Wladimir [ARCHIVE] on Nostr: 📅 Original date posted:2014-05-23 📝 Original message:On Thu, May 22, 2014 at ...
📅 Original date posted:2014-05-23
📝 Original message:On Thu, May 22, 2014 at 8:06 PM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> Related: Current multi-sig wallet technology being rolled out now,
> with 2FA and other fancy doodads, is now arguably more secure than my
> PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
> wallet (set of keys), with all the associated theft/data
> destruction/backup risks.
>
> The more improvements I see in bitcoin wallets, the more antiquated my
> PGP keyring appears. Zero concept of multisig. The PGP keyring
> compromise process is rarely exercised. 2FA is lacking. At least
> offline signing works well. Mostly.
Would be incredible to have multisig for git commits as well. I don't
think git supports multiple signers for one commit at this point -
amending the signature replaces the last one - but it would allow for
some interesting multi-factor designs in which the damage when a dev's
computer is compromised would be reduced.
Sounds like a lot of work to get a good workflow there, though.
My mail about single-signing commits was already longer than I
expected when I started writing there. Even though the process is
really simple.
Though if anyone's interest is piqued by this, please pick it up.
Wladimir
📝 Original message:On Thu, May 22, 2014 at 8:06 PM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> Related: Current multi-sig wallet technology being rolled out now,
> with 2FA and other fancy doodads, is now arguably more secure than my
> PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
> wallet (set of keys), with all the associated theft/data
> destruction/backup risks.
>
> The more improvements I see in bitcoin wallets, the more antiquated my
> PGP keyring appears. Zero concept of multisig. The PGP keyring
> compromise process is rarely exercised. 2FA is lacking. At least
> offline signing works well. Mostly.
Would be incredible to have multisig for git commits as well. I don't
think git supports multiple signers for one commit at this point -
amending the signature replaces the last one - but it would allow for
some interesting multi-factor designs in which the damage when a dev's
computer is compromised would be reduced.
Sounds like a lot of work to get a good workflow there, though.
My mail about single-signing commits was already longer than I
expected when I started writing there. Even though the process is
really simple.
Though if anyone's interest is piqued by this, please pick it up.
Wladimir