From: Thérèse Godefroy Date: Fri, 22 Jun 2018 16:41:11 +0000 (+0200) Subject: en: update kitchen. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=1c4452817b19311edf3f30b64ad83ae86473b743;p=enc.git en: update kitchen. --- diff --git a/en/kitchen/index.t.html b/en/kitchen/index.t.html index 6fd55f3d..9f6bedc8 100644 --- a/en/kitchen/index.t.html +++ b/en/kitchen/index.t.html @@ -204,6 +204,9 @@ href="https://gpgtools.org/#gpgsuite">Download and install it, choosing default options whenever asked. After it's installed, you can close any windows that it creates.

+

There are major security flaws in versions of GnuPG provided by GPGTools +prior to 2018.3. Make sure you have GPGTools 2018.3 or later.

+ @@ -219,6 +222,9 @@ href="https://www.gpg4win.org/">Download and install it, choosing default options whenever asked. After it's installed, you can close any windows that it creates.

+

There are major security flaws in versions of GnuPG provided by GPG4Win +prior to 3.1.2. Make sure you have GPG4Win 3.1.2 or later.

+ @@ -239,6 +245,21 @@ alt="Step 1.B: Install Add-ons" />

Step 1.b Install the Enigmail plugin for your email program

+ +

In your email program's menu, select Add-ons (it may be in the Tools +section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

+ +

If not, search "Enigmail" with the search bar in the upper right. You +can take it from here. Restart your email program when you're done.

+ +

There are major security flaws in versions of GnuPG prior to 2.2.8, and +Enigmail prior to 2.0.7. Make sure you have GnuPG 2.2.8 and Enigmail 2.0.7, +or later versions.

+ +

Note: As of June 18, 2018, GnuPG 2.2.8 is unavailable for Debian stable and +testing.

+ @@ -258,18 +279,18 @@ alt="Step 1.C: Install Add-ons" />

Step 1.c Install the Enigmail plugin for your email program

-

In your email program's menu, select Add-ons (it may be in the Tools -section). Make sure Extensions is selected on the left. Do you see Enigmail? If -so, skip this step.

+section). Make sure Extensions is selected on the left. Do you see Enigmail? +Make sure it's the latest version. If so, skip this step.

If not, search "Enigmail" with the search bar in the upper right. You can take it from here. Restart your email program when you're done.

-

Enigmail versions prior to 2.0.6 have serious security issues. Make sure -to install version 2.0.6 or later. The current version is 2.0.6.1.

+

There are major security flaws in Enigmail prior to version 2.0.7. Make +sure you have Enigmail 2.0.7 or later.

+
@@ -869,15 +890,15 @@ and choosing Key Properties. It's good practice to share your fingerprint wherever you share your email address, so that people can double-check that they have the correct public key when they download yours from a keyserver.

-

You may also see public keys referred to by their key ID, -which is simply the last eight digits of the fingerprint, like C09A61E8 for -Edward. The key ID is visible directly from the Key Management window. This -key ID is like a person's first name (it is a useful shorthand but may not be -unique to a given key), whereas the fingerprint actually identifies the key -uniquely without the possibility of confusion. If you only have the key ID, -you can still look up the key (as well as its fingerprint), like you did in -Step 3, but if multiple options appear, you'll need the fingerprint of the -person to whom you are trying to communicate to verify which one to use.

+

You may also see public keys referred to by a shorter +key ID. This key ID is visible directly from the Key Management +window. These eight character key IDs were previously used for +identification, which used to be safe, but is no longer reliable. You +need to check the full fingerprint as part of verifying you have the +correct key for the person you are trying to contact. Spoofing, in +which someone intentionally generates a key with a fingerprint whose +final eight characters are the same as another, is unfortunately +common.