Bitcoin Forum
January 17, 2018, 03:47:08 AM *
News: Electrum users must upgrade to 3.0.5 if they haven't already. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Satoshi's PGP key  (Read 1994 times)
flatfly
Legendary
*
Offline Offline

Activity: 1022


View Profile
January 17, 2013, 10:19:03 PM
 #1

As I've been playing around with PGP recently, I've discovered something that surprised me: Satoshi's key
(5EC948A1) is signed by only one additional user, named lzsaver@gmail.com. After some more research, it
turns out that this is none other than bitcointalk moderator "LZ" on the Russian subforum. 

1. Why hasn't it been signed by other key members (Gavin, theymos, etc)?
2. Does it mean that LZ personally knows satoshi?  Or am I misunderstanding the significance of this?
 

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
1516160828
Hero Member
*
Offline Offline

Posts: 1516160828

View Profile Personal Message (Offline)

Ignore
1516160828
Reply with quote  #2

1516160828
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1516160828
Hero Member
*
Offline Offline

Posts: 1516160828

View Profile Personal Message (Offline)

Ignore
1516160828
Reply with quote  #2

1516160828
Report to moderator
1516160828
Hero Member
*
Offline Offline

Posts: 1516160828

View Profile Personal Message (Offline)

Ignore
1516160828
Reply with quote  #2

1516160828
Report to moderator
kgo
Hero Member
*****
Offline Offline

Activity: 549


View Profile
January 17, 2013, 11:08:10 PM
 #2

Don't have time to look it up now, but did Satoshi sign lzsaver's key as well?  If not then the signature indicates nothing.  I could generate a key called obama@whitehouse.gov and use it to sign Satoshi's key.  There's no way for him to approve or disavow my signature, unless he also signs my key, indicating he accepts its validity.

Best practices call for exchanging key fingerprints in person, and showing government identification, before signing someone's key, so:

(a) you have established their real-world identity is valid, and

(b) that they do indeed control the key in question and there isn't a MiTM attack.

Since none of the key community members have actually been able to do this, it makes sense that they haven't signed his key.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
January 17, 2013, 11:11:28 PM
 #3

Anyone can sign anyone elses key.  You can't even prevent someone from signing your key if you don't want them too.  Also most PGP clients allow the option to sign offline.  This allows you to secure the key against replacement (a PGP attack vector) but keep that signing private.  Lastly different people have diffrent criteria for signing other people keys.  Hell some people just sign keys to avoid the warning message about potentially sending to an unknown party.

So yes you are making too much of it.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!