public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Luke-Jr <luke@dashjr.org>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts
Date: Mon, 26 Nov 2012 18:32:46 -0500	[thread overview]
Message-ID: <CAAS2fgS3f1RKzPnni4LXgXfSUrxSrB3+vhdmbsVz2Rs5pScL=w@mail.gmail.com> (raw)
In-Reply-To: <201211262319.37533.luke@dashjr.org>

On Mon, Nov 26, 2012 at 6:19 PM, Luke-Jr <luke@dashjr.org> wrote:
> On Monday, November 26, 2012 11:16:03 PM Mike Hearn wrote:
>> They could be included as well of course, but from a seller
>> perspective the most important thing is consistency. You have to be
>> able to predict what CAs the user has, otherwise your invoice would
>> appear in the UI as unverified and is subject to manipulation by
>> viruses, etc.
>
> That's expected behaviour - except it's mainly be manipulated by *users*, not
> viruses (which can just as easily manipulate whatever custom cert store we
> use). If I don't trust Joe's certs, I don't want Bitcoin overriding that no
> matter who Joe is or what connections he has.
>
>> So using the OS cert store would effectively restrict merchants to the
>> intersection of what ships in all the operating systems their users
>> use, which could be unnecessarily restrictive. As far as I know, every
>> browser has its own cert store for that reason.
>
> Browsers with this bug are not relevant IMO.


This is messy.   It's important to people to know that their cert will
be accepted by ~everyone because non-acceptance looks like malice.  If
the cert system is actually to provide value then false positives need
to be low enough that people can start calling in law enforcement,
computer investigators, etc.. every time a cert failure happens.
Otherwise there is little incentive for an attacker to not _try_.

Obviously the state of the world with browsers is not that good... but
in our own UAs we can do better and get closer to that.

Would you find it acceptable if something supported a static whitelist
plus a OS provided list minus a user configured blacklist and the
ability for sophisticated users to disable the whitelist?

This way people could trust that if their cert is signed via one on
the whitelist they'll work for ALL normal users.. and the UI can have
very strong behavior that protects people (e.g. no 'click here to
disable all security because tldr' button)... but advanced users who
can deal with sorting out failure can still have complete control
including OS based control.



  parent reply	other threads:[~2012-11-26 23:32 UTC|newest]

Thread overview: 87+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-26 22:37 [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts Gavin Andresen
2012-11-26 23:02 ` Mike Hearn
2012-11-26 23:13   ` Luke-Jr
2012-11-26 23:16     ` Mike Hearn
2012-11-26 23:19       ` Luke-Jr
2012-11-26 23:27         ` Mike Hearn
2012-11-26 23:32         ` Gregory Maxwell [this message]
2012-11-26 23:44           ` Luke-Jr
2012-11-27  0:16             ` Gregory Maxwell
2012-11-27  0:26               ` Mike Hearn
2012-11-27  0:45                 ` Rick Wesson
2012-11-27  1:09                   ` Gavin
2012-11-27  8:44                   ` Mike Hearn
2012-11-27  0:44               ` Luke-Jr
2012-11-26 23:38 ` Rick Wesson
2012-11-26 23:52 ` Jeff Garzik
2012-11-27  0:02   ` Rick Wesson
2012-11-27  0:31     ` Luke-Jr
2012-11-27  0:37       ` Rick Wesson
2012-11-27  2:16 ` Walter Stanish
2012-11-27  2:47   ` Gregory Maxwell
2012-11-27  3:16     ` Walter Stanish
2012-11-27  3:29       ` Rick Wesson
2012-11-27  3:31         ` Walter Stanish
2012-11-27  3:54           ` Rick Wesson
2012-11-27  4:17             ` Walter Stanish
2012-11-27  8:43               ` Michael Gronager
2012-11-27 10:23                 ` Mike Hearn
2012-11-27 10:42                   ` Michael Gronager
2012-11-27 11:36                     ` Pieter Wuille
2012-11-27 11:46                       ` Michael Gronager
2012-11-27 12:03                     ` Mike Hearn
2012-11-27 12:39                       ` Michael Gronager
2012-11-27 14:05                         ` Gavin Andresen
2012-11-27 14:26                           ` Gavin Andresen
2012-11-28 13:55                           ` Walter Stanish
2012-11-27 17:03 ` Andy Parkins
2012-11-27 17:14   ` Mike Hearn
2012-11-27 17:26     ` Andy Parkins
2012-11-27 18:16       ` Mike Hearn
2012-11-27 21:39         ` Gavin Andresen
2012-11-28 10:43           ` Mike Hearn
2012-11-28 12:57             ` Peter Todd
2012-11-28 14:09               ` Gavin Andresen
2012-11-28  8:33 ` Peter Todd
2012-11-28 23:36 ` Roy Badami
2012-11-29  0:30   ` Watson Ladd
2012-11-29  8:16     ` slush
2012-11-29 16:11   ` Gavin Andresen
2012-11-29 17:07     ` Roy Badami
2012-11-29 17:30       ` Gavin Andresen
2012-11-29 17:31       ` Mike Hearn
2012-11-29 18:53         ` Roy Badami
2012-12-01 19:25           ` Gavin Andresen
2012-12-03 19:35             ` Mike Koss
2012-12-03 20:59               ` Gavin Andresen
2012-12-03 21:28               ` Mike Hearn
2012-12-03 22:26                 ` Roy Badami
2012-12-03 22:34                   ` Jeff Garzik
2012-12-03 22:48                     ` Roy Badami
2012-12-16 21:15               ` Melvin Carvalho
2012-12-17  2:18                 ` Jeff Garzik
2012-12-17  8:24                   ` Melvin Carvalho
2012-12-17  9:19                     ` Mike Hearn
2012-12-17  9:31                       ` Gary Rowe
2012-12-17 11:23                       ` Melvin Carvalho
2012-12-17 17:57                         ` Gavin Andresen
2012-12-20 16:53                           ` Stephen Pair
2012-12-20 17:43                             ` Mike Hearn
2012-12-20 19:32                               ` Stephen Pair
2012-12-21 17:05                                 ` Stephen Pair
2012-12-24  0:38                                   ` Elden Tyrell
2012-12-04 17:06             ` Mike Hearn
2012-12-05 19:34               ` Gavin Andresen
2012-12-06  6:31                 ` Andreas Petersson
2012-12-06  8:53                   ` Mike Hearn
2012-12-06 16:56                     ` Gavin Andresen
2012-12-06 17:55                       ` Mike Hearn
2012-12-06 19:13                         ` Gavin Andresen
2012-12-07 10:45                           ` Mike Hearn
2012-12-07 11:01                             ` Mike Hearn
2012-12-07 16:19                               ` Gavin Andresen
2012-12-07 16:27                                 ` Mike Hearn
2012-12-06 18:13                       ` Alan Reiner
     [not found]                       ` <CALf2ePx5jS@mail.gmail.com>
2014-09-17 19:28                         ` Vezalke
2012-12-03 21:42         ` Gregory Maxwell
2012-12-23  2:33 ` Mark Friedenbach

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAAS2fgS3f1RKzPnni4LXgXfSUrxSrB3+vhdmbsVz2Rs5pScL=w@mail.gmail.com' \
    --to=gmaxwell@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=luke@dashjr.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox