[Bitcoin-development] secure assigned bitcoin address directory

Mike Hearn mike at plan99.net
Wed Apr 2 12:01:51 UTC 2014


Hi Daryl,

I think the reason nobody has done that is that BIP70 isn't really that
much work. It's basically just certs inside a protobuf, with a bit of extra
data. I'm not sure yet another way to do the same thing is worth much.


On Wed, Apr 2, 2014 at 2:59 AM, Daryl Banttari <dbanttari at gmail.com> wrote:

> Chris,
>
> Thank you for taking the time to look at my proposal.
>
> 1) pay to addresses are not fixed - ie you can have a different address
>> for each transaction (which is why BIP70 is necessary to allow per
>> transaction addresses via https.)
>>
>
> This is certainly true for a "published" address; however a new address
> (and URL) can be generated for each one-off peer-to-peer transaction.
>  However, I'd expect that most of the time this use case will be handed by
> BIP70.  Still, this could allow someone to implement a authenticated,
> non-repudiable payment request without having to go through the hassle of a
> full BIP70 implementation.
>
>
>> 2) unless you are already aware of the  public key of the signature, you
>> do not know if the signature is made by the person you think it is supposed
>> to be from. See recent concern over fake key for Gavin Andresen. Ie a
>> signature can always be verified with a valid public key, the question is
>> was it the real person's key. That is what WoT tried to resolve with
>> so-called "signing parties", nowadays keys posted to a public forum by a
>> known user, but it's not a standard and not ideal.
>>
>
> My proposal leverages the existing SSL key system (yes, PKI), so there is
> a reasonable expectation that if the signature verifies, it came from the
> party indicated on the cert.  While SSL (and the PKI system underpinning
> it) have its faults, the example you highlighted was specifically a problem
> with WoT, not PKI.  Can a compromised web server cause payments to be made
> to the wrong party?  Of course-- but that's already true.  And that's not
> something BIP70 solves (or attempts to solve) either.
>
> (To explain [better than I could] why I feel PKI is a pragmatic solution,
> I defer to Mike Hearn 's article:
> https://medium.com/bitcoin-security-functionality/b64cf5912aa7)
>
> --Daryl
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140402/544e3387/attachment.html>


More information about the bitcoin-dev mailing list