From: Rhavar <rhavar@protonmail.com>
To: rmcc4444 <rmcc4444@gmail.com>
Cc: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] 2 step confirmation system
Date: Tue, 23 Jan 2018 21:05:00 -0500 [thread overview]
Message-ID: <HPVd4qJfHhnJ-WB8ylitNNd36yCzeg2p1Fh2PqXIapiz_FWUz8FigmXE8iecUqME_Zy0_uSPhQrXjBGBYK8bwrGEPaNQN-UjHVFAav_Dvhw=@protonmail.com> (raw)
In-Reply-To: <CAMZHxzofEfKyTEYYwjWVCWcJoE-K_skRTTFZ9XGb-WsnUQA6rQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2293 bytes --]
1. Bitcoin addresses contain a "checksum", which means it's pretty much impossible to fat finger any address. (Note: most altcoins don't seem to do this, so fat-fingering is very much a risk). If you can send to an address, you can be sure there is no mistake.
However, there is a real risk of malware. I see on a daily basis people who send to the *wrong* address, because for example they have malware on their computer which replaces a the intended address with one controlled by the malware author. So verifying you are sending to the correct address is very much still a concern, but there's no risk you type a 2 instead of 3 and send to the wrong place.
2. Google "bitcoin multisig" and "bitcoin escrow". In the core bitcoin protocol there's a lot of support that enables stuff like that -- but nothing that is really commonly used. I've done some very large deals with bitcoin, with the use of "2 of 3 multisig" (basically 2 of: me, counter-party, arbitrator) need to sign off on it. However it's a big pain in the ass, with poor tooling and expensive transactions. Unless you're dealing with 100+ bitcoin, it's a lot easier for everyone to just use a trusted (single party) escrow.
-Ryan
-------- Original Message --------
On January 23, 2018 7:42 PM, rmcc4444 via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> I know from speaking to my friends not involved with Bitcoin that two of their major concerns are as follows:
>
> 1. They are afraid if they fat finger the address there is nothing they can do about it and not get their Bitcoin back.
>
> and/or
>
> 2. They would like to at least have the option to use some sort of 2 step confirmation system when dealing ith people they do not know. For example, after sending the Bitcoin to a seller they would like to be able to do a final approval of the tm transaction. If the 2 people involved in the transaction approve of it within X hours, the coin returns to the original person. This system would basically act as an escrow.
>
> This 2 step system could work with both of these.
>
> I apologize if this is the incorrect place to post this. I did not know where else to share these thoughts.
>
> Thanks for your time.
>
> --
>
> ** This message was likely sent using voice to text. Please ignore any typos.**
[-- Attachment #2: Type: text/html, Size: 3319 bytes --]
next prev parent reply other threads:[~2018-01-24 2:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-24 0:42 [bitcoin-dev] 2 step confirmation system rmcc4444
2018-01-24 2:05 ` Rhavar [this message]
2018-01-30 1:23 Weiwu Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='HPVd4qJfHhnJ-WB8ylitNNd36yCzeg2p1Fh2PqXIapiz_FWUz8FigmXE8iecUqME_Zy0_uSPhQrXjBGBYK8bwrGEPaNQN-UjHVFAav_Dvhw=@protonmail.com' \
--to=rhavar@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=rmcc4444@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox