Author: Peter Todd 2013-05-14 19:31:41
Published on: 2013-05-14T19:31:41+00:00
On May 14, 2013, Melvin Carvalho posted a message on the bitcoin-development mailing list. He mentioned that he takes security seriously and uses a hardware smartcard to store his PGP key. He also keeps his master signing key separate from his day-to-day signing subkeys. Furthermore, Melvin regularly PGP signs emails, which allows anyone to verify if they have the right key by checking the signatures in the mailing list archives. However, he acknowledged that a truly dedicated attacker could potentially sign something without his knowledge. In response to Melvin's post, Peter Todd asked whether PGP keyservers could suffer from a similar 51% attack as the bitcoin network. He questioned what guarantees a keyserver provides about the keys it returns.
Updated on: 2023-06-06T16:55:32.782480+00:00