From: Mike Hearn <mike@plan99.net>
To: Daryl Banttari <dbanttari@gmail.com>
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory
Date: Wed, 2 Apr 2014 14:01:51 +0200 [thread overview]
Message-ID: <CANEZrP0UT=QCDmKDaVcWcf++bJzXSiT83ubUXLmd0N8-6nvrrQ@mail.gmail.com> (raw)
In-Reply-To: <CAHbi5Czk2pq7Xci+3Wjfn==WhRdqNc1sbW86aS8jnwLAT0wsgw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2475 bytes --]
Hi Daryl,
I think the reason nobody has done that is that BIP70 isn't really that
much work. It's basically just certs inside a protobuf, with a bit of extra
data. I'm not sure yet another way to do the same thing is worth much.
On Wed, Apr 2, 2014 at 2:59 AM, Daryl Banttari <dbanttari@gmail.com> wrote:
> Chris,
>
> Thank you for taking the time to look at my proposal.
>
> 1) pay to addresses are not fixed - ie you can have a different address
>> for each transaction (which is why BIP70 is necessary to allow per
>> transaction addresses via https.)
>>
>
> This is certainly true for a "published" address; however a new address
> (and URL) can be generated for each one-off peer-to-peer transaction.
> However, I'd expect that most of the time this use case will be handed by
> BIP70. Still, this could allow someone to implement a authenticated,
> non-repudiable payment request without having to go through the hassle of a
> full BIP70 implementation.
>
>
>> 2) unless you are already aware of the public key of the signature, you
>> do not know if the signature is made by the person you think it is supposed
>> to be from. See recent concern over fake key for Gavin Andresen. Ie a
>> signature can always be verified with a valid public key, the question is
>> was it the real person's key. That is what WoT tried to resolve with
>> so-called "signing parties", nowadays keys posted to a public forum by a
>> known user, but it's not a standard and not ideal.
>>
>
> My proposal leverages the existing SSL key system (yes, PKI), so there is
> a reasonable expectation that if the signature verifies, it came from the
> party indicated on the cert. While SSL (and the PKI system underpinning
> it) have its faults, the example you highlighted was specifically a problem
> with WoT, not PKI. Can a compromised web server cause payments to be made
> to the wrong party? Of course-- but that's already true. And that's not
> something BIP70 solves (or attempts to solve) either.
>
> (To explain [better than I could] why I feel PKI is a pragmatic solution,
> I defer to Mike Hearn 's article:
> https://medium.com/bitcoin-security-functionality/b64cf5912aa7)
>
> --Daryl
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 3926 bytes --]
next prev parent reply other threads:[~2014-04-02 12:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-31 10:21 [Bitcoin-development] secure assigned bitcoin address directory vv01f
2014-03-31 10:49 ` Natanael
2014-03-31 11:14 ` Chris D'Costa
2014-03-31 11:46 ` Natanael
2014-03-31 16:53 ` Chris D'Costa
2014-04-01 11:32 ` Jeff Garzik
2014-04-01 12:20 ` Chris D'Costa
2014-04-01 18:16 ` Daryl Banttari
2014-04-01 22:26 ` Chris D'Costa
2014-04-02 0:59 ` Daryl Banttari
2014-04-02 5:16 ` Chris D'Costa
2014-04-02 12:01 ` Mike Hearn [this message]
2014-03-31 11:21 ` Peter Todd
2014-03-31 17:07 ` Jeff Garzik
2014-03-31 18:57 ` Roy Badami
2014-04-01 8:13 ` Chris D'Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANEZrP0UT=QCDmKDaVcWcf++bJzXSiT83ubUXLmd0N8-6nvrrQ@mail.gmail.com' \
--to=mike@plan99.net \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=dbanttari@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox