public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Luke Dashjr <luke@dashjr.org>
To: bitcoin-dev@lists.linuxfoundation.org,
	"Arthur - bitcoin-fr.io" <arthur@bitcoin-fr.io>
Subject: Re: [bitcoin-dev] URI scheme for signing and verifying messages
Date: Tue, 15 Sep 2015 04:03:40 +0000	[thread overview]
Message-ID: <201509150403.40909.luke@dashjr.org> (raw)
In-Reply-To: <c5f5105e2d5b9cc1873f84cb0b172285@rainloop.aaawop.com>

On Monday, September 14, 2015 6:57:01 PM Arthur - bitcoin-fr.io via bitcoin-
dev wrote:
> Hi,I realized that there isn't any way to ask for a signature (or to verify
> a message) as easily you can do when requesting a payment using a bitcoin
> URI scheme (BIP0021).I think a URI scheme to use the signing tools in
> bitcoin core might be useful, and with a proper consensus it could become
> available in most bitcoin clients who already support message
> signing/verifying and payment url (or QRCode) and enable new uses of
> bitcoin signatures.A way to gain proper consensus is going through a BIP,
> so that's why I'm here: to present my idea publicly before going any
> further (draft BIP and reference implementation).Some thoughts - like
> BIP0021: "Bitcoin clients MUST NOT act on URIs without getting the user's
> authorization." so signing requires the user to manually approve the
> process - it could use the same URI scheme than BIP0021 with an additional
> parameter (ex: signaction=) or use another one like BIP121 (ex: btcsig:)PS
> : I'll also post a topic in "Development & Technical Discussion" section
> on Bitcointalk --Arthur Bouquet

I think probably the whole signed message thing needs to be rethought. The 
most common "uses" today seem to be insecure cases that it doesn't actually 
work in: people trying to prove ownership of bitcoins and/or that they sent 
bitcoins (current signed messages can do neither). Ideally, whatever the new 
method is should also avoid using the same key as for signing transactions, 
since the public key is technically private information. Furthermore, since 
addresses are semi-deprecated (by the payment protocol), I'm not sure it 
makes sense to do this without designing an entire authentication system, 
which may be rather complex.

Luke


  parent reply	other threads:[~2015-09-15  4:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-14 18:57 [bitcoin-dev] URI scheme for signing and verifying messages Arthur - bitcoin-fr.io
2015-09-14 23:51 ` Thomas Kerin
2015-09-15  4:03 ` Luke Dashjr [this message]
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2015-09-15 12:08   ` Luke Dashjr
2015-09-15 13:21   ` Arthur - bitcoin-fr.io

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201509150403.40909.luke@dashjr.org \
    --to=luke@dashjr.org \
    --cc=arthur@bitcoin-fr.io \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox