From: Gregory Maxwell <gmaxwell@gmail•com>
To: Kyle Jerviss <bitcoin-devel@jerviss•org>
Cc: Bitcoin Development <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
Date: Fri, 23 May 2014 10:32:34 -0700 [thread overview]
Message-ID: <CAAS2fgR39ChTjhmY-wpcgUoHWGJenazQyOaj5=ym5zYOHiFQig@mail.gmail.com> (raw)
In-Reply-To: <537F7BE2.6010006@jerviss.org>
On Fri, May 23, 2014 at 9:48 AM, Kyle Jerviss <bitcoin-devel@jerviss•org> wrote:
> Multisig is great for irreversible actions, but pointless most of the
> time, which is why no PGP developer or user ever thought to implement it.
>
> If you lose a key and an attacker signs a bogus email or commit with it,
> we all roll back with no lasting harm done.
PGP in general is not very thoughtful about security. There are a lot
of things it does poorly. This is easily excusable considering the
historical context it came from— it was the first real cryptographic
tool I used, at the time its distribution had concerns about legality,
just getting things into people's hands was an achievement enough.
From a cryptosystem perspective much more powerful things can be done
now, but there is a long way to go in figuring out how to many any
cryptographic tool usable to people.
PGP is a general purpose tool— which is the hardest kind to write— its
also used in a lot of irreversible contexts: If your key deploys a bad
software release and it steals everyone's data or wipes their disks—
thats not an irreversible action by any means.
If you want threshold pgp though— it's possible. The RSA cryptosystem
is directly compatible with threshold cryptography. It's just that no
one has written the tools. There are implementations of the bare
cryptosystem however.
One of my longer term would-be-nice goals for a upgrade bitcoin script
2.0 would be being thoughtful enough in the design that it could be
adopted as a signing cryptosystem in other applications (e.g. tools
similar to GPG)— allowing for things like creating a public key which
can only issue trust level 0 certifications, only certifications for
certain organizations (e.g. *.debian.org) unless thresholded with an
offline key, or only signing for messages meeting a certain
programmatic predicate generally.
next prev parent reply other threads:[~2014-05-23 17:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-21 12:23 Wladimir
2014-05-21 16:39 ` Chris Beams
2014-05-21 17:10 ` Wladimir
2014-05-21 20:30 ` Mark Friedenbach
2014-05-21 21:02 ` Gregory Maxwell
2014-05-22 18:06 ` Jeff Garzik
2014-05-23 0:25 ` Peter Todd
2014-05-23 7:12 ` Wladimir
2014-05-23 16:38 ` Mark Friedenbach
2014-05-23 16:48 ` Kyle Jerviss
2014-05-23 17:32 ` Gregory Maxwell [this message]
2014-05-23 10:23 ` Wladimir
2014-06-09 15:34 ` Chris Beams
2014-05-21 20:25 ` David A. Harding
2014-05-22 1:09 ` Chris Beams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAS2fgR39ChTjhmY-wpcgUoHWGJenazQyOaj5=ym5zYOHiFQig@mail.gmail.com' \
--to=gmaxwell@gmail$(echo .)com \
--cc=bitcoin-devel@jerviss$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox