Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-ID: <20140915143834.6000788.30676.294@thomaszander.se>
Date: Mon, 15 Sep 2014 16:38:34 +0200
From: "ThomasZander.se" <thomas@thomaszander.se>
In-Reply-To: <3E354504-0203-4408-85A1-58A071E8546A@gmail.com>
References: <20140913135528.GC6333@muck>
	<CAJHLa0MaE3Ki5Hs4Tu4dQNBW-EL-857N2kf-fVxYcXM6OO-84w@mail.gmail.com>
	<20140914062826.GB21586@muck>
	<201409150923.02817.thomas@thomaszander.se>
	<CAJHLa0Owjs=6vhy_RSD+VSAZgBq2pSYv5HhCdA4-XCGgX=Z6dA@mail.gmail.com>
	<3E354504-0203-4408-85A1-58A071E8546A@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Does anyone have anything at all signed
	by Satoshi's PGP key?
Precedence: list

=E2=80=8EThe reason it is in fact wanking is because pgp tried to solve a p=
roblem that can't be solved.
It tried to provide distributed trust to a system of identity, while still =
depending on the local government (i.e centralized) for the upstream ID...

It's a marriage that has no benefit.

What we really want is (decentralized) identity management that allows me t=
o create a new anonymous ID and use that as something more secure than trus=
ting a behavior pattern to proof it's me.=C2=A0

Sent on the go. Excuse the brevity.
=C2=A0 Original Message =C2=A0
From: Brian Hoffman
Sent: 15:35 mandag 15. september 2014
To: Jeff Garzik
Cc: Thomas Zander; Bitcoin Dev
Subject: Re: [Bitcoin-development] Does anyone have anything at all signed =
by Satoshi's PGP key?

I would agree that the in person aspect of the WoT is frustrating, but to d=
ismiss this as "geek wanking" is the pot calling the kettle.=20

The value of in person vetting of identity is undeniable. Just because your=
 risk acceptance is difference doesn't make it wanking. Please go see if yo=
u can get any kind of governmental clearance of credential without in-perso=
n vetting. Ask them if they accept your behavioral signature.=20

I know there is a lot of PGP hating these days but this comment doesn't nec=
essarily apply to every situation.=20


> On Sep 15, 2014, at 9:08 AM, Jeff Garzik <jgarzik@bitpay.com> wrote:
>=20
>> On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander <thomas@thomaszander.se> =
wrote:
>> Any and all PGP related howtos will tell you that you should not trust o=
r sign
>> a formerly-untrusted PGP (or GPG for that matter) key without seeing that
>> person in real life, verifying their identity etc.
>=20
> Such guidelines are a perfect example of why PGP WoT is useless and
> stupid geek wanking.
>=20
> A person's behavioural signature is what is relevant. We know how
> Satoshi coded and wrote. It was the online Satoshi with which we
> interacted. The online Satoshi's PGP signature would be fine...
> assuming he established a pattern of use.
>=20
> As another example, I know the code contributions and PGP key signed
> by the online entity known as "sipa." At a bitcoin conf I met a
> person with photo id labelled "Pieter Wuille" who claimed to be sipa,
> but that could have been an actor. Absent a laborious and boring
> signed challenge process, for all we know, "sipa" is a supercomputing
> cluster of 500 gnomes.
>=20
> The point is, the "online entity known as Satoshi" is the relevant
> fingerprint. That is easily established without any in-person
> meetings.
>=20
> --=20
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc. https://bitpay.com/
>=20
> -------------------------------------------------------------------------=
-----
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=3D157508191&iu=3D/4140/ostg=
.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development