Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UPrrB-0004f9-Ah for bitcoin-development@lists.sourceforge.net; Wed, 10 Apr 2013 10:02:21 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.174 as permitted sender) client-ip=209.85.214.174; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f174.google.com; Received: from mail-ob0-f174.google.com ([209.85.214.174]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UPrr5-00072C-8h for bitcoin-development@lists.sourceforge.net; Wed, 10 Apr 2013 10:02:21 +0000 Received: by mail-ob0-f174.google.com with SMTP id wm15so242825obc.5 for ; Wed, 10 Apr 2013 03:02:10 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.60.136 with SMTP id h8mr479752obr.47.1365588129862; Wed, 10 Apr 2013 03:02:09 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.167.169 with HTTP; Wed, 10 Apr 2013 03:02:09 -0700 (PDT) In-Reply-To: <201304100958.51054.andyparkins@gmail.com> References: <201304100958.51054.andyparkins@gmail.com> Date: Wed, 10 Apr 2013 12:02:09 +0200 X-Google-Sender-Auth: Y83A8RQ_GbqCmGdrWFoz8u8ekGg Message-ID: From: Mike Hearn To: Andy Parkins Content-Type: multipart/alternative; boundary=001a11c1c42063d9f804d9fec32a X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UPrr5-00072C-8h Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] bitcoinj 0.8 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2013 10:02:21 -0000 --001a11c1c42063d9f804d9fec32a Content-Type: text/plain; charset=UTF-8 The key in the message was used in my last announcement, so that establishes continuity there. But regardless, all mails I send are signed automatically by Gmail using either the gmail.com consumer key (for my posts to this list) or the google.com corporate key (for my posts to the bitcoinj lists), see dkim.orgfor more details on this. Whilst this is not signing in the GPG web of trust sense, realistically the Gmail DKIM keys are much safer than any key I could create/maintain, and my ability to sign mail as hearn@google.com is controlled by hardware second factors and various other rather intense security systems I can't discuss. I've considered just not having the additional Bitcoin-key based signatures at all, but it would help keep continuity in the case that I leave Google or if there's a DKIM key rotation. On Wed, Apr 10, 2013 at 10:58 AM, Andy Parkins wrote: > On Tuesday 09 April 2013 22:03:35 Mike Hearn wrote: > > > To get bitcoinj 0.8, check out our source from git and then run *git > fetch > > --all; git checkout **cbbb1a2bf4d1*. This will place you on the 0.8 > release > > in a secure manner. This message was written on Tuesday 9th April 2013 > and > > Not quite secure yet, because you didn't sign your email. > > > Andy > > -- > Dr Andy Parkins > andyparkins@gmail.com > --001a11c1c42063d9f804d9fec32a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
The key in the message was used in my last anno= uncement, so that establishes continuity there.=C2=A0

<= /div>
But regardless, all mails I send are signed automatically b= y Gmail using either the gmail.com consume= r key (for my posts to this list) or the goog= le.com corporate key (for my posts to the bitcoinj lists), see dkim.org for more details on this. Whilst this is = not signing in the GPG web of trust sense, realistically the Gmail DKIM key= s are much safer than any key I could create/maintain, and my ability to si= gn mail as hearn@google.com is cont= rolled by hardware second factors and various other rather intense security= systems I can't discuss.

I've considered just not having the add= itional Bitcoin-key based signatures at all, but it would help keep continu= ity in the case that I leave Google or if there's a DKIM key rotation.<= /div>



On Wed, Apr 10, 2013 at 10:58 AM, Andy Parkins <andypark= ins@gmail.com> wrote:
On Tuesday 09 April 2013 22:03:35 Mike Hearn= wrote:

> To get bitcoinj 0.8, check out our source from git and then run *git f= etch
> --all; git checkout **cbbb1a2bf4d1*. This will place you on the 0.8 re= lease
> in a secure manner. This message was written on Tues= day 9th April 2013 and

Not quite secure yet, because you didn't sign your email.


Andy

--
Dr Andy Parkins
andyparkins@gmail.com

--001a11c1c42063d9f804d9fec32a--