From: Dan Libby <dan@osc.co.cr>
To: Jonas Schnelli <dev@jonasschnelli.ch>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Paper Wallet support in bitcoin-core
Date: Sat, 30 Sep 2017 00:06:42 -0700 [thread overview]
Message-ID: <05caf783-cba2-b37a-0f28-2d0020386279@osc.co.cr> (raw)
In-Reply-To: <96328209-9249-44BC-957A-4EF8DE014E2D@jonasschnelli.ch>
On 09/29/2017 09:49 PM, Jonas Schnelli wrote:
> AFAIK, client implementations such as your proposal are off-topic for this ML.
> Better use bitcoin-core-dev (ML or IRC) or Github (bitcoin/bitcoin) for such proposals.
ok, thanks. I will take the proposal there.
> I have to agree with Luke.
thanks for your feedback.
> And I would also extend those concerns to BIP39 plaintext paper backups.
>
> IMO, private keys should be generated and used (signing) on a trusted, minimal and offline hardware/os.
uhh.... do you apply this logic to the bitcoin-core wallet itself?
because clearly it generates keys and is intended to be used for signing
in online environments. Lots of real-world use-cases depend on that today.
So if existing bitcoin-core wallet behavior is "ok" in any context then
how is it any worse for it to generate a key/address that will not be
stored in the internal wallet, and the user may do with it as they wish?
That is all my proposed RPC call does and unlike the existing RPC calls
it never even stores the key or address to disk. It is also useful when
run on an offline hardware device, such as a laptop connected to an
non-networked printer.
Further, you mention the word trust. That's the crux of the matter. As
a full node operator, I've already placed my trust in the bitcoin-core
developers and dev/release practices. Why exactly should I trust the
software in this minimal offline hardware/os you mention if it is NOT
bitcoin core? And even if open source software, does that not at least
double my workload/expense to audit theat software in addition to
bitcoin-core?
> Users should have no way to view or export the private keys (expect for
> the seed backup).
I suppose that in your view then, dumpprivkey and dumpwallet RPCs should
be removed from bitcoin-core to fit this paradigm?
(Personally I actively avoid wallet software that takes this view and
treat users like children, preventing individuals direct access to the
keys for their own funds, which disempowers and sometimes results in a
form of lockin)
> Backups should be encrypted (whoever finds the paper backup should need a second factor to decrypt) and the restore process should be footgun-safe (especially the lost-passphrase deadlock).
This is more relevant to an application layer above the 2 RPC calls I
proposed. Encryption could be implemented (or not) by whichever software
calls the proposed RPC apis. And further the APIs can be called for
use-cases beyond just paper wallets.
next prev parent reply other threads:[~2017-09-30 7:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-29 17:29 [bitcoin-dev] Paper Wallet support in bitcoin-core Dan Libby
2017-09-29 18:07 ` Andrew Johnson
2017-09-29 19:34 ` Dan Libby
2017-09-29 20:21 ` Sjors Provoost
2017-09-29 20:13 ` Dan Libby
[not found] ` <201709292103.36630.luke@dashjr.org>
2017-09-29 22:13 ` Dan Libby
2017-09-29 22:19 ` Dan Libby
2017-09-30 4:49 ` Jonas Schnelli
2017-09-30 7:06 ` Dan Libby [this message]
2017-09-30 21:14 ` Jonas Schnelli
2017-09-30 23:51 ` Aymeric Vitte
2017-09-30 7:36 ` Sjors Provoost
2017-09-30 9:35 ` Adam Ritter
2017-09-30 11:10 ` Aymeric Vitte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=05caf783-cba2-b37a-0f28-2d0020386279@osc.co.cr \
--to=dan@osc.co.cr \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=dev@jonasschnelli.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox