From: Mike Hearn <mike@plan99.net>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] Idea for new payment protocol PKI
Date: Fri, 9 Aug 2013 13:43:33 +0200 [thread overview]
Message-ID: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1804 bytes --]
This is just me making notes for myself, I'm not seriously suggesting this
be implemented any time soon.
Mozilla Persona is an infrastructure for web based single sign on. It works
by having email providers sign temporary certificates for their users,
whose browsers then sign server-provided challenges to prove their email
address.
Because an SSO system is a classic chicken/egg setup, they run various
fallback services that allow anyone with an email address to take part.
They also integrate with the Google/Yahoo SSO systems as well. The
intention being that they do this until Persona becomes big enough to
matter, and then they can remove the centralised struts and the system
becomes transparently decentralised.
In other words, they seem to do a lot of things right.
Of course you can already sign payments using an X.509 cert issued to an
email address with v1 of the payment protocol, so technically no new PKI is
needed. But the benefit of leveraging Persona would be convenience - you
can get yourself a Persona cert and use it to sign in to websites with a
single click, and the user experience is smart and professional. CAs in
contrast are designed for web site admins really so the experience of
getting a cert for an email address is rather variable and more heavyweight.
Unfortunately Persona does not use X.509. It uses a custom thing based on
JSON. However, under the hood it's just assertions signed by RSA keys, so
an implementation is likely to be quite easy. From the users perspective,
their wallet app would embed a browser and drive it as if it were signing
into a website, but stop after the user is signed into Persona and a user
cert has been provisioned. It can then sign payment requests automatically.
For many users, it'd be just one click, which is pretty neat.
[-- Attachment #2: Type: text/html, Size: 1996 bytes --]
next reply other threads:[~2013-08-09 11:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-09 11:43 Mike Hearn [this message]
2013-08-09 11:57 ` [Bitcoin-development] Idea for new payment protocol PKI Melvin Carvalho
2013-08-09 12:08 ` Mike Hearn
2013-08-09 12:17 ` Melvin Carvalho
2013-08-09 11:59 ` Wendell
2013-08-09 12:18 ` Melvin Carvalho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com' \
--to=mike@plan99.net \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox