Public
- Public
- Groups
- Recent tags
- Popular
- Directory

Conversation:

Notices

Joshua Judson Rosen (rozzin)'s status on Tuesday, 22-Mar-2016 23:17:35 EDT Joshua Judson Rosen
Remote profile options...

Met a bunch of awesome people at #lp2016. And few... #interesting ones. Like the one who refused to sign my #PGP key because she thought I was a government spook... because I claimed to be from #NH but "didn't know that *every* FreeStater is (obviously) #crypto savvy enough to sign PGP keys... since most of them use #bitcoin as their only currency... so they can remain anonymous". #wtf #notevenwrong

Tuesday, 22-Mar-2016 23:17:35 EDT from status.hackerposse.com permalink
1. Joshua Judson Rosen (rozzin)'s status on Wednesday, 23-Mar-2016 19:06:10 EDT Joshua Judson Rosen
  Remote profile options...
  
  I do wonder if there was at least any cogence in the "I don't sign spooks' keys" thought: maybe she thought that, as a G-man, I'd have the resources+will to compromise someone else's e-mail and impersonate them?
  
  Wednesday, 23-Mar-2016 19:06:10 EDT from status.hackerposse.com permalink
  1. Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 09:59:11 EDT Joshua Judson Rosen
    Remote profile options...
    
    ... or maybe she thought that "Joshua Judson Rosen" might be a #codename shared by / recycled across multiple people? Like "James Bond"?
    
    Thursday, 24-Mar-2016 09:59:11 EDT from status.hackerposse.com permalink
  2. Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 10:15:25 EDT Joshua Judson Rosen
    Remote profile options...
    
    I'm confused by the "only certify the identity of goodguys, never of badguys" mentality; don't we WANT #badguys to be reliably recognizable?
    
    Thursday, 24-Mar-2016 10:15:25 EDT from status.hackerposse.com permalink
    1. windigo (windigo)'s status on Thursday, 24-Mar-2016 13:18:40 EDT windigo
      Remote profile options...
      
      @rozzin If bad guys get thrown into the web of trust, it allows them to sign other bad guys' impostor keys. :)
      
      Thursday, 24-Mar-2016 13:18:40 EDT from micro.fragdev.com at 38°54'31"N 123°41'35"W permalink
      1. Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 14:53:28 EDT Joshua Judson Rosen
        Remote profile options...
        
        @windigo, I guess that's why ID-certification and trust are two separate things in #PGP, "sign" and "tsign" are separate commands in #GnuPG, and nobody uses "tsign" ;)
        
        Thursday, 24-Mar-2016 14:53:28 EDT from status.hackerposse.com permalink
      2. Joshua Judson Rosen (rozzin)'s status on Thursday, 24-Mar-2016 18:30:48 EDT Joshua Judson Rosen
        Remote profile options...
        
        As the #GnuPG manual says, bundling #trust into #keysigning "is generally only useful in distinct communities or groups": https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html
        
        Thursday, 24-Mar-2016 18:30:48 EDT from status.hackerposse.com permalink
        
        Joshua Judson Rosen (rozzin)'s status on Sunday, 21-May-2017 15:16:27 EDT Joshua Judson Rosen
        Remote profile options...
        
        Wow: !TIL that #keybase was founded on a fundamental misunderstanding about how the #PGP / #GnuPG #weboftrust works: http://web.archive.org/web/20141027135352/https://keybase.io/docs/tracking https://lists.gnupg.org/pipermail/gnupg-users/2014-December/051939.html https://www.linux.com/blog/pgp-web-trust-delegated-trust-and-keyservers
        
        Sunday, 21-May-2017 15:16:27 EDT from status.hackerposse.com at 42°45'55"N 71°28'3"W permalink

Feeds