Am 22.03.2014 18:03, schrieb Mike Hearn: > In case you didn't see this yet, > > http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html > > If you're using PGP to verify Bitcoin downloads, it's very important > that you check you are using the right key. Someone seems to be creating > fake PGP keys that are used to sign popular pieces of crypto software, > probably to make a MITM attack (e.g. from an intelligence agency) seem > more legitimate.
>From the user's perspective: In the beginning I found it difficult to find the keys. At last I have made this side for documentation: https://www.olivere.de/blog/archives/2013/06/02/install_bitcoin_client/ Okay, is outdated meanwhile ... Normally people fetch the keys by key-id from a well known key server. Not because they are paranoid, but because it is the most convenient method under Linux. A Google search for Gavin+Andresen+gpg brings me herein: http://sourceforge.net/p/bitcoin/mailman/message/30551147/ Key-Id? Nevertheless, I'm glad that you guys signed anything. That makes me sleep better. I really check this. - oliver GPG: https://olivere.de/gpg ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
