Delivery-date: Fri, 03 May 2024 17:15:00 -0700 Received: from mail-qt1-f185.google.com ([209.85.160.185]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s333L-00086L-9e for bitcoindev@gnusha.org; Fri, 03 May 2024 17:14:59 -0700 Received: by mail-qt1-f185.google.com with SMTP id d75a77b69052e-43ab6687212sf2594811cf.2 for ; Fri, 03 May 2024 17:14:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714781693; cv=pass; d=google.com; s=arc-20160816; b=llzub8rZ/xaSLAYUUhiyHs4Wzp3vlA6NYTwwAlvWP3POwfZiclIKVL63m4ipPh9QlE qiK65pdmAfFIgkfn+mJ0ZJJgJdFIr1iIfIeZUPyMkd+brERJVaNWiLhqW/q2aGLrDm61 8s1SUkq25WRFCErWLz0vAvwnahxDCyDIHvfawEiornhLde1rSD1dijE++tiIleEwt869 O9TzisQGia+dVPoY7OLKqdbC0TyjLAf5BtKJqefXY8PwK6H0F8tA2bQ8z0IKLL/k6TEU eqcwZNIFf4NTR6axv1wBsNBHRHwJRoo2C8V/q1/OGE7RQUWb+1niG4QUq8ZWo52a+yaj 9JPw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :sender:dkim-signature; bh=B3eY4Gjc+r2XhWDFmxAtAW+Ue1Sik4nXq5tj3UGm35g=; fh=ROdMwr3hAEsILWCKgUXMvXOgXObfLQGqevYQQrA8AcY=; b=zla/NroSmS8KdWU4ccriZLMiluYzuMOH1X5vwHiVz9CT6QFTS81RD2svuicfeS5bXN 8kVp0m8OpcfasCJs6m/1Gjw3TvU+3A9CKbBTZ31ZLJGy2ckEmWAsSeWqo812yjrIAEUj QuJ/M5jB9ROQADsE/lKXpSrOmVp1xNu7GY5HFle38YrjsI9KJR2o2vPX5vjqChjs8Lba l81AORCbRTKfCdOpDuN9hm4LvWNixuX6tLTKcvNlHgIhfB+wyWs9S+eOo+A8GinA3nJT ENYz3HnN76gSrgUBLc4aYaxb6a6P0eQ4y02EBoG+RF6t8HnSyekdjUyl1ZVX+9/RrnHK nawQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass (test mode) header.i=@dashjr.org header.s=zinan header.b=XpeDWlZ9; spf=pass (google.com: domain of luke@dashjr.org designates 2001:470:88ff:2f::1 as permitted sender) smtp.mailfrom=luke@dashjr.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=dashjr.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1714781693; x=1715386493; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:from:content-language:references:to :subject:user-agent:mime-version:date:message-id:sender:from:to:cc :subject:date:message-id:reply-to; bh=B3eY4Gjc+r2XhWDFmxAtAW+Ue1Sik4nXq5tj3UGm35g=; b=vnL7N9iQNa7ZWwwXdcC6buEWur/5/gbP+gaEeBAMDldKXYKkPFm0lhcuyGI7sikDcB 0prKjU2bhGZK13A6W0WTgN2Ywc3VJ7Bd71BIlDLZXSl1nZ4SPr+u7eDZ/0R96jZdMJeZ fxKvrw2sArvkBJkR1XdpXs5x4igdp3fNJzQ4/OTcR6KwhjoWGIscRHO1cS4kNvYvN1kk 3IIZTrI24t/mDM+cHgyCtVhQFSnmBpKbTSRqUUeLkyOJQayB5MxdEasO2f6F4ngnLEDU H8q6PURejJZQl5Au+UQZgPtjOUbYfZisADK4p9QflMlHEJYXIST7DaZTatmbsw3j3Rzl M8WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714781693; x=1715386493; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:from:content-language:references:to :subject:user-agent:mime-version:date:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=B3eY4Gjc+r2XhWDFmxAtAW+Ue1Sik4nXq5tj3UGm35g=; b=TTnaDpRSGpjw2XTZQQMhqrebNmv3sdZeqyfBLlDhEheJSAUSJyi1FejrgYWzSgeTUC DljXx9iNk7QY27dTuyERT0VlXuc5yvcEbYfHDfoso3B4B0EUEnl8iVzRr8uP2acXt65U z4EjWx+LSs+GwOx853HOJWWbkXPih3/RiM+/4EK9BOaa/XYDl9DcCpdTcvppBnNzqbQK OqdPqJyvDRgNneqzCZFFCh7Jy9FjhszSL4mjnpYHSUAheF3MUKW6vBVLj+EJplO7b2hZ MwPX5qAu70q8uyBz/S+3yB6HmjnV99R5O/olQEeezmRobP/QdfOKQLUBug7bc1ui8hyY /qxQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCU90CXIgUyTu65pWD4aWTXlEnCFkiLvaeN0knu1i0xLmkFnsCwVeK/QR81UllX6z+Z4Stf1kvc8qP7MTKeZ9l+KCHHeStA= X-Gm-Message-State: AOJu0YxetdiZys8D+Y0XZfUSSHa2+j9CKdT4LoOPzCVqwVH89HIc7BHB 86wghUQPky6opcz8BgpyM2YoHTYcVemkJB1R0lsIGIhOLtamk8rC X-Google-Smtp-Source: AGHT+IHX4yDPde2k2mC0YaB1Rja9GLFjXln3EGyf6pcs2c6CWEVid3vlVPssN65Qci72D10S62gq7g== X-Received: by 2002:a05:622a:d5:b0:43a:6988:bb80 with SMTP id p21-20020a05622a00d500b0043a6988bb80mr4882892qtw.11.1714781692946; Fri, 03 May 2024 17:14:52 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:622a:1350:b0:437:bede:6e20 with SMTP id d75a77b69052e-43ca7e47f6fls30642131cf.2.-pod-prod-09-us; Fri, 03 May 2024 17:14:51 -0700 (PDT) X-Received: by 2002:a05:622a:190f:b0:43a:a82d:4fb with SMTP id w15-20020a05622a190f00b0043aa82d04fbmr54597qtc.0.1714781691789; Fri, 03 May 2024 17:14:51 -0700 (PDT) Received: by 2002:a05:620a:46a6:b0:790:efaf:f1f8 with SMTP id af79cd13be357-792710970edms85a; Fri, 3 May 2024 17:12:03 -0700 (PDT) X-Received: by 2002:a67:e899:0:b0:47b:d49b:c57 with SMTP id x25-20020a67e899000000b0047bd49b0c57mr5085153vsn.18.1714781522391; Fri, 03 May 2024 17:12:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1714781522; cv=none; d=google.com; s=arc-20160816; b=ISA5hFKtIiH9di/biaFYtK2QW/BuO2GaF+HsEvvwhr1/MfAEx8tSoDeN8NeplnPVIB CynQR5ddNlWCbFE0gKUooQCQAza1Q5sBynWiqUGMSbBePAGWP7yLx5tRzSjroNZVqNA/ s5wguKwn4jGtmJn0pW8F93+mv2xeZvvcj8AcAHaR+Yhfr/h8jVO7dwkHV+dcj+enr1B3 QRw0DTJIdd7uYUD1NxeM7RD7JUzg0GFTbSsuIJuqbjz0X5y847FbEulF7yX5092cFbZN ZnxZQtELjuFnlMSqOfSDdWgjAds3PHSzlq+1bUx+s6tOIAGuPTzYScO1V5KjzvaBu1mT uB0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:disposition-notification-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :dkim-signature; bh=aQPCm7qRhqh0D6X/GbdJXTx1Rn6GnbVdohbyHged+Gs=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=VeyqmxW0ldI6SRderAYQz4fl84FYk04iVCJHFeZq09pjtBYq/xHc52m9LN26cpYMxW BOh28yXrXBPSsk5vYecp7YVAshgK9B8Bc2OP2bhBCsuMPRN1QBQ7rQr9c8VwZCVu0Fxp zk5QGNR/Nffytn0OXAzWbcCxf8grHFWsRfx29X12zVPROX9joSEuxseIrGAF28++bOzU h29CaG4kct2JU+WK/4rgv/8v+wgnshHNSXszWkvztHRmP1nYhajHy2QWGVm3Uh1xu6pD evP7MRhUFSDfM/mIYFOWVZudHzJhFik5wbqYSv8DFVrttswFswZ3RF1a/7JmHyZnF7q7 Cn+A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass (test mode) header.i=@dashjr.org header.s=zinan header.b=XpeDWlZ9; spf=pass (google.com: domain of luke@dashjr.org designates 2001:470:88ff:2f::1 as permitted sender) smtp.mailfrom=luke@dashjr.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=dashjr.org Received: from zinan.dashjr.org (zinan.dashjr.org. [2001:470:88ff:2f::1]) by gmr-mx.google.com with ESMTP id bc28-20020a0561220d9c00b004d3c4a37c63si194705vkb.2.2024.05.03.17.12.02 for ; Fri, 03 May 2024 17:12:02 -0700 (PDT) Received-SPF: pass (google.com: domain of luke@dashjr.org designates 2001:470:88ff:2f::1 as permitted sender) client-ip=2001:470:88ff:2f::1; Received: from [192.168.86.103] (99-39-46-195.lightspeed.dybhfl.sbcglobal.net [99.39.46.195]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 0F8524809DE for ; Sat, 4 May 2024 00:11:52 +0000 (UTC) X-Hashcash: 1:23:240504:bitcoindev@googlegroups.com::SLpMCkUzamg0SMEa:DTMY Content-Type: multipart/alternative; boundary="------------uoblP8yacIbtpmlM1guODxIo" Message-ID: Date: Fri, 3 May 2024 20:11:49 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bitcoindev] BIP 322 use case To: bitcoindev@googlegroups.com References: <9004c5d4-6b9d-4ac1-834c-902ba4901e05n@googlegroups.com> Content-Language: en-US, en-GB From: Luke Dashjr In-Reply-To: <9004c5d4-6b9d-4ac1-834c-902ba4901e05n@googlegroups.com> X-Original-Sender: luke@dashjr.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass (test mode) header.i=@dashjr.org header.s=zinan header.b=XpeDWlZ9; spf=pass (google.com: domain of luke@dashjr.org designates 2001:470:88ff:2f::1 as permitted sender) smtp.mailfrom=luke@dashjr.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=dashjr.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) This is a multi-part message in MIME format. --------------uoblP8yacIbtpmlM1guODxIo Content-Type: text/plain; charset="UTF-8"; format=flowed KYC is not an intended use case for signed messages, and attempts to use it for that are probably one of the bigger reasons BIP322 has not moved further - most people do not want to encourage nor enable such nonsense. If you absolutely must only allow withdrawls to the user's own address, I would suggest taking a more traditional approach of asking the user to affirm it with a checkbox. (This is not legal advice, but it seems crazy to demand cryptographic proof from Bitcoin companies, when traditional finance is okay with a mere attestation) Technically speaking, however, the biggest hurdle is that there is very little apparent interest in the one limited use case it *is* meant for: agreeing to a contract before funds are sent. To a limited extent, a secondary use case has been simply using Bitcoin addresses as a kind of login mechanism (eg, #Bitcoin-OTC and OCEAN). But the feature with much higher demand is proof-of-funds and proof-of-sender, which BIP322 began to address, but turns out to be much more complicated than it seems at face value (I recently looked into this again as part of relaunching OCEAN). That being said, BIP322 as-is has already been adopted by at least some wallets, despite its unfinished state. So if someone were to pick up this task, it would probably need to be done as a new BIP. :/ Luke On 5/3/24 19:53, ProfEduStream wrote: > > Hey, > > As a Bitcoin association, we're currently facing an issue because > we're unable to sign an address with our multi-sig wallet. > After conducting some research, I came across BIP322 in these > threads:https://bitcointalk.org/index.php?topic=5408898.0 & > https://github.com/bitcoin/bips/pull/1347 > > _Explanation_: > > As a Bitcoin association, we offer membership to everyone for a few > thousand sats per year. To facilitate this process, we utilize "Swiss > Bitcoin Pay". It's an application that allows us to easily manage our > accounting. Additionally, we onboard merchants with this app because > of its user-friendly interface and self-custodial capabilities, making > it very convenient. The accounting features are also highly beneficial. > > To utilize this application in a self-custodial manner, users need to > paste a Bitcoin address on the "Swiss Bitcoin Pay" dashboard and then > sign a message with this address. This serves as a > "Proof-of-Ownership" and is a legal requirement in some regulated > countries. "Swiss Bitcoin Pay" is not the only application that > requires signing a message as a "Proof-of-Ownership". Peach, a non-KYC > P2P Bitcoin application, is another example. > > Given our goal to decentralize our treasury, we naturally opt for a > multi-sig wallet, similar to many companies. However, as you know, BIP > 322 hasn't been pushed and it's currently impossible to sign a message > with a multi-sig wallet. > > > _Conclusion_: > > I'm unsure why BIP322 hasn't been pushed or addressed in the past few > months/years, but I want to highlight its necessity. > Additionally, I hope that this comment sheds light on a deficiency in > our Bitcoin ecosystem, and I trust that further improvements will be > made to enable people to sign a message with a multi-sig wallet. > > > I'm available to assist if needed. > > @ProfEduStream > > -- > You received this message because you are subscribed to the Google > Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bitcoindev/9004c5d4-6b9d-4ac1-834c-902ba4901e05n%40googlegroups.com > . -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/e617f6eb-dd11-4ca2-aba6-f80ace8863a8%40dashjr.org. --------------uoblP8yacIbtpmlM1guODxIo Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

KYC is not an intended use case for signed messages, and attempts to use it for that are probably one of the bigger reasons BIP322 has not moved further - most people do not want to encourage nor enable such nonsense. If you absolutely must only allow withdrawls to the user's own address, I would suggest taking a more traditional approach of asking the user to affirm it with a checkbox. (This is not legal advice, but it seems crazy to demand cryptographic proof from Bitcoin companies, when traditional finance is okay with a mere attestation)

Technically speaking, however, the biggest hurdle is that there is very little apparent interest in the one limited use case it *is* meant for: agreeing to a contract before funds are sent. To a limited extent, a secondary use case has been simply using Bitcoin addresses as a kind of login mechanism (eg, #Bitcoin-OTC and OCEAN). But the feature with much higher demand is proof-of-funds and proof-of-sender, which BIP322 began to address, but turns out to be much more complicated than it seems at face value (I recently looked into this again as part of relaunching OCEAN). That being said, BIP322 as-is has already been adopted by at least some wallets, despite its unfinished state. So if someone were to pick up this task, it would probably need to be done as a new BIP. :/

Luke


On 5/3/24 19:53, ProfEduStream wrote:

Hey,

As a Bitcoin association, we're currently facing an issue because we're unable to sign an address with our multi-sig wallet.
After conducting some research, I came across BIP322 in these threads: https://= bitcointalk.org/index.php?topic=3D5408898.0 & https://= github.com/bitcoin/bips/pull/1347

Explanation:

As a Bitcoin association, we offer membership to everyone for a few thousand sats per year. To facilitate this process, we utilize "Swiss Bitcoin Pay". It's an application that allows us to easily manage our accounting. Additionally, we onboard merchants with this app because of its user-friendly interface and self-custodial capabilities, making it very convenient. The accounting features are also highly beneficial.

To utilize this application in a self-custodial manner, users need to paste a Bitcoin address on the "Swiss Bitcoin Pay" dashboard and then sign a message with this address. This serves as a "Proof-of-Ownership" and is a legal requirement in some regulated countries. "Swiss Bitcoin Pay" is not the only application that requires signing a message as a "Proof-of-Ownership". Peach, a non-KYC P2P Bitcoin application, is another example.

Given our goal to decentralize our treasury, we naturally opt for a multi-sig wallet, similar to many companies. However, as you know, BIP 322 hasn't been pushed and it's currently impossible to sign a message with a multi-sig wallet.


Conclusion:

I'm unsure why BIP322 hasn't been pushed or addressed in the past few months/years, but I want to highlight its necessity.
Additionally, I hope that this comment sheds light on a deficiency in our Bitcoin ecosystem, and I trust that further improvements will be made to enable people to sign a message with a multi-sig wallet.


I'm available to assist if needed.

@ProfEduStream

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev= +unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoind= ev/9004c5d4-6b9d-4ac1-834c-902ba4901e05n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitc= oindev/e617f6eb-dd11-4ca2-aba6-f80ace8863a8%40dashjr.org.
--------------uoblP8yacIbtpmlM1guODxIo--