From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WW5Xq-0001sc-Kb for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 14:56:38 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.178 as permitted sender) client-ip=209.85.217.178; envelope-from=elarch@gmail.com; helo=mail-lb0-f178.google.com; Received: from mail-lb0-f178.google.com ([209.85.217.178]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WW5Xp-0006tK-Pw for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 14:56:38 +0000 Received: by mail-lb0-f178.google.com with SMTP id s7so2515681lbd.23 for ; Fri, 04 Apr 2014 07:56:31 -0700 (PDT) X-Received: by 10.112.137.193 with SMTP id qk1mr902622lbb.53.1396623390891; Fri, 04 Apr 2014 07:56:30 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.31.165 with HTTP; Fri, 4 Apr 2014 07:56:10 -0700 (PDT) In-Reply-To: References: From: =?ISO-8859-1?Q?Eric_Larchev=EAque?= Date: Fri, 4 Apr 2014 16:56:10 +0200 Message-ID: To: Mike Hearn Content-Type: multipart/alternative; boundary=089e01182f961963c404f638b9f9 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (elarch[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WW5Xp-0006tK-Pw Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Draft BIP for seamless website authentication using Bitcoin address X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2014 14:56:38 -0000 --089e01182f961963c404f638b9f9 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Apr 4, 2014 at 4:51 PM, Mike Hearn wrote: > My view on this is mainly about the UX and the fact everyone in >> Bitcoinland has a wallet. >> > > Well, yes, but we also have browsers too :) > > Yes, but no one will ever install a plug in. And all will update their wallets with the last version, including the auth protocol. > I don't want to suggest the problem is unimportant - I'd love it if the > world could move beyond passwords. But I have many scars from my time in > the Google account swamps. We had a big team, lots of resources and even > just getting people to use their phone as a second factor - *the simplest > second factor possible* - was a huge uphill battle that most users just > didn't care about. People like passwords. If you can find a way to make > something that's better than a password but just as convenient, fantastic! > But I don't think Bitcoin addresses are such a thing. > I perfectly understand all the objections, and they are very good points. I have at least two wallets enthousiastic about the project so the protocol will be implemented and it will give some room to experiment. The BIP came from the idea we should formalize the standard so all wallets could participate, and it felt more logical to come forward with it. Maybe a better strategy would be to start "privately" with a few wallets and services using the protocol, and to come back to the BIP there is usability and traction. Eric --089e01182f961963c404f638b9f9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

= On Fri, Apr 4, 2014 at 4:51 PM, Mike Hearn <mike@plan99.net> w= rote:
=
My view on this is mainly about the UX and the fact everyone in B= itcoinland has a wallet.

Well, yes, but we also have browsers too :)=A0


Yes, but = no one will ever install a plug in.
And all will update their wal= lets with the last version, including the auth protocol.
=A0
=
I don't want to suggest the = problem is unimportant - I'd love it if the world could move beyond pas= swords. But I have many scars from my time in the Google account swamps. We= had a big team, lots of resources and even just getting people to use thei= r phone as a second factor - the simplest second factor possible=A0-= was a huge uphill battle that most users just didn't care about. Peopl= e like passwords. If you can find a way to make something that's better= than a password but just as convenient, fantastic! But I don't think B= itcoin addresses are such a thing.

I perfectly underst= and all the objections, and they are very good points.

I have at least two wallet= s enthousiastic about the project so the protocol will be implemented and i= t will give some room to experiment.
The BIP came from the idea we should formalize t= he standard so all wallets could participate, and it felt more logical to c= ome forward with it.

Maybe a better strategy would be to start "privately" with a few = wallets and services using the protocol, and to come back to the BIP there = is usability and traction.

Eric

<= br>
--089e01182f961963c404f638b9f9--