Announcement

Collapse
No announcement yet.

Steed

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Steed

    No, it is not a horse. It is "Secure Transmission of Encrypted Electronic Data."
    After an update Tuesday the gpg GUI Kgpg failed to run. Gpg still worked from the Konsole.
    I purged Kgpg and installed Kleopatra.
    It installed "The STEED Self-signing Nonthority" X.509 certificate.

    Never heard of it before, didn't know what it is or what it is for.
    Here is what I found: https://lwn.net/Articles/464137/

    If everyone has a key, and other users' keys are easily retrievable via a DNS query performed transparently by the MUA, then email encryption and digital signatures would work smoothly. The remaining problem in the scheme is how to authenticate the key or email address of a remote person — particularly one that has not made contact in the past. After all, an attacker could intercept DNS queries and spoof an identity or perform a man-in-the-middle attack against a legitimate-looking contact.


    The existing email encryption schemes tackle this problem with PKIX and WoT. But the authors cite a PGP usability study that indicates that these trust models are confusing to users:
    Both systems require a significant investment by the user: X.509 asks the user to sink money into the artificial certificate market that provides a dubious return, while OpenPGP asks the user harder and harder questions about the trustworthiness of peers away from the center of his personal web of trust.


    Furthermore, they add, neither trust model matches up with users' natural expectations when using email, because both defer trust decisions to someone else. PKIX defers all trust judgments to an external authority, while WoT defers it to peer recommendations. In both cases, a binary trust determination is made before the communication is even read: "Neither system utilizes the users own experience with the peer in the context of the communication happening over time."


    STEED's trust model is "trust upon first contact" (TUFC), which accepts the certificate or key of the remote party upon first contact, but persists and tracks it for the user. This is the trust model used by SSH, the authors note, and is what "virtually all users do anyway, when faced with the task to make a trust decision that interrupts their line of work." In other words, TUFC exists outside of an external "trust infrastructure," and leaves it up to the user to verify suspicious first contacts through other means (in person, phone calls, etc.). After the first contact, the system helps the user by flagging changed or revoked keys.
    Now I know why Thunderbird used a gpg key or would accept a certificate.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    I didn't go "horse." My mind went right to The Avengers...

    Please Read Me

    Comment


      #3
      Originally posted by oshunluvr View Post
      I didn't go "horse." My mind went right to The Avengers...
      Same here.
      systemd is not for me. I am a retro Nintendo gamer. consoles I play on are, SNES; N64; GameCube and WII.
      Host: mx Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc v: 8.3.0 Desktop: Trinity R14.0.8 tk: Qt 3.5.0 info: kicker wm: Twin 3.0 base: Debian GNU/Linux 10

      Comment


        #4
        And from Steed to Emma Peel!
        Kubuntu 23.11 64bit under Kernel 6.8.1, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.

        Comment


          #5
          Originally posted by TWPonKubuntu View Post
          And from Steed to Emma Peel!
          Heck, yeah - She was sexier in black and white than any of the American TV stars of the time. Great show too. I still love BBC television. Boy, talk about jacking a thread. I feel owe GreyGeek an apology!


          Please Read Me

          Comment


            #6
            Sorry Greygeek, You were saying something about pgp? I think spies use it too. The Avengers were not computer literate...

            (desperately trying to push the thread back on topic)
            Kubuntu 23.11 64bit under Kernel 6.8.1, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.

            Comment


              #7
              Was I? I forgot.


              Sent from my iPhone using Tapatalk
              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
              – John F. Kennedy, February 26, 1962.

              Comment


                #8
                I notice that I forget a lot, the older I get... What was your name again?
                Kubuntu 23.11 64bit under Kernel 6.8.1, Hp Pavilion, 6MB ram. All Bow To The Great Google... cough, hack, gasp.

                Comment


                  #9
                  Uh .... I don't know ... I forgot!

                  Luckily, my wife checks my zipper before we go out so I don't embarrass her!
                  "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                  – John F. Kennedy, February 26, 1962.

                  Comment

                  Working...
                  X