Re: [Bitcoin-development] BIP72 amendment proposal
I agree that this would be another way of achieving the same goal. I'd be fine with that if there is a majority. However, I also see downsides of this approach: 1. It's more complicated. It touches more BIPs, and although signing is terribly difficult its still more difficult than just hashing. E.g. signing the payment request twice (ECC + X.509) poses the question in which order you sign, and which signature fields to null for signing. 2. Isn't it discouraged to disclose the public key you're going to receive coins on? (not sure about that) 3. Unlike an hash we can just re-assign to different objects (see my proposal) I think we cannot easily do the same with a signature. It's probably not very important to have this option, but still it should be considered. 4. I'm afraid of the idea of re-purposing the BIP21 address. Someone might send money to it although it isn't meant to receive money any more (service is already using an advanced BIP70 usecase). A clear separation into two parameters would prevent such mistakes, and as soon as the address can go away the URL needn't be longer than it used to be. 5. A hash can be checked without knowing a secret. Are we excluding stateless devices (e.g. proxies, smartwatches)? Generally about the URL length discussion: Currently we have address, amount and r, and it works well. In future we would have h and r. So all we need to do is make sure h not longer than address+amount. I think this is already the case with untruncated SHA256 hashes. But I'd be fine with truncating to maybe 192 bits to save a few characters. On 09/12/2014 06:31 PM, Mike Hearn wrote: Putting aside the question of necessity for a moment, a more efficient approach to this would be; 1. Add another marker param like s to the end of the URL 2. Add another field to PaymentRequest that contains an ECC signature calculated using the public key that hashes to the address in the URI 3. Upgraded wallets look for the additional param and if it's there, expect to find the PaymentDetails signed with the address key. PKI signing of course is still useful to provide an actual identity for receipts, display on hardware wallets, dispute mediation etc. This adds only a few characters to a normal backwards-compatible QR code, and is not hard to implement. On Fri, Sep 12, 2014 at 5:37 PM, Mike Hearn m...@plan99.net mailto:m...@plan99.net wrote: That way we leave up to implementers to experiment with different lengths and figure out what the optimum is Ah, that's a good suggestion if we do go this way. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] how
Hi i have some money on btc. How invest, and where invest for more eranig -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] BIP72 amendment proposal
On 09/12/2014 08:43 PM, Aaron Voisine wrote: Should BIP72 require that signed payment requests be from the same domain, Although it currently does not seem to be used that way, I'd like to see merchants sign their payment requests but store them on their payment processors server. Currently if you buy from Humble Bundle, all you see is Coinbase which is unfortunate. and also require https? I think that's unrealistic. HTTP is already in use, and also the proposed spec is open to other transports, e.g. Bluetooth which is also already in common use. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
On 15 September 2014 09:23, Thomas Zander tho...@thomaszander.se wrote: On Sunday 14. September 2014 08.28.27 Peter Todd wrote: Do we have any evidence Satoshi ever even had access to that key? Did he ever use PGP at all for anything? Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. I think that kind of disqualifies pgp for identity purposes wrt Satoshi :-) But I presume that if the key is on bitcoin.org, you can probably infer that the owner of the key and the original owner of bitcoin.org are one and the same ... -- Thomas Zander -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
I would agree that the in person aspect of the WoT is frustrating, but to dismiss this as geek wanking is the pot calling the kettle. The value of in person vetting of identity is undeniable. Just because your risk acceptance is difference doesn't make it wanking. Please go see if you can get any kind of governmental clearance of credential without in-person vetting. Ask them if they accept your behavioral signature. I know there is a lot of PGP hating these days but this comment doesn't necessarily apply to every situation. On Sep 15, 2014, at 9:08 AM, Jeff Garzik jgar...@bitpay.com wrote: On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
It applies to OP, bitcoin community development and Satoshi. value of in person vetting of identity is undeniable... no it is quite deniable. Satoshi is the quintessential example. We value brain output, code. The real world identity is irrelevant to whether or not bitcoin continues to function. The currency of bitcoin development is code, and electronic messages describing cryptographic theses. _That_ is the relevant fingerprint. Governmental id is second class, can be forged or simply present a different individual from that who is online. PGP WoT wanking does not solve that problem at all. On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman brianchoff...@gmail.com wrote: I would agree that the in person aspect of the WoT is frustrating, but to dismiss this as geek wanking is the pot calling the kettle. The value of in person vetting of identity is undeniable. Just because your risk acceptance is difference doesn't make it wanking. Please go see if you can get any kind of governmental clearance of credential without in-person vetting. Ask them if they accept your behavioral signature. I know there is a lot of PGP hating these days but this comment doesn't necessarily apply to every situation. On Sep 15, 2014, at 9:08 AM, Jeff Garzik jgar...@bitpay.com wrote: On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Funny that you should describe WoT that way. According to some psycho-analysts the act of making love to a partner is actually a realization of our subconscious desire to make love to ourselves. So, in this sense, WoT geeks are indeed masturbating, but it's with the good purpose of ensuring that it's being done via the intended recipient and not some imposter or unsuspecting bystander. That's a valid concern, especially as Bitcoin development ranks grow and branch beyond a small core team. On 09/15/2014 08:08 PM, Jeff Garzik wrote: On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUFvsyAAoJENQRrA3m8xlAwkAH/iRekS+Q0jIzaMPFJjD9Qh2e TTpnQ5MyceeWaEQ9BIS9Lp92k/KlhYUmdaHRmmgOuUQZ6VlOmLSyveMe2qpX3igb jZX3ydZe2hs1D3Z48MFyNBz06eufApSi5LC8BvN4bYotOD+/qrrxag+jaU3NjDu3 yCaSF563ZQ9xXkfh5JoZ3SGBcRmR5bS6QAoR29OQXBubriPwJuVxUBB37cfaL2Nf rc67q2KgpU/vOyucxMFZgoP0vDjxUzXTc2ONrEHGJUfdypMADFwXjxeA8ikOt4ik GIB69wMGQiMeE5e3H337yJxYaZJK4R1KnrSLF0j+Vkl3Yy25duBYAbFUGayeTw0= =xR8K -END PGP SIGNATURE- -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
In the context of Bitcoin I will concede that perhaps it holds true for now. I also never said the actual credential you receive from a government agency is trustable. I completely agree that they are forgeable and not necessarily reliable. That was not my point. I was referring to the vetting process before issuance. Just as you have behavioral characteristics online that contribute to trusting an identity you also exhibit in person attributes, such as physically being in a specific location at a certain time or blue eyes or biometrics, that are valuable. You simply cannot capture those in an online-only world. I don't see how you can deny the value there. You are most certainly and undeniably the expert in the Bitcoin context here so I will not even attempt to argue with you on that, but I just think it's not realistic to ignore the value of an in-person network in other contexts. You called it geek wanking with no qualifier in the Bitcoin context so excuse me if I misunderstood your intent. On Mon, Sep 15, 2014 at 10:33 AM, Jeff Garzik jgar...@bitpay.com wrote: It applies to OP, bitcoin community development and Satoshi. value of in person vetting of identity is undeniable... no it is quite deniable. Satoshi is the quintessential example. We value brain output, code. The real world identity is irrelevant to whether or not bitcoin continues to function. The currency of bitcoin development is code, and electronic messages describing cryptographic theses. _That_ is the relevant fingerprint. Governmental id is second class, can be forged or simply present a different individual from that who is online. PGP WoT wanking does not solve that problem at all. On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman brianchoff...@gmail.com wrote: I would agree that the in person aspect of the WoT is frustrating, but to dismiss this as geek wanking is the pot calling the kettle. The value of in person vetting of identity is undeniable. Just because your risk acceptance is difference doesn't make it wanking. Please go see if you can get any kind of governmental clearance of credential without in-person vetting. Ask them if they accept your behavioral signature. I know there is a lot of PGP hating these days but this comment doesn't necessarily apply to every situation. On Sep 15, 2014, at 9:08 AM, Jeff Garzik jgar...@bitpay.com wrote: On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
The reason it is in fact wanking is because pgp tried to solve a problem that can't be solved. It tried to provide distributed trust to a system of identity, while still depending on the local government (i.e centralized) for the upstream ID... It's a marriage that has no benefit. What we really want is (decentralized) identity management that allows me to create a new anonymous ID and use that as something more secure than trusting a behavior pattern to proof it's me. Sent on the go. Excuse the brevity. Original Message From: Brian Hoffman Sent: 15:35 mandag 15. september 2014 To: Jeff Garzik Cc: Thomas Zander; Bitcoin Dev Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? I would agree that the in person aspect of the WoT is frustrating, but to dismiss this as geek wanking is the pot calling the kettle. The value of in person vetting of identity is undeniable. Just because your risk acceptance is difference doesn't make it wanking. Please go see if you can get any kind of governmental clearance of credential without in-person vetting. Ask them if they accept your behavioral signature. I know there is a lot of PGP hating these days but this comment doesn't necessarily apply to every situation. On Sep 15, 2014, at 9:08 AM, Jeff Garzik jgar...@bitpay.com wrote: On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander tho...@thomaszander.se wrote: Any and all PGP related howtos will tell you that you should not trust or sign a formerly-untrusted PGP (or GPG for that matter) key without seeing that person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as sipa. At a bitcoin conf I met a person with photo id labelled Pieter Wuille who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, sipa is a supercomputing cluster of 500 gnomes. The point is, the online entity known as Satoshi is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
On Monday 15. September 2014 11.51.35 Matt Whitlock wrote: If you were merely attaching your public key to them, then the email server could have been systematically replacing your public key with some other public key, The beauty of publicly archived mailinglists make it impossible to get away with this without detection. I recall reading the awesome book The inmates are running the asylum which states that solutions created by software engineers typically suffer from the flaw of absolutes. (find the part where he describes homo-digitalus for more) I think this applies to PGP and your objection; in order to make it absolutely correct, you need to introduce loads of things. Signatures, WoT, etc. PGPGPG do this. But each change of the normal workflow means you loose about 50% of your audience... So, my silly example is not perfect. But I bet its good enough for most. In the end the value of the imperfect solution is higher than the perfect one. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
On Mon, Sep 15, 2014 at 3:51 PM, Matt Whitlock b...@mattwhitlock.name wrote: On Monday, 15 September 2014, at 5:10 pm, Thomas Zander wrote: So for instance I start including a bitcoin public key in my email signature. I don't sign the emails or anything like that, just to establish that everyone has my public key many times in their email archives. Then when I need to proof its me, I can provide a signature on the content that the requester wants me to sign. That would not work. You would need to sign your messages. If you were merely attaching your public key to them, then the email server could have been systematically replacing your public key with some other public key, and then, when you would later try to provide a signature, your signature would not verify under the public key that everyone else had been seeing attached to your messages. If the server could replace the public key, it could replace the signature in all the same places. Please, can this stuff move to another list? It's offtopic. -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15 September 2014 17:10:14 BST, Gregory Maxwell gmaxw...@gmail.com wrote: If the server could replace the public key, it could replace the signature in all the same places. Please, can this stuff move to another list? It's offtopic. +1 My original post was OT really, although obviously this was the right venue to be sure the required audience saw it and settle the question. -BEGIN PGP SIGNATURE- Version: APG v1.1.1 iQFQBAEBCAA6BQJUFxHcMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8 cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfCtCACLNgMrxRQ4YlX4Tkyt CIlqRh4AOLVRXeh6ER+BJJhJA+hbunNfH6kkROIinpBsFxlRfoHwrv2ax6GIlegO s1+MSLFAoOob3tLQY/LrVF0PMTbKybdQRqQopzu81hbLTCjpnrnN2sDpAOA/bDsV xDTHNVbOWS7UapkZf7AjueDfuyW3yhvcgsq1Tuc4r7pdKCEQA/HjBzIqyFT2K9hp uahaENzCfsCVsEiTmAu+p9EvXhLWmMRfRz15z7D/KtOBTI83/t/WR7UnWlSRHn4i Xyhj/iDv+kPj/vsGXZClCUZ7T/64ovVvoeY9Pk+1fc6okWWXmTHsH+R72szkhgEu O4QP =C27J -END PGP SIGNATURE- -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?
On 09/15/2014 03:08 PM, Jeff Garzik wrote: Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. I wrote up an example of how the WoT and the behavior signature might be combined via a game: http://bitcoinism.blogspot.ch/2013/09/building-pgp-web-of-trust-that-people.html tl;dr: Identity is not a name - it's a set of shared experiences with other people. Identity systems that want to be successful should focus on those shared experiences rather than names. -- Support online privacy by using email encryption whenever possible. Learn how here: http://www.youtube.com/watch?v=bakOKJFtB-k 0x38450DB5.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development