<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 14 May 2013 20:41, Peter Todd <span dir="ltr"><<a href="mailto:pete@petertodd.org" target="_blank">pete@petertodd.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">report: <a href="https://bitcointalk.org/index.php?topic=205349.0" target="_blank">https://bitcointalk.org/index.php?topic=205349.0</a><br>
<br>
Every talk will be widely witnessed and videotaped so we can get some<br>
reasonably good security by simply putting out PGP fingerprints in our<br>
slides. Yeah, some fancy attacker could change the videos after the<br>
fact, but the talks themselves will have wide audiences and a lot of<br>
opportunities for fraud to be discovered. That means it'd also be<br>
reasonable for people to sign those keys too if you are present and are<br>
convinced you aren't looking at some impostor. (of course, presenters,<br>
check that your PGP fingerprints are correct...)<br>
<br>
<br>
Remember that PGP depends on the web-of-trust. No single measure in a<br>
web-of-trust is needs to be absolutely perfect; it's the sum of the<br>
verifications that matter. I don't think it matters much if you have,<br>
say, seen Jeff Garzik's drivers license as much as it matters that you<br>
have seen him in a public place with dozens of witnesses that would<br>
recognize him and call out any attempt at fraud.<br>
<br>
Secondly remember that many of us are working on software where an<br>
attacker can steal from huge numbers of users at once if they manage to<br>
sneak some wallet stealing code in. We need better code signing<br>
practices, but they don't help without some way of being sure the keys<br>
signing the code are valid. SSL and certificate authorities have<br>
advantages, and so does the PGP WoT, so use both.<br>
<br>
<br>
FWIW I take this stuff pretty seriously myself. I generated my key<br>
securely in the first place, I use a hardware smartcard to store my PGP<br>
key, and I keep the master signing key - the key with the ability to<br>
sign other keys - separate from my day-to-day signing subkeys. I also<br>
PGP sign emails regularly, which means anyone can get a decent idea of<br>
if they have the right key by looking at bitcoin-development mailing<br>
list archives and checking the signatures. A truly dedicated attacker<br>
could probably sign something without my knowledge, but I've certainly<br>
raised the bar.<br></blockquote><div><br></div><div>Just out of curiosity, could PGP keyservers suffer from a similar 51% attack as the bitcoin network?<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
--<br>
'peter'[:-1]@<a href="http://petertodd.org" target="_blank">petertodd.org</a><br>
000000000000016be577c0f0ce4c04a05fdbfc8e0b6f69053659f32aeea3a518<br>
</font></span><br>------------------------------------------------------------------------------<br>
AlienVault Unified Security Management (USM) platform delivers complete<br>
security visibility with the essential security capabilities. Easily and<br>
efficiently configure, manage, and operate all of your security controls<br>
from a single console and one unified framework. Download a free trial.<br>
<a href="http://p.sf.net/sfu/alienvault_d2d" target="_blank">http://p.sf.net/sfu/alienvault_d2d</a><br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
<br></blockquote></div><br></div></div>