First let me just say I welcome this sort of action. It's what the community needs!
Claim 1: Kraken controls a certain amount of Bitcoins.
Proof: Kraken provided a JSON file with a list of their Bitcoin addresses and balances. I used the `cryptoshi audit` command in libcoin to verify the JSON file against a copy of the block chain.
Ok I'm probably being a noob here - but how dows this proove that Kraken actually control these bitcoins? They could have just given you a list of bitcoins that happen to be in the blockchain. Was there something signed by the private key to prove they actually control these?
*Edit:*
Just looked at the code. It has the following:
if ( addr.getPubKeyHash() == verifier.verify(address + " " + message, signature) ) {
Where message and signature are provided in the audit file, and verifier does some stuff with public keys that I can't claim to fully grasp but I will trust as being a valid cryptographic check.
So the implication is that Stefan provided Kraken with a message and Kraken used the private keys of the corresponding addresses to sign this message to prove Kraken had them. Would be great if this was made clearer.