public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Mike Hearn <mike@plan99.net>
Cc: bitcoingrant@gmx.com,
	Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Message Signing based authentication
Date: Sat, 2 Nov 2013 14:16:12 +0100	[thread overview]
Message-ID: <CAKaEYhKt=wq_SwnrndpfQjnM9KWEoZ60dEO_wYmux5YsRK0=dQ@mail.gmail.com> (raw)
In-Reply-To: <CANEZrP2UwEX+u0XCxmaMaRWqVMr+3E63UYnVz9oMubbsiJU+6A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2035 bytes --]

On 2 November 2013 14:02, Mike Hearn <mike@plan99.net> wrote:

> On Sat, Nov 2, 2013 at 6:01 AM, <bitcoingrant@gmx.com> wrote:
>
>> In brief, the authentication work as follows:
>>
>>
>>
>> Server provides a token for the client to sign.
>>
>> client passes the signed message and the bitcoin address back to the
>> server.
>>
>> server validates the message and honors the alias (optional) and bitcoin
>> address as identification.
>>
>
> http://pilif.github.io/2008/05/why-is-nobody-using-ssl-client-certificates/
>

I actually use client certificates for almost all of my authentication.

It's true that the browser manufacturers have created an UX which is not
ideal, and very little effort is made to improve it.  But it is possible.
See this project from Mozilla labs.

http://www.azarask.in/blog/post/identity-in-the-browser-firefox/

Unfortunately this got killed :(

More popular is the trusted third party model like OAuth or Persona.
There's a conflict of interest as well, because browser manufacturers are
often identity providers too, so there is an incentive to push TTP
technology.

There's two elements here.  One is paswordless login (which I love).  The
other is who controls your identity.  I like to control my own identity (in
my browser) using PKI.  But facebook and the big webmail providers have a
lions share of the market.

The way to shift the balance is to offer the right incentives.


>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 4698 bytes --]

  reply	other threads:[~2013-11-02 13:16 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-02  5:01 [Bitcoin-development] Message Signing based authentication bitcoingrant
2013-11-02  5:54 ` Luke-Jr
2013-11-02 13:02 ` Mike Hearn
2013-11-02 13:16   ` Melvin Carvalho [this message]
2013-11-02 13:19   ` Hannu Kotipalo
2013-11-02 16:26     ` Mike Hearn
2013-11-02 16:26       ` Mike Hearn
2013-11-02 16:52       ` Melvin Carvalho
2013-11-02 17:08         ` Jeff Garzik
2013-11-02 17:16           ` Hannu Kotipalo
2013-11-02 21:14 ` Johnathan Corgan
2013-11-02 21:51   ` Mark Friedenbach
2013-11-03  0:29     ` Allen Piscitello
2013-11-03  0:33       ` Luke-Jr
2013-11-03  1:19         ` Allen Piscitello
2013-11-03  1:27           ` Luke-Jr
2013-11-03  1:36             ` Allen Piscitello
2013-11-03  6:23   ` Timo Hanke
2013-11-06  3:38   ` Melvin Carvalho
2013-11-02 21:57 ` slush
2013-11-06  3:01   ` Melvin Carvalho
2013-11-06  6:41     ` slush
2013-12-06 10:44       ` Melvin Carvalho

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKaEYhKt=wq_SwnrndpfQjnM9KWEoZ60dEO_wYmux5YsRK0=dQ@mail.gmail.com' \
    --to=melvincarvalho@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=bitcoingrant@gmx.com \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox