Update to my new GnuPG key

[sipa]

No description provided.

[gmaxwell]

ACK

[harding]

Verified commit sipa/bitcoin.org@7cc0afe contains a new key for Pieter with a signature from the key we have in the repository for Greg. It also has signatures purporting to be from @wtogami and @gwillen, but I haven't previously verified their keys.

This is the first time since I've been merging PRs that we've received a key update request that wasn't updating an existing key or which wasn't signed by the previous key. Just to be cautious, I'd like to leave this pull open at least until the weekend just to give other people a chance to comment. If this is unreasonably paranoid, please let me know.

[luke-jr]

• This commit 7cc0afe contains both a revocation certificate for 1DAAC974 and a new key 4E669320.
• 1DAAC974 is the key verified to me by Pieter Wuille in person following Scaling Bitcoin.
• 4E669320 is signed by Gregory Maxwell and Warren Togami, whose keys I also verified in person following Scaling Bitcoin.
• 4E669320 is signed by "Glenn Willen" (10B430D7), which is a new key created one week ago that I have not verified in person, but is also signed by aforementioned Gregory Maxwell and Warren Togami.

My only question is whether we want to include the revocation certificate in the repository, and why the old key is revoked rather than expired.

[theymos]

The reason attached to the revocation is "Key is potentially compromised". This revocation should be added to the existing key for now, at least. But it's probably appropriate to wait for more explanation/confirmation/review before adding the new key, I think.

The signatures from gmaxwell and wtogami use keys that I'm pretty sure are genuine, and these people AFAIK have direct contact with Pieter.

[sipa]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

History: somebody broke into a system of mine and may have seen my previous key's passphrase. I have no reason to assume the key itself leaked, but it showed me that my security practices weren't up to par and I didn't want to risk more.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWMQWUAAoJENuhpnN5oakxuKcP/3Q3Z2VCZq7oz/uKQrw1jLqV
VaDy//KqcfRSmSnNFWvBc4nAVlUGuxnYc6uYcL5PblWQvftx07rOP3xAD8Ky6A+0
32IiRLfEO/tyGQ4WaVVAORBI1JcSra1372eKa+w0f+zOraI3Qo5JWu/gFIJgD00/
lAoOOJzm4sUBxnazbwvMb3RckU1qureNf32SDRnTE0hnjacbyfdd3B5cwCo54851
+cSO6B7/LiQdWez12vyvXZqb7O9wL49UPOPG6iidrFXc1duCL+WdKhaSauQIRSxO
K48A1M76rtDauetlpXzrcmUCY+1MW6Q4vukm4EpAxX1cx99LJ+abfZ93u1VNh4Cf
1/rrshMKBKz5cuVJ5s3MP4rCObVmY21hGRJfHVRWz7hGoelLm/RQOmCF7N9INtg8
xnoM+VYMnU4Q1CT33dje7RCsNtqEcspsj9fiqmkzp9hlng2Bcwdc+2k8lBYOO7D2
oM0vK3T/gf2jKyy68x19YPK1Lcr9Hgbb0ZNaUjg8yS8giPBniwmJTFzVRAHOu8RX
EofkCEM6ec4/uA2nOr7Tz3+jjlzxovbm3m7Ac4h3pERKom59kY7BDJ8Cqex78/lP
SiLf3nT3WQ2ZtD1IlFs0sQjUifqknk4Zt4CgDDTeZXpy5HQ+kk9+Mgj4H1hCrJzC
ZDWGVWJ+I4xThNAvtxYsiQGcBAEBCgAGBQJWMQWUAAoJEFeJbS/48LZXuKcL/2Xs
Ozrw0Oaw/POFgXSHNFy8G+pvkaPaAct9ezrqaKFuaHb/5wUvs4Zewn6HSkQZcQfY
u7mg8XiPFWOAN833DyKdtz5jilC6C0asva9SB3AstbBkN34byYFL3iB5f9taJ7k8
vLdXMBdIJwvXOstIGdtYknqDHKWlUcI9NjUQvzSwIR8w6DlzPZ8ZoJcOmhRhFJFE
LT5rDNwlrFh6HKKCg/rc6nw4wstK4EZXQAwz2J8OI6vCJCoznFXH6VRoyUpXpRDr
4gML5dUNeCPT727NqxpOa6B8ncf+vbEilZtqD39NwNAwHNa22Hy1iJUeaCKnZLrM
Cm8bg/SlaXMKY/4YTwyI9On9RCREJMfwV8fllT9cPwsQlT1wsq2CpVrYQUppQ07C
8r3Rp8XMu3q4WTEpY3PU1Xap5fc1jxHyVRbmkxSeefjpXzXJrgeU+gTENqAHk12K
AV70uWLr73oHSaDIayPbjfluG6x5FrCvlbwiVWULwZUmZKzoqz+vH4OHEBLWlA==
=xtmm
-----END PGP SIGNATURE-----

[sipa]

Updated the PR. It now contains:

• The new key (including signatures by @gmaxwell, @wtogami, @TheBlueMatt, @gwillen, and by the old key)
• The old key (including its revocation).

[saivann]

Agreed with letting this open until weekend, since previous key is revoked.

I verified that new key is signed by Gregory Maxwell, and the above message by sipa is signed by a subkey of his revoked public key, and his new public key.

Given comment from luke-jr above, and assuming sipa would soon publicly sign a message with same key to give us opposite instructions in the event that the new key was generated by an attacker, I think two additional days is a reasonable delay before merging this pull request.

[luke-jr]

• During a 20 minute active conversation with @sipa, I became certain it was either truly him or Jorge, and then immediately toward the end, confirmed his new key fingerprint to be 133E AC17 9436 F14A 5CF1 B794 860F EB80 4E66 9320. While it is possible the conversation was MITM'd, I do not believe it is likely given that it was not using a medium typically trusted for such purposes.

[gmaxwell]

No reason to hurry here in any case. We needed to update it in bitcoin core earlier or face the commit checking automation whining on peter's commits. One thing you could do here is immediately add the revocation on the old key, and wait to add the new key.

[harding]

Pushed 9340435 with the revocation for the old key as suggested by @gmaxwell (I also added a note in that commit to the README.md so that future maintainers think to do this). See the copy/paste at the end of this comment for details.

I think they new key has amassed sufficient evidence for adding to the site, but I'll leave the discussion open until at least noon UTC on Saturday in case anyone has contradictory evidence. I'll fix the merge conflict at merge time.

Thank you everyone for helping with this.

  phobos:0:~/dev/bco-master$ git log -1 --oneline | cat
  9340435 Dev PGP keys: revoke Pieter Wuille's key
  phobos:0:~/dev/bco-master$ export GNUPGHOME=$(mktemp -d) 
  phobos:0:~/dev/bco-master$ gpg --import pieterwuille.asc 
  gpg: keyring `/tmp/tmp.2fccN68YmY/secring.gpg' created
  gpg: keyring `/tmp/tmp.2fccN68YmY/pubring.gpg' created
  gpg: /tmp/tmp.2fccN68YmY/trustdb.gpg: trustdb created
  gpg: key 1DAAC974: public key "Pieter Wuille (Location: Leuven, Belgium) <pieter.wuille@gmail.com>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)
  gpg: no ultimately trusted keys found
  phobos:0:~/dev/bco-master$ gpg -k
  /tmp/tmp.2fccN68YmY/pubring.gpg
  -------------------------------
  pub   4096R/1DAAC974 2008-09-08 [revoked: 2015-10-16]
  uid                  Pieter Wuille (Location: Leuven, Belgium) <pieter.wuille@gmail.com>
  uid                  Pieter Wuille (Location: Leuven, Belgium) <sipa@ulyssis.org>
  uid                  [jpeg image of size 6073]
  uid                  Pieter Wuille <pieter@blockstream.com>