Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1SFLgd-00064r-3J for bitcoin-development@lists.sourceforge.net; Wed, 04 Apr 2012 08:35:27 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of mac.com designates 17.172.81.1 as permitted sender) client-ip=17.172.81.1; envelope-from=gronager@mac.com; helo=st11p00mm-asmtpout002.mac.com; Received: from st11p00mm-asmtpout002.mac.com ([17.172.81.1]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1SFLgX-0005In-G8 for bitcoin-development@lists.sourceforge.net; Wed, 04 Apr 2012 08:35:27 +0000 MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from [109.105.106.236] (unknown [109.105.106.236]) by st11p00mm-asmtp002.mac.com (Oracle Communications Messaging Exchange Server 7u4-22.01 64bit (built Apr 21 2011)) with ESMTPSA id <0M1Y00GRE56PQ910@st11p00mm-asmtp002.mac.com> for bitcoin-development@lists.sourceforge.net; Wed, 04 Apr 2012 08:35:16 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.6.7498,1.0.260,0.0.0000 definitions=2012-04-04_01:2012-04-04, 2012-04-03, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=2 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000 definitions=main-1204040021 From: =?iso-8859-1?Q?Michael_Gr=F8nager?= In-reply-to: Date: Wed, 04 Apr 2012 10:35:12 +0200 Message-id: <416DB500-46F1-4249-8728-F08B1FFADE11@mac.com> References: <4F7A1227.7070306@gmail.com> <201204031455.42265.luke@dashjr.org> <4F7B67D6.7090101@gmail.com> <4F7B8F46.8060706@gmail.com> To: Alan Reiner X-Mailer: Apple Mail (2.1257) X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gronager[at]mac.com) -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1SFLgX-0005In-G8 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Signature Blocks and URI Sign Requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Apr 2012 08:35:27 -0000 Hi Alan, I am using an approach similar to your proposal in a service I am developing. I have, however, chosen to sign using the following scheme: 1. take sha512 of document (=hash512) 2. take ripemd160 of hash512 3. create 512 bit data structure, where the first 352bits are '0', and the rest is the ripemd160 of our hash512 4. sign it with the key This procedure prevents an evil site from fooling you to sign a transaction spending your own coins. So bottom like never sign a full sha512 with a key for any other purpose than a transaction. (The above could easily well have been implemented as just truncating the hash512 to 256 bits, feel free to propose the optimal scheme). /M On 04/04/2012, at 08:23, Wladimir wrote: > Alan, > > On Wed, Apr 4, 2012 at 2:01 AM, Alan Reiner wrote: > There is all this fanfare around P2SH and how multi-sig is the solution to all these security problems, but how the hell do you use it? I believe that BIP 10 (or successor) is critical to the success of multi-sig, because the greatest barrier to using multi-sig will be the ability to actually execute them in less than 14 steps. And if every client implements it differently, there's even less chance it will be used (assuming the userbase reaches any level of client diversity). > > That is a laudable goal. > > So your proposal is about signing "Preformatted messages from sites" to make financial transactions more secure, not arbitrary user-to-user messages such as email. That really restricts the scope, which is good. > > In this case there is no use for S/MIME, which deals with encoding/signing multipart mail messages. And no need to deal with MIME headers, html, or embedded images, and such. And we can simply require one character encoding, no need to support hundreds. > > The "request signing" bitcoin URL makes sense in my eyes. Less copy/pasting is good. Do mind that there is usually a URL size limit (depending on the browser) so this cannot be used for long messages/contracts. A possible solution would be to make an option to pass the address where the message can be retrieved (and maybe also where the signature must be sent, to save a copy-paste back?). > > Looking at existing solutions, the only other "sign request" that I know of is the CSR (https://en.wikipedia.org/wiki/Certificate_signing_request) but the functionality and goal is very different. > > It'd be useful (and IMO most important) to write down some use-cases in which this makes P2SH easier and less involved. How many steps can be eliminated of the 14? > > Wladimir > BTW: we also still need a BIP to define URL signing / authentication itself. > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev_______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development