
-nnHLr4ApK2RSJO1E/JtxJIVUGrX4Iw4MZHma+4/Bn0RQ2ZGsem/+p81jo3vFFaYb
+i2rJ4hhPjI8JolrGBJFzykY7g70TsoNytKS5PvHBq1I+8glSUHRGjj/CE78KFWsx
-LYmpum7z2MXuIZ9xyD0xi6NPdhqZwd86ZqALx55n0JRAeB/QmMj38qyei5H1T7CZ
+OXcsuh1vGs0wspb0qjzAVLXT3Xd1X8QuwLeGiGCA4UmCaWyYOFc6cr2qkQUlu7q
-keAvDNJAuRMF07EjWiN8FBTi3tFWAP1ccW5INRZNngss3XnR9tPxZFotxdkw6ZkE
+gYbuRcVjN9bkax4RO2rLie5GdwK+TBV8u0QdAmC7serBTNb7Oz2RFsi2bPKteMXL
-T3f6ANlcTkv9YrwehEunKcWT36t/RdrGNlJw64D4HZV9imwSBvlgmjvG7IewUAn5
+XEsnqffBInRp9+JvEGmKFocdD0cUx1UGVg22NXQkDDIC8XUzcz+tV2L6jqVIQSfK
-LKMZtMomcpTxqXw4+TdZx6UuMtePkjsSZJHhVeWOfIFq9yZQ4cqB+QxIicJOEun
+sVVpQxWyL830Mhr4pLJ1MvTzuUD0nk1YPLwPo3EHgr3CV6EK+S8sO7b1xkd7VMjx
-iGrXfVQR7rruKjJ/hS/G7iXgr/eL4A/384223IYIfTJcWfO5PA4cwTt5FlyaPIw+
+zB3bYBz/eBOqFOJS1Z9BlA0PfQfc3j/yoA+Qxb48gk9pIOhQWWuIHLBT0gs8pJH
-CinR9LECvj2FkjFXu++YdXlywSwgOhzqOfAAmIczVyO7kLc2BnINeCNC82+UdKfX
+uw86oq1Ty0rqB59p44/cFX5LnhpvrJslBNCgRkgzfu8WIKFKeo6ljHR6NXTNZR/r
-jL4ynH7l8AmYFPglBf6arkemMd/jh8Ca/M4Ayg531Df3eNxNj/WUBUfIe/As8z2h
+N35/C2kehsNccXxyarQlvqnBX6aI0WO9FQwN1wZPWXqHyx/OMLCHWlul7Qp8XbPP
-lrHmiGCQrnO9I1w7tud1lQdrUwCzp+RcQUW5RyJ22+AcOZcLN8=
+Xla0TzXWOaYyWmntxbILXPkIeTHoo8XfNtHVhzcJxX4VPuZWKbM=
-=+v9q
+=AVNj
 -----END PGP SIGNATURE-----
 </code>

BLUG Wiki

User Tools

Site Tools

Differences

Page Tools