[Bitcoin-development] limits of network hacking/netsplits (was: Discovery/addr packets)

Mike Hearn mike at plan99.net
Tue May 7 12:04:16 UTC 2013

> And even without a PGP WoT connection, if the website had SSL enabled, they
> can trust the binaries its sending to the extent that it is securely
> maintained

Yes, it would be nice to have SSL but that requires finding
alternative file hosting.

> I guess its the least of the concerns but I believe Damgards is better.

Unfortunately we don't have any choice in what to use. There's no way
on Android to change the signing key after deployment, so we can
either split the existing key or do nothing.

There is a quorum-of-developers signing system using gitian and
reproducible builds, but as noted by Gregory, the problem is that
people don't check the signatures (even ignoring the web of trust
aspect which raises the complexity much higher). This sort of thing
works best when combined with an auto update engine or other kind of
software distribution platform.

More information about the bitcoin-dev mailing list