Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.217.182 as permitted sender)
	client-ip=209.85.217.182; envelope-from=melvincarvalho@gmail.com;
	helo=mail-lb0-f182.google.com; 
MIME-Version: 1.0
In-Reply-To: <20130514184120.GB18341@petertodd.org>
References: <20130514184120.GB18341@petertodd.org>
Date: Tue, 14 May 2013 21:16:28 +0200
Message-ID: <CAKaEYhKpDQJAqNuh0oddO1GmugfZAznGjk0sOdokqDAPWFibJQ@mail.gmail.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: multipart/alternative; boundary=14dae94735dd61f32f04dcb27846
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Bitcoin2013 Speakers: Include your PGP
 fingerprint in your slides
Precedence: list

--14dae94735dd61f32f04dcb27846
Content-Type: text/plain; charset=ISO-8859-1

On 14 May 2013 20:41, Peter Todd <pete@petertodd.org> wrote:

> report: https://bitcointalk.org/index.php?topic=205349.0
>
> Every talk will be widely witnessed and videotaped so we can get some
> reasonably good security by simply putting out PGP fingerprints in our
> slides. Yeah, some fancy attacker could change the videos after the
> fact, but the talks themselves will have wide audiences and a lot of
> opportunities for fraud to be discovered. That means it'd also be
> reasonable for people to sign those keys too if you are present and are
> convinced you aren't looking at some impostor. (of course, presenters,
> check that your PGP fingerprints are correct...)
>
>
> Remember that PGP depends on the web-of-trust. No single measure in a
> web-of-trust is needs to be absolutely perfect; it's the sum of the
> verifications that matter. I don't think it matters much if you have,
> say, seen Jeff Garzik's drivers license as much as it matters that you
> have seen him in a public place with dozens of witnesses that would
> recognize him and call out any attempt at fraud.
>
> Secondly remember that many of us are working on software where an
> attacker can steal from huge numbers of users at once if they manage to
> sneak some wallet stealing code in. We need better code signing
> practices, but they don't help without some way of being sure the keys
> signing the code are valid. SSL and certificate authorities have
> advantages, and so does the PGP WoT, so use both.
>
>
> FWIW I take this stuff pretty seriously myself. I generated my key
> securely in the first place, I use a hardware smartcard to store my PGP
> key, and I keep the master signing key - the key with the ability to
> sign other keys - separate from my day-to-day signing subkeys. I also
> PGP sign emails regularly, which means anyone can get a decent idea of
> if they have the right key by looking at bitcoin-development mailing
> list archives and checking the signatures. A truly dedicated attacker
> could probably sign something without my knowledge, but I've certainly
> raised the bar.
>

Just out of curiosity, could PGP keyservers suffer from a similar 51%
attack as the bitcoin network?


>
> --
> 'peter'[:-1]@petertodd.org
> 000000000000016be577c0f0ce4c04a05fdbfc8e0b6f69053659f32aeea3a518
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

--14dae94735dd61f32f04dcb27846
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 14 May 2013 20:41, Peter Todd <span dir=3D"ltr">&lt;<a href=3D"m=
ailto:pete@petertodd.org" target=3D"_blank">pete@petertodd.org</a>&gt;</spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">report: <a href=3D"https://bitcointalk.org/i=
ndex.php?topic=3D205349.0" target=3D"_blank">https://bitcointalk.org/index.=
php?topic=3D205349.0</a><br>

<br>
Every talk will be widely witnessed and videotaped so we can get some<br>
reasonably good security by simply putting out PGP fingerprints in our<br>
slides. Yeah, some fancy attacker could change the videos after the<br>
fact, but the talks themselves will have wide audiences and a lot of<br>
opportunities for fraud to be discovered. That means it&#39;d also be<br>
reasonable for people to sign those keys too if you are present and are<br>
convinced you aren&#39;t looking at some impostor. (of course, presenters,<=
br>
check that your PGP fingerprints are correct...)<br>
<br>
<br>
Remember that PGP depends on the web-of-trust. No single measure in a<br>
web-of-trust is needs to be absolutely perfect; it&#39;s the sum of the<br>
verifications that matter. I don&#39;t think it matters much if you have,<b=
r>
say, seen Jeff Garzik&#39;s drivers license as much as it matters that you<=
br>
have seen him in a public place with dozens of witnesses that would<br>
recognize him and call out any attempt at fraud.<br>
<br>
Secondly remember that many of us are working on software where an<br>
attacker can steal from huge numbers of users at once if they manage to<br>
sneak some wallet stealing code in. We need better code signing<br>
practices, but they don&#39;t help without some way of being sure the keys<=
br>
signing the code are valid. SSL and certificate authorities have<br>
advantages, and so does the PGP WoT, so use both.<br>
<br>
<br>
FWIW I take this stuff pretty seriously myself. I generated my key<br>
securely in the first place, I use a hardware smartcard to store my PGP<br>
key, and I keep the master signing key - the key with the ability to<br>
sign other keys - separate from my day-to-day signing subkeys. I also<br>
PGP sign emails regularly, which means anyone can get a decent idea of<br>
if they have the right key by looking at bitcoin-development mailing<br>
list archives and checking the signatures. A truly dedicated attacker<br>
could probably sign something without my knowledge, but I&#39;ve certainly<=
br>
raised the bar.<br></blockquote><div><br></div><div>Just out of curiosity, =
could PGP keyservers suffer from a similar 51% attack as the bitcoin networ=
k?<br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
&#39;peter&#39;[:-1]@<a href=3D"http://petertodd.org" target=3D"_blank">pet=
ertodd.org</a><br>
000000000000016be577c0f0ce4c04a05fdbfc8e0b6f69053659f32aeea3a518<br>
</font></span><br>---------------------------------------------------------=
---------------------<br>
AlienVault Unified Security Management (USM) platform delivers complete<br>
security visibility with the essential security capabilities. Easily and<br=
>
efficiently configure, manage, and operate all of your security controls<br=
>
from a single console and one unified framework. Download a free trial.<br>
<a href=3D"http://p.sf.net/sfu/alienvault_d2d" target=3D"_blank">http://p.s=
f.net/sfu/alienvault_d2d</a><br>___________________________________________=
____<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div></div>

--14dae94735dd61f32f04dcb27846--