public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Payment protocol for onion URLs.
@ 2013-10-26  3:31 Gregory Maxwell
  2013-10-26  3:41 ` Luke-Jr
                   ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: Gregory Maxwell @ 2013-10-26  3:31 UTC (permalink / raw)
  To: Bitcoin Development

One limitation of the payment protocol as speced is that there is no
way for a hidden service site to make use of its full authentication
capability because they are unable to get SSL certificates issued to
them.

A tor hidden service (onion site) is controlled by an RSA key.

It would be trivial to pack a tor HS pubkey into a self-signed x509
certificate with the cn set to foooo.onion.

If we specified in the payment protocol an additional validation
procedure for [base32].onion hosts that just has it hash and base32
encode the pubkey (as tor does) then the payment protocol could work
seamlessly with tor hosts. (Displaying that the payment request came
from "foooo.onion").  I believe that the additional code for this
would be trivial (and I'll write it if there is support for making
this a standard feature).

This would give us an fully supported option which is completely CA
free... it would only work for tor sites, but the people concerned
about CA trechery are likely to want to use tor in any case.

Thoughts?



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2013-10-31  0:44 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-26  3:31 [Bitcoin-development] Payment protocol for onion URLs Gregory Maxwell
2013-10-26  3:41 ` Luke-Jr
2013-10-26  4:06   ` Gregory Maxwell
2013-10-28 12:14     ` Adam Back
2013-10-28 13:21       ` Mike Hearn
2013-10-26  3:55 ` Gavin Andresen
2013-10-26  4:15 ` Peter Todd
2013-10-28  5:58 ` John Dillon
2013-10-28 19:37   ` Jeremy Spilman
2013-10-31  0:44     ` Peter Todd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox