Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XTXh5-0003Yg-Fn for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 14:55:55 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.175 as permitted sender) client-ip=209.85.223.175; envelope-from=pieter.wuille@gmail.com; helo=mail-ie0-f175.google.com; Received: from mail-ie0-f175.google.com ([209.85.223.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XTXh4-0008VX-2E for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 14:55:55 +0000 Received: by mail-ie0-f175.google.com with SMTP id at20so4705287iec.20 for ; Mon, 15 Sep 2014 07:55:48 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.42.39.142 with SMTP id h14mr28251042ice.32.1410792947395; Mon, 15 Sep 2014 07:55:47 -0700 (PDT) Received: by 10.50.6.6 with HTTP; Mon, 15 Sep 2014 07:55:47 -0700 (PDT) Received: by 10.50.6.6 with HTTP; Mon, 15 Sep 2014 07:55:47 -0700 (PDT) In-Reply-To: References: <20140913135528.GC6333@muck> <20140914062826.GB21586@muck> <201409150923.02817.thomas@thomaszander.se> <3E354504-0203-4408-85A1-58A071E8546A@gmail.com> Date: Mon, 15 Sep 2014 16:55:47 +0200 Message-ID: From: Pieter Wuille To: Brian Hoffman Content-Type: multipart/alternative; boundary=90e6ba1efb747b343705031bd46e X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XTXh4-0008VX-2E Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 14:55:55 -0000 --90e6ba1efb747b343705031bd46e Content-Type: text/plain; charset=ISO-8859-1 WoT is a perfectly reasonable way to establish trust about the link between an online identity and a real world identity. In the case of a developer with an existing reputation for his online identity, that link is just irrelevant. On Sep 15, 2014 4:52 PM, "Brian Hoffman" wrote: > In the context of Bitcoin I will concede that perhaps it holds true for > now. > > I also never said the actual credential you receive from a government > agency is trustable. I completely agree that they are forgeable and not > necessarily reliable. That was not my point. I was referring to the vetting > process before issuance. > > Just as you have behavioral characteristics online that contribute to > trusting an "identity" you also exhibit in person attributes, such as > physically being in a specific location at a certain time or blue eyes or > biometrics, that are valuable. You simply cannot capture those in an > online-only world. I don't see how you can deny the value there. > > You are most certainly and undeniably the expert in the Bitcoin context > here so I will not even attempt to argue with you on that, but I just think > it's not realistic to ignore the value of an in-person network in other > contexts. You called it "geek wanking" with no qualifier "in the Bitcoin > context" so excuse me if I misunderstood your intent. > > > On Mon, Sep 15, 2014 at 10:33 AM, Jeff Garzik wrote: > >> It applies to OP, bitcoin community development and Satoshi. >> >> "value of in person vetting of identity is undeniable"... no it is >> quite deniable. Satoshi is the quintessential example. We value brain >> output, code. The real world identity is irrelevant to whether or not >> bitcoin continues to function. >> >> The currency of bitcoin development is code, and electronic messages >> describing cryptographic theses. _That_ is the relevant fingerprint. >> >> Governmental id is second class, can be forged or simply present a >> different individual from that who is online. PGP WoT wanking does >> not solve that problem at all. >> >> >> >> >> >> >> On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman >> wrote: >> > I would agree that the in person aspect of the WoT is frustrating, but >> to dismiss this as "geek wanking" is the pot calling the kettle. >> > >> > The value of in person vetting of identity is undeniable. Just because >> your risk acceptance is difference doesn't make it wanking. Please go see >> if you can get any kind of governmental clearance of credential without >> in-person vetting. Ask them if they accept your behavioral signature. >> > >> > I know there is a lot of PGP hating these days but this comment doesn't >> necessarily apply to every situation. >> > >> > >> > >> >> On Sep 15, 2014, at 9:08 AM, Jeff Garzik wrote: >> >> >> >>> On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander < >> thomas@thomaszander.se> wrote: >> >>> Any and all PGP related howtos will tell you that you should not >> trust or sign >> >>> a formerly-untrusted PGP (or GPG for that matter) key without seeing >> that >> >>> person in real life, verifying their identity etc. >> >> >> >> Such guidelines are a perfect example of why PGP WoT is useless and >> >> stupid geek wanking. >> >> >> >> A person's behavioural signature is what is relevant. We know how >> >> Satoshi coded and wrote. It was the online Satoshi with which we >> >> interacted. The online Satoshi's PGP signature would be fine... >> >> assuming he established a pattern of use. >> >> >> >> As another example, I know the code contributions and PGP key signed >> >> by the online entity known as "sipa." At a bitcoin conf I met a >> >> person with photo id labelled "Pieter Wuille" who claimed to be sipa, >> >> but that could have been an actor. Absent a laborious and boring >> >> signed challenge process, for all we know, "sipa" is a supercomputing >> >> cluster of 500 gnomes. >> >> >> >> The point is, the "online entity known as Satoshi" is the relevant >> >> fingerprint. That is easily established without any in-person >> >> meetings. >> >> >> >> -- >> >> Jeff Garzik >> >> Bitcoin core developer and open source evangelist >> >> BitPay, Inc. https://bitpay.com/ >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Want excitement? >> >> Manually upgrade your production database. >> >> When you want reliability, choose Perforce >> >> Perforce version control. Predictably reliable. >> >> >> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> >> Bitcoin-development mailing list >> >> Bitcoin-development@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> >> >> -- >> Jeff Garzik >> Bitcoin core developer and open source evangelist >> BitPay, Inc. https://bitpay.com/ >> > > > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --90e6ba1efb747b343705031bd46e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

WoT is a perfectly reasonable way to establish trust about t= he link between an online identity and a real world identity.

In the case of a developer with an existing reputation for h= is online identity, that link is just irrelevant.

On Sep 15, 2014 4:52 PM, "Brian Hoffman&quo= t; <brianchoffman@gmail.com> wrote:
In the context of Bitcoin I will concede that perhaps it holds t= rue for now.

I also never said the actual credential you= receive from a government agency is trustable. I completely agree that the= y are forgeable and not necessarily reliable. That was not my point. I was = referring to the vetting process before issuance.

= Just as you have behavioral characteristics online that contribute to trust= ing an "identity" you also exhibit in person attributes, such as = physically being in a specific location at a certain time or blue eyes or b= iometrics, that are valuable. You simply cannot capture those in an online-= only world. I don't see how you can deny the value there.
You are most certainly and undeniably the expert in the Bitcoin= context here so I will not even attempt to argue with you on that, but I j= ust think it's not realistic to ignore the value of an in-person networ= k in other contexts. You called it "geek wanking" with no qualifi= er "in the Bitcoin context" so excuse me if I misunderstood your = intent.=A0


On Mon, Sep 15, 2014 at 10:33 AM, Jeff Garzik <jgarzi= k@bitpay.com> wrote:
It app= lies to OP, bitcoin community development and Satoshi.

"value of in person vetting of identity is undeniable"...=A0 no i= t is
quite deniable. Satoshi is the quintessential example. We value brain
output, code.=A0 The real world identity is irrelevant to whether or not bitcoin continues to function.

The currency of bitcoin development is code, and electronic messages
describing cryptographic theses.=A0 _That_ is the relevant fingerprint.

Governmental id is second class, can be forged or simply present a
different individual from that who is online.=A0 PGP WoT wanking does
not solve that problem at all.






On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman <brianchoffman@gmail.com> wrote:=
> I would agree that the in person aspect of the WoT is frustrating, but= to dismiss this as "geek wanking" is the pot calling the kettle.=
>
> The value of in person vetting of identity is undeniable. Just because= your risk acceptance is difference doesn't make it wanking. Please go = see if you can get any kind of governmental clearance of credential without= in-person vetting. Ask them if they accept your behavioral signature.
>
> I know there is a lot of PGP hating these days but this comment doesn&= #39;t necessarily apply to every situation.
>
>
>
>> On Sep 15, 2014, at 9:08 AM, Jeff Garzik <jgarzik@bitpay.com> wrote:
>>
>>> On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander <thomas@thomaszander.se= > wrote:
>>> Any and all PGP related howtos will tell you that you should n= ot trust or sign
>>> a formerly-untrusted PGP (or GPG for that matter) key without = seeing that
>>> person in real life, verifying their identity etc.
>>
>> Such guidelines are a perfect example of why PGP WoT is useless an= d
>> stupid geek wanking.
>>
>> A person's behavioural signature is what is relevant.=A0 We kn= ow how
>> Satoshi coded and wrote.=A0 It was the online Satoshi with which w= e
>> interacted.=A0 The online Satoshi's PGP signature would be fin= e...
>> assuming he established a pattern of use.
>>
>> As another example, I know the code contributions and PGP key sign= ed
>> by the online entity known as "sipa."=A0 At a bitcoin co= nf I met a
>> person with photo id labelled "Pieter Wuille" who claime= d to be sipa,
>> but that could have been an actor.=A0 Absent a laborious and borin= g
>> signed challenge process, for all we know, "sipa" is a s= upercomputing
>> cluster of 500 gnomes.
>>
>> The point is, the "online entity known as Satoshi" is th= e relevant
>> fingerprint.=A0 That is easily established without any in-person >> meetings.
>>
>> --
>> Jeff Garzik
>> Bitcoin core developer and open source evangelist
>> BitPay, Inc.=A0 =A0 =A0 https://bitpay.com/
>>
>> ------------------------------------------------------------------= ------------
>> Want excitement?
>> Manually upgrade your production database.
>> When you want reliability, choose Perforce
>> Perforce version control. Predictably reliable.
>> http://pubads.g.doubleclic= k.net/gampad/clk?id=3D157508191&iu=3D/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/b= itcoin-development



--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.=A0 =A0 =A0 h= ttps://bitpay.com/


-----------------------------------------------------------------------= -------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D157508191&iu=3D/4140/ostg.clktrk
__________________= _____________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--90e6ba1efb747b343705031bd46e--