How I fucked up my previous GPG Key

The fuck up happened roughly here:

I am persuaded by lobbes's explanation of why my key old key1 is fucked.

That said, I will attempt to put it into my own words, and in general write down all my thoughts about it.

At some point I created this signed text file.  This text file, which served as a gpg contract, contains the text "I agree."  It does not specify to what the agreement pertains, or to whom (other than myself, which is indicated by the fact I signed it).

In the context that this agreement was signed, it was intended to be an agreement to distribute qtnra shares to my account on Coinbr:  Although I no longer have the logs, I probably pm'ed jurov the account name, then pm'ed the link to the signed agreement.  It didn't really make sense to me at the time, but I did it anyway, not realizing that jurov was joking, even though asciilifeform lol'ed on the next line.

Once this contract was published in #bitcoin-assets, it became clear to me that I had made a mistake.  The most obvious problem with the contract was that it's scope was not limited, so it could be interpreted to mean that I agree to anything.  One could object and say, "Well, but who would ever pay attention to such a stupid contract?"  The following hypothetical illustrates why this contract is still a problem.

Let's say I had at that point decided to continue to try and use the key.  Let's say I wanted to sign an agreement to ship 5,000 bags of potato chips (all the potato chips I have) to Jim in Chicago.  A competitor (Julie) could legitimately claim that I had actually already agreed to ship 5,000 bags of potato chips to Atlanta, and as evidence show the retarded "I agree" contract to the Chicago recipient.  How would Jim be able to determine which agreement I would follow through with, clearly not being able to follow through with both of them?  It would be a hassle for him to contact me and ask me "WTF?"  and he would also think I was pretty dumb for having signed such a document.  He might also think Julie something of an annoyance, but mostly he would just not to bother with the whole mess.

I believe this example demonstrates the principle spelled out by lobbes above.

Now, what should the text of the contract have been to avoid these problems?

I2 request that jurov3 allocate Qntra shares to my account on CoinBr <account id here - forgot it> for all disbursements for the next year starting on June 6th, 2016.

This updated agreement limits the scope of this contract to the participants, includes the details of the agreement (my account name on CoinBr), and limits the time period of the contract.  Now, with these limitations, if someone were to wish to do business with jurov and (had I rated him) wished to inquire about his trustworthiness for some related type of contract I can answer that he performed according to the contract, whereas with the original contract this was not possible.

I think another aspect I misunderstood was the global nature of the contract.  It wasn't just something between myself and jurov.  It would likely be reviewed by anyone wishing to do business with myself in the future, for the rest of my days.  At the moment I can't think of a more abstract way to put this.

  1. I used to go by gernika.  I have a new key registered to thimbronion. []
  2. we know who I am since it's signed by me []
  3. we know who he is because he has to sign a string with his key to get voice []

One Response to “How I fucked up my previous GPG Key”

  1. [...] This task is completed. [...]

Leave a Reply