public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Drak <drak@zikula.org>
To: Peter Todd <pete@petertodd.org>
Cc: unsystem@lists.dyne.org,
	Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Amir Taaki <genjix@riseup.net>
Subject: Re: [Bitcoin-development] DarkWallet Best Practices
Date: Thu, 19 Dec 2013 15:46:58 +0000	[thread overview]
Message-ID: <CANAnSg3G431rdPdq=mtqSUJvjqeu0NaV1KvOVdntoPVTcBZWRw@mail.gmail.com> (raw)
In-Reply-To: <20131219131706.GA21179@savin>

[-- Attachment #1: Type: text/plain, Size: 2173 bytes --]

On 19 December 2013 13:17, Peter Todd <pete@petertodd.org> wrote:

> ** Fees
>
> Wallets MUST give users the ability to set the fee per KB they are
> willing to pay for their transactions. Wallets SHOULD allow users to
> change that fee after the fact via transction replacement.


Can you add a part about SHOULD/MUST warn users if the fee is unusually
high to avoid sob-stories of people sending 20BTC fees with for the
0.002BTC sandwich.

Sourcecode MUST be PGP signed on a regular basis. Releases MUST be
> signed - in git this is accomplished by signing the release tag.
> Individual commits SHOULD be signed, particularly if source-code used in
>

"SHOULD be cryptographically signed" I assume.


> ** SSL/Certificate authorties
>
> While certificate authorities are notoriously bad at the job they are
> supposed to be doing the CA system is still better than nothing - use it
> where appropriate. For instance if you have a website advertising your
> software, use https rather than http.
>

Once could make efforts to publish (maybe even as signed commits in the git
repo etc the current valid certificate fingerprints and which CA signed
it). This would go some way to exposing
MITM either by CA or in workplaces where browsers are loaded with bogus CAs
for the purpose
of deep packet inspection.


> ** Multi-factor spend authorization, AKA multisig wallets
>
> <mainly discussed at the conference in terms of multiple individuals
> controlling funds, which is out of scope for this document>
>
> Assuming any individual device is uncompromised is risky; wallet
> software SHOULD support some form of multi-factor protection of some or
> all wallet funds. Note that this is a weak "should"; mainly we want to
>

According to RFC 2119 <http://www.ietf.org/rfc/rfc2119.txt> language, you
might be better using the word RECOMMENDED or MAY over SHOULD here.

Additionally, at the beginning of the spec I would put :

"The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC
2119<http://www.ietf.org/rfc/rfc2119.txt>
."

Regards

Drak

[-- Attachment #2: Type: text/html, Size: 3950 bytes --]

  reply	other threads:[~2013-12-19 15:47 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-19 13:17 [Bitcoin-development] DarkWallet Best Practices Peter Todd
2013-12-19 15:46 ` Drak [this message]
     [not found] ` <dde469d7ce77a748fb4c279334deb643.squirrel@fruiteater.riseup.net>
     [not found]   ` <538d3c4677a4332ae8341e37d1a77d5e.squirrel@fruiteater.riseup.net>
2013-12-19 16:32     ` [Bitcoin-development] [unSYSTEM] " Drak
2013-12-19 17:23       ` Mike Belshe
2013-12-19 17:44     ` [Bitcoin-development] " Peter Todd
2013-12-19 18:05       ` [Bitcoin-development] [unSYSTEM] " Drak
2013-12-20  6:52 ` [Bitcoin-development] " Wendell
     [not found] ` <52B359C4.3050106@sindominio.net>
2013-12-20 17:32   ` [Bitcoin-development] [unSYSTEM] " Taylor Gerring

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANAnSg3G431rdPdq=mtqSUJvjqeu0NaV1KvOVdntoPVTcBZWRw@mail.gmail.com' \
    --to=drak@zikula.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=genjix@riseup.net \
    --cc=pete@petertodd.org \
    --cc=unsystem@lists.dyne.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox