log☇︎
553800+ entries in 0.327s
asciilifeform: if there isn't one - can forge.
asciilifeform: this assumes a universally agreed upon timestamp mechanism, yes.
mircea_popescu: and you can retire a key any time you feel like.
asciilifeform: father might want to bind the son into some sort of 'dead hand' arrangement
asciilifeform: sure. but he does not give him the ability to retroactively emulate him
undata: asciilifeform: still seems father would sign a public statement granting his possessions to a son
asciilifeform: in the case of pgp key, it's rather like, in the worst case, time travel.
mircea_popescu: what exactly is inheritance if not this, fundamentally, inheriting father's FIRM. ie, signature.
mircea_popescu: <PeterL> I don't suppose people pass keys down to their heirs? << people well might.
kakobrekla: you are suppose to assume that
davout: undata: which assumption are you referring to?
davout: *further timestamps
davout: PeterL: well, sign something to this effect, otherwise timestamps are inherently suspicious, esp. if factorization is possible given state of current technology
undata: davout: this business of making assumptions is not how it's done...
PeterL: I don't suppose people pass keys down to their heirs?
davout: any timestamping after 2114 is null and void, problem solves itself
davout: say i timestamp sth in 2014
asciilifeform: davout: lol, but what kind of idiot would do that
davout: asciilifeform: also if you see a message signed with your key, and timestamped 200 years after your first timestamped message you can reasonably assumed it's been broken
asciilifeform: well yes, in that case joe is, so to speak, trimming the weeds on your monument.
mircea_popescu: davout that's how it goes, why not.
mircea_popescu: now, come 3714, it will be clear that uses ulterior to 3211 are null. but it will also be clear that uses prior to say, 3200 will still hold
mircea_popescu: asciilifeform no but suppose your 4kb key is factorized. this matter is discovered by joe on june 19th, 3211. he signs, with his 64kb key, a note saying so.
PeterL: you can timestamp whatever you want, as long as gpg signed first
asciilifeform: gotta be alive to upgrade keys
mircea_popescu: asciilifeform factorization trivially defeated by better key putting it into record :(
davout: maybe we'll want to timestamp something else than contracts is what i'm thinking
mircea_popescu: this is the point of notarization : making the acts of men equal to the acts of god.
mircea_popescu: so that someone in 3714, with nothing but an inscription of deedbot's deeds, can verify our contracts just as well as we can.
davout: i just fail to see a good reason to make the signatures mandatory, outside of access control that is
davout: yeah well, i wanted to point out that it didn't really prevent anyone from checking the inner sig at home
davout: nah, scratch that
davout: say i want to timestamp a contract i made with someone also in the L2 group as nested clearsigns, i doesn't really matter which signature is checked by deedbot, right?
mircea_popescu: for later ppl to be able to verify at home.
davout: as in 'wanna timestamp some stuff? fine, verify with and otp"
davout: and if the signature on the blob is required only for access control, maybe it's be better to leverage asswot's functionality directly
davout: i don't really see a use for that
mircea_popescu: PeterL idea kinda is to make a further record of people's sigs, help guard them against mitm and other nefariousness. but as davout points out, now the bot needs a key.
davout: mircea_popescu: well, now the bot needs a key too :-)
mircea_popescu: is "and pushes it to public repositories" a point of contention ?
mircea_popescu: davout it gotta be one way. if there's four people and they fuck in two subsets of twos, that's segregation. if there's one that fucks all other three but the rest only jack off, that's privilege.
mircea_popescu: but dun worry about it, i seeded the prev one an' ill seed this one too.
mircea_popescu: undata no, payment comes from teh boty.
undata: seems fair to me; pay per use
undata: mircea_popescu: I read the payment as coming from the party wanting a signature, not the bot?
davout: what is privilege if not the differentiation from the un-privileged?
scoopbot: New post on Trilema by Mircea Popescu: http://trilema.com/2015/what-does-desperation-look-like/
scoopbot: New post on Trilema by Mircea Popescu: http://trilema.com/2015/open-deed-system-for-bitcoin-assets-updated/
mircea_popescu: the point is to let them create and let the whole world trust and be able to verify.
mircea_popescu: not and only them.
davout: and only them
davout: the whole point here is to let ppl with L2/L1 trust timestamp stuff
assbot: [OPEN] Deed system for #bitcoin-assets, updated. pe Trilema - Un blog de Mircea Popescu. ... ( http://bit.ly/1sNobmP )
punkman: davout, I'll just say that there were many cases with invalid signatures posted as deeds
Apocalyptic: <undata> keeps it from being filled with useless crud with invalid sigs << this sounds pretty reasonable
undata: size for hands and eyeballs to verify
davout: wtf is this size bzns?
undata: keeps the published bundles down to a size that is manageable
davout: why would Z's word add any value to the information GPG outputs?
davout: and properly verify that fact
davout: we don't need Z to witness that X and Y signed a contract together, because any party can and will use GPG
davout: why do you absolutely want to shoehorn your conception of a notary into deedbot?
undata: have you ever been to a notary?
undata: god... do the proceedings of court note that a pidgeon shat on the window?
davout: why the hell would it need deedbot to testify to that too ?
undata: davout: its output should be the history of valid deeds, not "that which a rubber stamp has touched"
davout: wrt to your earlier example of me scamming you, anybody can verify i signed the contract by using gpg itself
davout: undata: you fail to comprehend that it's not deedbot's job to certify to a third party that the contract is signed by an identified party, gpg already does that
davout: let whores timestamp some blobs now and then i say
mircea_popescu: davout undata gossipd can well be a year or two away.
PeterL: oh, do deeds even need to be gpg signed?
davout: and notary would be connected through asswot's gossipd's node anyway
mircea_popescu: PeterL original spec didn't call for that.
PeterL: but you would still need keys to verify deed signatures?
mircea_popescu: i give voice to all the whores, not to mention all sorts of known usg agents
davout: greatly simplifies the problem, don't see too much downside to it, and we're eventually moving to gossipd anyway
mircea_popescu: no, it's not ok to overload voice like that.
davout: whoever has voice in -assets shall be deemed worthy to notarize
mircea_popescu: davout how do you propose to query assbot for l1/l2 inclusion ?
mircea_popescu: so i guess ima have to modify the spec instead of finishing my "on terrorism' article.
davout: anyway, my point wrt to deedbot is that it's supposed to be used by ppl with L1/L2 trust, it doesn't need to check gpg signatures, so let anyone with +v in -assets use it, do away with the requirement that a keyid belonging to someone in assbot's wot be presented or maliciously hammered into the message
mircea_popescu: which i guess is not that bad, seeing how it also solves the problem of the untrustworthy pgp-sks etc
PeterL: would it be hard to maintain a keyring with all us in it?
mircea_popescu: davout only possible workaround seems keeping the lordship keys.
assbot: Logged on 17-01-2015 22:34:54; davout: asciilifeform: yeah, that's what i was reading, it mentions user ids in the subpackets spec, but i'm unsure whether that includes an actual key fingerprint, i tend to understand that it doesn't
Apocalyptic: ^ I asked myself the same
mircea_popescu: who the fuck did thius.
Apocalyptic: mircea, note that neither the "-v" nor the "--with-fingerprint" flags are required to get the fingerprint line displayed
davout: gpg can't know the fpr for a key it doesn't have, the information isn't part of the signature packet
mircea_popescu: feel free to fork and fix the gpg key verification process so it reports fingerpritns properly not wtf it's doing now.
mircea_popescu: defo the gpg signature model is bad.
davout: this sounds a bit overkill to me
davout: the crux is 'verified keys', if deedbot doesn't maintain a full keyring at all times it can't pull fingerprints
mircea_popescu: IF gpg doesn't put out full fingerprints for verified keys, then gpg is broken
davout: yea that's the whole problem
davout: mircea_popescu: with the fingerprint for a key it could simply do what you said wrt requesting trust data as a json blob from the w.b-a.link thing
mircea_popescu: well apparently it just became required to verify cause otherwise it can't talk to assbot.
davout: i could tell
undata is open to correction
undata: ^ this enraged me