On Fri, May 23, 2014 at 9:48 AM, Kyle Jerviss <bitcoin-de...@jerviss.org> wrote: > Multisig is great for irreversible actions, but pointless most of the > time, which is why no PGP developer or user ever thought to implement it. > > If you lose a key and an attacker signs a bogus email or commit with it, > we all roll back with no lasting harm done.
PGP in general is not very thoughtful about security. There are a lot of things it does poorly. This is easily excusable considering the historical context it came from— it was the first real cryptographic tool I used, at the time its distribution had concerns about legality, just getting things into people's hands was an achievement enough. From a cryptosystem perspective much more powerful things can be done now, but there is a long way to go in figuring out how to many any cryptographic tool usable to people. PGP is a general purpose tool— which is the hardest kind to write— its also used in a lot of irreversible contexts: If your key deploys a bad software release and it steals everyone's data or wipes their disks— thats not an irreversible action by any means. If you want threshold pgp though— it's possible. The RSA cryptosystem is directly compatible with threshold cryptography. It's just that no one has written the tools. There are implementations of the bare cryptosystem however. One of my longer term would-be-nice goals for a upgrade bitcoin script 2.0 would be being thoughtful enough in the design that it could be adopted as a signing cryptosystem in other applications (e.g. tools similar to GPG)— allowing for things like creating a public key which can only issue trust level 0 certifications, only certifications for certain organizations (e.g. *.debian.org) unless thresholded with an offline key, or only signing for messages meeting a certain programmatic predicate generally. ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
