1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1VLs80-0001S1-GA
for bitcoin-development@lists.sourceforge.net;
Tue, 17 Sep 2013 10:03:28 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.214.47 as permitted sender)
client-ip=209.85.214.47; envelope-from=mh.in.england@gmail.com;
helo=mail-bk0-f47.google.com;
Received: from mail-bk0-f47.google.com ([209.85.214.47])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VLs7y-0000jh-Cp
for bitcoin-development@lists.sourceforge.net;
Tue, 17 Sep 2013 10:03:28 +0000
Received: by mail-bk0-f47.google.com with SMTP id mx12so2016747bkb.6
for <bitcoin-development@lists.sourceforge.net>;
Tue, 17 Sep 2013 03:03:19 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.205.64.9 with SMTP id xg9mr1217547bkb.30.1379412199515; Tue,
17 Sep 2013 03:03:19 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.204.72.69 with HTTP; Tue, 17 Sep 2013 03:03:19 -0700 (PDT)
In-Reply-To: <3B80F433-9039-459B-BC96-A56786DEF6C3@grabhive.com>
References: <9179D240-EE7E-41A4-AA59-7C96246D8CFB@grabhive.com>
<AFD93558-684C-497C-ADAF-D031095EC2CE@gmail.com>
<82E79EB0-49D6-492A-AE4A-6A786C7B0AAA@grabhive.com>
<3B80F433-9039-459B-BC96-A56786DEF6C3@grabhive.com>
Date: Tue, 17 Sep 2013 12:03:19 +0200
X-Google-Sender-Auth: fe1hZBYLkN-b0tHrBLaN-3WujYs
Message-ID: <CANEZrP3srw4AhtYkM60NBcWYSqEib=wB7Yj4YtqaufW3xd9_0Q@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Wendell <w@grabhive.com>
Content-Type: multipart/alternative; boundary=bcaec53fee9d26db3f04e6916e3d
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VLs7y-0000jh-Cp
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Simple contacts exchange (was: Social
network integration (brainstorm))
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 10:03:28 -0000
--bcaec53fee9d26db3f04e6916e3d
Content-Type: text/plain; charset=UTF-8
You can prove ownership of a private key by signing a challenger-generated
nonce with the public part and giving the signature back to the challenger
- same as with any asymmetric crypto system.
As I already noted, the payment protocol is designed to solve that problem.
You could design a BIP that extended the payment protocol to include
information about the person who generated it.
On Tue, Sep 17, 2013 at 11:30 AM, Wendell <w@grabhive.com> wrote:
> Couple of things I just thought about:
>
> 1- Presume server should only sweep with two (or more, see below)
> revocation certificates being present
> 2- Need to insert something in the flow so that Alice can verify that the
> uploaded key is actually Bob's (and perhaps vise-versa, given an extremely
> dedicated attacker with a fast connection?).
>
> Is there a way to do #2 without creating yet another transaction?
> Admittedly I am still really puzzled about the accessibility of public keys
> in Bitcoin!
>
> Please remember that the idea is to have two wallets securely exchange a
> packet of metadata about a transaction beyond the scope of Bitcoin itself
> (a name, perhaps a small photo, etc) in order to increase usability. This
> will be my last post here on the topic except to reply in case anyone else
> contributes.
>
> -wendell
>
> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
>
> On Sep 16, 2013, at 4:05 PM, Wendell wrote:
>
> > Luke pointed out that we should not be inserting extraneous data into
> the blockchain, so this sounds like the best option, Eric.
> >
> > I'm under the impression that a Bitcoin user Alice cannot see the actual
> public key of Bitcoin user Bob, so if we had Hive store metadata on a
> server relating to a given transaction ID, I would not be able to use those
> public keys key to encrypt. Is this a misunderstanding or is it correct?
> >
> > Assuming it is correct, the best that I could come up with was storing
> the transaction ID with a _fresh_ public key on a server, each time a
> transfer is made. Altogether it looks like this:
> >
> > - Alice generates a new keypair & revocation certificate for the
> transaction
> > - Alice makes a Bitcoin transaction to Bob
> > - Alice sends the transaction ID plus the new public key to server
> > - Bob receives the Bitcoin transaction
> > - Bob generates a new keypair & revocation certificate
> > - Bob does a transaction ID lookup on the server, receives Alice's
> public key, sends his own new one
> > - Bob encrypts his user metadata against Alice's new key
> > - Alice downloads and decrypts Bob's metadata
> > - Alice uploads her revocation certificate
> > - Alice uploads her own metadata
> > - Bob downloads Alice's metadata
> > - Bob uploads his revocation certificate
> > - (Server removes all keys with revocation certificates)
> >
> > I presume going the extra mile to generate new keys for each transaction
> is helpful for privacy?
> >
> > The above seems rather inelegant to me. I really don't like that clients
> (wallets) are going to be beating down the server all the time checking for
> keys, or that there is a possibility of a desynchronization so severe that
> the user receives the data much too late for it to be useful. But, I
> suppose it can work.
> >
> > Another thing I'm considering is Alice/Bob validating each other. I
> suppose we should include some kind of code that we encourage people to
> read to each other over the phone or some other medium, to ensure that "it
> really is Alice", before (for example) returning money to a very
> legit-looking personage.
> >
> > Any other thoughts? I would love to do this without using any servers at
> all ("serverless keyserver", anyone?), but I am not quite sure how.
> >
> > -wendell
> >
> > grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
> >
> > On Sep 7, 2013, at 12:47 AM, Eric Lombrozo wrote:
> >
> >> Why not just use the transaction hash itself for the lookup? Also,
> presumably you'd want to encrypt the data so that only the recipient of the
> transaction can do this lookup.
> >>
> >> -Eric
> >>
> >> On Sep 6, 2013, at 8:07 AM, Wendell <w@grabhive.com> wrote:
> >>
> >>> Hi all,
> >>>
> >>> We're thinking about ways of automatically exchanging contact details
> between wallets, in order to encourage the proliferation of identifiable
> names and photos rather than long and hard-to-verify addresses.
> >>>
> >>> The simplest version goes like this:
> >>>
> >>> 2 BTC Bitcoin is sent to someone, and a data lookup hash is inserted
> into the transaction. When it arrives on the other end, it is indeed looked
> up, and instead of being presented with a dialogue that says "you received
> 2 BTC from 13Y94z43Nbbb6wevRyk82CeDoYQ5S28zmA", it's "You received 2 BTC
> from Frank Jones" including a nice photo.
> >>>
> >>> Now. We can simply delete this data in reference to the transaction ID
> after it happens (or delete it after a time), but is there any more
> decentralized way to do it? I would prefer us to run no dedicated servers
> that would ever put us in a position of being coerced into giving data, or
> otherwise altering our system to store it.
> >>>
> >>> Any thoughts about this?
> >>>
> >>> -wendell
> >>>
> >>> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> >>> Discover the easy way to master current and previous Microsoft
> technologies
> >>> and advance your career. Get an incredible 1,500+ hours of step-by-step
> >>> tutorial videos with LearnDevNow. Subscribe today and save!
> >>>
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk_______________________________________________
> >>> Bitcoin-development mailing list
> >>> Bitcoin-development@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
> SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
> includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--bcaec53fee9d26db3f04e6916e3d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">You can prove ownership of a private key by signing a chal=
lenger-generated nonce with the public part and giving the signature back t=
o the challenger - same as with any asymmetric crypto system.<div><br></div=
>
<div>As I already noted, the payment protocol is designed to solve that pro=
blem. You could design a BIP that extended the payment protocol to include =
information about the person who generated it.</div></div><div class=3D"gma=
il_extra">
<br><br><div class=3D"gmail_quote">On Tue, Sep 17, 2013 at 11:30 AM, Wendel=
l <span dir=3D"ltr"><<a href=3D"mailto:w@grabhive.com" target=3D"_blank"=
>w@grabhive.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Couple of things I just thought about:<br>
<br>
1- Presume server should only sweep with two (or more, see below) revocatio=
n certificates being present<br>
2- Need to insert something in the flow so that Alice can verify that the u=
ploaded key is actually Bob's (and perhaps vise-versa, given an extreme=
ly dedicated attacker with a fast connection?).<br>
<br>
Is there a way to do #2 without creating yet another transaction? Admittedl=
y I am still really puzzled about the accessibility of public keys in Bitco=
in!<br>
<br>
Please remember that the idea is to have two wallets securely exchange a pa=
cket of metadata about a transaction beyond the scope of Bitcoin itself (a =
name, perhaps a small photo, etc) in order to increase usability. This will=
be my last post here on the topic except to reply in case anyone else cont=
ributes.<br>
<div class=3D"im HOEnZb"><br>
-wendell<br>
<br>
<a href=3D"http://grabhive.com" target=3D"_blank">grabhive.com</a> | <a hre=
f=3D"http://twitter.com/grabhive" target=3D"_blank">twitter.com/grabhive</a=
> | gpg: 6C0C9411<br>
<br>
</div><div class=3D"HOEnZb"><div class=3D"h5">On Sep 16, 2013, at 4:05 PM, =
Wendell wrote:<br>
<br>
> Luke pointed out that we should not be inserting extraneous data into =
the blockchain, so this sounds like the best option, Eric.<br>
><br>
> I'm under the impression that a Bitcoin user Alice cannot see the =
actual public key of Bitcoin user Bob, so if we had Hive store metadata on =
a server relating to a given transaction ID, I would not be able to use tho=
se public keys key to encrypt. Is this a misunderstanding or is it correct?=
<br>
><br>
> Assuming it is correct, the best that I could come up with was storing=
the transaction ID with a _fresh_ public key on a server, each time a tran=
sfer is made. Altogether it looks like this:<br>
><br>
> - Alice generates a new keypair & revocation certificate for the t=
ransaction<br>
> - Alice makes a Bitcoin transaction to Bob<br>
> - Alice sends the transaction ID plus the new public key to server<br>
> - Bob receives the Bitcoin transaction<br>
> - Bob generates a new keypair & revocation certificate<br>
> - Bob does a transaction ID lookup on the server, receives Alice's=
public key, sends his own new one<br>
> - Bob encrypts his user metadata against Alice's new key<br>
> - Alice downloads and decrypts Bob's metadata<br>
> - Alice uploads her revocation certificate<br>
> - Alice uploads her own metadata<br>
> - Bob downloads Alice's metadata<br>
> - Bob uploads his revocation certificate<br>
> - (Server removes all keys with revocation certificates)<br>
><br>
> I presume going the extra mile to generate new keys for each transacti=
on is helpful for privacy?<br>
><br>
> The above seems rather inelegant to me. I really don't like that c=
lients (wallets) are going to be beating down the server all the time check=
ing for keys, or that there is a possibility of a desynchronization so seve=
re that the user receives the data much too late for it to be useful. But, =
I suppose it can work.<br>
><br>
> Another thing I'm considering is Alice/Bob validating each other. =
I suppose we should include some kind of code that we encourage people to r=
ead to each other over the phone or some other medium, to ensure that "=
;it really is Alice", before (for example) returning money to a very l=
egit-looking personage.<br>
><br>
> Any other thoughts? I would love to do this without using any servers =
at all ("serverless keyserver", anyone?), but I am not quite sure=
how.<br>
><br>
> -wendell<br>
><br>
> <a href=3D"http://grabhive.com" target=3D"_blank">grabhive.com</a> | <=
a href=3D"http://twitter.com/grabhive" target=3D"_blank">twitter.com/grabhi=
ve</a> | gpg: 6C0C9411<br>
><br>
> On Sep 7, 2013, at 12:47 AM, Eric Lombrozo wrote:<br>
><br>
>> Why not just use the transaction hash itself for the lookup? Also,=
presumably you'd want to encrypt the data so that only the recipient o=
f the transaction can do this lookup.<br>
>><br>
>> -Eric<br>
>><br>
>> On Sep 6, 2013, at 8:07 AM, Wendell <<a href=3D"mailto:w@grabhi=
ve.com">w@grabhive.com</a>> wrote:<br>
>><br>
>>> Hi all,<br>
>>><br>
>>> We're thinking about ways of automatically exchanging cont=
act details between wallets, in order to encourage the proliferation of ide=
ntifiable names and photos rather than long and hard-to-verify addresses.<b=
r>
>>><br>
>>> The simplest version goes like this:<br>
>>><br>
>>> 2 BTC Bitcoin is sent to someone, and a data lookup hash is in=
serted into the transaction. When it arrives on the other end, it is indeed=
looked up, and instead of being presented with a dialogue that says "=
you received 2 BTC from 13Y94z43Nbbb6wevRyk82CeDoYQ5S28zmA", it's =
"You received 2 BTC from Frank Jones" including a nice photo.<br>
>>><br>
>>> Now. We can simply delete this data in reference to the transa=
ction ID after it happens (or delete it after a time), but is there any mor=
e decentralized way to do it? I would prefer us to run no dedicated servers=
that would ever put us in a position of being coerced into giving data, or=
otherwise altering our system to store it.<br>
>>><br>
>>> Any thoughts about this?<br>
>>><br>
>>> -wendell<br>
>>><br>
>>> <a href=3D"http://grabhive.com" target=3D"_blank">grabhive.com=
</a> | <a href=3D"http://twitter.com/grabhive" target=3D"_blank">twitter.co=
m/grabhive</a> | gpg: 6C0C9411<br>
>>><br>
>>> --------------------------------------------------------------=
----------------<br>
>>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 201=
2, more!<br>
>>> Discover the easy way to master current and previous Microsoft=
technologies<br>
>>> and advance your career. Get an incredible 1,500+ hours of ste=
p-by-step<br>
>>> tutorial videos with LearnDevNow. Subscribe today and save!<br=
>
>>> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D580=
41391&iu=3D/4140/ostg.clktrk___________________________________________=
____" target=3D"_blank">http://pubads.g.doubleclick.net/gampad/clk?id=3D580=
41391&iu=3D/4140/ostg.clktrk___________________________________________=
____</a><br>
>>> Bitcoin-development mailing list<br>
>>> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">B=
itcoin-development@lists.sourceforge.net</a><br>
>>> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoi=
n-development" target=3D"_blank">https://lists.sourceforge.net/lists/listin=
fo/bitcoin-development</a><br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!<br>
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoin=
t<br>
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack inclu=
des<br>
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D58041151&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D58041151&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--bcaec53fee9d26db3f04e6916e3d--
|