mircea_popescu: ;;gpg

mircea_popescu: today, the masses are in the exact situation, the signature is gpg.

mircea_popescu: in other news, i'm getting artists to create gpg keys and at an incredible rate.

mircea_popescu: it would actually lower gpg security.

mircea_popescu: "use gpg and stfu" ?

mircea_popescu: i guess people need to use gpg more

mircea_popescu: you're going to "imagine we use gpg to sign transactions on the client side so even if the attacker gets your server there's jack shit he can do as he can't enter arbitrary txs" ?

mircea_popescu: my gpg sig has the mother of all a-literations too

mircea_popescu: (gpg contracts, gpg orders)

mircea_popescu: list of holder gpg keys encrypted with owner's key publioshed on btctalk

mircea_popescu: yeah. nm, i thought you meant gpg.

mircea_popescu: wait. you mean gpg verify or bitcoin addy sig verify ?

mircea_popescu: ThickAsThieves it certainly wouldn't be for an exchange that doesn't offer signed proofs and doesn't use gpg contracts.

mircea_popescu: ;;google gpg contracts

mircea_popescu: gpg encrypts it in its keyring.

mircea_popescu: you need the key, on gpg.

mircea_popescu: so then open a terminal and go gpg

mircea_popescu: if you're on linux just run gpg

mircea_popescu: ThickAsThieves next they implement gpg

mircea_popescu: have good encryptioon between trade engine and webservers - even if your users don't know gpg you do.

mircea_popescu: gpg signed contracts, that's ux.

mircea_popescu: i don't expect users to grok commandline gpg.

mircea_popescu: there's parts about mpex that are very open, such as for instance the use of gpg to protect orderflow

mircea_popescu: TradeFortress gpg isn't the point there tho.

mircea_popescu: jurov did you gpg sign it ?

mircea_popescu: on mpex ? you get gpg signed receipts for trades / acct statements

mircea_popescu: ;;gpg info MagicalTux

mircea_popescu: Step 4. Your account is now set up, you can use it in full confidence. Yes, this includes the inconvenient step of transferring GPG-encoded strings from a cold machine to a hot machine.

mircea_popescu: i should reject all gpg sigs that don't include idpic

mircea_popescu: so gpg says.

mircea_popescu: i gpg --clearsign that -> detached signature.

mircea_popescu: i gpg --clearsign "hi". works.

mircea_popescu: for some reason gpg thinks it's a detached signature ?!

mircea_popescu: gpg kinda predates the internet

mircea_popescu: if i lost my gpg key i'd be like...

mircea_popescu: the only concern is not losing the user's gpg keys

mircea_popescu: ;;gpg info JoshRossi

mircea_popescu: ;;gpg info joshrossi

mircea_popescu: are you cleanly doing your encoding ? is your key correct ? (siometimes gpg defaults to wrong key, use a ! at the end of your keyid to force)

mircea_popescu: Namworld gpg --encrypt --armor -r F1B69921

mircea_popescu: then gpg --clearsign

mircea_popescu: you put the gpg result.

mircea_popescu: you can also issue orders through it, via $post blabla, where blabla is the url of a pastebin where you've uploaded your gpg encrypted clearsigned order

mircea_popescu: hey, i paid for otc/gpg lessons

mircea_popescu: the catastrophic failure mode is for each issuer to get a gpg-encypted list of the holder's fingerprints. much like rg got on the delisting of s.bvps

mircea_popescu: the gpg parser mostly ignores spaces/newlines/etc EXCEPT it wants a newline after the begin sig tag

mircea_popescu: the structure of a gpg signed message is, there's a header (begin blabla, comment whatever), then a message, then a signature ehader, then the signature

mircea_popescu: think about it, they're gpg signed

mircea_popescu: like gpg --list-keys --fingerprint

mircea_popescu: but it's the fact. first financial institution to use gpg ? mpex.

mircea_popescu: for 30 btc and a little gpg knowledge.

mircea_popescu: Ukto like gpg signed ?

mircea_popescu: omg MPEx fees and gpg and asshole MP!!!!!!1

mircea_popescu: gpg is like that too. crazy the 1st time

mircea_popescu: well, the gpg part. how do they verify ?

mircea_popescu: actually the people who deal dope and the people who use gpg are like oil and water it seems.

mircea_popescu: sign a gpg contract, do a push,

mircea_popescu: i know nothing at all. you can create a gpg sig right now as 34jk5hty895ytg9g4t

mircea_popescu: someone sent me an email which literalyl reads "gpg --armor --output pubkey.txt -- export <their name>"

mircea_popescu: you just start gpg and paste the content of gribble's link in there

mircea_popescu: you then decrypt the contents of that link in gpg

mircea_popescu: midnightmagic http://trilema.com/2012/gpg-contracts/

mircea_popescu: Luke-Jr http://trilema.com/2012/gpg-contracts/

mircea_popescu: it's 100% safe in the sense that gpg is gpg.

mircea_popescu: on the third try but they did it. gpg has a curve.

mircea_popescu: you have a gpg contract with your gf ?

mircea_popescu: ukto added gpg to bf ?

mircea_popescu: waaah, mpex uses proven encryption but gpg is hard and the submit screen is plain...

mircea_popescu: i love the shock people get when they discover that... wait!!!! while we knew better and ignoed gpg and didn't user irc and etc stuff was happening!

mircea_popescu: http://www.madboa.com/geek/gpg-quickstart/ see that.

mircea_popescu: it's one point that's been gained through experience so far, gpg is good.

mircea_popescu: but otherwise yes, gpg is the correct way to handle that.

mircea_popescu: 99% of the time it's what fucks up gpg signed stuff

mircea_popescu: kuzetsa gpg!

mircea_popescu: register there and I've never used GPG or something like that. :)

mircea_popescu: ukto apparently for thinking nefario can run gpg --clearsing by hand ?

mircea_popescu: ;;google gpg contracts

mircea_popescu: all the while, inaba is explaining why the nebulous conflartion of gpg, wot and everything else in his head is "marginal"

mircea_popescu: this had better been gpg.

mircea_popescu: http://trilema.com/2012/gpg-contracts/#comment-90442 << how the fuck do i end up with all the crazies ?

mircea_popescu: there's three ways i can see gpg contracts going on

mircea_popescu: http://trilema.com/2012/gpg-contracts/#comment-90403 << for shits and giggles.

mircea_popescu: knotwork nah gpg string is just submited as a post to an url.

mircea_popescu: http://www.reddit.com/r/Bitcoin/comments/122wqi/gpg_should_be_replaced_with_btc_my_reply_to_gpg/c6t9w62

mircea_popescu: not unless either some servers are seriously broken into or someone cracks gpg

mircea_popescu: well, unless someone manages to crack gpg

mircea_popescu: http://www.reddit.com/r/Bitcoin/comments/120zdj/gpg_contracts_vs_traditional_contracts_law/c6reke8 someone should point out the WOT to this guy

mircea_popescu: http://coinbits.com/2012/10/24/gpg-contracts-vs-traditional-contracts-law/ what the hell is this thing supposed to be ?!

mircea_popescu: smickles http://www.reddit.com/r/Bitcoin/comments/120zdj/gpg_contracts_vs_traditional_contracts_law/ gib a vote man

mircea_popescu: smickles : that big piece on gpg contracts i was saying i'm writing : http://trilema.com/2012/gpg-contracts/

mircea_popescu: and this was like, 3 days after i explained gpg to him. understand, guy didn't even know linux existed on like, the 5th

mircea_popescu: in truth, much of the beauty of gpg is lost on the avg internet user.

mircea_popescu: and that faces serious problems because glbse never used gpg keys. and so...

mircea_popescu: online the gpg system might be sufficient (hasn't really been tested yet)

mircea_popescu: BTC-Mining well, i'll give you 10 BTC which is admittedly more than market value and you sign a gpg receipt renouncing any claim on that contract.

mircea_popescu: once he submits a gpg signed apology for his idiocy yest

mircea_popescu: i think actually it should be "illegal" to have an exchange w/o gpg from now on.

mircea_popescu: Oct 01 01:47:42 <mircea_popescu> Obsi ty, but it doesn't seem like anyone has a choice. glbse is going away. now's everyone's change to learn gpg.