Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 14ADC1248 for ; Tue, 15 Sep 2015 10:49:39 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.aaawop.com (area51.powaaa.com [62.210.66.225]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5BCDC145 for ; Tue, 15 Sep 2015 10:49:38 +0000 (UTC) Received: from rainloop.aaawop.com (area51.powaaa.com [62.210.66.225]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: arthur@powaaa.com) by mail.aaawop.com (Postfix) with ESMTPSA id 4CA2543092; Tue, 15 Sep 2015 12:49:36 +0200 (CEST) Mime-Version: 1.0 Date: Tue, 15 Sep 2015 10:49:36 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID: <15ce53e7feabef3c9a40c5d3df9ff283@rainloop.aaawop.com> X-Mailer: RainLoop/1.8.2.291 From: "Arthur - bitcoin-fr.io" To: "Luke Dashjr" , bitcoin-dev@lists.linuxfoundation.org In-Reply-To: <201509150403.40909.luke@dashjr.org> References: <201509150403.40909.luke@dashjr.org> X-Virus-Scanned: clamav-milter 0.98.6 at area51 X-Virus-Status: Clean X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,URIBL_SBL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] URI scheme for signing and verifying messages X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 10:49:39 -0000 September 15 2015 6:04 AM, "Luke Dashjr" wrote:=0A> I t= hink probably the whole signed message thing needs to be rethought. The= =0A> most common "uses" today seem to be insecure cases that it doesn't a= ctually=0A> work in: people trying to prove ownership of bitcoins and/or = that they sent=0A> bitcoins (current signed messages can do neither). Ide= ally, whatever the new=0A> method is should also avoid using the same key= as for signing transactions,=0A> since the public key is technically pri= vate information. Furthermore, since=0A> addresses are semi-deprecated (b= y the payment protocol), I'm not sure it=0A> makes sense to do this witho= ut designing an entire authentication system,=0A> which may be rather com= plex.=0A> =0A> Luke=0A=0AMy proposal is about the current signing process= (which exists event it it's not perfect) but it could also work with a n= ew signing message system tomorrow. It more about give users an easier wa= y to access existing tools than the "sign message thing" itself.=0A=0ABTW= I'm aware of privacy issues, but could you elaborate on why the use case= your are referring to doesn't actually work?=0AHere are a use of bitcoin= signatures ( https://bitcointalk.org/index.php?topic=3D497545.0 ) to spe= ak about a real case.=0A=0A--=0AArthur