190700+ entries in 5.771s
davout: punkman: well, you're requesting
a public key, so of course it works :-)
davout: kakobrekla: is there
a way to easily get an array of asswotted fingerprints?
Apocalyptic: which is clearly not
a canonical identification
davout: - not give
a fuck about who signed
a to-be-notarized blob
davout: - maintain
a full asswot keyring on deedbot's server
Apocalyptic: I wonder what the behaviour is if you have two pubkeys in your keyring with the same eight bytes key id and you're trying to verify
a message
davout: - alter spec and add
a gribble dependency
davout: Apocalyptic: RFC 5.2.2 sez
a signature packet contains "Eight-octet Key ID of signer"
Apocalyptic: davout, re "looks like this can't be verified correctly without either relying on
a keyid as an actual key unique identifier OR keeping
a synchronized keyring and actually verifying the signature" I suspect there actually is, playing with the source atm
davout: oh, and it's ppl who have L1/L2 trust from assbot,
a subset from the wot members sez the spec
undata: to summarize what's desired, the bot accepts signed documents from wot members in good standing only, publishes them by burning
a small amount of btc and uploading to
a site?
kakobrekla: punkman ill set up
a daily dump to files.b-
a davout: what *is* specified is that the bot must verify that the signer has L1/L2 assbot trust, looks like this can't be verified correctly without either relying on
a keyid as an actual key unique identifier OR keeping
a synchronized keyring and actually verifying the signature
undata: you'd write the deed bit as
a plugin
Apocalyptic: I can see
a quite unpleasant spam attack otherwise
Apocalyptic: sounds to me like
a dubious choice but heh, if mp sez so
davout: punkman: mebbe i'm wrong here, lemme try and find
a reference
undata: I've got
a friend with
a decent golang bot on github
davout: if i don't have the key in my own keyring it doesn't seem possible to extract the fingerprint from
a signed message
undata:
a shantytown cobbled together with the leftovers of other cultures
undata: as for english as I delve into
a few other languages on duolingo I find my native tongue ever more horrifying
davout: that would work when listing keys, i can't seem to get it work when piping
a clearsigned msg to "gpg -v -v --fingerprint"
davout: "replace keyid with fp ?" <<< sure, but how do i get the fpr from
a signed message? gpg -v -v will just return the key id
davout: thing is, i was also reading mp's deedbot spec, the part i was wondering about was the "extract keyid from signed message, and use it in w.b-
a.link URL"
davout: kakobrekla: would it be hard to make links such as w.b-
a.link/trust/7C1FBEC924FBD66531A02AE3F95E4E395927DC9C/291237F37A2C023CADBED52513288EAB01713428/json work with keyids as well as fingerprints?
ben_vulpes: not that anyone should expect
a "developer" to understand how to write english well - it's hard and takes
a lot of dedicated study.
ben_vulpes:
a plural cannot by definition be
a singular thing.
Apocalyptic: looks like
a valid "singular they" to me, "valid" in the grammatical sense
davout: ben_vulpes: wasn't sure about that, I assumed
a weakness in my own english since no one brought that up, but it did sound slightly weird, thanks for clearing it up!
davout: danielpbarron: iirc with the raw tx thing you can send zero fees without problem, there's however
a safeguard against sending
a massive fee
ben_vulpes: <danielpbarron> i tried to make
a raw tx once, got rejected by my own node for having too small
a fee << heinous
ben_vulpes: "whole blockchain" << and more specifically,
a trivial lookup of txids
danielpbarron: i tried to make
a raw tx once, got rejected by my own node for having too small
a fee
danielpbarron: oh well yeah you need to know the whole blockchain to verify
a tx in that case
ben_vulpes: how do i get the pubkey for
a given output?
ben_vulpes: (one can sign anything at any time - that's not the problem. the problems crop up in
a) knowing the sigs are valid and b) the multi-input, multi-privkey transaction generation use-case: how am i to know which privkeys are to be used to sign which inputs, and furthermore [and somewhat recursively] how do i know those signatures to be valid?)
ben_vulpes: otherwise you just sign hash of txn, index in txn, and have no way to double check that you produced
a valid signature corresponding to the pubkey to which those funds were transmitted originally.
ben_vulpes: to verify that you've created
a valid transaction, you have to have the entirety of the previous output on hand to examine the public key
danielpbarron: i thought all you need to know is the tx id of the outputs you want to use, the private keys of the coresponding addresses,
a destination, and an amount
ben_vulpes: i don't know that
a bitcoind would be able to verify
a transaction without access to the full inputs
ben_vulpes: creating
a raw transaction requires having the previous transaction in hand in full at runtime, so as to extract the pubkey from the previous transaction
ben_vulpes: far easier for the people working on it at the time to make some silly assumptions about what txns
a user would want to sign, and then keep those txns on hand
undata: actually, it appears it would only have to be aware that
a tx has occurred, not send any
undata: ben_vulpes: we have
a buddy with an extensible IRC bot; how's that raw tx backport coming?
ben_vulpes: supreme annihilation's
a pretty fun game
gabriel_laddel: Any #-assets members who will admit to being
a fan of supreme commander or total annihilation?
davout: b-
a is so mean, kakobrekla makes something nice, everyone tries to break it
PeterL: so it lets you input
a fraction, but converts to int?
assbot: You rated user decimation on 17-Jan-2015, with
a rating of 0, and supplied these additional notes: marginal.
assbot: Successfully added
a rating of 0.1 for decimation with note: marginal
mircea_popescu: decimation: there's
a deep hypocrisy here somewhere. apparently the usg entities who are involved with foreign surveillance couldn't possibly do their jobs if they were subject to 'regulation', but of course regular people trying to say, transact bitcoin, have no such reprieve << well, usg entities that deal in bitcoin do have such reprieve currently ?
mircea_popescu: camweon's
a total heel. i have nfi whatabout england produces such contemptible sacks of shit. i thought blair was an exception, but apparently he was just
a harbringer.
mircea_popescu: because that's why we go to school : so we can present our inquiries in such
a way that OTHER PEOPLE can fucking grok wtf we want to know
decimation: well, there's an issue of policy here, which is "is
a us person allowed to communicate in
a manner outside the possibility of usg interception?"
mircea_popescu: kakobrekla can there be
a /n after each otp before encryption pls.
mircea_popescu: no, there shouldn't be
a way to compel an answer. wtf ?!
mircea_popescu: this is roughly the equivalent of
a company with 10k cab fleet having famously
a weak alternator, and some reporter asking the CEO "what about the spinny trick ?"
mircea_popescu: lotta hay made out of how "the queen snubbed obama'. but the guy's just not very aware. which looked to me like
a very very tired man that's being constantly pestered with advice and requirements by about 9 spinster women.
kakobrekla: mircea_popescu perhaps is even easier if i just allow for w.b-
a.link/trust/key1/key2/json ?
mircea_popescu: i want !gettrust to match any 32 char string as
a key rather than
a name
mircea_popescu: that way, it wouldn't have to do two steps, just directly gettrust to
a keyid.
mircea_popescu: 2.2. Bot makes
a request to assbot via pm, of the format ;;gpg info --key <key currently
mircea_popescu: kakobrekla 2.1. Bot extracts the signature keyid through
a process homologuous to gpg -v -v
kakobrekla: <PeterL> new voicing model, we still have to join #b-
a before verifying otp < yes, no session, recall?
PeterL: new voicing model, we still have to join #b-
a before verifying otp