π
Original date posted:2014-03-22
π Original message:In case you didn't see this yet,
http://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html
If you're using PGP to verify Bitcoin downloads, it's very important that
you check you are using the right key. Someone seems to be creating fake
PGP keys that are used to sign popular pieces of crypto software, probably
to make a MITM attack (e.g. from an intelligence agency) seem more
legitimate.
I think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign
the Windows binaries? If not it'd be a good idea, if only because AV
scanners learn key reputations to reduce false positives. Of course this is
not a panacea, and Linux unfortunately does not support X.509 code signing,
but having extra signing can't really hurt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140322/c95184e6/attachment.html>;
Mike Hearn [ARCHIVE] /
npub17tβ¦4qgyd
2023-06-07 15:16:01
in reply to nevent1qβ¦cled
Author Public Key
npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgydPublished at
2023-06-07 15:16:01Event JSON
{
"id": "b43192fcc5d058834cecadb4970080fd784b3b25c23830bc8816f3683afb84cc",
"pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2",
"created_at": 1686150961,
"kind": 1,
"tags": [
[
"e",
"11b062e07d71031e2a0a56717c23f94d417b0aad6e8d87b9b6991898d559b008",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "π
Original date posted:2014-03-22\nπ Original message:In case you didn't see this yet,\n\nhttp://gavintech.blogspot.ch/2014/03/it-aint-me-ive-got-pgp-imposter.html\n\nIf you're using PGP to verify Bitcoin downloads, it's very important that\nyou check you are using the right key. Someone seems to be creating fake\nPGP keys that are used to sign popular pieces of crypto software, probably\nto make a MITM attack (e.g. from an intelligence agency) seem more\nlegitimate.\n\nI think the Mac DMG's of Core are signed for Gatekeeper, but do we codesign\nthe Windows binaries? If not it'd be a good idea, if only because AV\nscanners learn key reputations to reduce false positives. Of course this is\nnot a panacea, and Linux unfortunately does not support X.509 code signing,\nbut having extra signing can't really hurt.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140322/c95184e6/attachment.html\u003e",
"sig": "6c9c79792f6b95218dc4ff6e64ea156faa496709288ab7a2f13263fe766d92159304c6c6f90aba4a639bab2f563341062bb39774132fe4059d681767b2674725"
}