Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.215.43 as permitted sender)
	client-ip=209.85.215.43; envelope-from=gmaxwell@gmail.com;
	helo=mail-la0-f43.google.com; 
MIME-Version: 1.0
In-Reply-To: <1398437607.23028.110362141.03111A2A@webmail.messagingengine.com>
References: <ljdd29$522$1@ger.gmane.org>
	<1398437607.23028.110362141.03111A2A@webmail.messagingengine.com>
Date: Fri, 25 Apr 2014 08:46:15 -0700
Message-ID: <CAAS2fgRiXdOBN2gVZ0Xh4kBeOKiS80AjD5+VxJEut9nWt-0WUg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Jim <jim618@fastmail.co.uk>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP32 "wallet structure" in use? Remove
	it?
Precedence: list

On Fri, Apr 25, 2014 at 7:53 AM, Jim <jim618@fastmail.co.uk> wrote:
> Oh dear.
>
> For reasons that are perfectly reasonable we are close to losing any chan=
ce of intra-client HD compatibility for BIP32 wallets.
>
> In the next 12 months there will probably be collectively millions of use=
rs of our new wallets. I don't want them to suffer from vendor lockin.
>
> Can we not agree on a lowest common denominator that we agree to support =
?
> An "HD Basic" if you like.
> For entry level users we can keep things simple and any "HD Basic" bitcoi=
n will be fully interoperable.
>
> Sure, if you use anything fancy you'll be locked in to a particular walle=
t but a lot of users just want somewhere safe to put their bitcoin, spend i=
t and receive it.
>
> I appreciate standising everything is very difficult (if not impossible) =
but if we don't have a minimum of interoperability I think we'll do our use=
rs a disservice.

I don't believe that wallet interoperability at this level is possible
in general except as an explicit compatibility feature. I also don't
believe that it is a huge loss that it is so.

The structure of the derivation defines and constrains functionality.
You cannot be structure compatible unless you have the same features
and behavior with respect to key management.  To that extent that
wallets have the same features, I agree its better if they are
compatible=E2=80=94 but unless they are dead software they likely won't kee=
p
the same features for long.

Even if their key management were compatible there are many other
things that go into making a wallet portable between systems; the
handling of private keys is just one part:  a complete wallet will
have other (again, functionality specific) metadata.

I agree that it would be it would be possible to support a
compatibility mode where a wallet has just a subset of features which
works when loaded into different systems, but I'm somewhat doubtful
that it would be widely used. The decision to use that mode comes at
the wrong time=E2=80=94 when you start, not when you need the features you
chose to disable or when you want to switch programs. But the obvious
thing to do there is to just specify that a linear chain with no
further branching is that mode: then that will be the same mode you
use when someone gives you a master public key and asks you to use it
for reoccurring changes=E2=80=94 so at least the software will get used.

Compatibility for something like a recovery tool is another matter,
and BIP32 probably defines enough there that with a bit of extra data
about how the real wallet worked that recovery can be successful.

Calling it "vendor lock in" sounds overblown to me.  If someone wants
to change wallets they can transfer the funds=E2=80=94 manual handling of
private keys is seldom advisable, and as is they're going to lose
their metadata in any case.  No one expects to switch banks and to
keep their account records at the new bank. And while less than
perfect, the price of heavily constraining functionality in order to
get another result is just too high.