1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1VZvIE-00055v-UL
for bitcoin-development@lists.sourceforge.net;
Sat, 26 Oct 2013 04:16:07 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.149.56 as permitted sender)
client-ip=62.13.149.56; envelope-from=pete@petertodd.org;
helo=outmail149056.authsmtp.com;
Received: from outmail149056.authsmtp.com ([62.13.149.56])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1VZvID-0003uF-Hs for bitcoin-development@lists.sourceforge.net;
Sat, 26 Oct 2013 04:16:06 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt10.authsmtp.com (8.14.2/8.14.2) with ESMTP id r9Q4Fvlq022263;
Sat, 26 Oct 2013 05:15:57 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r9Q4Fqp2038829
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Sat, 26 Oct 2013 05:15:55 +0100 (BST)
Date: Sat, 26 Oct 2013 00:15:51 -0400
From: Peter Todd <pete@petertodd.org>
To: Gregory Maxwell <gmaxwell@gmail.com>
Message-ID: <20131026041551.GA15932@savin>
References: <CAAS2fgRRobkE2GdYomtJof7HCH-9ZczE9EBj7DBS-pCGscUSNQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR"
Content-Disposition: inline
In-Reply-To: <CAAS2fgRRobkE2GdYomtJof7HCH-9ZczE9EBj7DBS-pCGscUSNQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 4f2c03ca-3df5-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdAQUF1YAAgsB AmUbW1FeUVh7XGY7 bAxPbAVDY01GQQRq
WVdMSlVNFUsqCH0F cF9eUBlxfw1EcTB5 YUJmEHQNXhd6dhUs
X00AQ2gbZGY1a31N WEBaagNUcgZDfk5E bwQuUz1vNG8XDQg5
AwQ0PjZ0MThBJSBS WgQAK04nCX4CDzsx QQxKBS8oAUoOQCF7
IRs8YlkaHUEXengI FUBnMQAA
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: petertodd.org]
X-Headers-End: 1VZvID-0003uF-Hs
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment protocol for onion URLs.
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 04:16:07 -0000
--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Oct 25, 2013 at 08:31:05PM -0700, Gregory Maxwell wrote:
> One limitation of the payment protocol as speced is that there is no
> way for a hidden service site to make use of its full authentication
> capability because they are unable to get SSL certificates issued to
> them.
>=20
> A tor hidden service (onion site) is controlled by an RSA key.
>=20
> It would be trivial to pack a tor HS pubkey into a self-signed x509
> certificate with the cn set to foooo.onion.
>=20
> If we specified in the payment protocol an additional validation
> procedure for [base32].onion hosts that just has it hash and base32
> encode the pubkey (as tor does) then the payment protocol could work
> seamlessly with tor hosts. (Displaying that the payment request came
> from "foooo.onion"). I believe that the additional code for this
> would be trivial (and I'll write it if there is support for making
> this a standard feature).
>=20
> This would give us an fully supported option which is completely CA
> free... it would only work for tor sites, but the people concerned
> about CA trechery are likely to want to use tor in any case.
>=20
> Thoughts?
Strong ACK on the basis of responding for forum trolls alone.
It's easy enough to make it a genuinely useful tool for multisig wallets
too: keep a copy of your Tor URL bookmarks on your second signing
computer. So long as either computer has the correct URL you're safe.
--=20
'peter'[:-1]@petertodd.org
0000000000000006fbd917e8b4770c566dbc8ed4bedd00f441286ffb6e7f73ac
--T4sUOijqQbZv57TR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGrBAEBCACVBQJSa0H3XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDZmYmQ5MTdlOGI0NzcwYzU2NmRiYzhlZDRiZWRkMDBmNDQx
Mjg2ZmZiNmU3ZjczYWMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfskDgf9FqAe40s1p4PX7C22a4un56PO
Iz18EexpGa5hyk0Y3juCxBzIAvSZJKBiOjUGy3fn4TPQrhYD6ioPVS2c1ORKyvm5
Pmtpqf1+yqpw5Syrtz28KR7JK5XOyfldAW+5gyzLhYAqWBo78zmz5byJJdp5LTy6
+DJQm7FV81YuxmVHXdrfB1KYFUkqLwBqOOIJ9vKGZjlGMjRlHENnOqV86ndgpesQ
Bz2Z8qULsp+/97JqQAifABS0zMi2KPHqb1bmNzuY62TeNSHC6GfVXMtiO9LCcG+8
CczkqlrBq17Y1eP83FxBl1pkja1ACKMCNah++NiLH2HNRO1AuaiWoEqysxvs2w==
=fz7A
-----END PGP SIGNATURE-----
--T4sUOijqQbZv57TR--
|
