Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <bitcoin@olivere.de>) id 1WRX2a-0002zQ-CC
	for bitcoin-development@lists.sourceforge.net;
	Sun, 23 Mar 2014 01:17:32 +0000
X-ACL-Warn: 
Received: from olivere.de ([85.214.144.153] helo=mail.olivere.de)
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76) id 1WRX2W-0002CE-Ud
	for bitcoin-development@lists.sourceforge.net;
	Sun, 23 Mar 2014 01:17:30 +0000
Received: from ip-178-201-245-99.unitymediagroup.de ([178.201.245.99]:33328
	helo=[192.168.88.251])
	by mail.olivere.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <bitcoin@olivere.de>)
	id 1WRWlU-0003bI-TK; Sun, 23 Mar 2014 01:59:52 +0100
Message-ID: <532E3206.3090005@olivere.de>
Date: Sun, 23 Mar 2014 01:59:50 +0100
From: Oliver Egginger <bitcoin@olivere.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Mike Hearn <mike@plan99.net>
References: <CANEZrP0NeDetSLXjtWnCaYYjYcdhsa=ne=a6NJOnvEp8yr7YaA@mail.gmail.com>
In-Reply-To: <CANEZrP0NeDetSLXjtWnCaYYjYcdhsa=ne=a6NJOnvEp8yr7YaA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
X-Headers-End: 1WRX2W-0002CE-Ud
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Fake PGP key for Gavin
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 23 Mar 2014 01:17:32 -0000

Am 22.03.2014 18:03, schrieb Mike Hearn:
> In case you didn't see this yet,
> 
> http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
> 
> If you're using PGP to verify Bitcoin downloads, it's very important
> that you check you are using the right key. Someone seems to be creating
> fake PGP keys that are used to sign popular pieces of crypto software,
> probably to make a MITM attack (e.g. from an intelligence agency) seem
> more legitimate.

From the user's perspective: In the beginning I found it difficult to
find the keys. At last I have made this side for documentation:

https://www.olivere.de/blog/archives/2013/06/02/install_bitcoin_client/

Okay, is outdated meanwhile ...

Normally people fetch the keys by key-id from a well known key server.
Not because they are paranoid, but because it is the most convenient
method under Linux.

A Google search for Gavin+Andresen+gpg brings me herein:

http://sourceforge.net/p/bitcoin/mailman/message/30551147/

Key-Id?

Nevertheless, I'm glad that you guys signed anything. That makes me
sleep better. I really check this.

- oliver

GPG: https://olivere.de/gpg