Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.160.181 as permitted sender)
	client-ip=209.85.160.181; envelope-from=gavinandresen@gmail.com;
	helo=mail-yk0-f181.google.com; 
MIME-Version: 1.0
In-Reply-To: <CA+WZAEqYKv8T1OMCKhOJvf5FAy=WujJ=OhtsYP9aBf=4ZPNxmw@mail.gmail.com>
References: <CA+WZAEp3HsW5ESGUZ7YfR1MZXGC5jd+LucUt_MUP8K94Xwhuhg@mail.gmail.com>
	<CANEZrP0KVyp2Va7Wyy=t0qYkLNK9BDUaSzBfuzQss+=weLJ1Fw@mail.gmail.com>
	<CA+WZAEqYKv8T1OMCKhOJvf5FAy=WujJ=OhtsYP9aBf=4ZPNxmw@mail.gmail.com>
Date: Fri, 4 Apr 2014 09:32:40 -0400
Message-ID: <CABsx9T0FJGn3a+JjiLK6yhLN4psqgqhX766FY+5r-mK9v_aYnw@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: =?ISO-8859-1?Q?Eric_Larchev=EAque?= <elarch@gmail.com>
Content-Type: multipart/alternative; boundary=20cf3010e48d40b5f104f6378d0a
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Draft BIP for seamless website
 authentication using Bitcoin address
Precedence: list

--20cf3010e48d40b5f104f6378d0a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Using a bitcoin address repeatedly is something we're trying to move away
from.

And using a bitcoin address as a persistent identity key feels like the
wrong direction to me.

Better to use something like client certificates, the FIDO alliance's
(new!) specs:
  http://fidoalliance.org/specifications/download

... or Steve Gibson's proposed SQRL system:
  https://www.grc.com/sqrl/sqrl.htm

If one of those systems gets critical mass and actually starts being
successful, then I think it would make sense to specify a standard way of
using a HD wallet's deterministic seed to derive a key used for the FIDO or
SQRL systems.


On Fri, Apr 4, 2014 at 9:22 AM, Eric Larchev=EAque <elarch@gmail.com> wrote=
:

> What I'm trying to achieve, is to have a very simple way of authenticatin=
g
> yourself with one Bitcoin address from your wallet.
> For most of the people using Bitcoin, their wallet is on their phone.
>
> The UX is clear and simple :
> 1. click on "connect with Bitcoin" (the audience is normal people)
> 2. flash the QRcode with your wallet (blockchain.info, mycelium, ...)
> 3. accept the authentication request (same style than OpenID or Facebook
> connect)
> 4. user is autologged and identified by the chosen Bitcoin public address
>
> It makes sense only if major wallets are supporting the protocol. If you
> need to install a plugin or download a third party software, no one will =
do
> it.
> I see only benefits for the entire ecosystem, and if I'm working on such =
a
> proposition it is because I really need this feature.
>
> Of course, it can be done without a BIP, I just need to convince wallet
> developpers one by one to implement the feature.
> But I thought it was much better to start the "official" way, so all
> wallet could easily find and implement the same authentication mechanism.
>
> >  Bitcoin and website authentication are unrelated problems
>
> I respectfully disagree. Many services require your Bitcoin address, and
> to do that they artificially request an email/password to store it.
> This is not about authentication as an identity (as "I'm Eric
> Larcheveque"), but as in "I'm proving to you that I control this address"=
.
>
> Without such a standard protocol, you could never envision a pure Bitcoin
> physical locker rental, or booking an hotel room via Bitcoin and opening
> the door through the paying address.
>
> Eric
>
>
>
> On Fri, Apr 4, 2014 at 3:08 PM, Mike Hearn <mike@plan99.net> wrote:
>
>> This comes up every few months. I think the problem you are trying to
>> solve is already solved by SSL client certificates, and if you want to h=
elp
>> make them more widespread the programs you need to upgrade are web brows=
ers
>> and not Bitcoin wallets. There are certainly bits of infrastructure you
>> could reuse here and there, like perhaps a TREZOR with a custom firmware
>> extension for really advanced/keen users, but overall Bitcoin and websit=
e
>> authentication are unrelated problems.
>>
>>
>> On Fri, Apr 4, 2014 at 2:15 PM, Eric Larchev=EAque <elarch@gmail.com>wro=
te:
>>
>>> Hello,
>>>
>>> I've written a draft BIP description of an authentication protocol base=
d
>>> on Bitcoin public address.
>>>
>>> By authentication we mean to prove to a service/application that we
>>> control a specific Bitcoin address by signing a challenge, and that all
>>> related data and settings may securely be linked to our session.
>>>
>>> The aim is to greatly facilitate sign ups and logins to services and
>>> applications, improving the Bitcoin ecosystem as a whole.
>>>
>>> https://github.com/bitid/bitid/blob/master/BIP_draft.md
>>>
>>> Demo website :
>>> http://bitid-demo.herokuapp.com/
>>>
>>> Classical password authentication is an insecure process that could be
>>> solved with public key cryptography. The problem is that it theoretical=
ly
>>> offloads a lot of complexity and responsibility on the user. Managing
>>> private keys securely is complex. However this complexity is already be=
ing
>>> addressed in the Bitcoin ecosystem. So doing public key authentication =
is
>>> practically a free lunch to bitcoiners.
>>>
>>> I've formatted the protocol description as a BIP because this is the
>>> only way to have all major wallets implementing it, and because it
>>> completely fits in my opinion the BIP "process" category.
>>>
>>> Please read it and let me know your thoughts and comments so we can
>>> improve on this draft.
>>>
>>> Eric Larcheveque
>>> elarch@gmail.com
>>>
>>>
>>>
>>> -----------------------------------------------------------------------=
-------
>>>
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>>
>>
>
>
> -------------------------------------------------------------------------=
-----
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>


--=20
--
Gavin Andresen

--20cf3010e48d40b5f104f6378d0a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Using a bitcoin address repeatedly is something we&#39;re =
trying to move away from.<div><br></div><div>And using a bitcoin address as=
 a persistent identity key feels like the wrong direction to me.</div><div>
<br></div><div>Better to use something like client certificates, the FIDO a=
lliance&#39;s (new!) specs:</div><div>=A0=A0<a href=3D"http://fidoalliance.=
org/specifications/download">http://fidoalliance.org/specifications/downloa=
d</a></div>
<div><br></div><div>... or Steve Gibson&#39;s proposed SQRL system:</div><d=
iv>=A0=A0<a href=3D"https://www.grc.com/sqrl/sqrl.htm">https://www.grc.com/=
sqrl/sqrl.htm</a></div><div><br></div><div>If one of those systems gets cri=
tical mass and actually starts being successful, then I think it would make=
 sense to specify a standard way of using a HD wallet&#39;s deterministic s=
eed to derive a key used for the FIDO or SQRL systems.</div>
<div><br></div><div><br></div></div><div class=3D"gmail_extra"><br><br><div=
 class=3D"gmail_quote">On Fri, Apr 4, 2014 at 9:22 AM, Eric Larchev=EAque <=
span dir=3D"ltr">&lt;<a href=3D"mailto:elarch@gmail.com" target=3D"_blank">=
elarch@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">What I&#39;m trying to achi=
eve, is to have a very simple way of authenticating yourself with one Bitco=
in address from your wallet.<div>
For most of the people using Bitcoin, their wallet is on their phone.</div>

<div><br></div><div>The UX is clear and simple :</div><div>1. click on &quo=
t;connect with Bitcoin&quot; (the audience is normal people)</div><div>2. f=
lash the QRcode with your wallet (<a href=3D"http://blockchain.info" target=
=3D"_blank">blockchain.info</a>, mycelium, ...)</div>


<div>3. accept the authentication request (same style than OpenID or Facebo=
ok connect)</div><div>4. user is autologged and identified by the chosen Bi=
tcoin public address</div><div><br></div><div>It makes sense only if major =
wallets are supporting the protocol. If you need to install a plugin or dow=
nload a third party software, no one will do it.</div>


<div>I see only benefits for the entire ecosystem, and if I&#39;m working o=
n such a proposition it is because I really need this feature.<br></div><di=
v><br></div><div>Of course, it can be done without a BIP, I just need to co=
nvince wallet developpers one by one to implement the feature.</div>


<div>But I thought it was much better to start the &quot;official&quot; way=
, so all wallet could easily find and implement the same authentication mec=
hanism.</div><div class=3D""><div><br></div><div>&gt;=A0<span style=3D"font=
-family:arial,sans-serif;font-size:13px">=A0</span><span style=3D"font-fami=
ly:arial,sans-serif;font-size:13px">Bitcoin and website authentication are =
unrelated problems</span></div>


<div><span style=3D"font-family:arial,sans-serif;font-size:13px"><br></span=
></div></div><div><span style=3D"font-family:arial,sans-serif;font-size:13p=
x">I respectfully disagree. Many services require your Bitcoin address, and=
 to do that they artificially request an email/password to store it.</span>=
</div>


<div><span style=3D"font-family:arial,sans-serif;font-size:13px">This is no=
t about authentication as an identity (as &quot;I&#39;m Eric Larcheveque&qu=
ot;), but as in &quot;I&#39;m proving to you that I control this address&qu=
ot;.</span></div>


<div><span style=3D"font-family:arial,sans-serif;font-size:13px"><br></span=
></div><div><font face=3D"arial, sans-serif">Without such a standard protoc=
ol, you could never envision a pure Bitcoin physical locker rental, or book=
ing an hotel room via Bitcoin and opening the door through the paying addre=
ss.</font></div>
<span class=3D"HOEnZb"><font color=3D"#888888">

<div><br></div><div><font face=3D"arial, sans-serif">Eric</font></div><div>=
<font face=3D"arial, sans-serif"><br></font></div></font></span></div><div =
class=3D"HOEnZb"><div class=3D"h5"><div class=3D"gmail_extra"><br><br><div =
class=3D"gmail_quote">
On Fri, Apr 4, 2014 at 3:08 PM, Mike Hearn <span dir=3D"ltr">&lt;<a href=3D=
"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>&gt;</span> w=
rote:<br>

<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">This comes up every few mon=
ths. I think the problem you are trying to solve is already solved by SSL c=
lient certificates, and if you want to help make them more widespread the p=
rograms you need to upgrade are web browsers and not Bitcoin wallets. There=
 are certainly bits of infrastructure you could reuse here and there, like =
perhaps a TREZOR with a custom firmware extension for really advanced/keen =
users, but overall Bitcoin and website authentication are unrelated problem=
s.</div>


<div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote"><div><div>On =
Fri, Apr 4, 2014 at 2:15 PM, Eric Larchev=EAque <span dir=3D"ltr">&lt;<a hr=
ef=3D"mailto:elarch@gmail.com" target=3D"_blank">elarch@gmail.com</a>&gt;</=
span> wrote:<br>


</div></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div><div>
<div dir=3D"ltr">Hello,<br><br>I&#39;ve written a draft BIP description of =
an authentication protocol based on Bitcoin public address.<br><br>By authe=
ntication we mean to prove to a service/application that we control a speci=
fic Bitcoin address by signing a challenge, and that all related data and s=
ettings may securely be linked to our session.<div>


<br></div><div>The aim is to greatly facilitate sign ups and logins to serv=
ices and applications, improving the Bitcoin ecosystem as a whole.<br><br><=
a href=3D"https://github.com/bitid/bitid/blob/master/BIP_draft.md" target=
=3D"_blank">https://github.com/bitid/bitid/blob/master/BIP_draft.md</a><br>


<br>Demo website :<br><a href=3D"http://bitid-demo.herokuapp.com/" target=
=3D"_blank">http://bitid-demo.herokuapp.com/</a><br><br>Classical password =
authentication is an insecure process that could be solved with public key =
cryptography. The problem is that it theoretically offloads a lot of comple=
xity and responsibility on the user. Managing private keys securely is comp=
lex. However this complexity is already being addressed in the Bitcoin ecos=
ystem. So doing public key authentication is practically a free lunch to bi=
tcoiners.<br>


<div><br></div><div>I&#39;ve formatted the protocol description as a BIP be=
cause this is the only way to have all major wallets implementing it, and b=
ecause it completely fits in my opinion the BIP &quot;process&quot; categor=
y.</div>


<div><br></div><div>Please read it and let me know your thoughts and commen=
ts so we can improve on this draft.<br></div><div><br></div><div>Eric Larch=
eveque</div><div><a href=3D"mailto:elarch@gmail.com" target=3D"_blank">elar=
ch@gmail.com</a></div>


<div><br></div></div></div>
<br></div></div>-----------------------------------------------------------=
-------------------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div><br>-----------------------------------------------------------=
-------------------<br>
<br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>--<br>Ga=
vin Andresen<br>
</div>

--20cf3010e48d40b5f104f6378d0a--