From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V1ilv-0008Kz-So for bitcoin-development@lists.sourceforge.net; Tue, 23 Jul 2013 20:01:23 +0000 Received: from mail-oa0-f42.google.com ([209.85.219.42]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V1ils-0007vH-O8 for bitcoin-development@lists.sourceforge.net; Tue, 23 Jul 2013 20:01:23 +0000 Received: by mail-oa0-f42.google.com with SMTP id j6so12428440oag.15 for ; Tue, 23 Jul 2013 13:01:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=7tT/Kn9kdaFzeydBkB2UmJEzBh4gGNgMSIPTfGfIByM=; b=mV9WKqh5AmDq4tsL9jXyCf1UoY0GVhtILG94Gvo3/A5O2DYQ8YYSvP9myEnmisPYmg C4yw39wDJsFiUZRfiIyuI4iBuHuqRBhsP+y1mEoxKO/r6CjuXzE22UVxwEsmKNC5XdBS rGeK/lWuIXoEUPloBzqhKyMErqLU/jrHdLc5N/kAXzE7GrTtlEhy06sIlrYo6AUCa3MM /4APGoGJT4XknILsVjdgtZUqLOaWBpRzKd3hoYcGV0A1CGKBbmY2rOyr6dduoVjHMGpA fJabVZ+hdubM0Ia+YiU/8740SHbjVVu3FZXrV4GdYo8nettJNxPAc5yuYaHhdVCvqg3n 0nqw== X-Received: by 10.60.38.199 with SMTP id i7mr32450453oek.36.1374608211601; Tue, 23 Jul 2013 12:36:51 -0700 (PDT) Received: from [192.168.1.118] (adsl-71-131-180-114.dsl.sntc01.pacbell.net. [71.131.180.114]) by mx.google.com with ESMTPSA id g1sm42898849oeq.6.2013.07.23.12.36.49 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jul 2013 12:36:50 -0700 (PDT) Message-ID: <51EEDB57.4070108@monetize.io> Date: Tue, 23 Jul 2013 12:36:55 -0700 From: Mark Friedenbach Organization: Monetize.io Inc. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <201307231030.14139.andyparkins@gmail.com> <20130723094703.GA25900@savin> In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQnJhaaOIsX0nP86ato8LIsWkkAnE/I+jj5C57Riy6HgiU8RC4vm2/4ha68IY6J8lsnbMak5 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1V1ils-0007vH-O8 Subject: Re: [Bitcoin-development] HTTP REST API for bitcoind X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2013 20:01:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/23/13 3:29 AM, Andreas Schildbach wrote: > > Yes, I understand that. For this reason, I would vote for adding the > usual HTTP authentication/SSL stuff to the REST API. That way, SPV users > can decide to run their own instance of the API (providing the needed > resources themselves). > > Or, a trusted party can set up a server. For example, I would be willing > to set it up for users of Bitcoin Wallet. I don't expect shitloads of > paper wallets sweeps for the forseeable future. > > Anyone who wants HTTP authentication or TLS can wrap it with nginx, or something similar. In the process they could put appropriate restrictions in place on incoming requests, and the onus would be on them, not us to keep it secure. Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJR7ttWAAoJEAdzVfsmodw4UmIP/36lK2TDc7mLTT8rbflJhl3v TL4CFKhXj6OuzG7tyino3Djs4EQnyk+CbpfOmJ8kYr29GPaZttuDJhYXtJqQBQCi DPq79ktudHnVMLPirEs7dUrLo+TAqhYX+8Sj+eTlW+p6YZg3JbkOAIPJG7597OK4 zzU8Oxr0XKJFfGscKfkPThxJboNqzJYGl3otHUMXM4HsbIRYmrx4QSr8y7dsVgTd YZnD4bJO+eY4ZPzCcFdkPD/8bXQyKC5nPOH8/79lARNLESwB4OW79uf9q86EuH2O jZQ1qwpRNHblrNWS1/U2E4+7hEidvgZBwQhj+HbWgKiPWh4Df1lEXq6bLQQwdn6/ b+jfiwg7xpb7eB2M4gPZ0uF/1TIcGJN3+LWEULFNTT/vsjyD/UU63ahZ1kVv7X0m W1NrbKjXxDbip+x3N7HLIu3zqAAaa0ele7OysyFCL6ZlwwafwJiEZZgHn2Iw7I1L S7lYBbFoLfXlOMVXNaKHPEV5gQEveMROJVBtnWkqShPQM0N/+Z+TXZes37up0GVo d7ptPfNbUNDTFc8Jj3+5rIyy3dUvSyMJlHZhsLmtCUnbQ867ZOgeUS52a8XQ+nJY 8IsShLfLk6fRWmHrwo9lzZQ/TbbUNyoUje0Ns6iL7G3IZwDqJH3kAGb/bkj/piDu tPNcN8bkYeNobTFIH+o4 =jV80 -----END PGP SIGNATURE-----