📅 Original date posted:2014-05-23
📝 Original message:On Thu, May 22, 2014 at 8:06 PM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> Related: Current multi-sig wallet technology being rolled out now,
> with 2FA and other fancy doodads, is now arguably more secure than my
> PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig
> wallet (set of keys), with all the associated theft/data
> destruction/backup risks.
>
> The more improvements I see in bitcoin wallets, the more antiquated my
> PGP keyring appears. Zero concept of multisig. The PGP keyring
> compromise process is rarely exercised. 2FA is lacking. At least
> offline signing works well. Mostly.
Would be incredible to have multisig for git commits as well. I don't
think git supports multiple signers for one commit at this point -
amending the signature replaces the last one - but it would allow for
some interesting multi-factor designs in which the damage when a dev's
computer is compromised would be reduced.
Sounds like a lot of work to get a good workflow there, though.
My mail about single-signing commits was already longer than I
expected when I started writing there. Even though the process is
really simple.
Though if anyone's interest is piqued by this, please pick it up.
Wladimir
Wladimir [ARCHIVE] /
npub1xq…ymc2p
2023-06-07 17:21:55
in reply to nevent1q…jgj8
Author Public Key
npub1xqshkqv2g7uea4xzqwvmgjcz7u8vfavw6aazs999v0azsv3w7u3qpymc2pPublished at
2023-06-07 17:21:55Event JSON
{
"id": "d5865bcb597d812b51e4584649f6bf82fa0362c4db0086e99d781f1d3f2fba71",
"pubkey": "30217b018a47b99ed4c20399b44b02f70ec4f58ed77a2814a563fa28322ef722",
"created_at": 1686151315,
"kind": 1,
"tags": [
[
"e",
"6ed0060b87c02af20d6af6fded563264095ae2a36fee168b566cb3b0da703edb",
"",
"root"
],
[
"e",
"001989f604f39fbf9e268af99e73da580dd583d08cbdc9750fefdc19c926ce5f",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2014-05-23\n📝 Original message:On Thu, May 22, 2014 at 8:06 PM, Jeff Garzik \u003cjgarzik at bitpay.com\u003e wrote:\n\u003e Related: Current multi-sig wallet technology being rolled out now,\n\u003e with 2FA and other fancy doodads, is now arguably more secure than my\n\u003e PGP keyring. My PGP keyring is, to draw an analogy, a non-multisig\n\u003e wallet (set of keys), with all the associated theft/data\n\u003e destruction/backup risks.\n\u003e\n\u003e The more improvements I see in bitcoin wallets, the more antiquated my\n\u003e PGP keyring appears. Zero concept of multisig. The PGP keyring\n\u003e compromise process is rarely exercised. 2FA is lacking. At least\n\u003e offline signing works well. Mostly.\n\nWould be incredible to have multisig for git commits as well. I don't\nthink git supports multiple signers for one commit at this point -\namending the signature replaces the last one - but it would allow for\nsome interesting multi-factor designs in which the damage when a dev's\ncomputer is compromised would be reduced.\n\nSounds like a lot of work to get a good workflow there, though.\n\nMy mail about single-signing commits was already longer than I\nexpected when I started writing there. Even though the process is\nreally simple.\n\nThough if anyone's interest is piqued by this, please pick it up.\n\nWladimir",
"sig": "f07537c9f570a5c58417c0ae81c61ebf81995020d7ff764fd5aad70744eb813958d362bff325b58cb819186caafdea5ee7e795b3df8ef833f67451ae83a79812"
}