[Bitcoin-development] Does anyone have anything at all signed by Satoshi's PGP key?

Jeff Garzik jgarzik at bitpay.com
Mon Sep 15 13:08:48 UTC 2014


On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander <thomas at thomaszander.se> wrote:
> Any and all PGP related howtos will tell you that you should not trust or sign
> a formerly-untrusted PGP (or GPG for that matter) key without seeing that
> person in real life, verifying their identity etc.

Such guidelines are a perfect example of why PGP WoT is useless and
stupid geek wanking.

A person's behavioural signature is what is relevant.  We know how
Satoshi coded and wrote.  It was the online Satoshi with which we
interacted.  The online Satoshi's PGP signature would be fine...
assuming he established a pattern of use.

As another example, I know the code contributions and PGP key signed
by the online entity known as "sipa."  At a bitcoin conf I met a
person with photo id labelled "Pieter Wuille" who claimed to be sipa,
but that could have been an actor.  Absent a laborious and boring
signed challenge process, for all we know, "sipa" is a supercomputing
cluster of 500 gnomes.

The point is, the "online entity known as Satoshi" is the relevant
fingerprint.  That is easily established without any in-person
meetings.

-- 
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc.      https://bitpay.com/




More information about the bitcoin-dev mailing list