From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XTXzN-0004dC-Im for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 15:14:49 +0000 X-ACL-Warn: Received: from nmsh3.e.nsc.no ([193.213.121.74]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XTXzL-0001EZ-BT for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 15:14:49 +0000 Received: from [127.0.0.1] (2.150.40.175.tmi.telenormobil.no [2.150.40.175]) by nmsh3.nsc.no (8.14.7/8.14.7) with ESMTP id s8FEcYIa027584 for ; Mon, 15 Sep 2014 16:38:34 +0200 (MEST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Mailer: BlackBerry Email (10.2.1.3247) Message-ID: <20140915143834.6000788.30676.294@thomaszander.se> Date: Mon, 15 Sep 2014 16:38:34 +0200 From: "ThomasZander.se" In-Reply-To: <3E354504-0203-4408-85A1-58A071E8546A@gmail.com> References: <20140913135528.GC6333@muck> <20140914062826.GB21586@muck> <201409150923.02817.thomas@thomaszander.se> <3E354504-0203-4408-85A1-58A071E8546A@gmail.com> To: Bitcoin Dev X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [193.213.121.74 listed in list.dnswl.org] X-Headers-End: 1XTXzL-0001EZ-BT Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 15:14:50 -0000 =E2=80=8EThe reason it is in fact wanking is because pgp tried to solve a p= roblem that can't be solved. It tried to provide distributed trust to a system of identity, while still = depending on the local government (i.e centralized) for the upstream ID... It's a marriage that has no benefit. What we really want is (decentralized) identity management that allows me t= o create a new anonymous ID and use that as something more secure than trus= ting a behavior pattern to proof it's me.=C2=A0 Sent on the go. Excuse the brevity. =C2=A0 Original Message =C2=A0 From: Brian Hoffman Sent: 15:35 mandag 15. september 2014 To: Jeff Garzik Cc: Thomas Zander; Bitcoin Dev Subject: Re: [Bitcoin-development] Does anyone have anything at all signed = by Satoshi's PGP key? I would agree that the in person aspect of the WoT is frustrating, but to d= ismiss this as "geek wanking" is the pot calling the kettle.=20 The value of in person vetting of identity is undeniable. Just because your= risk acceptance is difference doesn't make it wanking. Please go see if yo= u can get any kind of governmental clearance of credential without in-perso= n vetting. Ask them if they accept your behavioral signature.=20 I know there is a lot of PGP hating these days but this comment doesn't nec= essarily apply to every situation.=20 > On Sep 15, 2014, at 9:08 AM, Jeff Garzik wrote: >=20 >> On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander = wrote: >> Any and all PGP related howtos will tell you that you should not trust o= r sign >> a formerly-untrusted PGP (or GPG for that matter) key without seeing that >> person in real life, verifying their identity etc. >=20 > Such guidelines are a perfect example of why PGP WoT is useless and > stupid geek wanking. >=20 > A person's behavioural signature is what is relevant. We know how > Satoshi coded and wrote. It was the online Satoshi with which we > interacted. The online Satoshi's PGP signature would be fine... > assuming he established a pattern of use. >=20 > As another example, I know the code contributions and PGP key signed > by the online entity known as "sipa." At a bitcoin conf I met a > person with photo id labelled "Pieter Wuille" who claimed to be sipa, > but that could have been an actor. Absent a laborious and boring > signed challenge process, for all we know, "sipa" is a supercomputing > cluster of 500 gnomes. >=20 > The point is, the "online entity known as Satoshi" is the relevant > fingerprint. That is easily established without any in-person > meetings. >=20 > --=20 > Jeff Garzik > Bitcoin core developer and open source evangelist > BitPay, Inc. https://bitpay.com/ >=20 > -------------------------------------------------------------------------= ----- > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=3D157508191&iu=3D/4140/ostg= .clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development