Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WUaHR-0001kz-CL for bitcoin-development@lists.sourceforge.net; Mon, 31 Mar 2014 11:21:29 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.75 as permitted sender) client-ip=62.13.149.75; envelope-from=pete@petertodd.org; helo=outmail149075.authsmtp.net; Received: from outmail149075.authsmtp.net ([62.13.149.75]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WUaHQ-0005H3-4H for bitcoin-development@lists.sourceforge.net; Mon, 31 Mar 2014 11:21:29 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s2VBLLY2081328; Mon, 31 Mar 2014 12:21:21 +0100 (BST) Received: from tilt (cust.static.84-253-54-151.cybernet.ch [84.253.54.151]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s2VBLEZ4049470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 31 Mar 2014 12:21:16 +0100 (BST) Date: Mon, 31 Mar 2014 13:21:14 +0200 From: Peter Todd To: vv01f , Natanael Message-ID: <20140331112114.GB30139@tilt> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="VywGB/WGlW4DM4P8" Content-Disposition: inline In-Reply-To: <5339418F.1050800@riseup.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 939a1d24-b8c6-11e3-94fa-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdQMUFVQGAgsB AmIbWlZeUlx7WGQ7 Yw5PbwBefE9KQQRv UVdMSlVNFUsrA3pz emt0Vhl2fgFBeDBx YUZrXD5SX00rdBJ/ RlMGHT4AeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4QEzUh XR1KFC40HEIDSil7 JR06IVkdGg4YPkko PEA6EV4ZKRIZFgpE DikA X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 84.253.54.151/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FAKE_REPLY_C FAKE_REPLY_C X-Headers-End: 1WUaHQ-0005H3-4H Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2014 11:21:29 -0000 --VywGB/WGlW4DM4P8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 31, 2014 at 12:21:03PM +0200, vv01f wrote: > Some users on bitcointalk[0] would like to have their vanity addresses > available for others easily to find and verify the ownership over a kind > of WoT. Right now they sign their own addresses and quote them in the > forums. > As I pointed out there already the centralized storage in the forums is > not secury anyhow and signed messages could be swapped easily with the > next hack of the forums. >=20 > Is that use case taken care of in any plans already? >=20 > I thought about abusing pgp keyservers but that would suit for single > vanity addresses only. > It seems webfinger could be part of a solution where servers of a > business can tell and proof you if a specific address is owned by them. Good timing! I'm at a hackathon right now working with a group to come up with a standard for adding Bitcoin addresses to OpenPGP keys. You're correct in thinking that doing so with standard Bitcoin addresses is a privacy problem, however we can also define new types of Bitcoin addresses that address the privacy issue; stealth addresses can handle the case where you want to pay someone without a formal payment request, and integrating OpenPGP into the payment protocol handles the scenario where you want to send or pay to a formal payment request. On Mon, Mar 31, 2014 at 12:49:14PM +0200, Natanael wrote: > Does't BIP70 cover this already via Certificate Authorities? Incidentally on my todo list is to come up for a reasonable standard for taking X.509 certificates and using them to sign OpenPGP user IDs. Essentially the certificate authority is then making the statement that a keypair is authorized to sign on behalf of a domain-name, and in turn that keypair signs that the email address on the user ID is correct. It's a best of both worlds option in the same spirit of keybase.io --=20 'peter'[:-1]@petertodd.org 0000000000000000f4f5ba334791a4102917e4d3f22f6ad7f2c4f15d97307fe2 --VywGB/WGlW4DM4P8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGcBAEBCAAGBQJTOU+mAAoJEGJeboN5AaHKX+oL/jPde/D6uECroJem3S3Etohq aOwmSs5sR4ZFJCbvkQJa3e2OK6EnTQSZkwyNDI6VFZi3GZKznC+CAByAd5AXea6D gDqx/hWyd1T/P7IrSi+dhmVqi+8CrbECyJlM8ELH37ydz+7D1uklwZlSKmw1mSSe JJ4JN0EguKhMy/ehTElLuZ2b+jX8nx3DlIIdKesrXnRuCbeiSA6beEMcsZ/WWKqE fTaTInknEz0muaOCfIbEkBIO3uxhDFi5lHgsLFn1j2Sx+zgjOtNwyHlbRULffgXw PhEHRgV1ijGQPXWyJZG2hg9hOVtAsppK0hCCkFC04TqlPTVrU8Edy2+Ui9ElhLzr 18lIq+FxnDoayYjmvj3NaCue8Q9U2HghHdFhVCyEKNt+QuOKI5O7tN3tFmQizVVS bX3q/ktqri8Ia8fN1Beq3vX9WyYTUHsS1vi6ADhpCAHdgft1w7GakL7Ze8MzQpzC bGBgn39mq34/nAt8LHYTSPGqW28gkUG3rdKFDQ+GBw== =0cH8 -----END PGP SIGNATURE----- --VywGB/WGlW4DM4P8--