From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UcKwz-0006tN-G1 for bitcoin-development@lists.sourceforge.net; Tue, 14 May 2013 19:31:53 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.113 as permitted sender) client-ip=62.13.149.113; envelope-from=pete@petertodd.org; helo=outmail149113.authsmtp.com; Received: from outmail149113.authsmtp.com ([62.13.149.113]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1UcKwy-0002b9-6o for bitcoin-development@lists.sourceforge.net; Tue, 14 May 2013 19:31:53 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt5.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r4EJVjJN090638; Tue, 14 May 2013 20:31:45 +0100 (BST) Received: from petertodd.org (petertodd.org [174.129.28.249]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r4EJVf35034320 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 14 May 2013 20:31:44 +0100 (BST) Date: Tue, 14 May 2013 15:31:41 -0400 From: Peter Todd To: Melvin Carvalho Message-ID: <20130514193141.GG18341@petertodd.org> References: <20130514184120.GB18341@petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9Iq5ULCa7nGtWwZS" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: e9113762-bccc-11e2-b5c5-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwYUFVQNAgsB AmUbWVReU1x7XWc7 ag1VcwRfa1RMVxto VEFWR1pVCwQmQxh0 fHhIURxydAFFen4+ Y0NnXD4OVUV7dkF7 QFMGRj5VeGZhPWIC AkULch5UcAFPdx8U a1UrBXRDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4hHyI3 QBEER212RgU+Xyg6 LBE8MQxUPUAaNlg+ PBMwXk8Ceyc9Mm8W EUBLDyJDP0MAQTZj DAUSTEkDCnVGRSZQ DwZA X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 174.129.28.249/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1UcKwy-0002b9-6o Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Bitcoin2013 Speakers: Include your PGP fingerprint in your slides X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 May 2013 19:31:53 -0000 --9Iq5ULCa7nGtWwZS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 14, 2013 at 09:16:28PM +0200, Melvin Carvalho wrote: > > FWIW I take this stuff pretty seriously myself. I generated my key > > securely in the first place, I use a hardware smartcard to store my PGP > > key, and I keep the master signing key - the key with the ability to > > sign other keys - separate from my day-to-day signing subkeys. I also > > PGP sign emails regularly, which means anyone can get a decent idea of > > if they have the right key by looking at bitcoin-development mailing > > list archives and checking the signatures. A truly dedicated attacker > > could probably sign something without my knowledge, but I've certainly > > raised the bar. > > >=20 > Just out of curiosity, could PGP keyservers suffer from a similar 51% > attack as the bitcoin network? What guarantees do you think a keyserver provides about the keys it returns? --=20 'peter'[:-1]@petertodd.org 0000000000000142ad32a203b1627bee8126fa4bcd940b0da3f32bf1b5b07a24 --9Iq5ULCa7nGtWwZS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlGSkR0ACgkQpEFN739thowlHwCdEugu2VuzBj/RJKFTcI7to1Ku v1AAn0r9Ia2jkGlVOrPPvKlMdfSFY+fw =toZw -----END PGP SIGNATURE----- --9Iq5ULCa7nGtWwZS--