From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WN4WB-0006N3-9K for bitcoin-development@lists.sourceforge.net; Mon, 10 Mar 2014 18:01:39 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.179 as permitted sender) client-ip=209.85.216.179; envelope-from=etotheipi@gmail.com; helo=mail-qc0-f179.google.com; Received: from mail-qc0-f179.google.com ([209.85.216.179]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WN4W7-0003Zn-Ej for bitcoin-development@lists.sourceforge.net; Mon, 10 Mar 2014 18:01:39 +0000 Received: by mail-qc0-f179.google.com with SMTP id m20so8236087qcx.10 for ; Mon, 10 Mar 2014 11:01:30 -0700 (PDT) X-Received: by 10.229.50.6 with SMTP id x6mr36161517qcf.8.1394474489947; Mon, 10 Mar 2014 11:01:29 -0700 (PDT) Received: from [192.168.1.85] (c-76-111-96-126.hsd1.md.comcast.net. [76.111.96.126]) by mx.google.com with ESMTPSA id h46sm27485148qgd.10.2014.03.10.11.01.28 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Mar 2014 11:01:29 -0700 (PDT) Message-ID: <531DFDF8.80008@gmail.com> Date: Mon, 10 Mar 2014 14:01:28 -0400 From: Alan Reiner User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/alternative; boundary="------------020008060909000309020903" X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (etotheipi[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WN4W7-0003Zn-Ej Subject: Re: [Bitcoin-development] Multisign payment protocol? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 18:01:39 -0000 This is a multi-part message in MIME format. --------------020008060909000309020903 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Then of course I tried to do this with BIP 10 when Armory implemented offline-transactions two years ago. I got some positive feedback, but no one wanted to help improve it, etc. I guess nobody else was doing it and/or cared at the time. So I continue to use BIP 10 even though it's pretty crappy. I wanted it to be useful for multisig, too, but it has some deficiencies there (it was done when Armory was extremely young and OP_EVAL was still on the table). However, with all this activity, we should start thinking about that and discussing it. Otherwise, I'll just do my own thing again and probably end up with something that fits my own needs, but not anyone else's. Really though, multisig shouldn't require all the same app to work. -Alan On 03/10/2014 01:49 PM, Gavin Andresen wrote: > In my experience, best process for standardizing something is: > > 1) Somebody has a great idea > 2) They implement it > 3) Everybody agrees, "Great idea!" and they copy it. > 4) Idea gets refined by the people copying it. > 5) It gets standardized. > > Mutisig wallets are at step 2 right now. BIP is step 5, in my humble > opinion... > > > > > On Mon, Mar 10, 2014 at 1:39 PM, Drak > wrote: > > I was wondering if there would be merit in a kind of BIP for a > payment protocol using multisig? > > Currently, setting up a multisig is quite a feat. Users have to > exchange public keys, work out how to get the public keys from > their addresses. If one of the parties are not savvy enough, an > malicious party could easily be setup that was 2 of 3 instead of 2 > of 2 where the malicious party generates the multisig > address+script and thus be able to run off with funds anyway. > > It's also terribly complex to generate and keep track of. There's > been a nice attempt at creating an browser interface at > coinb.in/multisig but it still lacks > the kind of ease with created by the payment protocol. If there > was a BIP then it would go a long way to aiding future usability > of multisig wallet implementations. > > What are your thoughts? > > Drak > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases > and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > -- > -- > Gavin Andresen > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development --------------020008060909000309020903 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Then of course I tried to do this with BIP 10  when Armory implemented offline-transactions two years ago.  I got some positive feedback, but no one wanted to help improve it, etc.  I guess nobody else was doing it and/or cared at the time.  So I continue to use BIP 10 even though it's pretty crappy.  I wanted it to be useful for multisig, too, but it has some deficiencies there (it was done when Armory was extremely young and OP_EVAL was still on the table).

However, with all this activity, we should start thinking about that and discussing it.  Otherwise, I'll just do my own thing again and probably end up with something that fits my own needs, but not anyone else's.  Really though, multisig shouldn't require all the same app to work.

-Alan


On 03/10/2014 01:49 PM, Gavin Andresen wrote:
In my experience, best process for standardizing something is:

1) Somebody has a great idea
2) They implement it
3) Everybody agrees, "Great idea!" and they copy it.
4) Idea gets refined by the people copying it.
5) It gets standardized.

Mutisig wallets are at step 2 right now. BIP is step 5, in my humble opinion...




On Mon, Mar 10, 2014 at 1:39 PM, Drak <drak@zikula.org> wrote:
I was wondering if there would be merit in a kind of BIP for a payment protocol using multisig?

Currently, setting up a multisig is quite a feat. Users have to exchange public keys, work out how to get the public keys from their addresses. If one of the parties are not savvy enough, an malicious party could easily be setup that was 2 of 3 instead of 2 of 2 where the malicious party generates the multisig address+script and thus be able to run off with funds anyway.

It's also terribly complex to generate and keep track of. There's been a nice attempt at creating an browser interface at coinb.in/multisig but it still lacks the kind of ease with created by the payment protocol. If there was a BIP then it would go a long way to aiding future usability of multisig wallet implementations.

What are your thoughts?

Drak

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development




--
--
Gavin Andresen


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech


_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

--------------020008060909000309020903--