From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XT3Id-00087P-Fk for bitcoin-development@lists.sourceforge.net; Sun, 14 Sep 2014 06:28:39 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.110 as permitted sender) client-ip=62.13.148.110; envelope-from=pete@petertodd.org; helo=outmail148110.authsmtp.com; Received: from outmail148110.authsmtp.com ([62.13.148.110]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XT3Ib-00031H-DF for bitcoin-development@lists.sourceforge.net; Sun, 14 Sep 2014 06:28:39 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s8E6SU4Z069610; Sun, 14 Sep 2014 07:28:30 +0100 (BST) Received: from muck (host-92-27-141-92.static.as13285.net [92.27.141.92]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s8E6SRpc094149 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 14 Sep 2014 07:28:28 +0100 (BST) Date: Sun, 14 Sep 2014 07:28:27 +0100 From: Peter Todd To: Jeff Garzik Message-ID: <20140914062826.GB21586@muck> References: <20140913135528.GC6333@muck> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zx4FCpZtqtKETZ7O" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 57515471-3bd8-11e4-9f74-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwYUC1AEAgsB AmIbW1NeUlV7W2o7 YghPbwJDY05PQQxo T01BRU1TWkZgdBpi ZF5NUhB2dgFPNndz bE8sW3deXUF+ckdg QRwAHXAHZDJkdWlJ V0RFdwNWdQpKLx5G bwR8GhFYa3VsFCMk FAgyOXU9MCtSLCNN RwwLMWdabUEGBXY1 QQEFGzhnHUQbSm06 KQ06Kl8aEw4YLg07 NV9pQlMXNRIeQgdP fQl2CTNePFkACDFj NSxiFU0TAWo1 X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 92.27.141.92/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1XT3Ib-00031H-DF Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Sep 2014 06:28:39 -0000 --zx4FCpZtqtKETZ7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 13, 2014 at 10:03:20AM -0400, Jeff Garzik wrote: > That claim is horse manure :) He never signed private emails sent to > me, nor the forum posts. That's consistent with what everyone else is saying: https://twitter.com/petertoddbtc/status/509614729879642113 > He -might- have signed the occasional thing related to releases, I'm not = sure. Doesn't seem like there's any evidence of that either. For instance the archive.org Jan 31st 2009 capture of bitcoin.org with v1.3 has a link to his PGP key, but the release itself is unsigned: https://web.archive.org/web/20090131115053/http://bitcoin.org/ Similarly the Nov 29 2009 capture of the sourceforge download directory has releases v0.1.0, v0.1.2, v0.1.3, and v0.1.5, none of which have signatures: https://web.archive.org/web/20091129231630/http://sourceforge.net/projects/= bitcoin/files/Bitcoin/ The earliest signature I can find is from v0.3.20 from Gavin Andresen: https://web.archive.org/web/20110502125522/http://sourceforge.net/projects/= bitcoin/files/Bitcoin/bitcoin-0.3.20/ Earliest sig in the git commit history is the v0.3.21 tag, again from Gavin. My best guess is Satoshi only created the PGP key in case someone needed to send him a security-related bug report. Which leads to a related question: Do we have any evidence Satoshi ever even had access to that key? Did he ever use PGP at all for anything? --=20 'peter'[:-1]@petertodd.org 00000000000000000ce4f740fb700bb8a9ed859ac96ac9871567a20fca07f76a --zx4FCpZtqtKETZ7O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJUFTWGXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAwY2U0Zjc0MGZiNzAwYmI4YTllZDg1OWFjOTZhYzk4NzE1 NjdhMjBmY2EwN2Y3NmEvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfv/VAf+IeWvhkS0f34Utvi/boR32yRb 8VpizQ+OxAEeLdU0Ot7lwqMbGCsrA8eiyHIiVXeVBv54DLW8AQ55Qt+ge/hirCsN JZgE7pNt0YZKfxj2AdmCJiL18YuJUnlDd01OJWaz0tQLP6uBjhv2c3U+ZbMT5aBV ehiyld8oz8/2dOjsnAf3h8VT4dyQK9L1PQmzXCXoASTPqBZubPdeRQGT/5OVXtc0 goZgW7GsL+o/0n5748HHde3xKvaWz0j6UiK5vhlUrLK5jHgifOhLuiC8enu0Z/3t 0fVnuws8aiciSZIluWa5ZzSX82HVQ+G781eXIa24jgHScrMvR5affPbmVZRQOw== =D7bn -----END PGP SIGNATURE----- --zx4FCpZtqtKETZ7O--