From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VClHa-00059X-Rc for bitcoin-development@lists.sourceforge.net; Fri, 23 Aug 2013 06:55:42 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.47 as permitted sender) client-ip=209.85.215.47; envelope-from=gmaxwell@gmail.com; helo=mail-la0-f47.google.com; Received: from mail-la0-f47.google.com ([209.85.215.47]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VClHX-00052b-CI for bitcoin-development@lists.sourceforge.net; Fri, 23 Aug 2013 06:55:42 +0000 Received: by mail-la0-f47.google.com with SMTP id eo20so190831lab.6 for ; Thu, 22 Aug 2013 23:55:32 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.115.176 with SMTP id jp16mr14037930lab.17.1377240932544; Thu, 22 Aug 2013 23:55:32 -0700 (PDT) Received: by 10.112.89.72 with HTTP; Thu, 22 Aug 2013 23:55:32 -0700 (PDT) In-Reply-To: References: Date: Thu, 22 Aug 2013 23:55:32 -0700 Message-ID: From: Gregory Maxwell To: Maciej Trebacz Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VClHX-00052b-CI Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Way to tell that transaction was issued by a specific person/company X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Aug 2013 06:55:43 -0000 On Thu, Aug 22, 2013 at 11:26 PM, Maciej Trebacz wrote: > So if you have multiple addresses you can't > sign them with a single private key and include that signature in the > transaction so other party can verify it against your public key. This co= uld > become very handy though - a reputable wallet service could issue > transactions that require zero confirmations from the other party, becaus= e > with the added signature they know that the transaction is from this > reputable service and they trust that this service won't try to double > spend. I'm thinking of something like Mt.Gox's "green address", but baked > into protocol (Mt.Gox does this by sending your funds to some known by th= e > others Bitcoin address and then relaying them to the final destination). > > Do you think it's possible/feasible to add a feature like this to the It's feasible to do such things but I believe highly undesirable. You're taking data which is inherently only of short term interest to a single party in the whole world (the receiver) and enlarging the transaction and increasing the effective transaction fees while forcing (say) a hundred thousand other parties to spend effort transmitting it, processing it, and storing it for all time. While doing so you also leak to the whole world=E2=80=94 who would have previously had no way or reason to know=E2=80=94 who the identity of one of the parties in the transaction is in a strong cryptographically non-reputable way... which then lowers the privacy of everyone in the transaction graph region of that transaction since some coercive force could send some ninjas out to bust some kneecaps of the identified party until they tell them where those coins came from and where they went. If you observe section 10 of Bitcoin.pdf you can see that privacy in Bitcoin is based _exclusively_ on using pseudonymous identities on every transaction. If you break that, you remove privacy from Bitcoin, leaving it at a competitive disadvantage to centeralized payment systems, which all provide pretty good basic privacy (against most criminals and nosy neighbors) as a core feature. Instead: You can simply perform this transaction using the payment protocol, which could provide along all sorts of additional metadata including signatures from the relevant parties. By doing this, only the parties that need to learn something learn something: privacy is preserved and bloat is avoided. If the payment protocol is too heavy handed for you, simply giving the user a signmessaged txid can show a promise to pay for a transaction without highly public communication.