[Bitcoin-development] Signature Blocks and URI Sign Requests

Alan Reiner etotheipi at gmail.com
Wed Apr 4 00:01:10 UTC 2012 

Mike,

You make an excellent point.  Neither of these proposals impact the 
protocol itself.  I hadn't considered that.  But I think it's a 
critically important problem to solve (signature blocks, not so much, 
but it could piggy back on the same solution).    So the mailing list is 
a good place to discuss this, but it maybe it shouldn't be labeled as a 
BIP.  I'll leave that up to the others (arguably, the URI scheme is not 
a protocol change, either, but was still a BIP).

There is all this fanfare around P2SH and how multi-sig is the solution 
to all these security problems, but how the hell do you use it?  I 
believe that BIP 10 (or successor) is *critical//*to the success of 
multi-sig, because the greatest barrier to using multi-sig will be the 
ability to actually execute them in less than 14 steps.  And if every 
client implements it differently, there's even less chance it will be 
used (assuming the userbase reaches any level of client diversity).

I think we need to supply a solution to this existing problem before 
everyone starts solving it on their own and fragmenting the market.  No 
one has to use the solution we come up with -- but I believe it's a 
problem for which most developers will take any solution that is easy to 
exchange, size-efficient and promised to be interoperable (if for no 
other reason than the Satoshi client uses it).

-Alan



On 04/03/2012 07:37 PM, Mike Koss wrote:
> Alan, I'm coming in late to the conversation - do I understand that 
> BIP 010 does not propose any changes to the protocol - but just an 
> intermediate data format that other clients might use to collect the 
> need key material to sign a multi-signature block?
>
> If so - one might ask what the role of BIP's are if they actually do 
> not impact the protocol?
>
> If there is any encapsulated data format that is expected to be 
> interpreted by clients - I'd call that a "protocol change"; but I take 
> it in this instance that you will transmit these signature block out 
> of band from the client ... yet they would have to be parsed and 
> converted into a Transaction Script once collected by SOME client? 
>  Would we expect the standard client do so?
>
> Sorry if this has been discussed before - I'm trying to understand the 
> proposal.
>
>
> On Tue, Apr 3, 2012 at 2:12 PM, Alan Reiner <etotheipi at gmail.com 
> <mailto:etotheipi at gmail.com>> wrote:
>
>     Just to clarify, I'm not proposing anything to the protocol
>     itself.  Simply that some applications might benefit from users
>     being to sign messages with existing Bitcoin identities, and what
>     can we do to accommodate that (out of band)?  It's not a high
>     priority, but I think it's potentially useful, and most codebases
>     already have everything they need in place to implement it.
>
>
>
>     On 04/03/2012 04:04 PM, Peter Vessenes wrote:
>>     I don't think it's minimally invasive to layer PGP's web of trust
>>     on top of Bitcoin, in fact, the opposite.
>>
>>     From a certain angle, bitcoin exists as a sort of answer /
>>     alternate solution to the web of trust. Digital cash with an
>>     existing web of trust in place was a working concept in the
>>     mid-1990s, courtesy of David Chaum, I believe.
>>
>>     I totally agree on the kitchen sink concern; I would personally
>>     like to see something like a one-year required discussion period
>>     on all non-security changes proposed to the blockchain protocol.
>>     We know almost nothing about how bitcoin will be used over the
>>     next 20 years; I believe it's a mistake to bulk up the protocol
>>     too rapidly right now.
>>
>>     There's a famous phrase from the founder of Lotus about Lotus'
>>     engineering process: "add lightness." The equivalent for protocol
>>     design might be "add simplicity." I'd like to see us adding
>>     simplicity for now, getting a core set of tests together for
>>     alternate implementations like libbitcoin, and thinking hard
>>     about the dangers of cruft over a 10+ year period when it comes
>>     to a technology which will necessarily include a complete history
>>     of every crufty decision embodied in transaction histories.
>>
>>     Peter
>>
>>
>>     On Tue, Apr 3, 2012 at 1:42 PM, Wladimir <laanwj at gmail.com
>>     <mailto:laanwj at gmail.com>> wrote:
>>
>>
>>         On Tue, Apr 3, 2012 at 8:55 PM, Luke-Jr <luke at dashjr.org
>>         <mailto:luke at dashjr.org>> wrote:
>>
>>             On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote:
>>             > We should avoid reinventing the wheel, if we can. I
>>             think we should
>>             > extend existing standards whenever possible.
>>
>>             I wonder if it's possible to make sigs compatible with
>>             PGP/EC ?
>>
>>
>>         Or we could take a step back, further into "don't reinvent
>>         the wheel" territory. Why not simply make use of PGP(/EC) to
>>         sign and verify messages? It has many advantages, like an
>>         already existing web-of-trust and keyserver infrastructure.
>>
>>         I still feel like this is sign message stuff is dragging the
>>         kitchen sink into Bitcoin. It's fine for logging into a
>>         website, what you use it for, but anything that approaches
>>         signing email (such as S/MIME implementations and handling
>>         different character encodings) is going too far IMO.
>>
>>         Wladimir
>>
>>
>>         ------------------------------------------------------------------------------
>>         Better than sec? Nothing is better than sec when it comes to
>>         monitoring Big Data applications. Try Boundary one-second
>>         resolution app monitoring today. Free.
>>         http://p.sf.net/sfu/Boundary-dev2dev
>>         _______________________________________________
>>         Bitcoin-development mailing list
>>         Bitcoin-development at lists.sourceforge.net
>>         <mailto:Bitcoin-development at lists.sourceforge.net>
>>         https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>>
>>
>>     -- 
>>
>>     Peter J. Vessenes
>>     CEO, CoinLab
>>     M: 206.595.9839 <tel:206.595.9839>
>>
>>
>>     ------------------------------------------------------------------------------
>>     Better than sec? Nothing is better than sec when it comes to
>>     monitoring Big Data applications. Try Boundary one-second
>>     resolution app monitoring today. Free.
>>     http://p.sf.net/sfu/Boundary-dev2dev
>>
>>
>>     _______________________________________________
>>     Bitcoin-development mailing list
>>     Bitcoin-development at lists.sourceforge.net  <mailto:Bitcoin-development at lists.sourceforge.net>
>>     https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>     ------------------------------------------------------------------------------
>     Better than sec? Nothing is better than sec when it comes to
>     monitoring Big Data applications. Try Boundary one-second
>     resolution app monitoring today. Free.
>     http://p.sf.net/sfu/Boundary-dev2dev
>     _______________________________________________
>     Bitcoin-development mailing list
>     Bitcoin-development at lists.sourceforge.net
>     <mailto:Bitcoin-development at lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
>
> -- 
> Mike Koss
> CTO, CoinLab
> (425) 246-7701 (m)
>
> A Bitcoin Primer <http://coinlab.com/a-bitcoin-primer.pdf> - What you 
> need to know about Bitcoins.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120403/c9b724a0/attachment.html>

More information about the bitcoin-dev mailing list