Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1SFB29-0002u6-7i for bitcoin-development@lists.sourceforge.net; Tue, 03 Apr 2012 21:12:57 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.175 as permitted sender) client-ip=209.85.216.175; envelope-from=etotheipi@gmail.com; helo=mail-qc0-f175.google.com; Received: from mail-qc0-f175.google.com ([209.85.216.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1SFB28-0002SE-2M for bitcoin-development@lists.sourceforge.net; Tue, 03 Apr 2012 21:12:57 +0000 Received: by qcso7 with SMTP id o7so120163qcs.34 for ; Tue, 03 Apr 2012 14:12:50 -0700 (PDT) Received: by 10.224.180.200 with SMTP id bv8mr19451351qab.29.1333487570617; Tue, 03 Apr 2012 14:12:50 -0700 (PDT) Received: from [192.168.1.85] (c-76-111-96-126.hsd1.md.comcast.net. [76.111.96.126]) by mx.google.com with ESMTPS id bm15sm2247466qab.17.2012.04.03.14.12.49 (version=SSLv3 cipher=OTHER); Tue, 03 Apr 2012 14:12:49 -0700 (PDT) Message-ID: <4F7B67D6.7090101@gmail.com> Date: Tue, 03 Apr 2012 17:12:54 -0400 From: Alan Reiner User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <4F7A1227.7070306@gmail.com> <201204031455.42265.luke@dashjr.org> In-Reply-To: Content-Type: multipart/alternative; boundary="------------050409080903080806040007" X-Spam-Score: -0.3 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (etotheipi[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 1.0 FREEMAIL_REPLY From and body contain different freemails -0.8 AWL AWL: From: address is in the auto white-list X-Headers-End: 1SFB28-0002SE-2M Subject: Re: [Bitcoin-development] Signature Blocks and URI Sign Requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2012 21:12:57 -0000 This is a multi-part message in MIME format. --------------050409080903080806040007 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Just to clarify, I'm not proposing anything to the protocol itself. Simply that some applications might benefit from users being to sign messages with existing Bitcoin identities, and what can we do to accommodate that (out of band)? It's not a high priority, but I think it's potentially useful, and most codebases already have everything they need in place to implement it. On 04/03/2012 04:04 PM, Peter Vessenes wrote: > I don't think it's minimally invasive to layer PGP's web of trust on > top of Bitcoin, in fact, the opposite. > > From a certain angle, bitcoin exists as a sort of answer / alternate > solution to the web of trust. Digital cash with an existing web of > trust in place was a working concept in the mid-1990s, courtesy of > David Chaum, I believe. > > I totally agree on the kitchen sink concern; I would personally like > to see something like a one-year required discussion period on all > non-security changes proposed to the blockchain protocol. We know > almost nothing about how bitcoin will be used over the next 20 years; > I believe it's a mistake to bulk up the protocol too rapidly right now. > > There's a famous phrase from the founder of Lotus about Lotus' > engineering process: "add lightness." The equivalent for protocol > design might be "add simplicity." I'd like to see us adding simplicity > for now, getting a core set of tests together for alternate > implementations like libbitcoin, and thinking hard about the dangers > of cruft over a 10+ year period when it comes to a technology which > will necessarily include a complete history of every crufty decision > embodied in transaction histories. > > Peter > > > On Tue, Apr 3, 2012 at 1:42 PM, Wladimir > wrote: > > > On Tue, Apr 3, 2012 at 8:55 PM, Luke-Jr > wrote: > > On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote: > > We should avoid reinventing the wheel, if we can. I think we > should > > extend existing standards whenever possible. > > I wonder if it's possible to make sigs compatible with PGP/EC ? > > > Or we could take a step back, further into "don't reinvent the > wheel" territory. Why not simply make use of PGP(/EC) to sign and > verify messages? It has many advantages, like an already existing > web-of-trust and keyserver infrastructure. > > I still feel like this is sign message stuff is dragging the > kitchen sink into Bitcoin. It's fine for logging into a website, > what you use it for, but anything that approaches signing email > (such as S/MIME implementations and handling different character > encodings) is going too far IMO. > > Wladimir > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > -- > > Peter J. Vessenes > CEO, CoinLab > M: 206.595.9839 > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development --------------050409080903080806040007 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Just to clarify, I'm not proposing anything to the protocol itself.  Simply that some applications might benefit from users being to sign messages with existing Bitcoin identities, and what can we do to accommodate that (out of band)?  It's not a high priority, but I think it's potentially useful, and most codebases already have everything they need in place to implement it.


On 04/03/2012 04:04 PM, Peter Vessenes wrote:
I don't think it's minimally invasive to layer PGP's web of trust on top of Bitcoin, in fact, the opposite. 

From a certain angle, bitcoin exists as a sort of answer / alternate solution to the web of trust. Digital cash with an existing web of trust in place was a working concept in the mid-1990s, courtesy of David Chaum, I believe.

I totally agree on the kitchen sink concern; I would personally like to see something like a one-year required discussion period on all non-security changes proposed to the blockchain protocol. We know almost nothing about how bitcoin will be used over the next 20 years; I believe it's a mistake to bulk up the protocol too rapidly right now.

There's a famous phrase from the founder of Lotus about Lotus' engineering process: "add lightness." The equivalent for protocol design might be "add simplicity." I'd like to see us adding simplicity for now, getting a core set of tests together for alternate implementations like libbitcoin, and thinking hard about the dangers of cruft over a 10+ year period when it comes to a technology which will necessarily include a complete history of every crufty decision embodied in transaction histories.

Peter


On Tue, Apr 3, 2012 at 1:42 PM, Wladimir <laanwj@gmail.com> wrote:

On Tue, Apr 3, 2012 at 8:55 PM, Luke-Jr <luke@dashjr.org> wrote:
On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote:
> We should avoid reinventing the wheel, if we can. I think we should
> extend existing standards whenever possible.

I wonder if it's possible to make sigs compatible with PGP/EC ?

Or we could take a step back, further into "don't reinvent the wheel" territory. Why not simply make use of PGP(/EC) to sign and verify messages? It has many advantages, like an already existing web-of-trust and keyserver infrastructure.

I still feel like this is sign message stuff is dragging the kitchen sink into Bitcoin. It's fine for logging into a website, what you use it for, but anything that approaches signing email (such as S/MIME implementations and handling different character encodings) is going too far IMO.

Wladimir


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development




--

Peter J. Vessenes
CEO, CoinLab
M: 206.595.9839

------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development

--------------050409080903080806040007--