orionwl

fwiw
laanwj.github.io/2021/01/21/de

1+
ajtowns

@orionwl wonder if this would be a good time to try bip322 sigs for releases?

1
Peter Todd

@ajtowns @orionwl No. PGP is far superior to any of these single key standards, as it supports the web-of-trust.

PGP could be better. But until someone actually replaces it, why use niche standards that will never replace it?

1+
orionwl

@pete @ajtowns right, replacing PGP is not the goal here

i think PGP as a system is fine, there's no better replacement for the entire thing, i have some qualms with gnupg implementation—e.g. that it still isn't a library, that programmatic clients have to resort to ambigious text parsing—but that doesn't mean the system itself was a bad idea

1+
orionwl

@pete @ajtowns one thing to look into is that GPG supports ed25519 as a signature scheme which better lends themselves to multiparty/threshold,

1+
Sebastian

@orionwl @pete @ajtowns Don't you think BTC style threshold signatures would be sufficient for code signing (=just adding a bunch of signature files instead of one)? Also adds accountability.

1
Peter Todd
Follow

@sebx2a @orionwl @ajtowns " Also adds accountability." <- that's an excellent reason to just use multiple signatures rather than clever math.

· · Web · 0 · 0 · 2
Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Resources

Developers

What is Mastodon?

petertodd.org

More…