Author

Topic: Escrow and PGP (Read 635 times)

member
Activity: 66
Merit: 10
May 09, 2015, 09:30:17 AM
#3
2. PM at bitcointalk is not secure.  There are forum administrators that have the ability to read EVERY PM.

I don't think it's just this forum. It seems the NSA has access to pretty much anything if they want it, but theymos has given the details of PMs to the gov when they have been requested with a subpeona. I guess we should all be careful and encrypt anything we don't want others to see. Sad it has to be this way.
legendary
Activity: 3472
Merit: 4801
May 09, 2015, 09:16:32 AM
#2
I've noticed in the marketplace section many escrows use PGP public keys. I know what PGP is and why it's useful, but I haven't understood yet the reason escrows use it.

I think if escrows just manage and send funds between users, there's no way to use PGP.
Instead if they send sensitive infos by PMs, why using a public key? Isn't it better to use a new certificate every time they send a message and not always the same?

Is there anyone so kind to explain this better?  Smiley

PGP has two purposes for escrow providers.

1. If you obtain the public key from the escrow provider when you are confident that you are communicating with the correct person, then you can store a copy of that public key.  Then, later, every time you engage in their service, you can ask them to sign the escrow agreement.  You can use the public key to verify that you are still communicating with the correct person.  This protects you from situations where someone has hacked the escrow provider's bitcointalk account (since the hacker won't be able to properly sign anything without access the the escrow provider's private key which should NOT be stored on the site anywhere).  It also protects you if someone creates a different bitcointalk account with an userID that is VERY similar to the escrow provider's userID.  If the bitcointalk website should go down for some reason and you should need to switch to some other communication method (email, IRC, etc), then the escrow provider could sign their messages in that other communication method to prove that they are the same person as you were previously dealing with at bitcointalk.

2. PM at bitcointalk is not secure.  There are forum administrators that have the ability to read EVERY PM.  It is also possible that PM could become publicly available if the forum is ever hacked and the hacker releases access to all PMs.  If all people involved in a transaction are using PGP, then the communications can be encrypted.  This way sensitive details in the conversation (such as bank accounts, addresses, etc) will not be available to anybody that is not a part of the transaction unless one of the people involved in the transaction chooses to release that information.

member
Activity: 104
Merit: 10
May 09, 2015, 05:08:10 AM
#1
I've noticed in the marketplace section many escrows use PGP public keys. I know what PGP is and why it's useful, but I haven't understood yet the reason escrows use it.

I think if escrows just manage and send funds between users, there's no way to use PGP.
Instead if they send sensitive infos by PMs, why using a public key? Isn't it better to use a new certificate every time they send a message and not always the same?

Is there anyone so kind to explain this better?  Smiley
Jump to: