tmsr - Search: i

172900+ entries in 8.894s

assbot: Logged on 17-01-2015 22:34:54; davout: asciilifeform: yeah, that's what i was reading, it mentions user ids in the subpackets spec, but i'm unsure whether that includes an actual key fingerprint, i tend to understand that it doesn't

Apocalyptic: ^ I asked myself the same

davout: i could tell

davout: mircea_popescu: try with this guy -> http://pastebin.com/raw.php?i=bxxZyms9

mircea_popescu: who the fuck did this i have nfi.

mircea_popescu: one more reason gpg has to be rewritten i guess.

mircea_popescu: i just have.

davout: i'll let you read the convo

davout: well, i was just reading about them in the deedbot spec

asciilifeform: mircea_popescu: what is this. every office park where i live has cleaners.

PeterL: ok, I'll take that

davout: by this account i'm a core contributor to bitcoin too, i reset testnet once, fuck it

davout: ah, yea lol, i had a look to see if this chick had any other commits on the project, seems like it's her sole 'contribution' to the whole thing

PeterL: wait, which am I?

mircea_popescu: the "o look mom, i made a github commit. it changes the spelling of comments" thing

nanotube: kakobrekla: i have no idea why i keep keyid as a separate column in db either. probably something grandfathered in...

davout: i see

Apocalyptic: just take the bitcoin network, it performs 2**64 hashes in 60 seconds at current hashrate if I'm not mistaken

davout: and i guess even in the case of a keyid collision that has no impact on actual signature verification

asciilifeform: original pgp was not an apparatus for one-off deals with strangers, but something to use between friends, as i understand.

kakobrekla: i was afraid you gonna say that.

davout: asciilifeform: yeah, that's what i was reading, it mentions user ids in the subpackets spec, but i'm unsure whether that includes an actual key fingerprint, i tend to understand that it doesn't ☟︎

undata: I negrate you

undata: say you and I make an agreement and you fail to execute your side

davout: i think we should've stuck to lighting these jasmine candles :-)

undata: I'm done arguing

undata: I have witnessed that fact and I sign and note the time

undata: two parties presented themselves to me and both said "I agree to whatevers in this blob"

undata: or I'll go sit on a park bench and call myself a notary

davout: i mean, even in that case, what's the worst that could happen? specifically?

undata: I'm hacking on it as well

undata: I don't like it

davout: for all i care the bot could hang out in -assets, and notarize whatever is asked from whoever has voice, sounds like the simplest straight-to-the-point approach to me

davout: undata: i didn't spec it, ask mp for the rationale -> http://log.bitcoin-assets.com/?date=30-08-2014#815284 ☝︎

undata: or have I missed something

punkman: so I guess v4 sigs don't have fingerprints either

davout: kakobrekla: tbh if verifying the signature on notarized data is not considered necessary i don't think it's a big issue if the dump is unsigned

Apocalyptic: I confess that surprises me, had imagined the full fp would be somewhere

punkman: I think there is, but not 100% sure

Apocalyptic: punkman, thanks for the link, but I mean that there should be something in the clearsigned message structures that clearly identifies the key that produced it

Apocalyptic: I wonder what the behaviour is if you have two pubkeys in your keyring with the same eight bytes key id and you're trying to verify a message

Apocalyptic: then it's settled I guess

Apocalyptic: davout, re "looks like this can't be verified correctly without either relying on a keyid as an actual key unique identifier OR keeping a synchronized keyring and actually verifying the signature" I suspect there actually is, playing with the source atm

davout: undata: "the wot is an excellent tool for making good decisions about establishing those" <<< sure, but i'm not sure why the notarization *tool* would enforce that, i defo don't feel strongly enough about it to argue the point either way

davout: Apocalyptic: i've started poking at it yep

undata: kakobrekla: yes, that's what I meant

kakobrekla: not what i mean

davout: yeah, i put fpr or keyid in url, you spit out the fpr, actually no that's dumb

kakobrekla: you still need to check i didnt give you garbage no

kakobrekla: you mean you input keyid and i output fp

Apocalyptic: I can see a quite unpleasant spam attack otherwise

davout: punkman: mebbe i'm wrong here, lemme try and find a reference

davout: kakobrekla: i agree, it's bad if you rely on keyids to actually identify the key, but if you output the actual full fingerprints in the returned json one can make an educated choice

davout: Apocalyptic: yeah, i think mp mentioned somewhere that verifying the sig is not necessary

undata: I've got a friend with a decent golang bot on github

davout: Apocalyptic: "you have to validate the sig" <<< no i don't think so

davout: if i don't have the key in my own keyring it doesn't seem possible to extract the fingerprint from a signed message

undata: as for english as I delve into a few other languages on duolingo I find my native tongue ever more horrifying

davout: that would work when listing keys, i can't seem to get it work when piping a clearsigned msg to "gpg -v -v --fingerprint"

davout: "replace keyid with fp ?" <<< sure, but how do i get the fpr from a signed message? gpg -v -v will just return the key id

davout: kakobrekla: "nfi why nano keeps keyid field in his db" <<< if you keep the fingerprint you're automatically keeping the key id as far as i understand since the key id is simply the second half of the fpr

davout: thing is, i was also reading mp's deedbot spec, the part i was wondering about was the "extract keyid from signed message, and use it in w.b-a.link URL"

davout: yea, i was reading gpg's rfc yesterday and found out that they aren't supposed to be relied upon for unicity

kakobrekla: spill i mean

kakobrekla: and i like it

kakobrekla: fuck i read

ben_vulpes: as someone somewhere once said "i don't hire developers who spell well, i hire developers who mispell consistently."

punkman: ben_vulpes, I think "their/they" was being used long before the queers adopted it

punkman: http://i.imgur.com/Pg5CRSB.png

davout: ben_vulpes: wasn't sure about that, I assumed a weakness in my own english since no one brought that up, but it did sound slightly weird, thanks for clearing it up!

davout: undata: i like ruby :)

ben_vulpes: <danielpbarron> i tried to make a raw tx once, got rejected by my own node for having too small a fee << heinous

asciilifeform: perhaps i should have given more proof

asciilifeform: ben_vulpes: iirc, i did mention 'can pull up arbitrary tx' as part of what a 'whole bitcoin node' has to do

danielpbarron: i tried to make a raw tx once, got rejected by my own node for having too small a fee

ben_vulpes: say i have the transaction hash (aka txid) and output index - how do i get the pubkey those coins were sent to?

ben_vulpes: how do i get the pubkey for a given output?

ben_vulpes: (one can sign anything at any time - that's not the problem. the problems crop up in a) knowing the sigs are valid and b) the multi-input, multi-privkey transaction generation use-case: how am i to know which privkeys are to be used to sign which inputs, and furthermore [and somewhat recursively] how do i know those signatures to be valid?)

danielpbarron: i thought all you need to know is the tx id of the outputs you want to use, the private keys of the coresponding addresses, a destination, and an amount

ben_vulpes: i don't know that a bitcoind would be able to verify a transaction without access to the full inputs

danielpbarron: i'd say TA is more like starcraft

ben_vulpes: i'm starting to see some of the rationale behind the wallet paradigm - creating transactions for signing requires being able to retrieve arbitrary transactions from the blockchain

ben_vulpes: i don't really know how the transmission of btc is supposed to work for the thing

gabriel_laddel: they're in the same vein of games such as diablo I&II, baulders gate, path of exile etc. Not in terms of gameplay, but overall attention to detail and cohesive structure.

mircea_popescu: somehow i've never played either.

ben_vulpes: http://trilema.com/2015/open-deed-system-for-bitcoin-assets/ << wish i had time for this one

mircea_popescu: "I've lived in filth, I've lived in sin, but I still smell cleaner than the shit you're in"

ben_vulpes: i awoke to sewage leaking around the bathtub plug actuator

assbot: Dear All, My name is Coco, I am a 20 year old Chinese girl and I have just arrived fr ... ( http://bit.ly/1yvXNPk )

kakobrekla: why are you asking me, do you think i know ?

mircea_popescu: PeterL i guess 1.7 -> 2 0.1 -> 0

kakobrekla: i think it didnt work

mircea_popescu: > 0 i hope.

mircea_popescu: lol i read that as "toe online" was o.O

PeterL: there was talk earlier about newspapers. I find good local reporting at http://mlive.com and my sister-in-law writes for http://tooeleonline.com/

mircea_popescu: move to hungary. i hear they're going all fascist.

mircea_popescu: kakobrekla im pretty sure i v'd here.

mircea_popescu: decimation i propose excluding that entire thing.

mircea_popescu: camweon's a total heel. i have nfi whatabout england produces such contemptible sacks of shit. i thought blair was an exception, but apparently he was just a harbringer.

mircea_popescu: decimation i bet you the guy does not even currently ~KNOW~ that that's what's being discussed.