Virtual Private Server (VPS) Hosting provided by Central Point Networking cpnllc.com
For some reason, the "Nodelist" and "Recent Callers" features are not working.
| Sysop: | Ray Quinn |
|---|---|
| Location: | Visalia, CA |
| Users: | 60 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 74:35:47 |
| Calls: | 12 |
| Files: | 12,941 |
| Messages: | 99,316 |
Check out the US 99 menu above for links to information about US Highway 99, after which the US 99 BBS is named.
Be sure to click on the Amateur Radio menu item above for packet BBSes, packet software, packet organizations, as well as packet how-to's. Also included is links to local and some not-so-local Amateur Radio Clubs.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
test
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAl4NONkACgkQ7w6JZVeJ WJuM6Qf/SH2d3WYB4KfzXqoZAAa5cf/pzSKl40f7s2jPs9rnw57HOYb8SLAG+ttx 5fpBLO2V3BWyYUXn2bY6KKIiI9gmjXuC9FP2JtkXPeV39LR8yeu2Ea1iWS/AI7jF GPNocdfYGbeOHSsDW/82HYygiT69DbLPUXGLn4ujAzpiHgbRDNqEidtJQdKfEG3z UZfw3L71uZCAK2tnaPTBsBle0y1r1cO+ZzMcBEU3SAOA2MekrJDrpWq1q67Z0ymq UfrN6PtrPlSOjpGg+8Jh1BMr4xXCQwYeTPiZrEO6lduKO2cyIOimlOXO8nJK1vUi U1l/zoz/KMbROMTYeJfdcc0FpWGLaA==
=8I23
-----END PGP SIGNATURE-----
wilfred@wilnux5:~/tmp> gpg --verify aug.msg
gpg: Signature made do 02 jan 2020 01:27:05 CET using RSA key ID 5789589B gpg: Can't check signature: No public key
wilfred@wilnux5:~/tmp> gpg --recv-keys 5789589B
gpg: requesting key 5789589B from hkp server keys.gnupg.net
gpgkeys: key 5789589B not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
So where can we get your key?
So where can we get your key?
I just got started with this. I am not completely familiar how to use OpenPGP/Enigmail.
The following should be the right key for ID 5789589B
- -----BEGIN PGP PUBLIC KEY BLOCK-----
I can now verify your message had a correct signature made with
this key:
wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
5789589B: public key "August Abolins
<august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5
The trust thing is sort of an issue. I can't just sign your key (technically I could of course), because I can't verify it's
really you. Anyone could login to Tommy's nntp server
as 'August Abolins'. and "fake" email addresses are also easy
to create/get. And since you are not a node we can't even
exchange some crash netmails...
I can now verify your message had a correct signature made with
this key:
wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
5789589B: public key "August Abolins
<august@R_E_M_O_V_Ekolico.ca>" imported gpg: Total number
processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5
Cool! I still have to learn how to do that here.
I have used the pgp signing process in the long ago past, but now and
I am rusty and have only begun figuring out "the process" to use in
this new environment.
I like the Enigmail/OpenPGP integration in Thunderbird.
When pgp first came out found, I found it fascinating.
I immediately wondered why *wouldn't* anyone want to use it on a
regular basic for email exchanges.
I think my old public key is still out there. (I have not really
looked for it though. I don't remember the servers I used.)
The private key is probably still on a 3┬╜ diskette, somewhere.
theThe trust thing is sort of an issue. I can't just sign your key
(technically I could of course), because I can't verify it's
really you. Anyone could login to Tommy's nntp server
as 'August Abolins'. and "fake" email addresses are also easy
to create/get. And since you are not a node we can't even
exchange some crash netmails...
Well.. there *is* the email clue above. ;) A few email exchanges, and
analysis of the headers could be one way to get confidence whether the email I claim to use above is really me or suspicious.
There is still a trust issue in this whole process for sure. At least
one other person who could actually vouch that I am who I am would be needed.
W.r.t nntp, another "August Abolins" could come from many different outside systems. True. But since registering on Tommi's system
requires human intervention, I don't think he would permit another me
to register on his system with exactly the same FN LN. So, technically
you could be confident that once you grab my public key from here,
future correspondences are from "the August Abolins originally seen on Tommi's system." ? :)
As a minimum, if Tommi were to sign my key, (since my messages are originating on *his* system, and we can be sure that he's the *real deal* operating his *own* system, and I had to be registered manually to have access) then that would be a nice vote of confidence.
There is another verification process I can suggest. I'll cover that later. And maybe I'll encrypt that message! <G>
I think my old public key is still out there. (I have not
really looked for it though. I don't remember the servers I
used.)
Afaik most key-servers are connected to each other these days,
and exchange keys on a regular basis. So if your key is out
there, it might be "everywhere".
When I search for "abolins" on my (default) key-server it finds
27 keys as old as from 1994. But none include a mention
of "august".
The private key is probably still on a 3S diskette, somewhere.
I have a lot of them still around (mainly Amiga formatted).
Haven't tried them in a few decades, and it would surprise me
if they are still readable.
There are configuration lines in my golded config to do gpg/pgp functions, but I can't remember when I last used them. Maybe never...
I like the Enigmail/OpenPGP integration in Thunderbird.
And in fidonet some systems wouldn't allow encrypted routed netmail messages to pass their systems... I remember there was a lot of discussion going on about that at the time.
As a minimum, if Tommi were to sign my key, (since my messages are
The one at MIT (which sounds like where I would have submitted my key)
but fails with this:
--[begin]--
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /pks/lookup.
Reason: Error reading from remote server
--[end]--
I didn't expect that from the great MIT.
Afaik most key-servers are connected to each other these days,
and exchange keys on a regular basis. So if your key is out
there, it might be "everywhere".
Yes.. I notice that keys are now pooled and distributed to other servers. Things have certainly changed since I first started with PGP in the 90's.
I looked with a few listed here: https://sks-keyservers.net/status/
When I search for "abolins" on my (default) key-server it finds
27 keys as old as from 1994. But none include a mention
of "august".
Are they *all* from 1994?
1994 sounds about right when I actually submitted to a server. II
found about the same number of references to abolins as you at a few random servers from the sks link above. I am surprised that I wouldn't have included my FN. I wonder if the last entry in one of those
searches could be it!
pub 512R/246249F7 1994-02-16
The DATE and bit size certainly looks right. 1994 is about the last time
actually used pgp. And, I am pretty sure the key signature was smallbefore
I learned about the benefits of larger ones.
This is what I did with a bunch of 3 1/2 diskettes a few years ago:
http://kolico.ca/fidonet/echos/win95/index.html#diskettes
As an aside: I like the "status" page at https://sks-keyservers.net/status/
It would be fun to see a similar live version of something like that
for the modest 900 IP nodes. ..But I digress.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
There are configuration lines in my golded config to do gpg/pgp
functions, but I can't remember when I last used them. Maybe never...
I have (S)ign function set up in my GoldED. Nothing else. :)
I just signed the key of August. :)
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: No reason specified
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD F35B
... on this message. So you are using a revoked key!?
I just signed the key of August. :)
And where is it? If it's only in your keyring, it's not very usefull
for the rest of
the world, that you signed it. ;)
onegpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: No reason specified
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 4944 C463 71C6 4E3E 6077 422B 36A7 031E 56CD
F35B
... on this message. So you are using a revoked key!?
Interesting.. Why is GPG using the revoked one, when there is a working
available... Hmm...
I just signed the key of August. :)
And where is it? If it's only in your keyring, it's not very usefull
for the rest of
the world, that you signed it. ;)
It should have been uploaded to the keyserver.
And in fidonet some systems wouldn't allow encrypted routed
netmail messages to pass their systems... I remember there
was a lot of discussion going on about that at the time.
Yes, there was a lot discussion in finnish echos too.
, U, ENC. :)
I just signed the key of August. :)As a minimum, if Tommi were to sign my key..
This is the list I get:
I get that same one in my list, ..
..I can import it from the keyserver: ..
But afterwards it can't be listed: ..
This is what I did with a bunch of 3 1/2 diskettes a few
years ago: ..
You have too much time! ;)
As an aside: I like the "status" page at
https://sks-keyservers.net/status/
It would be fun to see a similar live version of something
like that for the modest 900 IP nodes...But I digress.
Fun for some, but painfull for others: It would embarrass a
lot of hosts, because it would show how bad their segments
are maintained in the nodelist...
one... on this message. So you are using a revoked key!?
Interesting.. Why is GPG using the revoked one, when there is a working
available... Hmm...
I don't know. Maybe it's the default? (Can you set a default key?)
This one had a valid signature from a valid key.
I just signed the key of August. :)
And where is it? If it's only in your keyring, it's not very usefull
for the rest of the world, that you signed it. ;)
It should have been uploaded to the keyserver.
Of course! Got it... ;)
àWV>> And in fidonet some systems wouldn't allow encrypted routed
àWV>> netmail messages to pass their systems... I remember there
àWV>> was a lot of discussion going on about that at the time.
àTK> Yes, there was a lot discussion in finnish echos too.
àTK> ,U,ENC. :)
How is that supposed to be interpreted?à The nodelist just says "node
accepts inbound encrypted mail".à And, is encrypted mail only supported *between* nodes that _both_ have ENC specified?
Btw: I'm using 'gpg' (2), which I think is more or less the
standard software on linux to do (open)pgp stuff with.
It is a very smart inclusion in linux. But I'll stick with a Windows offering. The Enigmail version, as an Add-On for Thunderbird, seems
to be a smooth integration. The only thing I can't seem to check is
which PGP version my Enigmail/GnuPG-generated key is using. But the
linux tool can do that.
Checking if my golded signing configuration works... ;)
Works ok! However, using Thunderbird as a fidonet client does not show your from: name as it should. But it works. ;)
-----BEGIN PGP SIGNED MESSAGE----- TK> Hash: SHA256
I'm wondering why yours uses SHA256 and mine uses SHA1. SHA1 is the
more compatibel one with older versions, but is less secure...
Hmm.. No idea..
isI'll sign this one with Golded.
Still SHA256. It might have to do with the gpg version you are using. Mine
somewhat older:
# gpg --version
gpg (GnuPG) 2.0.24
libgcrypt 1.6.1
...
Maybe the default hash algorithme has change in newer versions?
gpg --version
Meanhile, email is probably a more reliable option for really
private messaging anyway.
Maybe the default hash algorithme has change in newer versions?
Perhaps.. In this Windows I'm using :
Tuetut algoritmit:
JulkAvain: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Salaus: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Tiiviste: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Pakkaus: pakkaamaton, ZIP, ZLIB, BZIP2
PS. I hate when programs speak finnish, even if I have an english
OS... :)
Further, since there is no way for a user to know in advance how one
U,ENC system routes their mail, and since there is no guarante what happens if a packet reaches a non-U,ENC system, there is no point in taking chances and causing annoyance. :(
As long as you dont use Gmail. ;)