Suggestion: Vendors should post their PGP fingerprint

After reading this I realized we should probably have vendors post the fingerprint of their PGP key somewhere public for verification. Snowden used twitter but for us Reddit seems like a natural place to do this. Why?

  1. It will prevent an attack where LE infiltrates the marketplace and provides their own PGP key instead of the vendor's.
  2. It will allow us to monitor when/if a vendor changes his PGP key, which could be a red flag.

I am aware that a similar project was started a while ago: https://pay.reddit.com/r/DarkNetMarkets/comments/1tkzna/all_markets_vendor_directory_use_it_to_find_your/ However having the vendors themselves post their own key is much more reliable.

Thoughts? Comments?

EDIT: Thought about it more following people's comments and realized my suggestion has very little benefit since a lot of us already have vendors' keys saved and will easily be able to tell when someone switches up. Thanks everyone for the intelligent discussion and the upvotes. Stay paranoid :)


Comments


[7 Points] None:

[deleted]


[2 Points] galaxyandspace:

I'm more concerned about vendors keeping public keys for longer periods of time, and not having a premade schedule for switching them out. Changing it up every 3 months, under the same keyset seems reasonable, but most vendors don't do this...


[2 Points] Vendor_BBMC:

PGP is already 25 years old, so vendors are increasingly using modern encryption, offsite, for shipping details.

Bitcoin will be around until 2140. having a nominated bitcoin wallet is the best way to prove who you are.

Give me a wallet address and a number between 1 and 99. I'll send that number from my wallet.

If there should be a central repository for vendor info, Reddit isn't it.

How do you know that I'm BBMC? I would have to login to agora or SR2 to prove it.


[1 Points] None:

[deleted]


[1 Points] fuckoffplsthankyou:

Isn't this what PGP keyservers are for?