Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XTYmE-0008Is-P1 for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 16:05:18 +0000 X-ACL-Warn: Received: from resqmta-ch2-10v.sys.comcast.net ([69.252.207.42]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) id 1XTYm9-0002PK-5q for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 16:05:18 +0000 Received: from omta20.westchester.pa.mail.comcast.net ([76.96.62.71]) by resqmta-ch2-10v.sys.comcast.net with comcast id rTp11o0021YDfWL01Trd5S; Mon, 15 Sep 2014 15:51:37 +0000 Received: from crushinator.localnet ([IPv6:2601:6:4800:47f:1e4e:1f4d:332c:3bf6]) by omta20.westchester.pa.mail.comcast.net with comcast id rTrb1o00u2JF60R3gTrdc3; Mon, 15 Sep 2014 15:51:37 +0000 From: Matt Whitlock To: Thomas Zander Date: Mon, 15 Sep 2014 11:51:35 -0400 Message-ID: <3205491.XcafbkJRvW@crushinator> User-Agent: KMail/4.14 (Linux/3.14.14-gentoo; KDE/4.14.0; x86_64; ; ) In-Reply-To: <3586037.E6tZxYPG6n@coldstorage> References: <20140913135528.GC6333@muck> <3E354504-0203-4408-85A1-58A071E8546A@gmail.com> <3586037.E6tZxYPG6n@coldstorage> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XTYm9-0002PK-5q Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 16:05:18 -0000 On Monday, 15 September 2014, at 5:10 pm, Thomas Zander wrote: > So for instance I start including a bitcoin public key in my email signature. > I don't sign the emails or anything like that, just to establish that everyone > has my public key many times in their email archives. > Then when I need to proof its me, I can provide a signature on the content > that the requester wants me to sign. That would not work. You would need to sign your messages. If you were merely attaching your public key to them, then the email server could have been systematically replacing your public key with some other public key, and then, when you would later try to provide a signature, your signature would not verify under the public key that everyone else had been seeing attached to your messages.