1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <thomas@thomaszander.se>) id 1XTYoc-00005t-1n
for bitcoin-development@lists.sourceforge.net;
Mon, 15 Sep 2014 16:07:46 +0000
X-ACL-Warn:
Received: from galore.getmail.no ([84.210.184.6])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1XTYoa-0002IS-D6 for bitcoin-development@lists.sourceforge.net;
Mon, 15 Sep 2014 16:07:46 +0000
Received: from localhost (localhost [127.0.0.1])
by galore.getmail.no (Postfix) with ESMTP id 81BD340A6D
for <bitcoin-development@lists.sourceforge.net>;
Mon, 15 Sep 2014 18:07:38 +0200 (CEST)
Received: from galore.getmail.no ([127.0.0.1])
by localhost (galore.get.c.bitbit.net [127.0.0.1]) (amavisd-new,
port 10032) with ESMTP id Hwy-iYJdBXcj
for <bitcoin-development@lists.sourceforge.net>;
Mon, 15 Sep 2014 18:07:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by galore.getmail.no (Postfix) with ESMTP id 3468D42D09
for <bitcoin-development@lists.sourceforge.net>;
Mon, 15 Sep 2014 18:07:38 +0200 (CEST)
X-Virus-Scanned: amavisd-new at galore.get.c.bitbit.net
Received: from galore.getmail.no ([127.0.0.1])
by localhost (galore.get.c.bitbit.net [127.0.0.1]) (amavisd-new,
port 10026) with ESMTP id nkcQVausr7u9
for <bitcoin-development@lists.sourceforge.net>;
Mon, 15 Sep 2014 18:07:38 +0200 (CEST)
Received: from coldstorage.localnet (cm-84.208.97.23.getinternet.no
[84.208.97.23])
by galore.getmail.no (Postfix) with ESMTP id 19A8B40A6D
for <bitcoin-development@lists.sourceforge.net>;
Mon, 15 Sep 2014 18:07:38 +0200 (CEST)
From: Thomas Zander <thomas@thomaszander.se>
To: bitcoin-development@lists.sourceforge.net
Date: Mon, 15 Sep 2014 18:07:37 +0200
Message-ID: <1691559.E4oGFnMDVX@coldstorage>
User-Agent: KMail/4.13.3 (Linux/3.14-2-amd64; KDE/4.14.0; x86_64; ; )
In-Reply-To: <3205491.XcafbkJRvW@crushinator>
References: <20140913135528.GC6333@muck> <3586037.E6tZxYPG6n@coldstorage>
<3205491.XcafbkJRvW@crushinator>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1XTYoa-0002IS-D6
Subject: Re: [Bitcoin-development] Does anyone have anything at all signed
by Satoshi's PGP key?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 16:07:46 -0000
On Monday 15. September 2014 11.51.35 Matt Whitlock wrote:
> If you were merely attaching your public key to them, then the email server
> could have been systematically replacing your public key with some other
> public key,
The beauty of publicly archived mailinglists make it impossible to get away
with this without detection.
I recall reading the awesome book "The inmates are running the asylum" which
states that solutions created by software engineers typically suffer from the
flaw of absolutes. (find the part where he describes homo-digitalus for more)
I think this applies to PGP and your objection; in order to make it absolutely
correct, you need to introduce loads of things. Signatures, WoT, etc.
PGP&GPG do this. But each change of the normal workflow means you loose about
50% of your audience...
So, my silly example is not perfect. But I bet its good enough for most. In
the end the value of the imperfect solution is higher than the perfect one.
|