Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UZgd6-0007L8-7d for bitcoin-development@lists.sourceforge.net; Tue, 07 May 2013 12:04:24 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.52 as permitted sender) client-ip=209.85.219.52; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f52.google.com; Received: from mail-oa0-f52.google.com ([209.85.219.52]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UZgd3-0000Fs-Vq for bitcoin-development@lists.sourceforge.net; Tue, 07 May 2013 12:04:24 +0000 Received: by mail-oa0-f52.google.com with SMTP id h1so482256oag.11 for ; Tue, 07 May 2013 05:04:16 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.97.232 with SMTP id ed8mr446529oeb.141.1367928256588; Tue, 07 May 2013 05:04:16 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.167.169 with HTTP; Tue, 7 May 2013 05:04:16 -0700 (PDT) In-Reply-To: <20130507110740.GA10449@netbook.cypherspace.org> References: <20130506161216.GA5193@petertodd.org> <20130506163732.GB5193@petertodd.org> <20130506180418.GA3797@netbook.cypherspace.org> <20130506225146.GA6657@netbook.cypherspace.org> <20130507110740.GA10449@netbook.cypherspace.org> Date: Tue, 7 May 2013 14:04:16 +0200 X-Google-Sender-Auth: zeJ6hrTJI8c4tUHJq_shI3qOaHs Message-ID: From: Mike Hearn To: Adam Back Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UZgd3-0000Fs-Vq Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] limits of network hacking/netsplits (was: Discovery/addr packets) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 May 2013 12:04:24 -0000 > And even without a PGP WoT connection, if the website had SSL enabled, they > can trust the binaries its sending to the extent that it is securely > maintained Yes, it would be nice to have SSL but that requires finding alternative file hosting. > I guess its the least of the concerns but I believe Damgards is better. Unfortunately we don't have any choice in what to use. There's no way on Android to change the signing key after deployment, so we can either split the existing key or do nothing. There is a quorum-of-developers signing system using gitian and reproducible builds, but as noted by Gregory, the problem is that people don't check the signatures (even ignoring the web of trust aspect which raises the complexity much higher). This sort of thing works best when combined with an auto update engine or other kind of software distribution platform.