Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XTW1r-0004Zp-2D for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 13:09:15 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.213.172 as permitted sender) client-ip=209.85.213.172; envelope-from=jgarzik@bitpay.com; helo=mail-ig0-f172.google.com; Received: from mail-ig0-f172.google.com ([209.85.213.172]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XTW1p-0003HP-Vs for bitcoin-development@lists.sourceforge.net; Mon, 15 Sep 2014 13:09:14 +0000 Received: by mail-ig0-f172.google.com with SMTP id h3so3839206igd.5 for ; Mon, 15 Sep 2014 06:09:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=9hX/k7uUV/adBjygbpdXGxUOPhM3zElOR6cOtT1cAZg=; b=NjVpOKMkLQo9wa8VDBD1glcNl2tZrsiv+xoFGeR2IE6K8W1U4ETiRmkKC1PIYLL8S4 ZYebCoe9YaF6ih825s7oUepkoVCOqvp/209JKdgGiJF/zhsowNEn/gCmrFoLEw3FOuFz 1VkmIC6DgG7vzJh3k4hp5/SoZI37Yjs2yp1pRjKlTZw1ULVesbTgzoCNMGk9oeJBGCRW fV+e8kjSKGGnIeWDUQ7FFxKftkEnS7pFPKgBghp9SqyHwDWpB1Cn1B2gQP9ER2mJZqMY M3on49c/eCHKg0AfCyk2kdoEUbbMXHpSOIjhiP6tIMWK+L/2toJu0PRfjU3QSUZ3mLeZ t+ZA== X-Gm-Message-State: ALoCoQmTcqoYLP95JmZMULRJUwrY4GhyODV/K5SiKkfcrUrpsbcjxur+/VPOQe3MQkguEfnEiEov X-Received: by 10.50.83.5 with SMTP id m5mr21101307igy.15.1410786548291; Mon, 15 Sep 2014 06:09:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.153.149 with HTTP; Mon, 15 Sep 2014 06:08:48 -0700 (PDT) In-Reply-To: <201409150923.02817.thomas@thomaszander.se> References: <20140913135528.GC6333@muck> <20140914062826.GB21586@muck> <201409150923.02817.thomas@thomaszander.se> From: Jeff Garzik Date: Mon, 15 Sep 2014 09:08:48 -0400 Message-ID: To: Thomas Zander Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XTW1p-0003HP-Vs Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 13:09:15 -0000 On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander wrote: > Any and all PGP related howtos will tell you that you should not trust or sign > a formerly-untrusted PGP (or GPG for that matter) key without seeing that > person in real life, verifying their identity etc. Such guidelines are a perfect example of why PGP WoT is useless and stupid geek wanking. A person's behavioural signature is what is relevant. We know how Satoshi coded and wrote. It was the online Satoshi with which we interacted. The online Satoshi's PGP signature would be fine... assuming he established a pattern of use. As another example, I know the code contributions and PGP key signed by the online entity known as "sipa." At a bitcoin conf I met a person with photo id labelled "Pieter Wuille" who claimed to be sipa, but that could have been an actor. Absent a laborious and boring signed challenge process, for all we know, "sipa" is a supercomputing cluster of 500 gnomes. The point is, the "online entity known as Satoshi" is the relevant fingerprint. That is easily established without any in-person meetings. -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/