Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WV9X9-000394-2T for bitcoin-development@lists.sourceforge.net; Wed, 02 Apr 2014 01:00:03 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.180 as permitted sender) client-ip=209.85.214.180; envelope-from=dbanttari@gmail.com; helo=mail-ob0-f180.google.com; Received: from mail-ob0-f180.google.com ([209.85.214.180]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WV9X6-0007IF-AR for bitcoin-development@lists.sourceforge.net; Wed, 02 Apr 2014 01:00:01 +0000 Received: by mail-ob0-f180.google.com with SMTP id wn1so11640262obc.25 for ; Tue, 01 Apr 2014 17:59:55 -0700 (PDT) X-Received: by 10.182.246.35 with SMTP id xt3mr15735234obc.39.1396400394933; Tue, 01 Apr 2014 17:59:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.210.130 with HTTP; Tue, 1 Apr 2014 17:59:34 -0700 (PDT) In-Reply-To: <8ACA8DF1-30BF-47F4-92CE-E625F44F687C@meek.io> References: <5339418F.1050800@riseup.net> <51C10069-5C3B-462A-9184-669ABC6CD9D0@meek.io> <8ACA8DF1-30BF-47F4-92CE-E625F44F687C@meek.io> From: Daryl Banttari Date: Tue, 1 Apr 2014 19:59:34 -0500 Message-ID: To: "Chris D'Costa" Content-Type: multipart/alternative; boundary=001a11c2f2d4811a2404f604cd1b X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dbanttari[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WV9X6-0007IF-AR Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2014 01:00:03 -0000 --001a11c2f2d4811a2404f604cd1b Content-Type: text/plain; charset=ISO-8859-1 Chris, Thank you for taking the time to look at my proposal. 1) pay to addresses are not fixed - ie you can have a different address for > each transaction (which is why BIP70 is necessary to allow per transaction > addresses via https.) > This is certainly true for a "published" address; however a new address (and URL) can be generated for each one-off peer-to-peer transaction. However, I'd expect that most of the time this use case will be handed by BIP70. Still, this could allow someone to implement a authenticated, non-repudiable payment request without having to go through the hassle of a full BIP70 implementation. > 2) unless you are already aware of the public key of the signature, you > do not know if the signature is made by the person you think it is supposed > to be from. See recent concern over fake key for Gavin Andresen. Ie a > signature can always be verified with a valid public key, the question is > was it the real person's key. That is what WoT tried to resolve with > so-called "signing parties", nowadays keys posted to a public forum by a > known user, but it's not a standard and not ideal. > My proposal leverages the existing SSL key system (yes, PKI), so there is a reasonable expectation that if the signature verifies, it came from the party indicated on the cert. While SSL (and the PKI system underpinning it) have its faults, the example you highlighted was specifically a problem with WoT, not PKI. Can a compromised web server cause payments to be made to the wrong party? Of course-- but that's already true. And that's not something BIP70 solves (or attempts to solve) either. (To explain [better than I could] why I feel PKI is a pragmatic solution, I defer to Mike Hearn 's article: https://medium.com/bitcoin-security-functionality/b64cf5912aa7) --Daryl --001a11c2f2d4811a2404f604cd1b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Chris,

Thank you for taking the time = to look at my proposal.

1) pay to addresses are not fixed - ie you can have a= different address for each transaction (which is why BIP70 is necessary to= allow per transaction addresses via https.)

This is certainly true for= a "published" address; however a new address (and URL) can be ge= nerated for each one-off peer-to-peer transaction. =A0However, I'd expe= ct that most of the time this use case will be handed by BIP70. =A0Still, t= his could allow someone to implement a authenticated, non-repudiable paymen= t request without having to go through the hassle of a full BIP70 implement= ation.
=A0
2) unless you are already aware o= f the =A0public key of the signature, you do not know if the signature is m= ade by the person you think it is supposed to be from. See recent concern o= ver fake key for Gavin Andresen. Ie a signature can always be verified with= a valid public key, the question is was it the real person's key. That= is what WoT tried to resolve with so-called "signing parties", n= owadays keys posted to a public forum by a known user, but it's not a s= tandard and not ideal.

My proposal leverages the existing SSL key system (y= es, PKI), so there is a reasonable expectation that if the signature verifi= es, it came from the party indicated on the cert. =A0While SSL (and the PKI= system underpinning it) have its faults, the example you highlighted was s= pecifically a problem with WoT, not PKI. =A0Can a compromised web server ca= use payments to be made to the wrong party? =A0Of course-- but that's a= lready true. =A0And that's not something BIP70 solves (or attempts to s= olve) either.

(To explain= [better than I could] why I feel PKI is a pragmatic solution, I defer to M= ike Hearn 's article: =A0https://medium.com/bitcoin-security-functional= ity/b64cf5912aa7)

--Daryl
--001a11c2f2d4811a2404f604cd1b--