public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Idea for new payment protocol PKI
@ 2013-08-09 11:43 Mike Hearn
  2013-08-09 11:57 ` Melvin Carvalho
  2013-08-09 11:59 ` Wendell
  0 siblings, 2 replies; 6+ messages in thread
From: Mike Hearn @ 2013-08-09 11:43 UTC (permalink / raw)
  To: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 1804 bytes --]

This is just me making notes for myself, I'm not seriously suggesting this
be implemented any time soon.

Mozilla Persona is an infrastructure for web based single sign on. It works
by having email providers sign temporary certificates for their users,
whose browsers then sign server-provided challenges to prove their email
address.

Because an SSO system is a classic chicken/egg setup, they run various
fallback services that allow anyone with an email address to take part.
They also integrate with the Google/Yahoo SSO systems as well. The
intention being that they do this until Persona becomes big enough to
matter, and then they can remove the centralised struts and the system
becomes transparently decentralised.

In other words, they seem to do a lot of things right.

Of course you can already sign payments using an X.509 cert issued to an
email address with v1 of the payment protocol, so technically no new PKI is
needed. But the benefit of leveraging Persona would be convenience - you
can get yourself a Persona cert and use it to sign in to websites with a
single click, and the user experience is smart and professional. CAs in
contrast are designed for web site admins really so the experience of
getting a cert for an email address is rather variable and more heavyweight.

Unfortunately Persona does not use X.509. It uses a custom thing based on
JSON. However, under the hood it's just assertions signed by RSA keys, so
an implementation is likely to be quite easy. From the users perspective,
their wallet app would embed a browser and drive it as if it were signing
into a website, but stop after the user is signed into Persona and a user
cert has been provisioned. It can then sign payment requests automatically.
For many users, it'd be just one click, which is pretty neat.

[-- Attachment #2: Type: text/html, Size: 1996 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bitcoin-development] Idea for new payment protocol PKI
  2013-08-09 11:43 [Bitcoin-development] Idea for new payment protocol PKI Mike Hearn
@ 2013-08-09 11:57 ` Melvin Carvalho
  2013-08-09 12:08   ` Mike Hearn
  2013-08-09 11:59 ` Wendell
  1 sibling, 1 reply; 6+ messages in thread
From: Melvin Carvalho @ 2013-08-09 11:57 UTC (permalink / raw)
  To: Mike Hearn; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 3695 bytes --]

On 9 August 2013 13:43, Mike Hearn <mike@plan99.net> wrote:

> This is just me making notes for myself, I'm not seriously suggesting this
> be implemented any time soon.
>
> Mozilla Persona is an infrastructure for web based single sign on. It
> works by having email providers sign temporary certificates for their
> users, whose browsers then sign server-provided challenges to prove their
> email address.
>
> Because an SSO system is a classic chicken/egg setup, they run various
> fallback services that allow anyone with an email address to take part.
> They also integrate with the Google/Yahoo SSO systems as well. The
> intention being that they do this until Persona becomes big enough to
> matter, and then they can remove the centralised struts and the system
> becomes transparently decentralised.
>
> In other words, they seem to do a lot of things right.
>
> Of course you can already sign payments using an X.509 cert issued to an
> email address with v1 of the payment protocol, so technically no new PKI is
> needed. But the benefit of leveraging Persona would be convenience - you
> can get yourself a Persona cert and use it to sign in to websites with a
> single click, and the user experience is smart and professional. CAs in
> contrast are designed for web site admins really so the experience of
> getting a cert for an email address is rather variable and more heavyweight.
>
> Unfortunately Persona does not use X.509. It uses a custom thing based on
> JSON. However, under the hood it's just assertions signed by RSA keys, so
> an implementation is likely to be quite easy. From the users perspective,
> their wallet app would embed a browser and drive it as if it were signing
> into a website, but stop after the user is signed into Persona and a user
> cert has been provisioned. It can then sign payment requests automatically.
> For many users, it'd be just one click, which is pretty neat.
>

Persona, in it's current state, is the exact opposite of the principle
behind of bitcoin.

Bitcoin sought to reduce dependence on trusted third parties, where as,
persona is increasing the reach of trusted third parties.  The keys and
passwords are stored on mozilla's servers, sometimes on your email
providers.  Persona, is however, a progression and will hopefully improve
its security and decentralization as it goes along.

A (client or server side) X.509 cert can be issued to any address, be it
email, telephone, webpage, *or* to a bitcoin address, it allows any URI in
he subjectAlternativeName field.  This is much more of bitcoin like model
where the private key sits on your client and the public key is in
discoverable by the other end.

Most enterprises (including Mozilla) take the stance that key management on
the client is beyond the average user.  The notable exception is twitter
who are rolling out 2 factor auth based on PKI.

If you're interested in signing stuff with RSA (or other) keys, the web
payments and payswarm guys have done a ton of work on this, including
implementations, which you may be able to reuse ...


>
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 4696 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bitcoin-development] Idea for new payment protocol PKI
  2013-08-09 11:43 [Bitcoin-development] Idea for new payment protocol PKI Mike Hearn
  2013-08-09 11:57 ` Melvin Carvalho
@ 2013-08-09 11:59 ` Wendell
  2013-08-09 12:18   ` Melvin Carvalho
  1 sibling, 1 reply; 6+ messages in thread
From: Wendell @ 2013-08-09 11:59 UTC (permalink / raw)
  To: Mike Hearn; +Cc: Bitcoin Dev

We have been discussing something like this over here too, as well as exploring more esoteric blockchain+signature-based "SSO" implementations as discussed by John Light and others.

One of our long-term ambitions with Hive is to provide a (mostly) user-transparent, decentralized authentication service. It sounds like our infrastructure could already handle a Persona implementation, and we very much want to get behind some forward-thinking standard. So as long as the plan _IS_ to remove said 'centralized struts' at the appropriate time, I'd say we're interested in exploring this further.

-wendell

grabhive.com | twitter.com/grabhive | gpg: 6C0C9411

On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote:

> This is just me making notes for myself, I'm not seriously suggesting this be implemented any time soon.
> 
> Mozilla Persona is an infrastructure for web based single sign on. It works by having email providers sign temporary certificates for their users, whose browsers then sign server-provided challenges to prove their email address.
> 
> Because an SSO system is a classic chicken/egg setup, they run various fallback services that allow anyone with an email address to take part. They also integrate with the Google/Yahoo SSO systems as well. The intention being that they do this until Persona becomes big enough to matter, and then they can remove the centralised struts and the system becomes transparently decentralised.
> 
> In other words, they seem to do a lot of things right.
> 
> Of course you can already sign payments using an X.509 cert issued to an email address with v1 of the payment protocol, so technically no new PKI is needed. But the benefit of leveraging Persona would be convenience - you can get yourself a Persona cert and use it to sign in to websites with a single click, and the user experience is smart and professional. CAs in contrast are designed for web site admins really so the experience of getting a cert for an email address is rather variable and more heavyweight.
> 
> Unfortunately Persona does not use X.509. It uses a custom thing based on JSON. However, under the hood it's just assertions signed by RSA keys, so an implementation is likely to be quite easy. From the users perspective, their wallet app would embed a browser and drive it as if it were signing into a website, but stop after the user is signed into Persona and a user cert has been provisioned. It can then sign payment requests automatically. For many users, it'd be just one click, which is pretty neat.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bitcoin-development] Idea for new payment protocol PKI
  2013-08-09 11:57 ` Melvin Carvalho
@ 2013-08-09 12:08   ` Mike Hearn
  2013-08-09 12:17     ` Melvin Carvalho
  0 siblings, 1 reply; 6+ messages in thread
From: Mike Hearn @ 2013-08-09 12:08 UTC (permalink / raw)
  To: Melvin Carvalho; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]

>
> Bitcoin sought to reduce dependence on trusted third parties, where as,
> persona is increasing the reach of trusted third parties.  The keys and
> passwords are stored on mozilla's servers, sometimes on your email
> providers.  Persona, is however, a progression and will hopefully improve
> its security and decentralization as it goes along.
>

When Persona is supported by all the key players in a transaction Mozilla
doesn't get anything, do they? You can easily run your own IDP on a
personal server if you're the kind of person who likes to do that, then run
Firefox so you have a native implementation and the Mozilla servers aren't
involved. The keys never leave your computers.

Whilst X.509 certs can indeed be issued for any arbitrary string, you still
need a CA that will do it for you, and that's typically not so trivial. CAs
aren't meant for widespread end user adoption, really, whereas Persona is.

I don't think Persona is any more or less centralised than other PKIs,
really, just easier to use. Ultimately the string you're verifying is a
user@host pair, so the host is centralised via DNS and to verify the
assertions it vends, you must use SSL to connect to it, so under the hood
the regular SSL PKI is still there.

[-- Attachment #2: Type: text/html, Size: 1672 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bitcoin-development] Idea for new payment protocol PKI
  2013-08-09 12:08   ` Mike Hearn
@ 2013-08-09 12:17     ` Melvin Carvalho
  0 siblings, 0 replies; 6+ messages in thread
From: Melvin Carvalho @ 2013-08-09 12:17 UTC (permalink / raw)
  To: Mike Hearn; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 2365 bytes --]

On 9 August 2013 14:08, Mike Hearn <mike@plan99.net> wrote:

> Bitcoin sought to reduce dependence on trusted third parties, where as,
>> persona is increasing the reach of trusted third parties.  The keys and
>> passwords are stored on mozilla's servers, sometimes on your email
>> providers.  Persona, is however, a progression and will hopefully improve
>> its security and decentralization as it goes along.
>>
>
> When Persona is supported by all the key players in a transaction Mozilla
> doesn't get anything, do they? You can easily run your own IDP on a
> personal server if you're the kind of person who likes to do that, then run
> Firefox so you have a native implementation and the Mozilla servers aren't
> involved. The keys never leave your computers.
>

You'd need to run your own email server and/or change email address, which
is not in the reach of the average user, and maybe not even of some
businesses.


>
> Whilst X.509 certs can indeed be issued for any arbitrary string, you
> still need a CA that will do it for you, and that's typically not so
> trivial. CAs aren't meant for widespread end user adoption, really, whereas
> Persona is.
>

You can self sign X.509 certificates quite easily (e.g. one click via
<KEYGEN>), then rely on a decentralized web of trust to remove browser
warnings.  A few people are working on this.


>
> I don't think Persona is any more or less centralised than other PKIs,
> really, just easier to use. Ultimately the string you're verifying is a
> user@host pair, so the host is centralised via DNS and to verify the
> assertions it vends, you must use SSL to connect to it, so under the hood
> the regular SSL PKI is still there.
>
>
>
It is easier to use, that's a great plus.  But convenience is often a trade
off with security.

I dont user user@host, I use my home page because it's easy to dereference
and get a public key.  Email is hard to dereference.

Yes, there is a reliance on DNS, which Tim calls the 'Achilles heel' of the
web, but it's held up quite well so far (fortunately for us).

Mozilla also have a master key to most email accounts, so if anyone got
access to that they could impersonate the vast majority of users that have
not opted in.  I would not use persona for financial stuff, but if I made a
casual app with non sensitive information it would be one of the top
choices, imho

[-- Attachment #2: Type: text/html, Size: 3710 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Bitcoin-development] Idea for new payment protocol PKI
  2013-08-09 11:59 ` Wendell
@ 2013-08-09 12:18   ` Melvin Carvalho
  0 siblings, 0 replies; 6+ messages in thread
From: Melvin Carvalho @ 2013-08-09 12:18 UTC (permalink / raw)
  To: Wendell; +Cc: Bitcoin Dev

[-- Attachment #1: Type: text/plain, Size: 3938 bytes --]

On 9 August 2013 13:59, Wendell <w@grabhive.com> wrote:

> We have been discussing something like this over here too, as well as
> exploring more esoteric blockchain+signature-based "SSO" implementations as
> discussed by John Light and others.
>

I've been using SSO for years using an X.509 private key in my browser, and
my public key referenced in my home page.

The unfortunate thing is that X.509 tends to use RSA, and bitcoin tends to
use ECC for space reasons.  Since, in its simplest form, bitcoin is a
distributed ledger of public key / balance values you could imagine an
enormous eco system where every key pair become a wallet with 10s of
millions of users.

I was thinking about an alt coin along these lines.  The problem is that
there's no OP_CODE for RSA and the block chain would become massive.


>
> One of our long-term ambitions with Hive is to provide a (mostly)
> user-transparent, decentralized authentication service. It sounds like our
> infrastructure could already handle a Persona implementation, and we very
> much want to get behind some forward-thinking standard. So as long as the
> plan _IS_ to remove said 'centralized struts' at the appropriate time, I'd
> say we're interested in exploring this further.
>

Sounds great, would love to hear more about what you come up with!


>
> -wendell
>
> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
>
> On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote:
>
> > This is just me making notes for myself, I'm not seriously suggesting
> this be implemented any time soon.
> >
> > Mozilla Persona is an infrastructure for web based single sign on. It
> works by having email providers sign temporary certificates for their
> users, whose browsers then sign server-provided challenges to prove their
> email address.
> >
> > Because an SSO system is a classic chicken/egg setup, they run various
> fallback services that allow anyone with an email address to take part.
> They also integrate with the Google/Yahoo SSO systems as well. The
> intention being that they do this until Persona becomes big enough to
> matter, and then they can remove the centralised struts and the system
> becomes transparently decentralised.
> >
> > In other words, they seem to do a lot of things right.
> >
> > Of course you can already sign payments using an X.509 cert issued to an
> email address with v1 of the payment protocol, so technically no new PKI is
> needed. But the benefit of leveraging Persona would be convenience - you
> can get yourself a Persona cert and use it to sign in to websites with a
> single click, and the user experience is smart and professional. CAs in
> contrast are designed for web site admins really so the experience of
> getting a cert for an email address is rather variable and more heavyweight.
> >
> > Unfortunately Persona does not use X.509. It uses a custom thing based
> on JSON. However, under the hood it's just assertions signed by RSA keys,
> so an implementation is likely to be quite easy. From the users
> perspective, their wallet app would embed a browser and drive it as if it
> were signing into a website, but stop after the user is signed into Persona
> and a user cert has been provisioned. It can then sign payment requests
> automatically. For many users, it'd be just one click, which is pretty neat.
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 5171 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2013-08-09 12:18 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-09 11:43 [Bitcoin-development] Idea for new payment protocol PKI Mike Hearn
2013-08-09 11:57 ` Melvin Carvalho
2013-08-09 12:08   ` Mike Hearn
2013-08-09 12:17     ` Melvin Carvalho
2013-08-09 11:59 ` Wendell
2013-08-09 12:18   ` Melvin Carvalho

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox