- 16:28 <@gwern> kanzure: the signed messages were all to wrong keys, is the problem. and it made things even harder to writeup. you know the editor didn't even want me to mention the blocksize controversy or nick szabo because we'd have to explain them to regular readers?
- 16:28 < kanzure> huh? shouldn't [the journalists] mention it was the wrong key?
- 16:29 <@gwern> kanzure: all the other satoshi keys were uploaded 2008/2009 as far as we could tell, but of course, the keyservers don't give you any unforgeable timestamps, so it's the same problem as the blog posts - only circumstantial evidence
- 16:29 < kanzure> you're talking about the email@example.com key, and not the firstname.lastname@example.org key, right?
- 16:30 <@gwern> kanzure: the non-bitcoin.org keys
- 16:30 < kanzure> btw, satoshi nakamoto never signed anything [in public, using the bitcoin.org satoshi nakamoto key]
- 16:30 <@gwern> sure, it points to wright being satoshi - but on the alternate theory that wright has been forging all this stuff as a hoax, he could have created the keys recently with backdated timestamps and uploaded them. since they don't offer any evidence one way or other and are hard to explain, they got cut
- 16:43 < kanzure> 16:41 <gmaxwell> Existance of a pgp signature could be proved without revealing the message, only its hash.
- 16:43 <@gwern> really? I didn't know that
- 16:43 < kanzure> are you willing
- 16:44 <@gwern> hm. I guess that makes sense. you'd be verifying the signature part, not the hash
- 16:44 <@gwern> right. a signature is a signed hash, etc. I'd just never realized before, or needed to, prove possession of a signature rather than message
- 16:45 <@gwern> I mean, I can pull out the signatures, sure, but as I said, because they're all to the non-bitcoin.org key and there is nothing verifiably timestamping the uploaded keys to 2008/2009, the signed hashes would prove little
- 16:46 < kanzure> so the signed messages from your purported vistomail leak are not to the bitcoin.org claimed satoshi nakamoto key?
- 16:46 <@gwern> no, I already explained as much
- 16:46 < kanzure> which leaks were these?
- 16:46 <@gwern> this is a totally brand new set of leaks you have heard of solely through wired and gawker today, nothing whatsoever to do with earlier hacks
- 16:57 < kanzure> 16:55 <kanzure> could you check if pgp.mit.edu timestamps can be trivially forged? or do you happen to know?
- 16:57 < kanzure> 16:55 <gmaxwell> they can.
- 16:57 < kanzure> gwern: i suggest that in the future if you want wired.com publicity that you can achieve that without wasting everyone's time. don't be so quick to sacrifice your pseudonym's reputation nor the time and patience of your readers.
RAW Paste Data Copied