2287 entries in 0.917s
mjr__: just learned that nomura is using
pgp Diablo-D3: mircea_popescu: yeah, but Ive never used mpex, I thought it was all
pgp signed contracts and shit and didnt actually rely on the mpex servers that much
mjr_: but you have to send statjson command signed by
pgp mod6: But still, people have this kneejerk reaction about
PGP. But I'm always like "But
PGP is your friend!!"
mod6: Even with BitOTTer, the users will have to know how to use
PGP (gpg) tools to use it though. So learning this is still required.
mod6: ate up a bunch of time too, now the code reads in the private key, will ask the user for a passphrase to encrypt the private key with, then that will be used to decrypt when needed to read in the priavte key upon launch. this will be a different passphrase that is used with the
PGP private key itself, of course.
mjr_: ie
PGP works for a point to point conversation, but if you want to make it routable you have to provide more info to the network (not actual content, but destination etc)
mjr_: yes, i just mean that typically
pgp is not the easiest thing for most people
mircea_popescu: fancypants you never know whether the person selling a
pgp key doesn't keep a copy.
molecular: what happens when a
pgp key expires?
molecular: a question: is it allowed to sell MPEX "accounts" (the
pgp key)?
maximian: <title>MPEx, the Bitcoin securities exchange.</title></head><body>-----BEGIN
PGP MESSAGE-----
evoorhees: ;;everify -----BEGIN
PGP MESSAGE-----
jurov: uh oh, javascript
pgp? what did the world come to?
mircea_popescu: Alma Whitten / Carnegie Mellon University. Why Johnny Can’t Encrypt:A Usability Evaluation of
PGP 5.0
mircea_popescu: with a laboratory user test to evaluate whether
PGP 5.0
mircea_popescu: "i think it costs 30BTC just to open an account? and I don't know how to use their
PGP thing..." << this sums it up nicely.
jurov: but he said he forgot
pgp passphrase :/
mircea_popescu: i don't think fsa is advanced enough to have a
pgp sign
iz: you shouldn't be storing priv keys on a
pgp (or gpg) keystore
thestringpuller: I assume
pgp will be similar since the android keystore is a little weird
EskimoBob: i think they need to add a picture of a unicorn and
PGP key. Then it will be OK?
thestringpuller: what if the personor entity acting as the clearing house had, access to the physical asset via normal channels, fiat on hand to pay for said asset, and btc's on hand. in theory couldn't he sign a
pgp contract granting ownership to future holders upon settlement?
mircea_popescu: in any event more use of
pgp can not hurt the new exchanges.
mircea_popescu: sorta like, you know, retarded
pgp implementation that fails to work i bet.
nanotube: kuzetsa: that said, you can use
pgp whenever you need gpg, with gribble. i.e.,
pgp eauth works just as well as gpg eauth. :)
Ukto: why do you want
pgp over gpg btw?
kuzetsa: just say
pgp since you're
pgp signing
Diablo-D3: issue them serial numbered and
pgp signed using a single use key then burn/bury the key
Diablo-D3: and then
pgp sign them using a single use key and then bury the key
Diablo-D3: the bonds will be "physical" certs that are digitally signed with a single use
pgp key
Diablo-D3: all numbered and signed with a
pgp key used only for this and then locked away in a vault
jurov: whole
pgp chain thing has one problem, i can send the same bonds properly signed to two different people
Diablo-D3: so no need to do massive
pgp chains since they'd never exit the exchange
Diablo-D3: actually, I wonder if
pgp already can recursively check
Diablo-D3: so I'd just write a sh script that just keeps running
pgp over and over
Diablo-D3: mircea_popescu: yeah, but they'd need to also
pgp sign it notating who it was sent to
Diablo-D3: like, people buy them, I send them a
pgp signed blob
mod6: i guess in the past i've had other
pgp keys, i think they just expired and I made new ones...
mod6: yeah, in this situation that im setting up for the user, the user will have to do this: 1) copy the 3
pgp keys onto the device
mod6: im using spongy castle to read in the
PGP keys, I then have to convert them to be able to use them outside of its context, it gets hairy
mod6: the users
PGP PublicKey and MPEx PublicKey can stay as they are. no need to do anything with those at all.
Diablo-D3: how about I write a story about how the rothchilds have a
pgp contract with lucifer the morningstar, their god, and thus end the world
smickles: well, a contract was written up. I expected it to be double signed with
pgp sigs, but they ended up printing it and using physical sigs
knotwork: some lawyer pursuing the person on behalf of a bunch of layr-client-priviledged
PGP keys
knotwork: nah it'd have to be a
PGP-class action suit :)
knotwork: your
PGP identity is your offshore or not corp that does or does not reveal its owners
knotwork: I deliberately used my best known
PGP identity
knotwork: only the information about a bunch of anonymous sock puppets /
PGP identities would be released
knotwork: regardless, giga can no doubt handle it, nd you can give him that info sooner than he hears from GLBSE how many actual shares your entire bunch of
PGP people had between them
knotwork: so there ya go mircea, just give giga the full data on how much of your passthrough each
PGP identity owned
knotwork: but unlike GLBSE he need not do weird codes shit, since he told everyone up front that if they want to be anonymous they should create a
PGP identity no one knows is them. didnt he? or am I confused having just read bunch of how to Torify email sites?
mircea_popescu: knotwork "anyone could have made up any ficitional but syntactically possible email address to make up a
PGP identity for" << this part is correct
knotwork: I thought I registered there by sending a
PGP-crypted email?
knotwork: Because, I recall being annoyed recently at some other site or service or somesuch that rejected my
PGP identity seemingly due to its email address (one that does not exist thus doesnt receive spam) not being where I emailed from
knotwork: I am pretty sure MPEx does not refuse email orders that come from an email address that is not officially tied to the
PGP identity whose orders that email address is sending
knotwork: thus whether giga would learn who they are given their
PGP identity is up to them, as they were told from the start
knotwork: I think MPEx did let me do that, and if so, then anyone could have made up any ficitional but syntactically possible email address to make up a
PGP identity for
knotwork: I say "possibly" because I do not recall whether MPEx let me use as my
PGP identity my normal one, my OTC one, whose publicly listed email address does not exist
knotwork: possibly it might even be that MPEx can simply directly tell gigavps which
PGP identity held how much
knotwork: since people were explicitly warned up front that whether the
PGP identity they use at MPEx would correlate to their real identity was in their own hands,
mod6: so one would just use JSONSTAT instead of stat and then per the reqest they get an
pgp encrypted/signed JSON output of the STAT?
tonikt: You just download an archive with the entire history of your assets transaction - it's a zip file with
PGP signed contracts inside and the keys
tonikt: You can store assets at assets-otc, you get a
PGP signed receipts, but it is not a trading platform
tonikt: I only help to process
PGP signed contracts and the bitcoin payments go over the counter
pigeons: its actually great on eyesight, usabilty is fine but i grant you its easier to not use
pgp than to use it. but its more usable than glbse waiting 2 min between loads
OneEyed: Only from commissions on sales and
PGP registrations?
OneEyed: so I'm quite familiar with the "trust" problem at hand (+, I've been using
PGP then GPG for ~20 years, since Phil Zimmermann's first releases that I got from Usenet)
mircea_popescu:
pgp software was not really tested in this sort of environment, so im not letting it see the internets.
OneEyed: mircea_popescu: it gets fed the
PGP signed orders in some way (serial link? private Ethernet connection? whatever), so the key updates could enter the same way. Anyway, I was just curious about it, I'm not requesting a change :)
OneEyed: mircea_popescu: do you plan to have a promotional period where registration of a new
PGP key is free by any chance?
papaso: i think first finshed
PGP is better, then think how to buy option.
mircea_popescu: it does reject the 2nd. what i meant was ppl just save the
pgp'd stat and just keep piping that. arguably more comfortable.