1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1TdOjp-0002v5-N2
for bitcoin-development@lists.sourceforge.net;
Tue, 27 Nov 2012 17:14:25 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.47 as permitted sender)
client-ip=209.85.219.47; envelope-from=mh.in.england@gmail.com;
helo=mail-oa0-f47.google.com;
Received: from mail-oa0-f47.google.com ([209.85.219.47])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1TdOjp-00079p-11
for bitcoin-development@lists.sourceforge.net;
Tue, 27 Nov 2012 17:14:25 +0000
Received: by mail-oa0-f47.google.com with SMTP id h1so13397051oag.34
for <bitcoin-development@lists.sourceforge.net>;
Tue, 27 Nov 2012 09:14:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.171.141 with SMTP id au13mr13249518oec.124.1354036459688;
Tue, 27 Nov 2012 09:14:19 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.128.139 with HTTP; Tue, 27 Nov 2012 09:14:19 -0800 (PST)
In-Reply-To: <201211271703.39282.andyparkins@gmail.com>
References: <CABsx9T0PsGLEAWRCjEDDFWQrb+DnJWQZ7mFLaZewAEX6vD1eHw@mail.gmail.com>
<201211271703.39282.andyparkins@gmail.com>
Date: Tue, 27 Nov 2012 18:14:19 +0100
X-Google-Sender-Auth: OeCPL460Kg9WePDJ2Rb0oDtf6R8
Message-ID: <CANEZrP0NZykzrvC1=YZv4czbu+EPaR3qpjQ2WZDsA8DhroR2_g@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Andy Parkins <andyparkins@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.4 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1TdOjp-00079p-11
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Proposal:
Invoices/Payments/Receipts
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2012 17:14:25 -0000
> Personally, I'd like to see fewer implicit ties to X509. With X509 as one
> option.
That's pretty much what we have today - in future other schemes can be
proposed as extensions. Protocol buffers are easily extended, they
ignore unknown fields. Then you'd wait and see what the invoice
request looked like and produce an invoice with the right security
bits.
> In particular two additional identification types:
>
> - GnuPG (obviously)
It's not obvious to me, incidentally. The web of trust has been
dead-on-arrival since it was first proposed, and for good reasons.
SSL/X.509, for better or worse, has significant usage.
Your case of a small business is a perfect example of people who won't
be using GPG. If they don't want to buy an SSL cert, they can just as
well put a reference number in the memo field or a "Hey Bob, here is
the bill we discussed". The payer does not get the multi-factor auth
protection so if their computer has a virus, they may be hosed. But
that's good incentive for sellers to get verified. Some CA authorities
do it for free these days.
|
