Author: Melvin Carvalho 2013-05-14 19:16:28
Published on: 2013-05-14T19:16:28+00:00
In a message dated May 14th, 2013, developer Peter Todd discussed the importance of using PGP fingerprints as a security measure in talks and presentations. He acknowledged that while an attacker could potentially change videos after the fact, the wide audiences and opportunities for fraud to be discovered made it reasonable to use PGP fingerprints in slides. Todd also emphasized the importance of the web-of-trust in PGP and how multiple verifications add up to ensure validity. In terms of software development, Todd noted that better code signing practices are necessary but must be accompanied by a way to ensure the keys signing the code are valid. To protect his own PGP key, Todd uses a hardware smartcard to store it and keeps his master signing key separate from day-to-day signing subkeys. Todd signed off by posing a question about whether PGP keyservers could suffer from a similar 51% attack as the bitcoin network.
Updated on: 2023-06-06T16:55:51.705081+00:00