Should PGP keys be made mandatory for high ranks?

[Carlton Banks]

This is a bitcoin forum, so it is guaranteed that (at least) every legendary member has a bitcoin wallet and is capable of signing a message with his private key. Security of that digital signature (ECDSA) is no less than security of PGP signatures (RSA or DSA). But the problem is most members don't have any use for PGP so you would be forcing them to use something they don't need.

Sure, but email clients don't have plugins to decrypt messages encrypted using Bitcoin keys. And the software to sign and decrypt messages in a browser via PGP keys exists, and is mature. No such thing exists for Bitcoin, namely because Bitcoin keys aren't intended for the that purpose.

There's no good reason to be sending unencrypted email in 1999, let alone 2019. Especially a forum concerning leading cryptography tools.

P.S. BIP322 exists for signing standard.

Ok, but it's not yet accepted. We at least need to wait for that, then we have to wait for the majority of Bitcoin wallets to roll that standard out. Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard). And PGP has interfaces with alot of other types of software.

[1715355280]

1715355280

[asche]

Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard).

You are repeating yourself.

So can all legacy bitcoin clients with any legacy addy.

[Carlton Banks]

Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard).

You are repeating yourself.

So can all legacy bitcoin clients with any legacy addy.

I'm gonna repeat myself again then: there's no reason why Bitcoin addresses can't be used to recover accounts, PGP is just useful for different reasons as well as that

[asche]

I'm gonna repeat myself again then: there's no reason why Bitcoin addresses can't be used to recover accounts, PGP is just useful for different reasons as well as that

But PGP is already accepted for that purpose as well!

There is exactly no point in making it mandatory.

[LTU_btc]

I don't see need to make PGP keys mandatory for high ranked members. Even staked Bitcoin addresses with signed message isn't mandatory. It's optional thing for users who want to secure their accounts and recover it in case if it will be hacked. Same thing with PGP keys. For other reasons, I just don't see how it would be beneficial for every high ranked member to have PGP key. If you want - let's do it, but we don't need to force everyone to have PGP key.

[Carlton Banks]

I don't see need to make PGP keys mandatory for high ranked members. Even staked Bitcoin addresses with signed message isn't mandatory. It's optional thing for users who want to secure their accounts and recover it in case if it will be hacked. Same thing with PGP keys. For other reasons, I just don't see how it would be beneficial for every high ranked member to have PGP key. If you want - let's do it, but we don't need to force everyone to have PGP key.

Any account would be more secure if it had a 2nd factor to authenticate it. Why not make it mandatory to be eligible for the higher ranks? Why not promote using cryptography standards that have other benefits too? If we design a system to make it secure by default, then the value will increase. Right now, I have email alerts turned off, because they get sent to me unencrypted.

[asche]

For the 2FA part, theymos adressed it multiple times.

Including this in SMF is a too big challenge. It is included in the new version of the forum however (Epochtalk).

[Carlton Banks]

For the 2FA part, theymos adressed it multiple times.

Including this in SMF is a too big challenge. It is included in the new version of the forum however (Epochtalk).

That's interesting. So now I'm pretty enthusiastic about the Epochtalk migration.

[LTU_btc]

Any account would be more secure if it had a 2nd factor to authenticate it. Why not make it mandatory to be eligible for the higher ranks? Why not promote using cryptography standards that have other benefits too? If we design a system to make it secure by default, then the value will increase. Right now, I have email alerts turned off, because they get sent to me unencrypted.

2FA thing was discussed so many times in past that I don't see reasons to repeat.
Extra security is always good thing - better safe than sorry. But in general, it's enough to have signed message from staked address to secure your account and be able to recover it. Offcourse, you can use both if you want - staked address and PGP key, because both things are accepted as proof of ownership. But both things are optional and I don't see theymos going to force every user to have these things.

[TECSHARE]

You people never learn. Have fun destroying what is left of this place.

[Welsh]

Tying in with the badges that are suppose to be coming out soon we could encourage users to register their PGP signature by rewarding a aesthetically pleasing badge. It's been proven to encourage in other sectors of the world. Rather than forcing current users to do it though, I think making it a requirement to progress to a certain rank is probably a good idea. Legendary would be ideal, as true legendary should know how to sign a key!

[Carlton Banks]

Tying in with the badges that are suppose to be coming out soon we could encourage users to register their PGP signature by rewarding a aesthetically pleasing badge.

Right. If there was a "verified" badge for users, and a "confirmed authentic" badge per message, that might be a good enough incentive to drive adoption.