Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <johnathan@corganlabs.com>) id 1VciwO-0007eb-Rh
	for bitcoin-development@lists.sourceforge.net;
	Sat, 02 Nov 2013 21:41:08 +0000
Received: from mail-pd0-f182.google.com ([209.85.192.182])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1VciwM-00016H-Tv
	for bitcoin-development@lists.sourceforge.net;
	Sat, 02 Nov 2013 21:41:08 +0000
Received: by mail-pd0-f182.google.com with SMTP id q10so5234766pdj.13
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 02 Nov 2013 14:41:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
	:subject:references:in-reply-to:openpgp:content-type;
	bh=CIFg14yi8ASt051cRwP4/X+QoDsi8nZsIUq7fvOvedU=;
	b=IJPOQZnHJK9uYJCs6F1PjP5UbceEuTERTDH1bEAgb4dSqXTZtTm8VTgOE4Ktin4n1A
	v+WPWW/r+v3jJkuwixe2i1QxTDky+bsR2ZrnX4A1JaikHrZliGTgoLxIno+LHubVl2vW
	9aALHp5MOLVHrj3YthgXIxKNzkZdAxnZknzUSPqs4DIOSn1iKPddU9cyIb+iEB8gwX+Q
	chevbDp18NwZg9KMRFhHNQuDLk6uwDh2GwB6I3gOisfF7v/TUSfsCTnlLKCjE820rpN4
	+IkgOXbbpnqLE63IQkTIWu9Owbev0PlwbZvWGbwlXAJWKYMg3+uaMPQAhlnejD2tbQmC
	8avw==
X-Gm-Message-State: ALoCoQkBpuxbC5Lh/Vj1il9RXXjR3PAbRknk79XcetObxAFOmi3mfWSbno5Jch4AD3pbRWW6XOyL
X-Received: by 10.68.125.198 with SMTP id ms6mr9475403pbb.98.1383426874454;
	Sat, 02 Nov 2013 14:14:34 -0700 (PDT)
Received: from [192.168.1.10] (64-142-68-61.dsl.static.sonic.net.
	[64.142.68.61])
	by mx.google.com with ESMTPSA id wd6sm21857533pab.3.2013.11.02.14.14.31
	for <multiple recipients>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Sat, 02 Nov 2013 14:14:32 -0700 (PDT)
Message-ID: <52756B2E.7030505@corganlabs.com>
Date: Sat, 02 Nov 2013 14:14:22 -0700
From: Johnathan Corgan <johnathan@corganlabs.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: bitcoingrant@gmx.com, bitcoin-development@lists.sourceforge.net
References: <20131102050144.5850@gmx.com>
In-Reply-To: <20131102050144.5850@gmx.com>
X-Enigmail-Version: 1.5.2
OpenPGP: id=671DA2F7
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn"
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [209.85.192.182 listed in list.dnswl.org]
	0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
	See
	http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	for more information. [URIs: gmx.com]
X-Headers-End: 1VciwM-00016H-Tv
Subject: Re: [Bitcoin-development] Message Signing based authentication
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2013 21:41:09 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn
Content-Type: multipart/mixed; boundary="------------020305080506030408090404"

This is a multi-part message in MIME format.
--------------020305080506030408090404
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 11/01/2013 10:01 PM, bitcoingrant@gmx.com wrote:

> Server provides a token for the client to sign.

Anyone else concerned about signing an arbitrary string?  Could be a
hash of $EVIL_DOCUMENT, no?  I'd want to XOR the string with my own
randomly generated nonce, sign that, then pass the nonce and the
signature back to the server for verification.

--=20
Johnathan Corgan, Corgan Labs
SDR Training and Development Services
http://corganlabs.com

--------------020305080506030408090404
Content-Type: text/x-vcard; charset=utf-8;
 name="johnathan.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="johnathan.vcf"

YmVnaW46dmNhcmQNCmZuOkpvaG5hdGhhbiBDb3JnYW4NCm46Q29yZ2FuO0pvaG5hdGhhbg0K
b3JnOkNvcmdhbiBFbnRlcnByaXNlcyBMTEMgZGJhIENvcmdhbiBMYWJzDQphZHI6Ozs2MDgx
IE1lcmlkaWFuIEF2ZS4gU3VpdGUgNzAtMTExO1NhbiBKb3NlO0NBOzk1MTIwO1VuaXRlZCBT
dGF0ZXMNCmVtYWlsO2ludGVybmV0OmpvaG5hdGhhbkBjb3JnYW5sYWJzLmNvbQ0KdGl0bGU6
TWFuYWdpbmcgUGFydG5lcg0KdGVsO3dvcms6KzEgNDA4IDQ2MyA2NjE0DQp4LW1vemlsbGEt
aHRtbDpGQUxTRQ0KdXJsOmh0dHA6Ly9jb3JnYW5sYWJzLmNvbQ0KdmVyc2lvbjoyLjENCmVu
ZDp2Y2FyZA0KDQo=
--------------020305080506030408090404--

--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAlJ1azQACgkQRzB3vGcdovepOAD/YhTldmWnUXvJH0arGXgxwRti
nfxfmk8/hZoqqPRl/3QA/1Kg+pv7KzgeYMySy28wBeJdJKscWnct/3I4p9jC/2vD
=Gy5m
-----END PGP SIGNATURE-----

--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn--