Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1U4zfd-0004Tx-14 for bitcoin-development@lists.sourceforge.net; Mon, 11 Feb 2013 20:08:09 +0000 X-ACL-Warn: Received: from mail-qa0-f49.google.com ([209.85.216.49]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1U4zfb-0003A5-5B for bitcoin-development@lists.sourceforge.net; Mon, 11 Feb 2013 20:08:09 +0000 Received: by mail-qa0-f49.google.com with SMTP id o13so1333034qaj.15 for ; Mon, 11 Feb 2013 12:08:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=ELVoq4x+2yR+FFehAt1BrKTHFNCV8zffOIVqUE6/1bs=; b=P1rtLBbMnf5DXJ1siFwWJBOvm4Vlk0Ee/8pF93kXA2Wl/TOUzGoMePAKSqoIO7Rc83 Fl1671WpSn3VuRyFD3KNz+frqVSGfkp5jsr4hywdrGleuBh3INgsxcZpThcc6SNGohG3 6OGkYdpHKCrAlR1tamXezxucBYHBd45yduIdgRrIKxjgFCfaPMlCzo74vg9LZN1JHA+4 Nux0C/XbExHA/T2FiC+6lL7TpP0NuYV8W5ENdZ1zDPJBMhBI3iyxHlAoInF7qe2dsY6c BL2RN/mjhBlRi2tUlsgKJFwQ73b9xTRJyGXB+yKK58zbvXHDLLHBhx+tLu+6cwIXtAsr H5fQ== MIME-Version: 1.0 X-Received: by 10.224.52.68 with SMTP id h4mr5703671qag.17.1360611543131; Mon, 11 Feb 2013 11:39:03 -0800 (PST) Received: by 10.49.12.39 with HTTP; Mon, 11 Feb 2013 11:39:03 -0800 (PST) In-Reply-To: <20130208100354.GA26627@crunch> References: <20130208100354.GA26627@crunch> Date: Mon, 11 Feb 2013 11:39:03 -0800 Message-ID: From: Rick Wesson To: timo.hanke@web.de Content-Type: multipart/alternative; boundary=20cf3074afa8b4a56e04d5780fdf X-Gm-Message-State: ALoCoQnPjn8VeIDwZI88GOuyou2jFcizCR9IJjyIN4oa5jyHvQItsytJDVQQEZ6okeWLc1aVrubE X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1U4zfb-0003A5-5B Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Blockchain as root CA for payment protocol X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Feb 2013 20:08:09 -0000 --20cf3074afa8b4a56e04d5780fdf Content-Type: text/plain; charset=ISO-8859-1 I prefer to leverage the signing of the (.) root in the DNS tree. The amount of effort in signing the root holds more weight than building a CA off the bitcoin blockchain. If you want to associate identifiers for payment addresses I suggest putting those in DNSSEC signed records in the DNS. For routing around x.509 CAs I suggest participating in the DANE working group in the IETF. -rick On Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke wrote: > There have been proposals to use the blockchain to establish > "identities". firstbits is a simple example. I would like to announce a > project that extends this idea to turn the blockchain into a "root CA" > that can sign arbitrary certificates. The purpose is to use these > certificates in the payment protocol, where some might consider > traditional centralized root CAs unsatisfactory. > > Code is here: https://github.com/bcpki > > Technical specification and full-length examples are found in the wiki. > I therefore spare myself from repeating the details here, even though, > of course, discussion about those details is welcome on this list. > > Excerpt from README.md follows: > > First, we have drafted a quite general specification for bitcoin > certificates (protobuf messages) that allow for a variety of payment > protocols (e.g. static as well as customer-side-generated payment > addresses). > This part has surely been done elsewhere as well and is orthogonal to the > goal of this project. > What is new here is the signatures _under_ the certificates. > > We have patched the bitcoind to handle certificates, submit signatures to > the blockchain, verify certificates against the blockchain, pay directly to > certificates (with various payment methods), revoke certificates. > Signatures in the blockchain are stored entirely in the UTXO set (i.e. the > unspend, unprunable outputs). > This seems to make signature lookup and verification reasonably fast: > it took us 10s in the mainnet test we performed (lookup is instant on the > testnet, of course). > > Payment methods include: static bitcoin addresses, client-side derived > payment addresses (pay-to-contract), pay-to-contract with multisig > destinations (P2SH) > > Full-length real-world examples for all payment methods are provided in > the tutorial pages. > These examples have actually been carried out on testnet3. > > For further details and specifications see the wiki. > > timo hanke > > > ------------------------------------------------------------------------------ > Free Next-Gen Firewall Hardware Offer > Buy your Sophos next-gen firewall before the end March 2013 > and get the hardware for free! Learn more. > http://p.sf.net/sfu/sophos-d2d-feb > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --20cf3074afa8b4a56e04d5780fdf Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I=A0prefer=A0to leverage the signing of the (.) root in the DNS tree. The a= mount of effort in signing the root holds more weight than building a CA of= f the bitcoin blockchain.

If you want to associate ident= ifiers for payment addresses I suggest putting those in DNSSEC signed recor= ds in the DNS.

For routing around x.509 CAs I suggest=A0participating= =A0in the DANE working group in the IETF.

-rick
=A0

On Fri, Feb 8, 2013 at 2:03 A= M, Timo Hanke <timo.hanke@web.de> wrote:
There have been proposals to use the blockch= ain to establish
"identities". firstbits is a simple example. I would like to anno= unce a
project that extends this idea to turn the blockchain into a "root CA&= quot;
that can sign arbitrary certificates. The purpose is to use these
certificates in the payment protocol, where some might consider
traditional centralized root CAs unsatisfactory.

Code is here: https:= //github.com/bcpki

Technical specification and full-length examples are found in the wiki.
I therefore spare myself from repeating the details here, even though,
of course, discussion about those details is welcome on this list.

Excerpt from README.md follows:

First, we have drafted a quite general specification for bitcoin certificat= es (protobuf messages) that allow for a variety of payment protocols (e.g. = static as well as customer-side-generated payment addresses).
This part has surely been done elsewhere as well and is orthogonal to the g= oal of this project.
What is new here is the signatures _under_ the certificates.

We have patched the bitcoind to handle certificates, submit signatures to t= he blockchain, verify certificates against the blockchain, pay directly to = certificates (with various payment methods), revoke certificates.
Signatures in the blockchain are stored entirely in the UTXO set (i.e. the = unspend, unprunable outputs).
This seems to make signature lookup and verification reasonably fast:
it took us 10s in the mainnet test we performed (lookup is instant on the t= estnet, of course).

Payment methods include: static bitcoin addresses, client-side derived
payment addresses (pay-to-contract), pay-to-contract with multisig destinat= ions (P2SH)

Full-length real-world examples for all payment methods are provided in the= tutorial pages.
These examples have actually been carried out on testnet3.

For further details and specifications see the wiki.

timo hanke

---------------------------------------------------------------------------= ---
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.s= f.net/sfu/sophos-d2d-feb
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--20cf3074afa8b4a56e04d5780fdf--