summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Hearn <mike@plan99.net>2014-03-22 18:03:03 +0100
committerbitcoindev <bitcoindev@gnusha.org>2014-03-22 17:03:11 +0000
commitcf14c017e5eb1fa4021b75383f378c7488c94f84 (patch)
tree75440569e58347b94508bcfbd81824c2cdb20ebb
parent4a171f09626cf2c8a3bbcdae50ddefd5d214ede2 (diff)
downloadpi-bitcoindev-cf14c017e5eb1fa4021b75383f378c7488c94f84.tar.gz
pi-bitcoindev-cf14c017e5eb1fa4021b75383f378c7488c94f84.zip
[Bitcoin-development] Fake PGP key for Gavin
-rw-r--r--ea/965b794f3340caab9dd68d8a5774de90481b4599
1 files changed, 99 insertions, 0 deletions
diff --git a/ea/965b794f3340caab9dd68d8a5774de90481b45 b/ea/965b794f3340caab9dd68d8a5774de90481b45
new file mode 100644
index 000000000..b39306b86
--- /dev/null
+++ b/ea/965b794f3340caab9dd68d8a5774de90481b45
@@ -0,0 +1,99 @@
+Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
+ helo=mx.sourceforge.net)
+ by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+ (envelope-from <mh.in.england@gmail.com>) id 1WRPKB-0001gW-2P
+ for bitcoin-development@lists.sourceforge.net;
+ Sat, 22 Mar 2014 17:03:11 +0000
+Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
+ designates 209.85.214.176 as permitted sender)
+ client-ip=209.85.214.176; envelope-from=mh.in.england@gmail.com;
+ helo=mail-ob0-f176.google.com;
+Received: from mail-ob0-f176.google.com ([209.85.214.176])
+ by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
+ (Exim 4.76) id 1WRPK9-00066Z-CA
+ for bitcoin-development@lists.sourceforge.net;
+ Sat, 22 Mar 2014 17:03:11 +0000
+Received: by mail-ob0-f176.google.com with SMTP id wp18so3901367obc.21
+ for <bitcoin-development@lists.sourceforge.net>;
+ Sat, 22 Mar 2014 10:03:04 -0700 (PDT)
+MIME-Version: 1.0
+X-Received: by 10.60.141.9 with SMTP id rk9mr48779002oeb.12.1395507783965;
+ Sat, 22 Mar 2014 10:03:03 -0700 (PDT)
+Sender: mh.in.england@gmail.com
+Received: by 10.76.71.231 with HTTP; Sat, 22 Mar 2014 10:03:03 -0700 (PDT)
+Date: Sat, 22 Mar 2014 18:03:03 +0100
+X-Google-Sender-Auth: T7SKeLtUzRxHta7jYdz1gajwV3A
+Message-ID: <CANEZrP0NeDetSLXjtWnCaYYjYcdhsa=ne=a6NJOnvEp8yr7YaA@mail.gmail.com>
+From: Mike Hearn <mike@plan99.net>
+To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Content-Type: multipart/alternative; boundary=047d7b3a9cacbea6a604f534f909
+X-Spam-Score: -0.5 (/)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+ See http://spamassassin.org/tag/ for more details.
+ -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+ sender-domain
+ 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
+ (mh.in.england[at]gmail.com)
+ -0.0 SPF_PASS SPF: sender matches SPF record
+ 1.0 HTML_MESSAGE BODY: HTML included in message
+ 0.1 DKIM_SIGNED Message has a DKIM or DK signature,
+ not necessarily valid
+ -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
+X-Headers-End: 1WRPK9-00066Z-CA
+Subject: [Bitcoin-development] Fake PGP key for Gavin
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+ <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Sat, 22 Mar 2014 17:03:11 -0000
+
+--047d7b3a9cacbea6a604f534f909
+Content-Type: text/plain; charset=UTF-8
+
+In case you didn't see this yet,
+
+http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
+
+If you're using PGP to verify Bitcoin downloads, it's very important that
+you check you are using the right key. Someone seems to be creating fake
+PGP keys that are used to sign popular pieces of crypto software, probably
+to make a MITM attack (e.g. from an intelligence agency) seem more
+legitimate.
+
+I think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign
+the Windows binaries? If not it'd be a good idea, if only because AV
+scanners learn key reputations to reduce false positives. Of course this is
+not a panacea, and Linux unfortunately does not support X.509 code signing,
+but having extra signing can't really hurt.
+
+--047d7b3a9cacbea6a604f534f909
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr">In case you didn&#39;t see this yet,<div><br></div><div><a=
+ href=3D"http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-impost=
+er.html">http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-impost=
+er.html</a><br>
+</div><div><br></div><div>If you&#39;re using PGP to verify Bitcoin downloa=
+ds, it&#39;s very important that you check you are using the right key. Som=
+eone seems to be creating fake PGP keys that are used to sign popular piece=
+s of crypto software, probably to make a MITM attack (e.g. from an intellig=
+ence agency) seem more legitimate.</div>
+<div><br></div><div>I think the Mac DMG&#39;s of Core are signed for Gateke=
+eper, but do we codesign the Windows binaries? If not it&#39;d be a good id=
+ea, if only because AV scanners learn key reputations to reduce false posit=
+ives. Of course this is not a panacea, and Linux unfortunately does not sup=
+port X.509 code signing, but having extra signing can&#39;t really hurt.</d=
+iv>
+</div>
+
+--047d7b3a9cacbea6a604f534f909--
+
+