Re: [Bitcoin-development] Draft BIP for seamless website authentication using Bitcoin address

["Eric Larchevêque" <elarch@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2604 bytes --]

>
>
> Why do you need it? Because you don't want to implement a login system?
> Very, very few websites are the sort of place where they'd want to
> authenticate with only a Bitcoin address. If for no other reason than
> they'd have no way to email you, and if you lost your wallet, you'd lose
> all your associated data.
>

Well, the major difference is that you could sign up effortlessy to a
service, and associate your email later.
If more people sign up to more services, it's a good thing for the
ecosystem.


>
>
>> Without such a standard protocol, you could never envision a pure Bitcoin
>> physical locker rental, or booking an hotel room via Bitcoin and opening
>> the door through the paying address.
>>
>
> In future there often won't be a simple paying address. For instance, if
> my coins are in a multi-sig relationship with a risk analysis service,
> there will be two keys for each input and an arbitrary number of inputs. So
> does that mean the risk analysis service gets to open my locker? Why?
>


> What if I do a shared spend/CoinJoin type tx? Now anyone who took part in
> the shared tx with me can get into my hotel room too?
>
>

In a perfect world, you would pay your locker with a "normal" transaction.
The same way you shouldn't play satoshi dice from a shared wallet.

But your point is totaly valid, and I don't have answer to that except that
I'd love to have a Bitcoin authenticated locker in our Bitcoin co working
office.


>
>
> These are the kinds of problems that crop up when you mix together two
> different things: the act of paying, and the act of identifying yourself.
> You're assuming that replacing a password people can remember with a
> physical token (their phone) which can be stolen or lost, would be seen as
> an upgrade. Given a choice between two physical lockers, one of which lets
> me open it with a password and one of which insists on a cryptographic
> token, I'm going to go for the former because the chances of me losing my
> phone is much higher than me forgetting my password.
>
> All the tools you need already exist in the form of client certificates,
> with the advantage that web servers and web browsers already support them.
> The biggest pain point with them is backup and cross-device sync, which of
> course wallets suffer from too!
>


Bitcoin users are normaly already paying some effort to securise and backup
their wallets / keys. So it's just about leveraging that.

I would myself pick a crypto locker, because I'm the kind of guy who
Facebook connects and I follow the easiest path, even if it has long term
costs :)

Eric

[-- Attachment #2: Type: text/html, Size: 4596 bytes --]