PGP Signing Key

D

darkcoinmiljonair

New member
Hi!
With which pgp certificate did the developers sign the 0.10.16.16 release? Maybe you could add a sticky with the key because if you want to verify the signature you will need the key ;)

Before I used to verify the releases with the key

Key-ID: BD8DF332

Fingerprint:

AF1AE13F33D06F487F23DC814B88269ABD8DF332
 
darkcoinmiljonair said:
Hi!
With which pgp certificate did the developers sign the 0.10.16.16 release? Maybe you could add a sticky with the key because if you want to verify the signature you will need the key ;)

Before I used to verify the releases with the key

Key-ID: BD8DF332

Fingerprint:

AF1AE13F33D06F487F23DC814B88269ABD8DF332
Click to expand...

BD8DF332 is my key, the current release is signed by Evan (986FF288)

You are right, this information (Key fingerprints) need to be present on the website as well.
 
Last edited by a moderator:
Does anyone have a link to an official post by Evan stating his fingerprint?

Better yet, I think we should post links on dashpay.io/downloads under each "Key 1" and "Key 2" to a short youtube video of each key owner verbally reading his fingerprint in front of the camera.

That would probably be hard to fake, and would provide peace of mind for protecting against MITM easily, without having to search forums for (unreliable) evidence of the key owner verifying his fingerprint.
 
Bridgewater said:
Does anyone have a link to an official post by Evan stating his fingerprint?

Better yet, I think we should post links on dashpay.io/downloads under each "Key 1" and "Key 2" to a short youtube video of each key owner verbally reading his fingerprint in front of the camera.

That would probably be hard to fake, and would provide peace of mind for protecting against MITM easily, without having to search forums for (unreliable) evidence of the key owner verifying his fingerprint.
Click to expand...

I think video is a bit much
But maybe under contacts on dashpay.io
The keys should be listed under each Dev Team Member (top 5 coders)

fernando what do you think ?
 
tungfa said:
I think video is a bit much
But maybe under contacts on dashpay.io
The keys should be listed under each Dev Team Member (top 5 coders)

fernando what do you think ?
Click to expand...
Well the problem with that is the same MITM who changes things on dashpay.io/downloads could change the fingerprint text on dashpay.io/contacts to match whatever key he replaces the real key with. You could put the video links in contacts section, I guess. But I think it is still necessary to have something that reliably comes straight from the key owner. Video is the best thing I could think of, but maybe we could provide links to evan and flare stating their fingerprints on dashtalk and bitcointalk, since they are (hopefully) in control of their forum accounts. Still seems inferior to video clips, though. I mean, we have real devs with names and faces that are trustworthy, we might as well use this to our advantage.
 
Bridgewater said:
Well the problem with that is the same MITM who changes things on dashpay.io/downloads could change the fingerprint text on dashpay.io/contacts to match whatever key he replaces the real key with. You could put the video links in contacts section, I guess. But I think it is still necessary to have something that reliably comes straight from the key owner. Video is the best thing I could think of, but maybe we could provide links to evan and flare stating their fingerprints on dashtalk and bitcointalk, since they are (hopefully) in control of their forum accounts. Still seems inferior to video clips, though. I mean, we have real devs with names and faces that are trustworthy, we might as well use this to our advantage.
Click to expand...

i hear you
lets see what fernando thinks of this
he is the main guy for dashpay.io
(sleeping now, give him a couple of hours)
 
tungfa said:
i hear you
lets see what fernando thinks of this
he is the main guy for dashpay.io
(sleeping now, give him a couple of hours)
Click to expand...

I'll put the fingerprints information in the downloads page.

As for the video, I'll ask the signers about that. The truth is, there is no perfect system. A MITM could link to another video in which he would read his own fingerprint and many people would not notice. Same with images with a sign...

How about a link to a keyserver where anyone interested can see that a specific signature is associated with Evan's or Flare's email?
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top