User Tools

Site Tools


blug-canary-3

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
blug-canary-3 [2019/09/15 03:18]
wnereiz
blug-canary-3 [2020/02/17 08:09] (current)
wnereiz
Line 1: Line 1:
 ====== Beijing GNU/Linux User Group Canary (3/3) ====== ====== Beijing GNU/Linux User Group Canary (3/3) ======
  
-<​code>​ +<​code>​-----BEGIN PGP SIGNED MESSAGE-----
------BEGIN PGP SIGNED MESSAGE-----+
 Hash: SHA512 Hash: SHA512
  
Line 8: Line 7:
 ==================================== ====================================
  
-Issued for September 2019.+Issued for February 2020.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 16: Line 15:
 ~~~~~~~~~~~~~ ~~~~~~~~~~~~~
  
-* biergaizi: ​0xFAD3EB05E88E8D6D +* biergaizi: ​0x255211B2395A5A3E0E48A0F1FAD3EB05E88E8D6D 
-* persmule : 0x2987A25DAC8454A5 +* persmule : 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60 
-* wnereiz ​ : 0xFDFF2E13AA25BE72+* wnereiz ​ : 0x0A6A91990AC98712274AA18DFDFF2E13AA25BE72
  
 THREE DOCUMENTS IN TOTAL. THREE DOCUMENTS IN TOTAL.
Line 55: Line 54:
 8. Our personal safety and security is not threatened. 8. Our personal safety and security is not threatened.
  
-9. To avoid security breaches and emphasize the clarity of the warrent ​canary+9. To avoid security breaches and emphasize the clarity of the warrant ​canary
 documents, if a signer is temporarily unavailable,​ only existing signers in the documents, if a signer is temporarily unavailable,​ only existing signers in the
 "​Signer"​ list SHALL sign a special placeholder notice (this notice itself SHOULD "​Signer"​ list SHALL sign a special placeholder notice (this notice itself SHOULD
 NOT be considered a valid canary document) until the signer becomes available NOT be considered a valid canary document) until the signer becomes available
-again and signs the missed documents. A new signer SHOULD NOT sign a warrent+again and signs the missed documents. A new signer SHOULD NOT sign a warrant
 canary document only due to the temporary unavailability of a existing signer. canary document only due to the temporary unavailability of a existing signer.
  
 10. We plan to publish the next of these canary statements in the first three 10. We plan to publish the next of these canary statements in the first three
-weeks of October 2019. Special note should be taken if no new canary is published+weeks of March 2020. Special note should be taken if no new canary is published
 by that time or if the list of statements changes without plausible explanation. by that time or if the list of statements changes without plausible explanation.
  
Line 69: Line 68:
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-None.+1. Since mid-October,​ persmule'​s old signing key 0x2987A25DAC8454A5 has 
 +expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60,​ has been 
 +created and uploaded to https://​keys.openpgp.org/,​ it can be obtained from 
 +this keyserver. 
 + 
 +2. The new key will be used by persmule to sign future warrant canary 
 +documents. You can verify the signature by crosschecking the other two 
 +documents signed by biergaizi and wnereiz for consistency. 
 + 
 +3. Due to this key rollover, the October message was not signed by persmule. 
 +This did/does not indicate a security incident, all of the statements above 
 +were valid, and are still valid. 
 + 
 +4. Recent attacks on OpenPGP keyservers have raised great security concerns 
 +within the community, as a countermeasure,​ persmule'​s personal User-ID has 
 +not published to the https://​keys.openpgp.org/​ keyserver. Instead, only 
 +cryptographic information can be obtained from the keyserver, without any 
 +User-ID. Currently, it's impossible to import a OpenPGP public key without 
 +User-ID to a standard GnuPG installation,​ as a result, it's not possible 
 +for a 3rd-party to verify the canary document signed by persmule. 
 + 
 +5. We are looking for a solution. But for now, we decided that the best 
 +option is starting publishing new canary documents using the new key. 
 +As a temporary measure, you can check the canary documents signed by 
 +biergaizi and wnereiz to decide the validity of the Statements. By signing 
 +their own copies, it indicates that the new key has been verified privately 
 +by them as valid. 
 + 
 +6. This effectively reduced the number of signers to two people. It reduces 
 +the level of confidence, but currently there is no alternative option yet. 
 + 
 +7. Once the technical problem of OpenPGP public key without User-ID is 
 +resolved, you can check the previous signatures retroactively,​ and this 
 +would effectively restore the level of confidence. You can archive 
 +persmule'​s signature as soon as it's published to your own machine to 
 +ensure no data tampering has occured. 
 + 
 +8. Unlike persmule, biergaizi and wnereiz'​s signing keys are unchanged,​ 
 +but the Key-IDs have been changed to its full fingerprint format in the 
 +canary document for clarity. 
 + 
 +9. When new information is available, it will be published in the "​Special 
 +Announcements"​ section in future warrant canary documents.
  
 Proof of Freshness Proof of Freshness
Line 75: Line 116:
  
 $ rsstail -1 -n5 -N -u https://​www.telegraph.co.uk/​news/​rss.xml $ rsstail -1 -n5 -N -u https://​www.telegraph.co.uk/​news/​rss.xml
- NHS bosses tried to '​gag'​ father ​of boy whose life was ruined in botched operation + Storm Dennis: Hundreds ​of flood warnings remain after weekend of chaos 
- US blames Iran for attack on Saudi Arabia + Monday morning news briefing: Dennis wreaks havoc 
- Girls as young as 11 are filming themselves ​'performing sexually' ​at home as figures reveal over 100 cases a day + Shamima Begum says 'whole world fell apart' ​after losing citizenship appeal 
- Sister of driver killed on M1 smart motorway backs calls for roll-out to be halted + Three stabbings in under 90 minutes in London leave three men in life-threatening condition 
- 4.8m golden lavatory stolen from Blenheim Palace ... police have nothing to go on+ Storm Dennis latest news: '​Life-threatening'​ situation as major incident declared in South Wales
  
 $ rsstail -1 -n5 -N -u https://​rss.nytimes.com/​services/​xml/​rss/​nyt/​World.xml $ rsstail -1 -n5 -N -u https://​rss.nytimes.com/​services/​xml/​rss/​nyt/​World.xml
- Two Major Saudi Oil Installations Hit by Drone Strike, and U.S. Blames Iran + Coronavirus Updates: Evacuated Americans Carried Virus From Cruise Ship to Airplane 
- Iraq Faces a New Adversary: Crystal Meth + Rate of New Fatalities Drops in China 
- Top Canadian Intelligence Official Charged With Leaking Secrets + Coronavirus Infection Found After Cruise Ship Passengers Disperse 
- Netanyahus Fate May Depend on Israeli Arab VotersWill They Turn Out? + U.SPassengers Evacuate Quarantined Cruise Ship in Japan 
- Is Trumps America Tougher on Asylum than Other Western Countries?+ Young Somalis Step in Where Government Fails
  
 $ date -R -u $ date -R -u
-Sun15 Sep 2019 03:16:48 +0000+Mon17 Feb 2020 08:10:04 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
  
-iQIzBAEBCgAdFiEE3n2KYOSW/​nkFgy0Or5D/​NPDHQYQFAl19rSoACgkQr5D/NPDH +iQIzBAEBCgAdFiEE3n2KYOSW/​nkFgy0Or5D/​NPDHQYQFAl5KSmsACgkQr5D/NPDH 
-QYSLjRAAhxXRSg6QeZu9yDZl9f2x+RnDTUSobcymkpUEf+8z5taogAkP6AeSaaK8 +QYSkHw//​dsLRF+0Ud5bxIiQVBB19hFvgGL7c0gzvl/6xveRheS8yH3KPslivsFvz 
-JkbLzoOmevMrF675Ljw6tr8xQQsZcz71js8XID1/r3zDENzxGt/​JhJC4yIFE27MJ +cq2eO2GJccVQLkt+nSkM0CxdcYE+v6uXEieQDo1jpR72GZekQJ6Rvd3UDCamXDFU 
-eRksLM3bs962KgewcJKgcCR6SvnT6bvnKWBJoNaHJyON53vYbWcIYUfZ2zJydwHj +i2rJ4hhPjI8JolrGBJFzykY7g70TsoNytKS5PvHBq1I+8glSUHRGjj/CE78KFWsx 
-rEIQateXsH9u9q3swKsQV1m/​qKQ1iU2Cf+YhiA7GB8AvGOYLNKMBjlbXmJ6+qQFt +4OXcsuh1vGs0wspb0qjzAVLXT3Xd1X8QuwLeGiGCA4UmCaWyYOFc6cr2qkQUlu7q 
-CGdpej3an/Ci0EsQftiwqSlLXzmWRfEi913cLO3ilSAv5IdFVSa2zObRw282GO0K +gYbuRcVjN9bkax4RO2rLie5GdwK+TBV8u0QdAmC7serBTNb7Oz2RFsi2bPKteMXL 
-gI5tA1Rw51HM87EP5GtPqu3RQclNJLS9JGlIZHb3v+CBpw1yrVUf7J6REmO4ccR2 +XEsnqffBInRp9+JvEGmKFocdD0cUx1UGVg22NXQkDDIC8XUzcz+tV2L6jqVIQSfK 
-DoEswL0rRqjU7NEJZWasxp1e/​7MsulHrLSiKYWyeEr8HUiP1eCv75axL3jxRJuf8 +sVVpQxWyL830Mhr4pLJ1MvTzuUD0nk1YPLwPo3EHgr3CV6EK+S8sO7b1xkd7VMjx 
-8MLXUwDsU03JAqeEpkjUg0XUHRiaxYRL90yNhvxa+LQ00vfAqm1hCe29CR3DS+Ud +8zB3bYBz/​eBOqFOJS1Z9BlA0PfQfc3j/​yoA+Qxb48gk9pIOhQWWuIHLBT0gs8pJH 
-u1Bt7P61QdUn27CDc4zQU0fUqHsBR+fdqNtEDFTFeuQCIADzmlM1SOdMlxR6r0kP +uw86oq1Ty0rqB59p44/cFX5LnhpvrJslBNCgRkgzfu8WIKFKeo6ljHR6NXTNZR/
-S+U0KzJFjv2m7y57J3R+6k/fncUj/vgoXxikdYBtwS0unm6/KXfDLYh3aJj1XLuO +N35/C2kehsNccXxyarQlvqnBX6aI0WO9FQwN1wZPWXqHyx/​OMLCHWlul7Qp8XbPP 
-9broIGU4lmDZeQ+Pu5phU+akqbMcCs7WCQnb3pqFzgC0ZqgbaGM+Xla0TzXWOaYyWmntxbILXPkIeTHoo8XfNtHVhzcJxX4VPuZWKbM
-=UdZG+=AVNj
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </​code>​ </​code>​
  
blug-canary-3.1568517495.txt.gz · Last modified: 2019/09/15 03:18 by wnereiz