I am using Open Transactions as the software platform for my exchange, which I feel gives me a better chance of keeping it secure than a website would; and the identities one uses in that are cryptographic key pairs somewhat similar to PGP / GPG; but the idea of also optionally keeping on file an actual gribble/OTC compatible identity for those users who do wish to associate their Open Transactions "nym" with a more widely known identity does sound like a good idea.
-MarkM-
Topic: GnuPG support from exchanges (Read 796 times)
Great idea.
I've mentioned it here already, but it's worth it's own topic I think.
Why don't all exchanges have an optional field for us to upload a GnuPG public key? In particular, one that matches the email address registered on the account?
As in the recent Bitcoinica case, and the original Mt.Gox hack, return to service is highly dependent on verifying identity. The OpenPGP system has been around for years and works very well. What's more, the exchanges could periodically sign those keys offline for themselves -- then, in the event of a complete database breach and potential alteration they would be able to verify every single identity, detecting those that a hacker had tampered with and able to restore the original owner reliably
It sometimes takes an event like these hacks to trigger a change of culture. Perhaps this Bitcoinica hack could be the impetus for other exchanges to use digital identities, which are, let's be honest, far more secure than a scan of a passport (it's not difficult to photoshop a scan to whatever you want).
Wouldn't we all feel more secure if we had a reliable way of proving our identity to the exchange whenever they think activity is suspicious?
What would it take for the big four, Mt.Gox, Intersango, btc-e and virwox to simply add a field to their databases?
Why don't all exchanges have an optional field for us to upload a GnuPG public key? In particular, one that matches the email address registered on the account?
As in the recent Bitcoinica case, and the original Mt.Gox hack, return to service is highly dependent on verifying identity. The OpenPGP system has been around for years and works very well. What's more, the exchanges could periodically sign those keys offline for themselves -- then, in the event of a complete database breach and potential alteration they would be able to verify every single identity, detecting those that a hacker had tampered with and able to restore the original owner reliably
It sometimes takes an event like these hacks to trigger a change of culture. Perhaps this Bitcoinica hack could be the impetus for other exchanges to use digital identities, which are, let's be honest, far more secure than a scan of a passport (it's not difficult to photoshop a scan to whatever you want).
Wouldn't we all feel more secure if we had a reliable way of proving our identity to the exchange whenever they think activity is suspicious?
What would it take for the big four, Mt.Gox, Intersango, btc-e and virwox to simply add a field to their databases?
Jump to: