📅 Original date posted:2014-09-15 📝 Original message:On Mon, Sep 15, 2014 at ...

Jeff Garzik [ARCHIVE] /

npub1kf0…3f58

2023-06-07 15:25:45

in reply to nevent1q…c8fr

📅 Original date posted:2014-09-15
📝 Original message:On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander <thomas at thomaszander.se> wrote:
> Any and all PGP related howtos will tell you that you should not trust or sign
> a formerly-untrusted PGP (or GPG for that matter) key without seeing that
> person in real life, verifying their identity etc.

Such guidelines are a perfect example of why PGP WoT is useless and
stupid geek wanking.

A person's behavioural signature is what is relevant. We know how
Satoshi coded and wrote. It was the online Satoshi with which we
interacted. The online Satoshi's PGP signature would be fine...
assuming he established a pattern of use.

As another example, I know the code contributions and PGP key signed
by the online entity known as "sipa." At a bitcoin conf I met a
person with photo id labelled "Pieter Wuille" who claimed to be sipa,
but that could have been an actor. Absent a laborious and boring
signed challenge process, for all we know, "sipa" is a supercomputing
cluster of 500 gnomes.

The point is, the "online entity known as Satoshi" is the relevant
fingerprint. That is easily established without any in-person
meetings.

--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/

Author Public Key

npub1kf0ppcjaguxekg24yx6smgxlu73qn0k8lm0t2wrqc0scpl7u3sgsmf3f58

Show more details

Published at

2023-06-07 15:25:45

Kind type

1 Short Text Note

Event JSON

{ "id": "5ac5a0f4541823020b016fa3874fbe1e8b508b37454d1b45eff5fbc0b73b671e", "pubkey": "b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11", "created_at": 1686151545, "kind": 1, "tags": [ [ "e", "eaac3fd254257c5f067156e98a14f377d806c5143b78136b7c018a295cb8236e", "", "root" ], [ "e", "f1179e5fe97d7436e483aea07fdc679dfe7d76f9afd7f8cc9e352d0668054cdf", "", "reply" ], [ "p", "e316966328c4cb66c34719ef9a7b3bc54ef601663ad4ab06185991237735aa19" ] ], "content": "📅 Original date posted:2014-09-15\n📝 Original message:On Mon, Sep 15, 2014 at 3:23 AM, Thomas Zander \u003cthomas at thomaszander.se\u003e wrote:\n\u003e Any and all PGP related howtos will tell you that you should not trust or sign\n\u003e a formerly-untrusted PGP (or GPG for that matter) key without seeing that\n\u003e person in real life, verifying their identity etc.\n\nSuch guidelines are a perfect example of why PGP WoT is useless and\nstupid geek wanking.\n\nA person's behavioural signature is what is relevant. We know how\nSatoshi coded and wrote. It was the online Satoshi with which we\ninteracted. The online Satoshi's PGP signature would be fine...\nassuming he established a pattern of use.\n\nAs another example, I know the code contributions and PGP key signed\nby the online entity known as \"sipa.\" At a bitcoin conf I met a\nperson with photo id labelled \"Pieter Wuille\" who claimed to be sipa,\nbut that could have been an actor. Absent a laborious and boring\nsigned challenge process, for all we know, \"sipa\" is a supercomputing\ncluster of 500 gnomes.\n\nThe point is, the \"online entity known as Satoshi\" is the relevant\nfingerprint. That is easily established without any in-person\nmeetings.\n\n-- \nJeff Garzik\nBitcoin core developer and open source evangelist\nBitPay, Inc. https://bitpay.com/", "sig": "1dcf0a35cef6b80a772917a51586740b31d2669f1c240dbb2a69c8c57ae8a908688b111dc6f18a529c962be60c9ed0fd7067b60b2865a2a033d367fae7745bc9" }