Re: [Bitcoin-development] secure assigned bitcoin address directory

author: Peter Todd <pete@petertodd.org> 2014-03-31 13:21:14 +0200
committer: bitcoindev <bitcoindev@gnusha.org> 2014-03-31 11:21:29 +0000
commit: 8658533ad53d426652541841c46cdc9483c29646 (patch)
tree: 1935ae2963f83795871b1c5e5500424a45bcfa60
parent: efb7be865486ec561667bb5f165ce25314919364 (diff)
download: pi-bitcoindev-8658533ad53d426652541841c46cdc9483c29646.tar.gz
pi-bitcoindev-8658533ad53d426652541841c46cdc9483c29646.zip
1 files changed, 138 insertions, 0 deletions
diff --git a/2f/7ab42da9c992a82fe6d46dc5cebb8d7bc01c46 b/2f/7ab42da9c992a82fe6d46dc5cebb8d7bc01c46
new file mode 100644
index 000000000..f3291ef07
--- /dev/null
+++ b/2f/7ab42da9c992a82fe6d46dc5cebb8d7bc01c46
@@ -0,0 +1,138 @@
+Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
+	helo=mx.sourceforge.net)
+	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+	(envelope-from <pete@petertodd.org>) id 1WUaHR-0001kz-CL
+	for bitcoin-development@lists.sourceforge.net;
+	Mon, 31 Mar 2014 11:21:29 +0000
+Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
+	designates 62.13.149.75 as permitted sender)
+	client-ip=62.13.149.75; envelope-from=pete@petertodd.org;
+	helo=outmail149075.authsmtp.net; 
+Received: from outmail149075.authsmtp.net ([62.13.149.75])
+	by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
+	id 1WUaHQ-0005H3-4H for bitcoin-development@lists.sourceforge.net;
+	Mon, 31 Mar 2014 11:21:29 +0000
+Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
+	by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s2VBLLY2081328; 
+	Mon, 31 Mar 2014 12:21:21 +0100 (BST)
+Received: from tilt (cust.static.84-253-54-151.cybernet.ch [84.253.54.151])
+	(authenticated bits=128)
+	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s2VBLEZ4049470
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
+	Mon, 31 Mar 2014 12:21:16 +0100 (BST)
+Date: Mon, 31 Mar 2014 13:21:14 +0200
+From: Peter Todd <pete@petertodd.org>
+To: vv01f <vv01f@riseup.net>, Natanael <natanael.l@gmail.com>
+Message-ID: <20140331112114.GB30139@tilt>
+MIME-Version: 1.0
+Content-Type: multipart/signed; micalg=pgp-sha256;
+	protocol="application/pgp-signature"; boundary="VywGB/WGlW4DM4P8"
+Content-Disposition: inline
+In-Reply-To: <CAAt2M19HNUjr2OET5YjOB9YQKptOtVAmcPXWwoaxPHVTLOMYbg@mail.gmail.com>
+	<5339418F.1050800@riseup.net>
+User-Agent: Mutt/1.5.21 (2010-09-15)
+X-Server-Quench: 939a1d24-b8c6-11e3-94fa-002590a135d3
+X-AuthReport-Spam: If SPAM / abuse - report it at:
+	http://www.authsmtp.com/abuse
+X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
+	aQdMdQMUFVQGAgsB AmIbWlZeUlx7WGQ7 Yw5PbwBefE9KQQRv
+	UVdMSlVNFUsrA3pz emt0Vhl2fgFBeDBx YUZrXD5SX00rdBJ/
+	RlMGHT4AeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES
+	HhM4ODE3eDlSNilR RRkIIFQOdA4QEzUh XR1KFC40HEIDSil7
+	JR06IVkdGg4YPkko PEA6EV4ZKRIZFgpE DikA
+X-Authentic-SMTP: 61633532353630.1024:706
+X-AuthFastPath: 0 (Was 255)
+X-AuthSMTP-Origin: 84.253.54.151/587
+X-AuthVirus-Status: No virus detected - but ensure you scan with your own
+	anti-virus system.
+X-Spam-Score: -1.5 (-)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+	See http://spamassassin.org/tag/ for more details.
+	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
+	sender-domain
+	-0.0 SPF_PASS               SPF: sender matches SPF record
+	0.0 FAKE_REPLY_C           FAKE_REPLY_C
+X-Headers-End: 1WUaHQ-0005H3-4H
+Cc: bitcoin-development@lists.sourceforge.net
+Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Mon, 31 Mar 2014 11:21:29 -0000
+
+
+--VywGB/WGlW4DM4P8
+Content-Type: text/plain; charset=us-ascii
+Content-Disposition: inline
+Content-Transfer-Encoding: quoted-printable
+
+On Mon, Mar 31, 2014 at 12:21:03PM +0200, vv01f wrote:
+> Some users on bitcointalk[0] would like to have their vanity addresses
+> available for others easily to find and verify the ownership over a kind
+> of WoT. Right now they sign their own addresses and quote them in the
+> forums.
+> As I pointed out there already the centralized storage in the forums is
+> not secury anyhow and signed messages could be swapped easily with the
+> next hack of the forums.
+>=20
+> Is that use case taken care of in any plans already?
+>=20
+> I thought about abusing pgp keyservers but that would suit for single
+> vanity addresses only.
+> It seems webfinger could be part of a solution where servers of a
+> business can tell and proof you if a specific address is owned by them.
+
+Good timing! I'm at a hackathon right now working with a group to come
+up with a standard for adding Bitcoin addresses to OpenPGP keys. You're
+correct in thinking that doing so with standard Bitcoin addresses is a
+privacy problem, however we can also define new types of Bitcoin
+addresses that address the privacy issue; stealth addresses can handle
+the case where you want to pay someone without a formal payment request,
+and integrating OpenPGP into the payment protocol handles the scenario
+where you want to send or pay to a formal payment request.
+
+
+On Mon, Mar 31, 2014 at 12:49:14PM +0200, Natanael wrote:
+> Does't BIP70 cover this already via Certificate Authorities?
+
+Incidentally on my todo list is to come up for a reasonable standard for
+taking X.509 certificates and using them to sign OpenPGP user IDs.
+Essentially the certificate authority is then making the statement that
+a keypair is authorized to sign on behalf of a domain-name, and in turn
+that keypair signs that the email address on the user ID is correct.
+It's a best of both worlds option in the same spirit of keybase.io
+
+--=20
+'peter'[:-1]@petertodd.org
+0000000000000000f4f5ba334791a4102917e4d3f22f6ad7f2c4f15d97307fe2
+
+--VywGB/WGlW4DM4P8
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: Digital signature
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQGcBAEBCAAGBQJTOU+mAAoJEGJeboN5AaHKX+oL/jPde/D6uECroJem3S3Etohq
+aOwmSs5sR4ZFJCbvkQJa3e2OK6EnTQSZkwyNDI6VFZi3GZKznC+CAByAd5AXea6D
+gDqx/hWyd1T/P7IrSi+dhmVqi+8CrbECyJlM8ELH37ydz+7D1uklwZlSKmw1mSSe
+JJ4JN0EguKhMy/ehTElLuZ2b+jX8nx3DlIIdKesrXnRuCbeiSA6beEMcsZ/WWKqE
+fTaTInknEz0muaOCfIbEkBIO3uxhDFi5lHgsLFn1j2Sx+zgjOtNwyHlbRULffgXw
+PhEHRgV1ijGQPXWyJZG2hg9hOVtAsppK0hCCkFC04TqlPTVrU8Edy2+Ui9ElhLzr
+18lIq+FxnDoayYjmvj3NaCue8Q9U2HghHdFhVCyEKNt+QuOKI5O7tN3tFmQizVVS
+bX3q/ktqri8Ia8fN1Beq3vX9WyYTUHsS1vi6ADhpCAHdgft1w7GakL7Ze8MzQpzC
+bGBgn39mq34/nAt8LHYTSPGqW28gkUG3rdKFDQ+GBw==
+=0cH8
+-----END PGP SIGNATURE-----
+
+--VywGB/WGlW4DM4P8--
+
+
author	Peter Todd <pete@petertodd.org>	2014-03-31 13:21:14 +0200
committer	bitcoindev <bitcoindev@gnusha.org>	2014-03-31 11:21:29 +0000
commit	8658533ad53d426652541841c46cdc9483c29646 (patch)
tree	1935ae2963f83795871b1c5e5500424a45bcfa60
parent	efb7be865486ec561667bb5f165ce25314919364 (diff)
download	pi-bitcoindev-8658533ad53d426652541841c46cdc9483c29646.tar.gz pi-bitcoindev-8658533ad53d426652541841c46cdc9483c29646.zip