Skip to content

Instantly share code, notes, and snippets.

Robert J. Hansen rjhansen

Block or report user

Report or block rjhansen

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@rjhansen
rjhansen / consequences.md
Last active Oct 28, 2019
SKS Keyserver Network Attack: Consequences
View consequences.md

SKS Keyserver Network Attack: Consequences

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Back in late February, the Internet Freedom Festival put together a roundtable of communications security nerds to help dissidents in Venezuela figure out how to organize and communicate in the face of widespread DNS poisoning. I contributed a brief HOWTO explaining what the Maduro regime was doing and some simple, effective mitigations. At the very top of the HOWTO was a paragraph of security considerations. Chief among them was a caution that this document came with an OpenPGP digital signature: before relying on the information in the document they ought ensure nobody had tampered with it, either to install malware into the PDF or to alter the advice I was giving.

I put this HOWTO out in the wild. I've had four people send me thank-you notes for writing it. I figure that means it's been seen by between fo

@rjhansen
rjhansen / keyservers.md
Last active Nov 19, 2019
SKS Keyserver Network Under Attack
View keyservers.md

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

View keybase.md

Keybase proof

I hereby claim:

  • I am rjhansen on github.
  • I am rjh (https://keybase.io/rjh) on keybase.
  • I have a public key ASBqHsFVVGBpEL_ZoZ9jzepXw_z04qZKhwFs_85bkS92Ngo

To claim this, I am signing this object:

You can’t perform that action at this time.