public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Rhavar <rhavar@protonmail.com>
To: rmcc4444 <rmcc4444@gmail.com>
Cc: "bitcoin-dev@lists.linuxfoundation.org"
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] 2 step confirmation system
Date: Tue, 23 Jan 2018 21:05:00 -0500	[thread overview]
Message-ID: <HPVd4qJfHhnJ-WB8ylitNNd36yCzeg2p1Fh2PqXIapiz_FWUz8FigmXE8iecUqME_Zy0_uSPhQrXjBGBYK8bwrGEPaNQN-UjHVFAav_Dvhw=@protonmail.com> (raw)
In-Reply-To: <CAMZHxzofEfKyTEYYwjWVCWcJoE-K_skRTTFZ9XGb-WsnUQA6rQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2293 bytes --]

1. Bitcoin addresses contain a "checksum", which means it's pretty much impossible to fat finger any address. (Note: most altcoins don't seem to do this, so fat-fingering is very much a risk). If you can send to an address, you can be sure there is no mistake.

However, there is a real risk of malware. I see on a daily basis people who send to the *wrong* address, because for example they have malware on their computer which replaces a the intended address with one controlled by the malware author. So verifying you are sending to the correct address is very much still a concern, but there's no risk you type a 2 instead of 3 and send to the wrong place.

2.  Google "bitcoin multisig" and "bitcoin escrow". In the core bitcoin protocol there's a lot of support that enables stuff like that -- but nothing that is really commonly used. I've done some very large deals with bitcoin, with the use of "2 of 3 multisig" (basically 2 of: me, counter-party, arbitrator)  need to sign off on it. However it's a big pain in the ass, with poor tooling and expensive transactions. Unless you're dealing with 100+ bitcoin, it's a lot easier for everyone to just use a trusted (single party) escrow.

-Ryan

-------- Original Message --------
On January 23, 2018 7:42 PM, rmcc4444 via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

> I know from speaking to my friends not involved with Bitcoin that two of their major concerns are as follows:
>
> 1. They are afraid if they fat finger the address there is nothing they can do about it and not get their Bitcoin back.
>
> and/or
>
> 2. They would like to at least have the option to use some sort of 2 step confirmation system when dealing ith people they do not know. For example, after sending the Bitcoin to a seller they would like to be able to do a final approval of the tm transaction. If the 2 people involved in the transaction approve of it within X hours, the coin returns to the original person. This system would basically act as an escrow.
>
> This 2 step system could work with both of these.
>
> I apologize if this is the incorrect place to post this. I did not know where else to share these thoughts.
>
> Thanks for your time.
>
> --
>
> ** This message was likely sent using voice to text. Please ignore any typos.**

[-- Attachment #2: Type: text/html, Size: 3319 bytes --]

  reply	other threads:[~2018-01-24  2:05 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-24  0:42 [bitcoin-dev] 2 step confirmation system rmcc4444
2018-01-24  2:05 ` Rhavar [this message]
2018-01-30  1:23 Weiwu Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='HPVd4qJfHhnJ-WB8ylitNNd36yCzeg2p1Fh2PqXIapiz_FWUz8FigmXE8iecUqME_Zy0_uSPhQrXjBGBYK8bwrGEPaNQN-UjHVFAav_Dvhw=@protonmail.com' \
    --to=rhavar@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=rmcc4444@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox