[Bitcoin-development] Payment protocol for onion URLs.

Peter Todd pete at petertodd.org
Sat Oct 26 04:15:51 UTC 2013


On Fri, Oct 25, 2013 at 08:31:05PM -0700, Gregory Maxwell wrote:
> One limitation of the payment protocol as speced is that there is no
> way for a hidden service site to make use of its full authentication
> capability because they are unable to get SSL certificates issued to
> them.
> 
> A tor hidden service (onion site) is controlled by an RSA key.
> 
> It would be trivial to pack a tor HS pubkey into a self-signed x509
> certificate with the cn set to foooo.onion.
> 
> If we specified in the payment protocol an additional validation
> procedure for [base32].onion hosts that just has it hash and base32
> encode the pubkey (as tor does) then the payment protocol could work
> seamlessly with tor hosts. (Displaying that the payment request came
> from "foooo.onion").  I believe that the additional code for this
> would be trivial (and I'll write it if there is support for making
> this a standard feature).
> 
> This would give us an fully supported option which is completely CA
> free... it would only work for tor sites, but the people concerned
> about CA trechery are likely to want to use tor in any case.
> 
> Thoughts?

Strong ACK on the basis of responding for forum trolls alone.

It's easy enough to make it a genuinely useful tool for multisig wallets
too: keep a copy of your Tor URL bookmarks on your second signing
computer. So long as either computer has the correct URL you're safe.

-- 
'peter'[:-1]@petertodd.org
0000000000000006fbd917e8b4770c566dbc8ed4bedd00f441286ffb6e7f73ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 685 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131026/c214a3f2/attachment.sig>


More information about the bitcoin-dev mailing list