1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mark@monetize.io>) id 1V1ilv-0008Kz-So
for bitcoin-development@lists.sourceforge.net;
Tue, 23 Jul 2013 20:01:23 +0000
Received: from mail-oa0-f42.google.com ([209.85.219.42])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1V1ils-0007vH-O8
for bitcoin-development@lists.sourceforge.net;
Tue, 23 Jul 2013 20:01:23 +0000
Received: by mail-oa0-f42.google.com with SMTP id j6so12428440oag.15
for <bitcoin-development@lists.sourceforge.net>;
Tue, 23 Jul 2013 13:01:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=message-id:date:from:organization:user-agent:mime-version:to
:subject:references:in-reply-to:x-enigmail-version:content-type
:content-transfer-encoding:x-gm-message-state;
bh=7tT/Kn9kdaFzeydBkB2UmJEzBh4gGNgMSIPTfGfIByM=;
b=mV9WKqh5AmDq4tsL9jXyCf1UoY0GVhtILG94Gvo3/A5O2DYQ8YYSvP9myEnmisPYmg
C4yw39wDJsFiUZRfiIyuI4iBuHuqRBhsP+y1mEoxKO/r6CjuXzE22UVxwEsmKNC5XdBS
rGeK/lWuIXoEUPloBzqhKyMErqLU/jrHdLc5N/kAXzE7GrTtlEhy06sIlrYo6AUCa3MM
/4APGoGJT4XknILsVjdgtZUqLOaWBpRzKd3hoYcGV0A1CGKBbmY2rOyr6dduoVjHMGpA
fJabVZ+hdubM0Ia+YiU/8740SHbjVVu3FZXrV4GdYo8nettJNxPAc5yuYaHhdVCvqg3n
0nqw==
X-Received: by 10.60.38.199 with SMTP id i7mr32450453oek.36.1374608211601;
Tue, 23 Jul 2013 12:36:51 -0700 (PDT)
Received: from [192.168.1.118] (adsl-71-131-180-114.dsl.sntc01.pacbell.net.
[71.131.180.114])
by mx.google.com with ESMTPSA id g1sm42898849oeq.6.2013.07.23.12.36.49
for <bitcoin-development@lists.sourceforge.net>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 23 Jul 2013 12:36:50 -0700 (PDT)
Message-ID: <51EEDB57.4070108@monetize.io>
Date: Tue, 23 Jul 2013 12:36:55 -0700
From: Mark Friedenbach <mark@monetize.io>
Organization: Monetize.io Inc.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <CAJHLa0Ou1xF=LeLVu_wH1-XgJ1PavDV7_NHoDevo3R9+4z-ZfQ@mail.gmail.com>
<201307231030.14139.andyparkins@gmail.com>
<20130723094703.GA25900@savin> <ksllu7$9i$1@ger.gmane.org>
In-Reply-To: <ksllu7$9i$1@ger.gmane.org>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQnJhaaOIsX0nP86ato8LIsWkkAnE/I+jj5C57Riy6HgiU8RC4vm2/4ha68IY6J8lsnbMak5
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1V1ils-0007vH-O8
Subject: Re: [Bitcoin-development] HTTP REST API for bitcoind
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2013 20:01:24 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/23/13 3:29 AM, Andreas Schildbach wrote:
>
> Yes, I understand that. For this reason, I would vote for adding the
> usual HTTP authentication/SSL stuff to the REST API. That way, SPV users
> can decide to run their own instance of the API (providing the needed
> resources themselves).
>
> Or, a trusted party can set up a server. For example, I would be willing
> to set it up for users of Bitcoin Wallet. I don't expect shitloads of
> paper wallets sweeps for the forseeable future.
>
>
Anyone who wants HTTP authentication or TLS can wrap it with nginx, or
something similar. In the process they could put appropriate
restrictions in place on incoming requests, and the onus would be on
them, not us to keep it secure.
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR7ttWAAoJEAdzVfsmodw4UmIP/36lK2TDc7mLTT8rbflJhl3v
TL4CFKhXj6OuzG7tyino3Djs4EQnyk+CbpfOmJ8kYr29GPaZttuDJhYXtJqQBQCi
DPq79ktudHnVMLPirEs7dUrLo+TAqhYX+8Sj+eTlW+p6YZg3JbkOAIPJG7597OK4
zzU8Oxr0XKJFfGscKfkPThxJboNqzJYGl3otHUMXM4HsbIRYmrx4QSr8y7dsVgTd
YZnD4bJO+eY4ZPzCcFdkPD/8bXQyKC5nPOH8/79lARNLESwB4OW79uf9q86EuH2O
jZQ1qwpRNHblrNWS1/U2E4+7hEidvgZBwQhj+HbWgKiPWh4Df1lEXq6bLQQwdn6/
b+jfiwg7xpb7eB2M4gPZ0uF/1TIcGJN3+LWEULFNTT/vsjyD/UU63ahZ1kVv7X0m
W1NrbKjXxDbip+x3N7HLIu3zqAAaa0ele7OysyFCL6ZlwwafwJiEZZgHn2Iw7I1L
S7lYBbFoLfXlOMVXNaKHPEV5gQEveMROJVBtnWkqShPQM0N/+Z+TXZes37up0GVo
d7ptPfNbUNDTFc8Jj3+5rIyy3dUvSyMJlHZhsLmtCUnbQ867ZOgeUS52a8XQ+nJY
8IsShLfLk6fRWmHrwo9lzZQ/TbbUNyoUje0Ns6iL7G3IZwDqJH3kAGb/bkj/piDu
tPNcN8bkYeNobTFIH+o4
=jV80
-----END PGP SIGNATURE-----
|