public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Fake PGP key for Gavin
@ 2014-03-22 17:03 Mike Hearn
  2014-03-22 17:33 ` Gavin Andresen
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Mike Hearn @ 2014-03-22 17:03 UTC (permalink / raw)
  To: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 752 bytes --]

In case you didn't see this yet,

http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html

If you're using PGP to verify Bitcoin downloads, it's very important that
you check you are using the right key. Someone seems to be creating fake
PGP keys that are used to sign popular pieces of crypto software, probably
to make a MITM attack (e.g. from an intelligence agency) seem more
legitimate.

I think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign
the Windows binaries? If not it'd be a good idea, if only because AV
scanners learn key reputations to reduce false positives. Of course this is
not a panacea, and Linux unfortunately does not support X.509 code signing,
but having extra signing can't really hurt.

[-- Attachment #2: Type: text/html, Size: 968 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-03-24 20:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-22 17:03 [Bitcoin-development] Fake PGP key for Gavin Mike Hearn
2014-03-22 17:33 ` Gavin Andresen
2014-03-22 18:21 ` Peter Todd
2014-03-23  0:59 ` Oliver Egginger
2014-03-23 22:12 ` Troy Benjegerdes
2014-03-24 19:44   ` The Doctor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox