From: Troy Benjegerdes <hozer@hozed•org>
To: Mike Hearn <mike@plan99•net>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Fake PGP key for Gavin
Date: Sun, 23 Mar 2014 17:12:21 -0500 [thread overview]
Message-ID: <20140323221221.GK3180@nl.grid.coop> (raw)
In-Reply-To: <CANEZrP0NeDetSLXjtWnCaYYjYcdhsa=ne=a6NJOnvEp8yr7YaA@mail.gmail.com>
On Sat, Mar 22, 2014 at 06:03:03PM +0100, Mike Hearn wrote:
> In case you didn't see this yet,
>
> http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
>
> If you're using PGP to verify Bitcoin downloads, it's very important that
> you check you are using the right key. Someone seems to be creating fake
> PGP keys that are used to sign popular pieces of crypto software, probably
> to make a MITM attack (e.g. from an intelligence agency) seem more
> legitimate.
I find it more likely that fake PGP keys are from corporate industrial
espionage and/or organized crime outfits. Intelligence agencies will stick
to compromised X509, network cards, and binary code blobs.
Besides, why would an intelligence agency want your bitcoin when they can
just intercept ASIC miners and make their own?
> I think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign
> the Windows binaries? If not it'd be a good idea, if only because AV
> scanners learn key reputations to reduce false positives. Of course this is
> not a panacea, and Linux unfortunately does not support X.509 code signing,
> but having extra signing can't really hurt.
Uhhmm, real operating system use package managers with PGP instead of pre-
compromised X.509 nonsense. https://wiki.debian.org/SecureApt
--
----------------------------------------------------------------------------
Troy Benjegerdes 'da hozer' hozer@hozed•org
7 elements earth::water::air::fire::mind::spirit::soul grid.coop
Never pick a fight with someone who buys ink by the barrel,
nor try buy a hacker who makes money by the megahash
next prev parent reply other threads:[~2014-03-23 22:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-22 17:03 Mike Hearn
2014-03-22 17:33 ` Gavin Andresen
2014-03-22 18:21 ` Peter Todd
2014-03-23 0:59 ` Oliver Egginger
2014-03-23 22:12 ` Troy Benjegerdes [this message]
2014-03-24 19:44 ` The Doctor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140323221221.GK3180@nl.grid.coop \
--to=hozer@hozed$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=mike@plan99$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox