Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1V7lLv-0007oM-VP for bitcoin-development@lists.sourceforge.net; Fri, 09 Aug 2013 11:59:31 +0000 X-ACL-Warn: Received: from mail-ea0-f172.google.com ([209.85.215.172]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1V7lLu-00027t-Jx for bitcoin-development@lists.sourceforge.net; Fri, 09 Aug 2013 11:59:31 +0000 Received: by mail-ea0-f172.google.com with SMTP id r16so1994463ead.17 for ; Fri, 09 Aug 2013 04:59:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:sender:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=Oq8v8QEKUACwXnguSSodlWh1XkHIZnQkfcIeuiKSmjg=; b=RpOWxPnA+P1ZAJDoE6lgZzn8CIzP1FaVhXbZOxZEzcOR1xTP4oq4GlQMLGmAKA/jlz 6wDy2Gpe1MAOp/dNvSjYfPJWlO5vAUydnzWdwetkhAjUy4Lf5bwbQH9VzK9kqNHcLMR9 kHJGhaSVtkoqRMIC0D+zXQPwHr4lDdprciekqLxH0GgE1jMV8QmXHQ6uhymJwmP2248y QAj8jG3zHWSmByG2P1WOkYP+QYe3XJV827pogCMNFS+0h/bSXP0eoNL1QqT85bleJb1S lDSTX+b1oa6OiLt/iQUk3ZBtVnzO9ep9IRdjYog8rTdg/xaxfE0XJvXh1RR21TndKTHk 3eBw== X-Gm-Message-State: ALoCoQlt93xiOryESR1CQN+ICT0RB0qeU3zVX6SASoq16BVhxZLeROCr1r+M8Y2a5XfY7xs9qZYf X-Received: by 10.15.43.193 with SMTP id x41mr13041289eev.31.1376049558641; Fri, 09 Aug 2013 04:59:18 -0700 (PDT) Received: from [127.0.0.1] ([180.149.96.169]) by mx.google.com with ESMTPSA id c3sm28091790eev.3.2013.08.09.04.59.14 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Aug 2013 04:59:17 -0700 (PDT) Sender: w grabhive Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Wendell In-Reply-To: Date: Fri, 9 Aug 2013 13:59:09 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <4A46BA74-F2C2-4139-AABE-67CFE4BC4FA4@grabhive.com> References: To: Mike Hearn X-Mailer: Apple Mail (2.1283) X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.5 RCVD_IN_PSBL RBL: Received via a relay in PSBL [180.149.96.169 listed in psbl.surriel.com] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [180.149.96.169 listed in dnsbl.sorbs.net] X-Headers-End: 1V7lLu-00027t-Jx Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Idea for new payment protocol PKI X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 11:59:32 -0000 We have been discussing something like this over here too, as well as = exploring more esoteric blockchain+signature-based "SSO" implementations = as discussed by John Light and others. One of our long-term ambitions with Hive is to provide a (mostly) = user-transparent, decentralized authentication service. It sounds like = our infrastructure could already handle a Persona implementation, and we = very much want to get behind some forward-thinking standard. So as long = as the plan _IS_ to remove said 'centralized struts' at the appropriate = time, I'd say we're interested in exploring this further. -wendell grabhive.com | twitter.com/grabhive | gpg: 6C0C9411 On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote: > This is just me making notes for myself, I'm not seriously suggesting = this be implemented any time soon. >=20 > Mozilla Persona is an infrastructure for web based single sign on. It = works by having email providers sign temporary certificates for their = users, whose browsers then sign server-provided challenges to prove = their email address. >=20 > Because an SSO system is a classic chicken/egg setup, they run various = fallback services that allow anyone with an email address to take part. = They also integrate with the Google/Yahoo SSO systems as well. The = intention being that they do this until Persona becomes big enough to = matter, and then they can remove the centralised struts and the system = becomes transparently decentralised. >=20 > In other words, they seem to do a lot of things right. >=20 > Of course you can already sign payments using an X.509 cert issued to = an email address with v1 of the payment protocol, so technically no new = PKI is needed. But the benefit of leveraging Persona would be = convenience - you can get yourself a Persona cert and use it to sign in = to websites with a single click, and the user experience is smart and = professional. CAs in contrast are designed for web site admins really so = the experience of getting a cert for an email address is rather variable = and more heavyweight. >=20 > Unfortunately Persona does not use X.509. It uses a custom thing based = on JSON. However, under the hood it's just assertions signed by RSA = keys, so an implementation is likely to be quite easy. =46rom the users = perspective, their wallet app would embed a browser and drive it as if = it were signing into a website, but stop after the user is signed into = Persona and a user cert has been provisioned. It can then sign payment = requests automatically. For many users, it'd be just one click, which is = pretty neat.