mircea_popescu: you used gpg: public key is E5FF86FA

mircea_popescu: so make it gpg format.

mircea_popescu: Public Exponent 281479271743489 is NOT PRIME ! Modulus has mirrored low-order 32 bits ! User(s): Robert L. Vaessen (MobileMe key generated with gpg) <rvaessen@me.com>;

mircea_popescu: well the other thing is that a guy who can do a spiffy web framework couldn't necessarily do gpg arcana or c++ nonsense in bitcoind.

mircea_popescu: and for that matter i've yet to hear someone go "i'm not sending anything to derpy webwallet / webexchange / webusgtronism because htey don't gpg sign the address" ☟︎

mircea_popescu: re gpg verification : yeah, guy's name, special char.

mircea_popescu: hey, same way gpg works.

mircea_popescu: it'll be very useful because i use gpg auth for eulora, will just have new players reg and then i can get their key

mircea_popescu: " 1]To whomever is now going to say "it's server fault, deedbot should output GPG signed material with proper mimetype like application/pgp-signature". I can only recommend frontal lobotomy by robot that fetches its instructions with wget." << i lolled.

mircea_popescu: you got a gpg key ?

mircea_popescu: "security hole found in gpg" vs "security hole found in ecdsa - rsa not affected, you should have not switched"

mircea_popescu: so listen, register your gpg key with assbot.

mircea_popescu: i don;'t wish to continue using gpg.

mircea_popescu: http://log.bitcoin-assets.com/?date=04-02-2016#1396264 << few do. just another in the long list of gotchas gpg has been gleefully suppling us with over the years. was a big thread about it coupla years ago, but not really repeated often hence. ☝︎

mircea_popescu: http://log.bitcoin-assets.com/?date=04-02-2016#1396208 << how is this a symmetric cipher lol. it's just a clunky overimplementation of blowfish or w/e it is gpg uses. ☝︎

mircea_popescu: felipelalli the reason you're getting so much grief is that it's not clear how your premises work. i mean i get it, you want to help people, and teach them about otc and so on. this is one thing. but i mean what did you do, i don't follow, reimplement gpg as a java thing ?

mircea_popescu: <felipelalli> mircea_popescu, I know that you think expire a key is a bad idea. I saw you saying that in MPEx FAQ. But why? Could you elaborate more about that? Isn't that useful in case someone dies or lost the control over the key? << how is a bitfield in the gpg key help you in case you die ? or lose control of the key ? neither of these are time-able events.

mircea_popescu: we're going the other way : taking gpg out, not putting more of it in.

mircea_popescu: gpg --import not gnarly enough ?

mircea_popescu: + # You need to have these keys in your gpg keyring to vertify V, trinque's special patch, buildroot, and other stuff.

mircea_popescu: moreover, the corruptive influence of bitcoin over enemies works in gpg and v space too.

mircea_popescu: moreover, gpg is specificalloy intended to work as a PSEUDONYMOUS system. much like bitcoin addresses are.

mircea_popescu: danielpbarron here's a lulzy bit : all these schmucks worried about "scaling bitcoin" could, for the price of a gpg key, make themselves an eulora account. trade bitcoin with everyone instantly for free!

mircea_popescu: "GPG is useless because if somebody manages to exchange the data while it is transferred to you, he probably also switched the key with his own to sign the application again so it looks valid."

mircea_popescu: copypaste it'll take a while to implement, you'll have to pull in gpg too, and some other shit. but once done it does obsolete current chanology. i can't conceive who or how could run a chan anymore on anything else. ☟︎

mircea_popescu: copypaste how are they forced ? you run gpg and make a key. whatever it comes out.

mircea_popescu: ben_vulpes Do so (this is not a GPG guide), << Do so (<a href=http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/gpg-cs.html>GPG guide</a>), ?

mircea_popescu: but yes - i would have loved to be a bff of gpg. instead we're just best enemies.

mircea_popescu: imagine for a moment gpg ran the bitcoin.

mircea_popescu: if gpg were just released today we'd suspect the nsa impacted that stupid design

mircea_popescu: psa : do not use the gpg supplied mechanism for "key expiration", or anything else from there as far as "key management" goes for that matter.

mircea_popescu: honestly, in my mind i realise now, gpg --clearisng has taken over a hole left by telex.

mircea_popescu: so your idea of a working gpg is "everyone must learn new alphabet now" ?

mircea_popescu: but a gpg would-be replacement that doesn't have clearsign is not actually usable as a replacement

mircea_popescu: how about this : only accept gpg-encrypted communications, and only distribute the pubkey to people you like. ☟︎

mircea_popescu: http://log.bitcoin-assets.com/?date=25-12-2015#1352814 |<< everyone who had to use gpg got bruised by gpg. davout was talking to me about this in 2013, for a diff project ☝︎

mircea_popescu: goes in the summary header of "gpg is a pos".

mircea_popescu: you're guaranteed to discover unsavory contents in all foss matter, exactly like asciilifeform found in gpg.

mircea_popescu: ascii_field "At some point I may do a similar surgical extraction for GPG 1.4.10’s entropy gatherer, but this is a very different project." << i have nfi why you'd be including "software entropy generators". ☟︎

mircea_popescu: ironically, my foray into bitcoin was started by random guy on the internet [at the time hadn't used irc at all in decade +] insisting i move into his "GPG" castle.

mircea_popescu: kakobrekla oh i see, THERE it's about the version. if it were a different version than 3.1 it'd have been fine, because windows is usgtronics. MEANWHILE the problems with gpg-hijacked are really problems WITH PGP.

mircea_popescu: "Except maybe not: if you happen to do this with GnuPG 2.0.18 -- one version off from the very latest GnuPG -- the client won't actually bother to check the fingerprint of the received key. A malicious server (or HTTP attacker) can ship you back the wrong key and you'll get no warning. This is fixed in the very latest versions of GPG but... Oy Vey."

mircea_popescu: gpg 0day ?? ?\

mircea_popescu: so in this sense the design is sane, as he has it. callout to "gpg", to be replaced by p

mircea_popescu: incidentally : should we deedbot a version of the logs, in the manner of gpg source etc ?

mircea_popescu: now suppose cca 2026 some twerps come to persuade you to go take minsk. and you quote this line of the log to them, and they go "huh" becaue hey, log is too difficult and what's a gpg ?

mircea_popescu: in general, the path of "usable" in gpg is kind-of narrow.

mircea_popescu: Thing 4. We're trying to create a proper (=crypto) communication system ; as part of this gpg was cut up and we're still barfing at the results. this is a huge task and if thee end product is reasonably well understood, the design's still widely open.