From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1RcRoH-0008GJ-SE for bitcoin-development@lists.sourceforge.net; Mon, 19 Dec 2011 01:14:33 +0000 X-ACL-Warn: Received: from rhcavuit01.kulnet.kuleuven.be ([134.58.240.129] helo=cavuit01.kulnet.kuleuven.be) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1RcRoG-0006Kp-Iq for bitcoin-development@lists.sourceforge.net; Mon, 19 Dec 2011 01:14:33 +0000 X-KULeuven-Envelope-From: sipa@ulyssis.org X-Spam-Status: not spam, SpamAssassin (not cached, score=-48.798, required 5, autolearn=disabled, DKIM_ADSP_CUSTOM_MED 0.00, FREEMAIL_FROM 0.00, KUL_SMTPS -50.00, NML_ADSP_CUSTOM_MED 1.20) X-KULeuven-Scanned: Found to be clean X-KULeuven-ID: 78C03138046.A61E6 X-KULeuven-Information: Katholieke Universiteit Leuven Received: from smtps01.kuleuven.be (smtpshost01.kulnet.kuleuven.be [134.58.240.74]) by cavuit01.kulnet.kuleuven.be (Postfix) with ESMTP id 78C03138046 for ; Mon, 19 Dec 2011 02:14:20 +0100 (CET) Received: from smtp.ulyssis.org (mail.ulyssis.student.kuleuven.be [193.190.253.235]) by smtps01.kuleuven.be (Postfix) with ESMTP id 6271031E702 for ; Mon, 19 Dec 2011 02:14:20 +0100 (CET) Received: from wop.ulyssis.org (wop.intern.ulyssis.org [192.168.0.182]) by smtp.ulyssis.org (Postfix) with ESMTP id 5F4B910052 for ; Mon, 19 Dec 2011 02:14:20 +0100 (CET) Received: by wop.ulyssis.org (Postfix, from userid 615) id 4C8C087C1AC; Mon, 19 Dec 2011 02:14:20 +0100 (CET) Date: Mon, 19 Dec 2011 02:14:20 +0100 X-Kuleuven: This mail passed the K.U.Leuven mailcluster From: Pieter Wuille To: bitcoin-development@lists.sourceforge.net Message-ID: <20111219011417.GA16815@ulyssis.org> References: <1323728469.78044.YahooMailNeo@web121012.mail.ne1.yahoo.com> <201112181644.44134.luke@dashjr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-PGP-Key: http://sipa.ulyssis.org/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: 1.2 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list X-Headers-End: 1RcRoG-0006Kp-Iq Subject: Re: [Bitcoin-development] [BIP 15] Aliases X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Dec 2011 01:14:33 -0000 On Mon, Dec 19, 2011 at 12:58:37AM +0100, slush wrote: > Maybe I'm retarded, but where's the point in providing alliases containing > yet another hash in URL? Any DNS-based alias system is vulnerable to spoofing. If I can make people's DNS server believe that mining.cz points to my IP, I'll receive payments to you... If no trusted CA is used to authenticate the communication, there is no way to be sure the one you are asking how to pay, is the person you want to pay. Therefore, one solution is to put a bitcoin address in the identification string itself, and requiring SSL communication authenticated using the respective key. This makes the identification strings obviously less useful as aliases, but pure aliases in the sense of human-typable strings have imho limited usefulness anyway - in most cases these identification strings will be communicated through other electronic means anyway. Furthermore, the embedded bitcoin address could be hidden from the user: retrieved when first connecting, and stored together with the URI in an address book. Like ssh, it could warn the user if the key changes (which wil be ignored by most users anyway, but what do you do about that?) -- Pieter