wiktor-k (Wiktor)
Research

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Nov 7 2017, 3:40 PM (105 w, 6 d)
Availability
Available

Recent Activity

Aug 12 2019

wiktor-k added a comment to T4108: Support for verifying OpenPGP standalone and timestamp signatures.

Sounds interesting @stm! Are there technical documents or specifications I could read to dig into details?

Aug 12 2019, 10:18 AM · gnupg (gpg23), Feature Request

Aug 6 2019

wiktor-k added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

DNSSEC is a centralized CA system. Just different than the TLS one. Given that Certificate Transparency exists I'd say DNSSEC is less transparent than TLS. For example if you happen to have a .ly domain then the Libyan can silently control your signed zone. Given that there is no CT for DNSSEC they can do so selectively, for any connection they want. It wouldn't be the first problem with them.

Aug 6 2019, 1:56 PM · dns, dirmngr

Jul 11 2019

wiktor-k added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

Is this really necessary to duplicate functionality that already is provided by Web Key Directory?

Jul 11 2019, 12:25 PM · dns, dirmngr

Jul 3 2019

wiktor-k added a comment to T4108: Support for verifying OpenPGP standalone and timestamp signatures.

I'm also interested in fine details especially w.r.t. interfacing with GnuPG. I've seen multiple timestamping standards starting from RFC3161, to blockchains or secure time protocols even (ab)using Certificate Transparency logs and ideas on how to append the signature (timestamp flag vs unhashed notations) so I'll be eager to hear the details on the ML @stm!

Jul 3 2019, 10:31 PM · gnupg (gpg23), Feature Request
wiktor-k added a comment to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver.

@dkg I believe @aheinecke gave the GpgOL description just as an example of why WKD-first retrieval would be beneficial (for details of that see https://wiki.gnupg.org/AutomatedEncryption#Trust_Levels) and I believe this ticket is a follow-up to my question on gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2019-June/034372.html

Jul 3 2019, 7:26 PM · gnupg (gpg22), wkd

Jun 26 2019

wiktor-k added a comment to T4584: --quick-sign-key offers no way to override a current certification.

For the record in my original message I asked about adding self-signatures.

Jun 26 2019, 11:12 AM · gnupg, Feature Request

Nov 14 2018

wiktor-k added a comment to T4254: broken link to gpgrelay in website.

"Miranda ICQ [Unix] CHAT" also doesn't work. Maybe it would be a good idea to check all of them via script or something like that...

Nov 14 2018, 7:19 PM · Bug Report

Aug 29 2018

wiktor-k added a comment to T4060: Add ability to mark critical notations as "recognized" during signature verification.

Thank you!

Aug 29 2018, 9:50 AM · gnupg (gpg22), Feature Request

Jul 8 2018

wiktor-k added a comment to T4060: Add ability to mark critical notations as "recognized" during signature verification.

Agreed, after the verification succeeds the caller can (and probably will) check the signature notations.

Jul 8 2018, 9:49 PM · gnupg (gpg22), Feature Request

Jul 7 2018

wiktor-k created T4060: Add ability to mark critical notations as "recognized" during signature verification.
Jul 7 2018, 10:43 PM · gnupg (gpg22), Feature Request

Jul 2 2018

wiktor-k added a comment to T3910: Kleopatra: Direct way to WKD Lookup a key.

Ha, I wish e-mail-like searches would be done using only WKD with no fallbacks to keyservers... that way keys would be "more verified"... but I understand it may be not practical :)

Jul 2 2018, 11:39 AM · kleopatra

Nov 8 2017

wiktor-k added a comment to T2923: trust signature domain restrictions don't work.

For what is worth I think sanitize_regexp was programmed while reading 4880 because the RFC allows backslash + any character (section 8: Regular Expressions):

Nov 8 2017, 8:15 AM · gnupg (gpg14), Bug Report

Nov 7 2017

wiktor-k added a comment to T2923: trust signature domain restrictions don't work.

For the reference sanitize_regexp was introduced in this commit from 2007 to "Protect against malloc bombs.": and I see no changes to it (except typo correction) in git blame in trustdb.c.

Nov 7 2017, 9:30 PM · gnupg (gpg14), Bug Report