public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] Payment protocol for onion URLs.
Date: Fri, 25 Oct 2013 20:31:05 -0700	[thread overview]
Message-ID: <CAAS2fgRRobkE2GdYomtJof7HCH-9ZczE9EBj7DBS-pCGscUSNQ@mail.gmail.com> (raw)

One limitation of the payment protocol as speced is that there is no
way for a hidden service site to make use of its full authentication
capability because they are unable to get SSL certificates issued to
them.

A tor hidden service (onion site) is controlled by an RSA key.

It would be trivial to pack a tor HS pubkey into a self-signed x509
certificate with the cn set to foooo.onion.

If we specified in the payment protocol an additional validation
procedure for [base32].onion hosts that just has it hash and base32
encode the pubkey (as tor does) then the payment protocol could work
seamlessly with tor hosts. (Displaying that the payment request came
from "foooo.onion").  I believe that the additional code for this
would be trivial (and I'll write it if there is support for making
this a standard feature).

This would give us an fully supported option which is completely CA
free... it would only work for tor sites, but the people concerned
about CA trechery are likely to want to use tor in any case.

Thoughts?



             reply	other threads:[~2013-10-26  3:31 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-26  3:31 Gregory Maxwell [this message]
2013-10-26  3:41 ` [Bitcoin-development] Payment protocol for onion URLs Luke-Jr
2013-10-26  4:06   ` Gregory Maxwell
2013-10-28 12:14     ` Adam Back
2013-10-28 13:21       ` Mike Hearn
2013-10-26  3:55 ` Gavin Andresen
2013-10-26  4:15 ` Peter Todd
2013-10-28  5:58 ` John Dillon
2013-10-28 19:37   ` Jeremy Spilman
2013-10-31  0:44     ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAS2fgRRobkE2GdYomtJof7HCH-9ZczE9EBj7DBS-pCGscUSNQ@mail.gmail.com \
    --to=gmaxwell@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox