[undata] Deed system for #bitcoin-assets, updated.
The spec :
1. Bot idles in chan. Upon receipt of command including pastebin link,
2. Bot reads first line. If equal to "-----BEGIN PGP PUBLIC KEY BLOCK-----" bot adds key to its keyring, verifies that key fingerprint matches a trusted participant by calling w.b-a.link/trust/7C1FBEC924FBD66531A02AE3F95E4E395927DC9C/fingerprint/
2.1. Should the verification fail bot deletes entry from its keyring ;
2.2. Should the verification succeed bot signs the key and pushes it to public repositories.i3. If first line equal to "-----BEGIN PGP SIGNED MESSAGE-----" bot separates all signed documents contained in pastebin into individual units. For each unit :
3.1. Bot extracts the sig fingerprint through a process homologuous to gpg -v -v ;
3.2. The json found on the webpage at w.b-a.link/trust/7C1FBEC924FBD66531 A02AE3F95E4E395927DC9C/fingerprint/json is loaded and parsed.
2.3. L1/L2 trust is computed on the basis of information from 2.2. If this results in L1 or L2 trust > 0, bot includes the whole message (from begin headers to end headers inclusive) into a special, \n separated blob. Otherwise, bot deletes keyid from its key ring.4. Blob is hashed as a privkey for a Bitcoin address, obtaining that address.
5. A 0.0001 payment is made to that obtained address.
6. Once payment from 4 has received one confirmation, the bot uploads the blob on a website as a textfile, of the format blocknumber-bitcoinaddress.txt, where blocknumber = number of the block that included the tx and bitcoinaddress = the address that received the payment.
7. Bot announces the url of the textfile in channel.
For convenience, the sequence 3-7 should run once each hour, having all material obtained in the respective hour managed together.
Note that this spec has already been implemented twice in the past five months. It is not a very difficult thing to implement. It is however very important that the implementation lives forever, so therefore keeping it online no matter what is the hard part of the task.
Note that this spec was last updated on January 18th, 2014.
You can cut the job into yearlong slices if you prefer. You can also contact punkman to recover previous effort if so inclined.
UPDATE. After discussion in #bitcoin-assets, undata was placed in charge of this project.
———- gpg --send-keys keyid [↩]
Saturday, 17 January 2015
Is the ability to sign multiple documents in one go very important to you?
I'm asking because separating multiple concatenated GPG documents by looking at strings like "-----END PGP MESSAGE-----" may not be rock solid, since for example removing a couple of dashes, or the whole line altogether for that matter, would still leave a message that GPG would happily parse and consider perfectly correct.
Sunday, 18 January 2015
You mean to pass along multiple indepedently signed documents in one go ?
It seems a point of convenience. Moreover, gpg chokes on dashes out of place, try it yourself.
Sunday, 18 January 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
derpy derpo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUuvrxAAoJEBMojqsBcTQozpEH/i+1ocQuZKPWRnG02N9ijawY
r9JmyJboZTXbpXNyI6ByK8T9SW1mulfkZdhj7mSCH4bie7lykJo5PhTWwlSwnqx4
nKbXQ4P4L7Ix7VbcM+hN+IRZyZMER89CbHepJiyQU4cutNQKe53yby1eGP6qjGbw
rIBsixwteqy7UY1Vh7+U5svVTLLBVe7HjlkD6tKran4X2nqRootac9keRx4IXHQ0
cMjQ2CWCZfdUthoF3kaVdXii3/X+175dQq0psVZv7HcMx3yDYueEsMLA1lZuxA1G
dFcb1fp67itoa6wcm4c0Vlxn8hf3mmCxfnsoH/IprGnyNRVRJpS6eHVw2ngfVn0=
=BeH3
-----END PGP SIG
Sunday, 18 January 2015
But that's just one document ? Not really germane to our discussion ?