Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YW0M3-0000FL-V3 for bitcoin-development@lists.sourceforge.net; Thu, 12 Mar 2015 10:28:39 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of m.gmane.org designates 80.91.229.3 as permitted sender) client-ip=80.91.229.3; envelope-from=gcbd-bitcoin-development@m.gmane.org; helo=plane.gmane.org; Received: from plane.gmane.org ([80.91.229.3]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1YW0M2-00049f-C7 for bitcoin-development@lists.sourceforge.net; Thu, 12 Mar 2015 10:28:39 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1YW0Lv-0008W0-0r for bitcoin-development@lists.sourceforge.net; Thu, 12 Mar 2015 11:28:31 +0100 Received: from f052230195.adsl.alicedsl.de ([78.52.230.195]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Mar 2015 11:28:30 +0100 Received: from andreas by f052230195.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 12 Mar 2015 11:28:30 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: bitcoin-development@lists.sourceforge.net From: Andreas Schildbach Date: Thu, 12 Mar 2015 11:28:25 +0100 Message-ID: References: <54F32EED.6040103@electrum.org> <550057FD.6030402@electrum.org> <1426100677.1908596.239033309.7C4F8D47@webmail.messagingengine.com> <5500D4C3.4090207@niftybox.net> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: f052230195.adsl.alicedsl.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 In-Reply-To: <5500D4C3.4090207@niftybox.net> X-Spam-Score: -0.4 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.1 DKIM_ADSP_ALL No valid author signature, domain signs all mail -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1YW0M2-00049f-C7 Subject: Re: [Bitcoin-development] Electrum 2.0 has been tagged X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2015 10:28:40 -0000 That doesn't work for mobile wallets, because we need to consider the offline case. To fix this, we'd need to extend BIP70 to tell the merchant where to forward the half-signed transaction to. Then again I'm not sure if we want that, for privacy reasons. In any case, practical multisig is still a looong way off. On 03/12/2015 12:50 AM, devrandom wrote: > I'd like to offer that the best practice for the shared wallet use case > should be multi-device multi-sig. The mobile has a key, the desktop has > a key and a third-party security oracle has a third key. The oracle > would have different security thresholds for countersigning the mobile. > > This way you can have the same overall wallet on all devices, but > different security profiles on different keys. > > That said, I do agree that mnemonic phrases should be portable, and find > it unfortunate that the ecosystem is failing to standardize on phrase > handling. > > On 2015-03-11 04:22 PM, Mike Hearn wrote: >> Users will want to have wallets shared between devices, it's as simple >> as that, especially for mobile/desktop wallets. Trying to stop them from >> doing that by making things gratuitously incompatible isn't the right >> approach: they'll just find workarounds or wallet apps will learn how >> to import seeds from other apps. Better to just explain the risks and >> help people mitigate them. >> >> On Wed, Mar 11, 2015 at 3:57 PM, Aaron Voisine > > wrote: >> >> I'm not convinced that wallet seed interoperability is such a great >> thing. There is a wide variability in the quality and security level >> of wallet implementations and platforms. Each new device and wallet >> software a user types their seed into increases their attack surface >> and exposure to flaws. Their security level is reduced to the lowest >> common denominator. I see the need for a "fire exit", certainly, but >> we must also remember that fire exits are potential entrances for >> intruders. >> >> Aaron Voisine >> co-founder and CEO >> breadwallet.com >> >> On Wed, Mar 11, 2015 at 12:46 PM, Gregory Maxwell >> > wrote: >> >> On Wed, Mar 11, 2015 at 7:24 PM, Ricardo Filipe >> > >> wrote: >> > i guess you look at the glass half full :) >> > even though what you say is true, we should aim for wallets not to >> > require those instructions, by standardizing these things in BIPs. >> > let's hope bitcoin doesn't fail in standards as our industries have in >> > the past... >> >> There are genuine principled disagreements on how some things should >> be done. There are genuine differences in functionality. >> >> We cannot expect and should not expect complete compatibility. >> If you >> must have complete compatibility: use the same software (or >> maybe not >> even then, considering how poor the forward compatibility of some >> things has been..). >> >> What we can hope to do, and I think the best we can hope to do, >> is to >> minimize the amount of gratuitous incompatibility and reduce the >> amount of outright flawed constructions (so if there are choices >> which >> must be made, they're at least choices among relatively good >> options). >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel >> Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is >> your hub for all >> things parallel software development, from weekly thought >> leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and >> join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your >> hub for all >> things parallel software development, from weekly thought leadership >> blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net/ >> >> >> >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >