Re: [Bitcoin-development] Idea for new payment protocol PKI

author: Wendell <w@grabhive.com> 2013-08-09 13:59:09 +0200
committer: bitcoindev <bitcoindev@gnusha.org> 2013-08-09 11:59:31 +0000
commit: 9325f9b1b9e9e53ce1c115e5fa85805792bd8adb (patch)
tree: 180759afa722f655caa699dda7bfe3ef664316db
parent: 3fd7723f27746c38fa31214811dba44aa01e0327 (diff)
download: pi-bitcoindev-9325f9b1b9e9e53ce1c115e5fa85805792bd8adb.tar.gz
pi-bitcoindev-9325f9b1b9e9e53ce1c115e5fa85805792bd8adb.zip
1 files changed, 123 insertions, 0 deletions
diff --git a/33/85dca9481ba075a0a84c00b8081a1c0f00a2b3 b/33/85dca9481ba075a0a84c00b8081a1c0f00a2b3
new file mode 100644
index 000000000..462cffb42
--- /dev/null
+++ b/33/85dca9481ba075a0a84c00b8081a1c0f00a2b3
@@ -0,0 +1,123 @@
+Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
+	helo=mx.sourceforge.net)
+	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
+	(envelope-from <wendel@314t.com>) id 1V7lLv-0007oM-VP
+	for bitcoin-development@lists.sourceforge.net;
+	Fri, 09 Aug 2013 11:59:31 +0000
+X-ACL-Warn: 
+Received: from mail-ea0-f172.google.com ([209.85.215.172])
+	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
+	(Exim 4.76) id 1V7lLu-00027t-Jx
+	for bitcoin-development@lists.sourceforge.net;
+	Fri, 09 Aug 2013 11:59:31 +0000
+Received: by mail-ea0-f172.google.com with SMTP id r16so1994463ead.17
+	for <bitcoin-development@lists.sourceforge.net>;
+	Fri, 09 Aug 2013 04:59:24 -0700 (PDT)
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+	d=google.com; s=20120113;
+	h=x-gm-message-state:sender:subject:mime-version:content-type:from
+	:in-reply-to:date:cc:content-transfer-encoding:message-id:references
+	:to; bh=Oq8v8QEKUACwXnguSSodlWh1XkHIZnQkfcIeuiKSmjg=;
+	b=RpOWxPnA+P1ZAJDoE6lgZzn8CIzP1FaVhXbZOxZEzcOR1xTP4oq4GlQMLGmAKA/jlz
+	6wDy2Gpe1MAOp/dNvSjYfPJWlO5vAUydnzWdwetkhAjUy4Lf5bwbQH9VzK9kqNHcLMR9
+	kHJGhaSVtkoqRMIC0D+zXQPwHr4lDdprciekqLxH0GgE1jMV8QmXHQ6uhymJwmP2248y
+	QAj8jG3zHWSmByG2P1WOkYP+QYe3XJV827pogCMNFS+0h/bSXP0eoNL1QqT85bleJb1S
+	lDSTX+b1oa6OiLt/iQUk3ZBtVnzO9ep9IRdjYog8rTdg/xaxfE0XJvXh1RR21TndKTHk
+	3eBw==
+X-Gm-Message-State: ALoCoQlt93xiOryESR1CQN+ICT0RB0qeU3zVX6SASoq16BVhxZLeROCr1r+M8Y2a5XfY7xs9qZYf
+X-Received: by 10.15.43.193 with SMTP id x41mr13041289eev.31.1376049558641;
+	Fri, 09 Aug 2013 04:59:18 -0700 (PDT)
+Received: from [127.0.0.1] ([180.149.96.169])
+	by mx.google.com with ESMTPSA id c3sm28091790eev.3.2013.08.09.04.59.14
+	for <multiple recipients>
+	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
+	Fri, 09 Aug 2013 04:59:17 -0700 (PDT)
+Sender: w grabhive <wendel@314t.com>
+Mime-Version: 1.0 (Apple Message framework v1283)
+Content-Type: text/plain; charset=us-ascii
+From: Wendell <w@grabhive.com>
+In-Reply-To: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com>
+Date: Fri, 9 Aug 2013 13:59:09 +0200
+Content-Transfer-Encoding: quoted-printable
+Message-Id: <4A46BA74-F2C2-4139-AABE-67CFE4BC4FA4@grabhive.com>
+References: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com>
+To: Mike Hearn <mike@plan99.net>
+X-Mailer: Apple Mail (2.1283)
+X-Spam-Score: 3.4 (+++)
+X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
+	See http://spamassassin.org/tag/ for more details.
+	1.5 RCVD_IN_PSBL           RBL: Received via a relay in PSBL
+	[180.149.96.169 listed in psbl.surriel.com]
+	1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
+	[Blocked - see <http://www.spamcop.net/bl.shtml?180.149.96.169>]
+	0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
+	[180.149.96.169 listed in dnsbl.sorbs.net]
+X-Headers-End: 1V7lLu-00027t-Jx
+Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
+Subject: Re: [Bitcoin-development] Idea for new payment protocol PKI
+X-BeenThere: bitcoin-development@lists.sourceforge.net
+X-Mailman-Version: 2.1.9
+Precedence: list
+List-Id: <bitcoin-development.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
+List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
+List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
+	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
+X-List-Received-Date: Fri, 09 Aug 2013 11:59:32 -0000
+
+We have been discussing something like this over here too, as well as =
+exploring more esoteric blockchain+signature-based "SSO" implementations =
+as discussed by John Light and others.
+
+One of our long-term ambitions with Hive is to provide a (mostly) =
+user-transparent, decentralized authentication service. It sounds like =
+our infrastructure could already handle a Persona implementation, and we =
+very much want to get behind some forward-thinking standard. So as long =
+as the plan _IS_ to remove said 'centralized struts' at the appropriate =
+time, I'd say we're interested in exploring this further.
+
+-wendell
+
+grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
+
+On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote:
+
+> This is just me making notes for myself, I'm not seriously suggesting =
+this be implemented any time soon.
+>=20
+> Mozilla Persona is an infrastructure for web based single sign on. It =
+works by having email providers sign temporary certificates for their =
+users, whose browsers then sign server-provided challenges to prove =
+their email address.
+>=20
+> Because an SSO system is a classic chicken/egg setup, they run various =
+fallback services that allow anyone with an email address to take part. =
+They also integrate with the Google/Yahoo SSO systems as well. The =
+intention being that they do this until Persona becomes big enough to =
+matter, and then they can remove the centralised struts and the system =
+becomes transparently decentralised.
+>=20
+> In other words, they seem to do a lot of things right.
+>=20
+> Of course you can already sign payments using an X.509 cert issued to =
+an email address with v1 of the payment protocol, so technically no new =
+PKI is needed. But the benefit of leveraging Persona would be =
+convenience - you can get yourself a Persona cert and use it to sign in =
+to websites with a single click, and the user experience is smart and =
+professional. CAs in contrast are designed for web site admins really so =
+the experience of getting a cert for an email address is rather variable =
+and more heavyweight.
+>=20
+> Unfortunately Persona does not use X.509. It uses a custom thing based =
+on JSON. However, under the hood it's just assertions signed by RSA =
+keys, so an implementation is likely to be quite easy. =46rom the users =
+perspective, their wallet app would embed a browser and drive it as if =
+it were signing into a website, but stop after the user is signed into =
+Persona and a user cert has been provisioned. It can then sign payment =
+requests automatically. For many users, it'd be just one click, which is =
+pretty neat.
+
+
author	Wendell <w@grabhive.com>	2013-08-09 13:59:09 +0200
committer	bitcoindev <bitcoindev@gnusha.org>	2013-08-09 11:59:31 +0000
commit	9325f9b1b9e9e53ce1c115e5fa85805792bd8adb (patch)
tree	180759afa722f655caa699dda7bfe3ef664316db
parent	3fd7723f27746c38fa31214811dba44aa01e0327 (diff)
download	pi-bitcoindev-9325f9b1b9e9e53ce1c115e5fa85805792bd8adb.tar.gz pi-bitcoindev-9325f9b1b9e9e53ce1c115e5fa85805792bd8adb.zip