From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9E3B095D for ; Thu, 28 Sep 2017 10:10:14 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from blaine.gmane.org (unknown [195.159.176.226]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D273741D for ; Thu, 28 Sep 2017 10:10:13 +0000 (UTC) Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1dxVlW-0000bX-PF for bitcoin-dev@lists.linuxfoundation.org; Thu, 28 Sep 2017 12:09:58 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: bitcoin-dev@lists.linuxfoundation.org From: Andreas Schildbach Date: Thu, 28 Sep 2017 12:09:59 +0200 Message-ID: References: <20170927160654.GA12492@savin.petertodd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@blaine.gmane.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 In-Reply-To: <20170927160654.GA12492@savin.petertodd.org> Content-Language: en-US X-Spam-Status: No, score=2.4 required=5.0 tests=DKIM_ADSP_ALL,RDNS_NONE autolearn=disabled version=3.3.1 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Address expiration times should be added to BIP-173 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 10:10:14 -0000 This feels redundant to me; the payment protocol already has an expiration time. On 09/27/2017 06:06 PM, Peter Todd via bitcoin-dev wrote: > Re-use of old addresses is a major problem, not only for privacy, but also > operationally: services like exchanges frequently have problems with users > sending funds to addresses whose private keys have been lost or stolen; there > are multiple examples of exchanges getting hacked, with users continuing to > lose funds well after the actual hack has occured due to continuing deposits. > This also makes it difficult operationally to rotate private keys. I personally > have even lost funds in the past due to people sending me BTC to addresses that > I gave them long ago for different reasons, rather than asking me for fresh > one. > > To help combat this problem, I suggest that we add a UI-level expiration time > to the new BIP173 address format. Wallets would be expected to consider > addresses as invalid as a destination for funds after the expiration time is > reached. > > Unfortunately, this proposal inevitably will raise a lot of UI and terminology > questions. Notably, the entire notion of addresses is flawed from a user point > of view: their experience with them should be more like "payment codes", with a > code being valid for payment for a short period of time; wallets should not be > displaying addresses as actually associated with specific funds. I suspect > we'll see users thinking that an expired address risks the funds themselves; > some thought needs to be put into terminology. > > Being just an expiration time, seconds-level resolution is unnecessary, and > may give the wrong impression. I'd suggest either: > > 1) Hour resolution - 2^24 hours = 1914 years > 2) Month resolution - 2^16 months = 5458 years > > Both options have the advantage of working well at the UI level regardless of > timezone: the former is sufficiently short that UI's can simply display an > "exact" time (though note different leap second interpretations), while the > latter is long enough that rounding off to the nearest day in the local > timezone is fine. > > Supporting hour-level (or just seconds) precision has the advantage of making > it easy for services like exchanges to use addresses with relatively short > validity periods, to reduce the risks of losses after a hack. Also, using at > least hour-level ensures we don't have any year 2038 problems. > > Thoughts? > > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >