[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: get OpenPGP pubkeys authenticated using German personal ID
From: Andrew Gallagher via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2023-06-06 11:20:07
Message-ID: 0106787F-EB69-4B8C-B115-5E2031953263 () andrewg ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 3 Jun 2023, at 01:56, Jacob Bachmeyer <jcb62281@gmail.com> wrote:
>
> Alexander Leidinger via Gnupg-users wrote:
> > [...]
> >
> > I don't remember if there was a challenge/response or not. As I still have the \
> > email with the signed key, I can tell that the signature can arrive via a TLS \
> > encrypted SMTP channel directly from governicus (and they have a SPF setup but \
> > not DKIM):
> > ---snip---
> >
> > Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
> > (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
> > key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
> > client-signature RSA-PSS (4096 bits) client-digest SHA256)
> > (Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer "VPR-BOS004.dmz.bosnetz.de" (not \
> > verified))
> > ---snip---
> >
>
> Am I misreading that header or does Governikus' outgoing SMTP have a self-signed \
> client certificate for 'VPR-BOS004.dmz.bosnetz.de'? That does not inspire \
> confidenceā¦
I wouldn't read too much into this. The client cert here is probably used for \
internal purposes, and their MXes may be configured to offer their client certs by \
default - external sites won't check it anyway, so no harm done.
A
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEKR55odxVrielLu+DXB7EBNWQZikFAmR/FmgACgkQXB7EBNWQ
Zin2pg/+KpBCYvoShPTk8XLSwUQ3RBg50X6OtvXBb5kKgsfZMmC9851dPPmJiu4a
VJJa0P/irVP9u/fR/cDZltJRK5xQOch3orn7Ez1Jt8ShucVXRpOXEruaheWXuwV5
EEz3MDfsEvzDCcYcDC9vkif3x3JTG4u4kd3QxrtiAog2lPJrUIXYJCOYsNcpFu+l
G3dukfULG7SRUf8zJn7RbppQd/IUMCcfygTQnhJ31t0UhECb0z34vuy1fGa7MuF8
ueFUOGNZeFSLvANs28Vq9qqiO5MmEEsTvIpB6+p3d0s6v83UOPoQFxZU/GTPTMNA
IqgXSGax/gEUc+PyDr4mqKxOIpaAJbG7XAXHwzAxASR2wlOVJB8xsDByePIinHtZ
LlAXK258dZrhaNXNIHHlEHvLDXB5W3OqYC3jXomJQ4cD2EEILkqju25pQhi6zzGs
9sVkX62gWXD9AQEmZMVbOgCkTx9r8+khhFnfA5ldtLKkZFAsrr+DM+HfNQdF+c3+
F5DOJDUXwCAazmXHl5Ve9DNdj4bmL7YsGIEMhLVZlDdWJCn+3QucR4eGTJ0+T94i
ApqFYlH2v4X1XUpXdJOMPuRwZDji+WeF3Zy18U3c/0CeX3Xx9rJIS3HuQvUV9Ysq
UG2j/IPxmW/fiO69EZnoOWlYIvvAKMTwzmiatL6In8JhSX7Iuxk=
=wU0P
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic