Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of coinlab.com
	designates 209.85.160.175 as permitted sender)
	client-ip=209.85.160.175; envelope-from=peter@coinlab.com;
	helo=mail-gy0-f175.google.com; 
MIME-Version: 1.0
In-Reply-To: <CA+s+GJCKcOky=Kfa9cNaEnpO0Lj4Va8a8N=-OZSoXLoO8aUGgQ@mail.gmail.com>
References: <4F7A1227.7070306@gmail.com>
	<CABsx9T3MQzJ5gN5xTZ9y5d-og11=mB86cM3ZP4S-fhjs1U+20g@mail.gmail.com>
	<201204031455.42265.luke@dashjr.org>
	<CA+s+GJCKcOky=Kfa9cNaEnpO0Lj4Va8a8N=-OZSoXLoO8aUGgQ@mail.gmail.com>
From: Peter Vessenes <peter@coinlab.com>
Date: Tue, 3 Apr 2012 14:04:19 -0600
Message-ID: <CAMGNxUujVx0taTh+QR1WFBMKGWcxF-CvCMPwVFWirQ=XyZtquA@mail.gmail.com>
To: Wladimir <laanwj@gmail.com>
Content-Type: multipart/alternative; boundary=e89a8fb1f81a18b0dc04bccbd146
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Signature Blocks and URI Sign Requests
Precedence: list

--e89a8fb1f81a18b0dc04bccbd146
Content-Type: text/plain; charset=ISO-8859-1

I don't think it's minimally invasive to layer PGP's web of trust on top of
Bitcoin, in fact, the opposite.

From a certain angle, bitcoin exists as a sort of answer / alternate
solution to the web of trust. Digital cash with an existing web of trust in
place was a working concept in the mid-1990s, courtesy of David Chaum, I
believe.

I totally agree on the kitchen sink concern; I would personally like to see
something like a one-year required discussion period on all non-security
changes proposed to the blockchain protocol. We know almost nothing about
how bitcoin will be used over the next 20 years; I believe it's a mistake
to bulk up the protocol too rapidly right now.

There's a famous phrase from the founder of Lotus about Lotus' engineering
process: "add lightness." The equivalent for protocol design might be "add
simplicity." I'd like to see us adding simplicity for now, getting a core
set of tests together for alternate implementations like libbitcoin, and
thinking hard about the dangers of cruft over a 10+ year period when it
comes to a technology which will necessarily include a complete history of
every crufty decision embodied in transaction histories.

Peter


On Tue, Apr 3, 2012 at 1:42 PM, Wladimir <laanwj@gmail.com> wrote:

>
> On Tue, Apr 3, 2012 at 8:55 PM, Luke-Jr <luke@dashjr.org> wrote:
>
>> On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote:
>> > We should avoid reinventing the wheel, if we can. I think we should
>> > extend existing standards whenever possible.
>>
>> I wonder if it's possible to make sigs compatible with PGP/EC ?
>>
>
> Or we could take a step back, further into "don't reinvent the wheel"
> territory. Why not simply make use of PGP(/EC) to sign and verify messages?
> It has many advantages, like an already existing web-of-trust and keyserver
> infrastructure.
>
> I still feel like this is sign message stuff is dragging the kitchen sink
> into Bitcoin. It's fine for logging into a website, what you use it for,
> but anything that approaches signing email (such as S/MIME implementations
> and handling different character encodings) is going too far IMO.
>
> Wladimir
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>


-- 

Peter J. Vessenes
CEO, CoinLab
M: 206.595.9839

--e89a8fb1f81a18b0dc04bccbd146
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I don&#39;t think it&#39;s minimally invasive to layer PGP&#39;s web of tru=
st on top of Bitcoin, in fact, the opposite.=A0<div><br></div><div>From a c=
ertain angle, bitcoin exists as a sort of answer / alternate solution to th=
e web of trust. Digital cash with an existing web of trust in place was a w=
orking concept in the mid-1990s, courtesy of David Chaum, I believe.</div>

<div><br></div><div>I totally agree on the kitchen sink concern; I would pe=
rsonally like to see something like a one-year required discussion period o=
n all non-security changes proposed to the blockchain protocol. We know alm=
ost nothing about how bitcoin will be used over the next 20 years; I believ=
e it&#39;s a mistake to bulk up the protocol too rapidly right now.</div>

<div><br></div><div>There&#39;s a famous phrase from the founder of Lotus a=
bout Lotus&#39; engineering process: &quot;add lightness.&quot; The equival=
ent for protocol design might be &quot;add simplicity.&quot; I&#39;d like t=
o see us adding simplicity for now, getting a core set of tests together fo=
r alternate implementations like libbitcoin, and thinking hard about the da=
ngers of cruft over a 10+ year period when it comes to a technology which w=
ill necessarily include a complete history of every crufty decision embodie=
d in transaction histories.</div>

<div><br></div><div>Peter</div><div><br><br><div class=3D"gmail_quote">On T=
ue, Apr 3, 2012 at 1:42 PM, Wladimir <span dir=3D"ltr">&lt;<a href=3D"mailt=
o:laanwj@gmail.com">laanwj@gmail.com</a>&gt;</span> wrote:<br><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex">

<br><div class=3D"gmail_quote"><div class=3D"im">On Tue, Apr 3, 2012 at 8:5=
5 PM, Luke-Jr <span dir=3D"ltr">&lt;<a href=3D"mailto:luke@dashjr.org" targ=
et=3D"_blank">luke@dashjr.org</a>&gt;</span> wrote:<br><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">


<div>On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote:<br>
&gt; We should avoid reinventing the wheel, if we can. I think we should<br=
>
&gt; extend existing standards whenever possible.<br>
<br>
</div>I wonder if it&#39;s possible to make sigs compatible with PGP/EC ?<b=
r></blockquote></div><div><br>Or we could take a step back, further into &q=
uot;don&#39;t reinvent the wheel&quot; territory. Why not simply make use o=
f PGP(/EC) to sign and verify messages? It has many advantages, like an alr=
eady existing web-of-trust and keyserver infrastructure.<br>


<br>I still feel like this is sign message stuff is dragging the kitchen si=
nk into Bitcoin. It&#39;s fine for logging into a website, what you use it =
for, but anything that approaches signing email (such as S/MIME implementat=
ions and handling different character encodings) is going too far IMO. <br>

<span class=3D"HOEnZb"><font color=3D"#888888">
<br>Wladimir<br><br></font></span></div></div>
<br>-----------------------------------------------------------------------=
-------<br>
Better than sec? Nothing is better than sec when it comes to<br>
monitoring Big Data applications. Try Boundary one-second<br>
resolution app monitoring today. Free.<br>
<a href=3D"http://p.sf.net/sfu/Boundary-dev2dev" target=3D"_blank">http://p=
.sf.net/sfu/Boundary-dev2dev</a><br>_______________________________________=
________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><br><div=
>Peter J. Vessenes</div><div>CEO, CoinLab</div><div>M: 206.595.9839</div><b=
r>
</div>

--e89a8fb1f81a18b0dc04bccbd146--