Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.223.175 as permitted sender)
	client-ip=209.85.223.175; envelope-from=pieter.wuille@gmail.com;
	helo=mail-ie0-f175.google.com; 
MIME-Version: 1.0
In-Reply-To: <CAADm4BARhLUrQSk1xy_Rk_rmXw=RkrX7y_+a57HmJbUKwpQLHA@mail.gmail.com>
References: <20140913135528.GC6333@muck>
	<CAJHLa0MaE3Ki5Hs4Tu4dQNBW-EL-857N2kf-fVxYcXM6OO-84w@mail.gmail.com>
	<20140914062826.GB21586@muck>
	<201409150923.02817.thomas@thomaszander.se>
	<CAJHLa0Owjs=6vhy_RSD+VSAZgBq2pSYv5HhCdA4-XCGgX=Z6dA@mail.gmail.com>
	<3E354504-0203-4408-85A1-58A071E8546A@gmail.com>
	<CAJHLa0PX+e98ad4W+oLc=TL6t6EELv=q4JEG=0YKKa7Uz4+MQA@mail.gmail.com>
	<CAADm4BARhLUrQSk1xy_Rk_rmXw=RkrX7y_+a57HmJbUKwpQLHA@mail.gmail.com>
Date: Mon, 15 Sep 2014 16:55:47 +0200
Message-ID: <CAPg+sBg3fVHB-zHa=gY_04BPW50v6ZVyFozQ6KcPc+a_3NPsig@mail.gmail.com>
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Brian Hoffman <brianchoffman@gmail.com>
Content-Type: multipart/alternative; boundary=90e6ba1efb747b343705031bd46e
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Does anyone have anything at all signed
 by Satoshi's PGP key?
Precedence: list

--90e6ba1efb747b343705031bd46e
Content-Type: text/plain; charset=ISO-8859-1

WoT is a perfectly reasonable way to establish trust about the link between
an online identity and a real world identity.

In the case of a developer with an existing reputation for his online
identity, that link is just irrelevant.
On Sep 15, 2014 4:52 PM, "Brian Hoffman" <brianchoffman@gmail.com> wrote:

> In the context of Bitcoin I will concede that perhaps it holds true for
> now.
>
> I also never said the actual credential you receive from a government
> agency is trustable. I completely agree that they are forgeable and not
> necessarily reliable. That was not my point. I was referring to the vetting
> process before issuance.
>
> Just as you have behavioral characteristics online that contribute to
> trusting an "identity" you also exhibit in person attributes, such as
> physically being in a specific location at a certain time or blue eyes or
> biometrics, that are valuable. You simply cannot capture those in an
> online-only world. I don't see how you can deny the value there.
>
> You are most certainly and undeniably the expert in the Bitcoin context
> here so I will not even attempt to argue with you on that, but I just think
> it's not realistic to ignore the value of an in-person network in other
> contexts. You called it "geek wanking" with no qualifier "in the Bitcoin
> context" so excuse me if I misunderstood your intent.
>
>
> On Mon, Sep 15, 2014 at 10:33 AM, Jeff Garzik <jgarzik@bitpay.com> wrote:
>
>> It applies to OP, bitcoin community development and Satoshi.
>>
>> "value of in person vetting of identity is undeniable"...  no it is
>> quite deniable. Satoshi is the quintessential example. We value brain
>> output, code.  The real world identity is irrelevant to whether or not
>> bitcoin continues to function.
>>
>> The currency of bitcoin development is code, and electronic messages
>> describing cryptographic theses.  _That_ is the relevant fingerprint.
>>
>> Governmental id is second class, can be forged or simply present a
>> different individual from that who is online.  PGP WoT wanking does
>> not solve that problem at all.
>>
>>
>>
>>
>>
>>
>> On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman <brianchoffman@gmail.com>
>> wrote:
>> > I would agree that the in person aspect of the WoT is frustrating, but
>> to dismiss this as "geek wanking" is the pot calling the kettle.
>> >
>> > The value of in person vetting of identity is undeniable. Just because
>> your risk acceptance is difference doesn't make it wanking. Please go see
>> if you can get any kind of governmental clearance of credential without
>> in-person vetting. Ask them if they accept your behavioral signature.
>> >
>> > I know there is a lot of PGP hating these days but this comment doesn't
>> necessarily apply to every situation.
>> >
>> >
>> >
>> >> On Sep 15, 2014, at 9:08 AM, Jeff Garzik <jgarzik@bitpay.com> wrote:
>> >>
>> >>> On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander <
>> thomas@thomaszander.se> wrote:
>> >>> Any and all PGP related howtos will tell you that you should not
>> trust or sign
>> >>> a formerly-untrusted PGP (or GPG for that matter) key without seeing
>> that
>> >>> person in real life, verifying their identity etc.
>> >>
>> >> Such guidelines are a perfect example of why PGP WoT is useless and
>> >> stupid geek wanking.
>> >>
>> >> A person's behavioural signature is what is relevant.  We know how
>> >> Satoshi coded and wrote.  It was the online Satoshi with which we
>> >> interacted.  The online Satoshi's PGP signature would be fine...
>> >> assuming he established a pattern of use.
>> >>
>> >> As another example, I know the code contributions and PGP key signed
>> >> by the online entity known as "sipa."  At a bitcoin conf I met a
>> >> person with photo id labelled "Pieter Wuille" who claimed to be sipa,
>> >> but that could have been an actor.  Absent a laborious and boring
>> >> signed challenge process, for all we know, "sipa" is a supercomputing
>> >> cluster of 500 gnomes.
>> >>
>> >> The point is, the "online entity known as Satoshi" is the relevant
>> >> fingerprint.  That is easily established without any in-person
>> >> meetings.
>> >>
>> >> --
>> >> Jeff Garzik
>> >> Bitcoin core developer and open source evangelist
>> >> BitPay, Inc.      https://bitpay.com/
>> >>
>> >>
>> ------------------------------------------------------------------------------
>> >> Want excitement?
>> >> Manually upgrade your production database.
>> >> When you want reliability, choose Perforce
>> >> Perforce version control. Predictably reliable.
>> >>
>> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
>> >> _______________________________________________
>> >> Bitcoin-development mailing list
>> >> Bitcoin-development@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>>
>> --
>> Jeff Garzik
>> Bitcoin core developer and open source evangelist
>> BitPay, Inc.      https://bitpay.com/
>>
>
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

--90e6ba1efb747b343705031bd46e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">WoT is a perfectly reasonable way to establish trust about t=
he link between an online identity and a real world identity.</p>
<p dir=3D"ltr">In the case of a developer with an existing reputation for h=
is online identity, that link is just irrelevant.</p>
<div class=3D"gmail_quote">On Sep 15, 2014 4:52 PM, &quot;Brian Hoffman&quo=
t; &lt;<a href=3D"mailto:brianchoffman@gmail.com">brianchoffman@gmail.com</=
a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div d=
ir=3D"ltr">In the context of Bitcoin I will concede that perhaps it holds t=
rue for now.<div><br></div><div>I also never said the actual credential you=
 receive from a government agency is trustable. I completely agree that the=
y are forgeable and not necessarily reliable. That was not my point. I was =
referring to the vetting process before issuance.</div><div><br></div><div>=
Just as you have behavioral characteristics online that contribute to trust=
ing an &quot;identity&quot; you also exhibit in person attributes, such as =
physically being in a specific location at a certain time or blue eyes or b=
iometrics, that are valuable. You simply cannot capture those in an online-=
only world. I don&#39;t see how you can deny the value there.</div><div><br=
></div><div>You are most certainly and undeniably the expert in the Bitcoin=
 context here so I will not even attempt to argue with you on that, but I j=
ust think it&#39;s not realistic to ignore the value of an in-person networ=
k in other contexts. You called it &quot;geek wanking&quot; with no qualifi=
er &quot;in the Bitcoin context&quot; so excuse me if I misunderstood your =
intent.=A0</div><div><br></div></div><div class=3D"gmail_extra"><br><div cl=
ass=3D"gmail_quote">On Mon, Sep 15, 2014 at 10:33 AM, Jeff Garzik <span dir=
=3D"ltr">&lt;<a href=3D"mailto:jgarzik@bitpay.com" target=3D"_blank">jgarzi=
k@bitpay.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It app=
lies to OP, bitcoin community development and Satoshi.<br>
<br>
&quot;value of in person vetting of identity is undeniable&quot;...=A0 no i=
t is<br>
quite deniable. Satoshi is the quintessential example. We value brain<br>
output, code.=A0 The real world identity is irrelevant to whether or not<br=
>
bitcoin continues to function.<br>
<br>
The currency of bitcoin development is code, and electronic messages<br>
describing cryptographic theses.=A0 _That_ is the relevant fingerprint.<br>
<br>
Governmental id is second class, can be forged or simply present a<br>
different individual from that who is online.=A0 PGP WoT wanking does<br>
not solve that problem at all.<br>
<br>
<br>
<br>
<br>
<br>
<br>
On Mon, Sep 15, 2014 at 9:32 AM, Brian Hoffman &lt;<a href=3D"mailto:brianc=
hoffman@gmail.com" target=3D"_blank">brianchoffman@gmail.com</a>&gt; wrote:=
<br>
&gt; I would agree that the in person aspect of the WoT is frustrating, but=
 to dismiss this as &quot;geek wanking&quot; is the pot calling the kettle.=
<br>
&gt;<br>
&gt; The value of in person vetting of identity is undeniable. Just because=
 your risk acceptance is difference doesn&#39;t make it wanking. Please go =
see if you can get any kind of governmental clearance of credential without=
 in-person vetting. Ask them if they accept your behavioral signature.<br>
&gt;<br>
&gt; I know there is a lot of PGP hating these days but this comment doesn&=
#39;t necessarily apply to every situation.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;&gt; On Sep 15, 2014, at 9:08 AM, Jeff Garzik &lt;<a href=3D"mailto:jga=
rzik@bitpay.com" target=3D"_blank">jgarzik@bitpay.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt;&gt; On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander &lt;<a href=3D"=
mailto:thomas@thomaszander.se" target=3D"_blank">thomas@thomaszander.se</a>=
&gt; wrote:<br>
&gt;&gt;&gt; Any and all PGP related howtos will tell you that you should n=
ot trust or sign<br>
&gt;&gt;&gt; a formerly-untrusted PGP (or GPG for that matter) key without =
seeing that<br>
&gt;&gt;&gt; person in real life, verifying their identity etc.<br>
&gt;&gt;<br>
&gt;&gt; Such guidelines are a perfect example of why PGP WoT is useless an=
d<br>
&gt;&gt; stupid geek wanking.<br>
&gt;&gt;<br>
&gt;&gt; A person&#39;s behavioural signature is what is relevant.=A0 We kn=
ow how<br>
&gt;&gt; Satoshi coded and wrote.=A0 It was the online Satoshi with which w=
e<br>
&gt;&gt; interacted.=A0 The online Satoshi&#39;s PGP signature would be fin=
e...<br>
&gt;&gt; assuming he established a pattern of use.<br>
&gt;&gt;<br>
&gt;&gt; As another example, I know the code contributions and PGP key sign=
ed<br>
&gt;&gt; by the online entity known as &quot;sipa.&quot;=A0 At a bitcoin co=
nf I met a<br>
&gt;&gt; person with photo id labelled &quot;Pieter Wuille&quot; who claime=
d to be sipa,<br>
&gt;&gt; but that could have been an actor.=A0 Absent a laborious and borin=
g<br>
&gt;&gt; signed challenge process, for all we know, &quot;sipa&quot; is a s=
upercomputing<br>
&gt;&gt; cluster of 500 gnomes.<br>
&gt;&gt;<br>
&gt;&gt; The point is, the &quot;online entity known as Satoshi&quot; is th=
e relevant<br>
&gt;&gt; fingerprint.=A0 That is easily established without any in-person<b=
r>
&gt;&gt; meetings.<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Jeff Garzik<br>
&gt;&gt; Bitcoin core developer and open source evangelist<br>
&gt;&gt; BitPay, Inc.=A0 =A0 =A0 <a href=3D"https://bitpay.com/" target=3D"=
_blank">https://bitpay.com/</a><br>
&gt;&gt;<br>
&gt;&gt; ------------------------------------------------------------------=
------------<br>
&gt;&gt; Want excitement?<br>
&gt;&gt; Manually upgrade your production database.<br>
&gt;&gt; When you want reliability, choose Perforce<br>
&gt;&gt; Perforce version control. Predictably reliable.<br>
&gt;&gt; <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D1575081=
91&amp;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclic=
k.net/gampad/clk?id=3D157508191&amp;iu=3D/4140/ostg.clktrk</a><br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; Bitcoin-development mailing list<br>
&gt;&gt; <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" targe=
t=3D"_blank">Bitcoin-development@lists.sourceforge.net</a><br>
&gt;&gt; <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/b=
itcoin-development</a><br>
<span><font color=3D"#888888"><br>
<br>
<br>
--<br>
Jeff Garzik<br>
Bitcoin core developer and open source evangelist<br>
BitPay, Inc.=A0 =A0 =A0 <a href=3D"https://bitpay.com/" target=3D"_blank">h=
ttps://bitpay.com/</a><br>
</font></span></blockquote></div><br></div>
<br>-----------------------------------------------------------------------=
-------<br>
Want excitement?<br>
Manually upgrade your production database.<br>
When you want reliability, choose Perforce<br>
Perforce version control. Predictably reliable.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D157508191&amp;iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D157508191&amp;iu=3D/4140/ostg.clktrk</a><br>__________________=
_____________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div>

--90e6ba1efb747b343705031bd46e--