📅 Original date posted:2014-05-22
📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've got a PGP smart card reader and card with a securely generated key and pin entered per signature.
Re: multisig, that's precisely why we want more than just a single maintainer signing commits.
PGP isn't perfect, but perfect is the enemy of good.
On 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik <jgarzik at bitpay.com> wrote:
>Related: Current multi-sig wallet technology being rolled out now,
>with 2FA and other fancy doodads, is now arguably more secure than my
>PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
>wallet (set of keys), with all the associated theft/data
>destruction/backup risks.
>
>The more improvements I see in bitcoin wallets, the more antiquated my
>PGP keyring appears. Zero concept of multisig. The PGP keyring
>compromise process is rarely exercised. 2FA is lacking. At least
>offline signing works well. Mostly.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8
cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS
9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA
Wq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2
of0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd
H/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC
yhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ
Scv/
=GdA4
-----END PGP SIGNATURE-----
Peter Todd [ARCHIVE] /
npub1m2…a2np2
2023-06-07 15:21:55
in reply to nevent1q…ykyh
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 15:21:55Event JSON
{
"id": "001989f604f39fbf9e268af99e73da580dd583d08cbdc9750fefdc19c926ce5f",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686151315,
"kind": 1,
"tags": [
[
"e",
"6ed0060b87c02af20d6af6fded563264095ae2a36fee168b566cb3b0da703edb",
"",
"root"
],
[
"e",
"3133299fb489b1597600a52ec12921c6734ad4d6daa6dc884b20138bc2a1d316",
"",
"reply"
],
[
"p",
"b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11"
]
],
"content": "📅 Original date posted:2014-05-22\n📝 Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nI've got a PGP smart card reader and card with a securely generated key and pin entered per signature.\n\nRe: multisig, that's precisely why we want more than just a single maintainer signing commits.\n\nPGP isn't perfect, but perfect is the enemy of good.\n\n\nOn 22 May 2014 21:06:10 GMT+03:00, Jeff Garzik \u003cjgarzik at bitpay.com\u003e wrote:\n\u003eRelated: Current multi-sig wallet technology being rolled out now,\n\u003ewith 2FA and other fancy doodads, is now arguably more secure than my\n\u003ePGP keyring. My PGP keyring is, to draw an analogy, a non-multisig\n\u003ewallet (set of keys), with all the associated theft/data\n\u003edestruction/backup risks.\n\u003e\n\u003eThe more improvements I see in bitcoin wallets, the more antiquated my\n\u003ePGP keyring appears. Zero concept of multisig. The PGP keyring\n\u003ecompromise process is rarely exercised. 2FA is lacking. At least\n\u003eoffline signing works well. Mostly.\n-----BEGIN PGP SIGNATURE-----\nVersion: APG v1.1.1\n\niQFQBAEBCAA6BQJTfpWNMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8\ncGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhfVGB/448B6UvhN7bmFQxmLS\n9+wlhWGYioJKUPspz2Wtk0p8v1y1XlDt0UxC+5ODin4a/Zk0+0x4G4MWyaUP1TnA\nWq9FquY3MwTXDrwWzmeQR4QcRbC+EMMk6kXswzT4d/2clUwB1pLl2MYGnS9DjUK2\nof0kzZEbaQvxSKcFmvuqhz0QqGy84pkHAFBHfopS1j4WqIZpelUMzBGRYP8D1IQd\nH/M2YxdQ7T8peiNigqWSyllchKqGoLG+KEr3mvTYRLkxoYw5XTcFyc5AmuTRfzEC\nyhRc7CJwTZjHYahgZRPGJQM0qeopdIVAifCu9NoPgdkyuQL+X8XSidrU5Kbv/YeZ\nScv/\n=GdA4\n-----END PGP SIGNATURE-----",
"sig": "ef0d791fd8a7ad327e719e018f61aa6d8395211022e719cc7480c723afb1a8d8c36efb25605969a8ec34e4af529f2d0263771bc8a722a4b389ead576fe7416a0"
}