public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "Eric Larchevêque" <elarch@gmail.com>
To: Mike Hearn <mike@plan99.net>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Draft BIP for seamless website authentication using Bitcoin address
Date: Fri, 4 Apr 2014 16:42:56 +0200	[thread overview]
Message-ID: <CA+WZAEqREDkDvmhM7AY+Ju3fkm3uOGm39Ef9+SYoEr43ybbg2Q@mail.gmail.com> (raw)
In-Reply-To: <CANEZrP2Z5x0_kOQ=8-BMzbmi9=D=ou=s3dgEksMA5F84BHSt9A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2973 bytes --]

>
> The goal of writing a BIP seems to be to get lots of different wallet
> authors to write lots of code for you - but I *am* a wallet author, and I
> don't think that's the right way to get traction with a new scheme.
>

I started without a BIP and the feedback I got is that I should to a BIP.
We cannot write all the code for all the wallets ; this is after all a
communauty project.
However we have and we will propose bounties for each wallet to support
natively the protocol.


> For instance the TREZOR guys would have to support your new protocol
> otherwise if I paid my hotel bill with my TREZOR I couldn't open the door
> when I got there! But they probably have better things to be doing right
> now.
>

Yes you are right. But if the concept of authenticating yourself gets
traction, they will probably do it.


> The key difference between just generating a client certificate and using
> a Bitcoin address is that the client certificate is something that is used
> *specifically* for identification. It leaves no trace in the block chain,
> so no weird privacy issues, it doesn't matter how you manage your wallet,
> and you don't have to persuade lots of people to support your idea because
> it was already done >10 years ago and basically every browser/web server
> supports it.
>

My view on this is mainly about the UX and the fact everyone in Bitcoinland
has a wallet.
It's a approach leveraging this fact, with the possibility to build
interesting apps combining address auth and the blockchain.

I understand the problems related to multisig, contracts etc,
There is no such thing as a from address in a transaction, however many
services still take first tx as the return address.
People will always find way of building and doing stuff (cf the message in
the blockchain debate).


> Some reasons client certs aren't more widely used boil down to:
>
>    1. People like passwords. In particular they like forgetting them and
>    then having friendly people assist them to get it back. Client certs can
>    support this use case, but only if apps are checking the identity in them
>    and not the key.
>    2. The UI for managing client certs in browsers is pretty horrible.
>    There's little incentive to improve it because of (1).
>    3. Cross-device sync doesn't work very well. Apple are starting to
>    tackle this with their iCloud Keychain Sync service but then of course,
>    Apple has all your keys and you may well just sign in to things with your
>    Apple account (if it were to be supported). Cross-device sync where the
>    server *doesn't* get your keys is supported by Chrome for passwords,
>    but not client certs, because (1)
>
> None of the above issues have any obvious fix lurking within Bitcoin.
>

There is also the benefit of revocation with certificate and central
authority.

But, again, you already have a wallet and a Bitcoin address.
So if you add a simple auth protocol, people will use it at no cost.

Eric

[-- Attachment #2: Type: text/html, Size: 4331 bytes --]

  reply	other threads:[~2014-04-04 14:43 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-04 12:15 [Bitcoin-development] Draft BIP for seamless website authentication using Bitcoin address Eric Larchevêque
2014-04-04 13:08 ` Mike Hearn
2014-04-04 13:22   ` Eric Larchevêque
2014-04-04 13:32     ` Gavin Andresen
2014-04-04 13:47       ` Eric Larchevêque
2014-04-07 20:08       ` Troy Benjegerdes
2014-04-07 21:55         ` Ricardo Filipe
2014-04-07 22:00           ` Eric Martindale
2014-04-04 13:43     ` Mike Hearn
2014-04-04 13:47       ` Jeff Garzik
2014-04-04 13:54       ` Mike Hearn
2014-04-04 14:42         ` Eric Larchevêque [this message]
2014-04-04 14:51           ` Mike Hearn
2014-04-04 14:56             ` Eric Larchevêque
2014-04-08  3:28               ` Jeff Garzik
2014-04-08  8:13                 ` Mike Hearn
2014-04-08 15:19                   ` Jeff Garzik
2014-04-22  6:34                     ` Jan Møller
2014-04-22  8:57                       ` Eric Larchevêque
2014-04-04 15:00             ` slush
2014-04-04 14:56           ` slush
2014-04-04 15:09             ` Eric Larchevêque
2014-04-04 15:28               ` slush
2014-04-04 15:37               ` Mike Hearn
2014-04-04 15:42                 ` slush
2014-04-04 16:00                 ` Eric Larchevêque
2014-04-04 15:03       ` Eric Larchevêque

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+WZAEqREDkDvmhM7AY+Ju3fkm3uOGm39Ef9+SYoEr43ybbg2Q@mail.gmail.com \
    --to=elarch@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox