Author: Jeff Garzik 2014-09-15 13:08:48
Published on: 2014-09-15T13:08:48+00:00
In an email conversation between Thomas Zander and Jeff Garzik, the trustworthiness of PGP keys is questioned. The guidelines suggest that one should not trust or sign a formerly-untrusted PGP key without verifying the person's identity in real life. Jeff Garzik argues that such guidelines make the PGP Web of Trust (WoT) useless and that a person's behavioural signature is what is relevant. He believes that the online entity known as Satoshi's PGP signature would be fine, assuming he established a pattern of use. Jeff Garzik also provides an example of knowing the code contributions and PGP key signed by an online entity known as "sipa." However, at a Bitcoin conference, he met someone claiming to be sipa but could have been an actor. In this case, absent a laborious and boring signed challenge process, there is no way to know for sure whether sipa is a supercomputing cluster of 500 gnomes. In conclusion, Jeff Garzik argues that the "online entity known as Satoshi" is the relevant fingerprint and can be easily established without any in-person meetings. Jeff Garzik is a Bitcoin core developer and open source evangelist who works for BitPay, Inc.
Updated on: 2023-06-09T02:33:49.183899+00:00