From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1RbaG4-0008JM-5x for bitcoin-development@lists.sourceforge.net; Fri, 16 Dec 2011 16:03:40 +0000 X-ACL-Warn: Received: from mail-vx0-f175.google.com ([209.85.220.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1RbaFy-00030n-J2 for bitcoin-development@lists.sourceforge.net; Fri, 16 Dec 2011 16:03:40 +0000 Received: by vcbf1 with SMTP id f1so2155161vcb.34 for ; Fri, 16 Dec 2011 08:03:29 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.210.196 with SMTP id gl4mr3782085vcb.3.1324051408475; Fri, 16 Dec 2011 08:03:28 -0800 (PST) Received: by 10.52.37.80 with HTTP; Fri, 16 Dec 2011 08:03:28 -0800 (PST) In-Reply-To: <20111216083536.GA20470@ulyssis.org> References: <1323728469.78044.YahooMailNeo@web121012.mail.ne1.yahoo.com> <20111216083536.GA20470@ulyssis.org> Date: Fri, 16 Dec 2011 08:03:28 -0800 Message-ID: From: Rick Wesson To: Pieter Wuille Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 0.2 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 AWL AWL: From: address is in the auto white-list X-Headers-End: 1RbaFy-00030n-J2 Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] [BIP 15] Aliases X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Dec 2011 16:03:40 -0000 On Fri, Dec 16, 2011 at 12:35 AM, Pieter Wuille wrote: > On Mon, Dec 12, 2011 at 02:21:09PM -0800, Amir Taaki wrote: >> I wrote this pre-draft: [snip] > > To conclude: my suggestion would be to use URLs as address identifiers, > optionally suffixed with a bitcoin address for authentication. > This means my "address" would be either "sipa.be/pw.btc" or > "sipa.be/pw.btc$14TYdpodQQDKVgvUUcpaMzjJwhQ4KYsipa" (where "https://") > is an implicit default. Initiating a payment to either of these would > result in a GET of https://sipa.be/pw.btc. When a transaction is > constructed, it is POSTed back to that URL. > > If we can agree on reasonable hardcoded mapping, pw@sipa.be could just > be a shorthand for either of these (though vulnerable to proofing...). I believe that any URI scheme will still leverage DNS and inherit any base issues you would have with TXT records. I suggest looking at DANE and reviewing their work on hardening certificate (x.509) infrastructure as your HTTPS scheme will inherit the issues we currently experience with CAs getting p0wned. Hardening the protocols and usability are related. Please look at some of the work done in the IETF which has a long history in addressing many of the issues you are considering. Review some of the elegance in the bitcoin protocols. The proposals in this thread are neither clear nor elegant. If you can't reach nearly the same level of sophistication then I suggest you rethink your scheme. -rick