public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Johnathan Corgan <johnathan@corganlabs.com>
Cc: bitcoingrant@gmx.com,
	Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Message Signing based authentication
Date: Wed, 6 Nov 2013 04:38:59 +0100	[thread overview]
Message-ID: <CAKaEYhLn3+CwJ-vvuDQ9+A8H2g6cnn4HpRp++_fmsrcnj5EkzQ@mail.gmail.com> (raw)
In-Reply-To: <52756B2E.7030505@corganlabs.com>

[-- Attachment #1: Type: text/plain, Size: 1907 bytes --]

On 2 November 2013 22:14, Johnathan Corgan <johnathan@corganlabs.com> wrote:

> On 11/01/2013 10:01 PM, bitcoingrant@gmx.com wrote:
>
> > Server provides a token for the client to sign.
>
> Anyone else concerned about signing an arbitrary string?  Could be a
> hash of $EVIL_DOCUMENT, no?  I'd want to XOR the string with my own
> randomly generated nonce, sign that, then pass the nonce and the
> signature back to the server for verification.
>

Good point.

There are actually times you may want to sign a transaction.

There's a little know HTTP code, 402, "Payment Required".  We should really
start using this at some point ...

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Reserved for future use.[2] The original intention was that this code might
be used as part of some form of digital cash or micropayment scheme, but
that has not happened, and this code is not usually used. As an example of
its use, however, Apple's defunct MobileMe service generated a 402 error if
the MobileMe account was delinquent.[citation needed] In addition, YouTube
uses this status if a particular IP address has made excessive requests,
and requires the person to enter a CAPTCHA.


>
> --
> Johnathan Corgan, Corgan Labs
> SDR Training and Development Services
> http://corganlabs.com
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 3064 bytes --]

  parent reply	other threads:[~2013-11-06  3:39 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-02  5:01 [Bitcoin-development] Message Signing based authentication bitcoingrant
2013-11-02  5:54 ` Luke-Jr
2013-11-02 13:02 ` Mike Hearn
2013-11-02 13:16   ` Melvin Carvalho
2013-11-02 13:19   ` Hannu Kotipalo
2013-11-02 16:26     ` Mike Hearn
2013-11-02 16:26       ` Mike Hearn
2013-11-02 16:52       ` Melvin Carvalho
2013-11-02 17:08         ` Jeff Garzik
2013-11-02 17:16           ` Hannu Kotipalo
2013-11-02 21:14 ` Johnathan Corgan
2013-11-02 21:51   ` Mark Friedenbach
2013-11-03  0:29     ` Allen Piscitello
2013-11-03  0:33       ` Luke-Jr
2013-11-03  1:19         ` Allen Piscitello
2013-11-03  1:27           ` Luke-Jr
2013-11-03  1:36             ` Allen Piscitello
2013-11-03  6:23   ` Timo Hanke
2013-11-06  3:38   ` Melvin Carvalho [this message]
2013-11-02 21:57 ` slush
2013-11-06  3:01   ` Melvin Carvalho
2013-11-06  6:41     ` slush
2013-12-06 10:44       ` Melvin Carvalho

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKaEYhLn3+CwJ-vvuDQ9+A8H2g6cnn4HpRp++_fmsrcnj5EkzQ@mail.gmail.com \
    --to=melvincarvalho@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=bitcoingrant@gmx.com \
    --cc=johnathan@corganlabs.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox