Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.180 as permitted sender)
	client-ip=209.85.214.180; envelope-from=dbanttari@gmail.com;
	helo=mail-ob0-f180.google.com; 
MIME-Version: 1.0
In-Reply-To: <8ACA8DF1-30BF-47F4-92CE-E625F44F687C@meek.io>
References: <5339418F.1050800@riseup.net>
	<51C10069-5C3B-462A-9184-669ABC6CD9D0@meek.io>
	<CAJHLa0MfV0RnVh1niG4vUGUUvB_Vd8HccTys4bf1ApnwuBUd1g@mail.gmail.com>
	<C818247C-6422-4F55-A324-826EC5C6A455@meek.io>
	<CAHbi5CzOTejUQcaF4Ja45=609A811OvSonE0vXpTuPKSh+5hVA@mail.gmail.com>
	<8ACA8DF1-30BF-47F4-92CE-E625F44F687C@meek.io>
From: Daryl Banttari <dbanttari@gmail.com>
Date: Tue, 1 Apr 2014 19:59:34 -0500
Message-ID: <CAHbi5Czk2pq7Xci+3Wjfn==WhRdqNc1sbW86aS8jnwLAT0wsgw@mail.gmail.com>
To: "Chris D'Costa" <chris.dcosta@meek.io>
Content-Type: multipart/alternative; boundary=001a11c2f2d4811a2404f604cd1b
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory
Precedence: list

--001a11c2f2d4811a2404f604cd1b
Content-Type: text/plain; charset=ISO-8859-1

Chris,

Thank you for taking the time to look at my proposal.

1) pay to addresses are not fixed - ie you can have a different address for
> each transaction (which is why BIP70 is necessary to allow per transaction
> addresses via https.)
>

This is certainly true for a "published" address; however a new address
(and URL) can be generated for each one-off peer-to-peer transaction.
 However, I'd expect that most of the time this use case will be handed by
BIP70.  Still, this could allow someone to implement a authenticated,
non-repudiable payment request without having to go through the hassle of a
full BIP70 implementation.


> 2) unless you are already aware of the  public key of the signature, you
> do not know if the signature is made by the person you think it is supposed
> to be from. See recent concern over fake key for Gavin Andresen. Ie a
> signature can always be verified with a valid public key, the question is
> was it the real person's key. That is what WoT tried to resolve with
> so-called "signing parties", nowadays keys posted to a public forum by a
> known user, but it's not a standard and not ideal.
>

My proposal leverages the existing SSL key system (yes, PKI), so there is a
reasonable expectation that if the signature verifies, it came from the
party indicated on the cert.  While SSL (and the PKI system underpinning
it) have its faults, the example you highlighted was specifically a problem
with WoT, not PKI.  Can a compromised web server cause payments to be made
to the wrong party?  Of course-- but that's already true.  And that's not
something BIP70 solves (or attempts to solve) either.

(To explain [better than I could] why I feel PKI is a pragmatic solution, I
defer to Mike Hearn 's article:
https://medium.com/bitcoin-security-functionality/b64cf5912aa7)

--Daryl

--001a11c2f2d4811a2404f604cd1b
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra">Chris,</div><div class=3D"gmail=
_extra"><br></div><div class=3D"gmail_extra">Thank you for taking the time =
to look at my proposal.</div><div class=3D"gmail_extra"><br><div class=3D"g=
mail_quote">

<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div>1) pay to addresses are not fixed - ie you can have a=
 different address for each transaction (which is why BIP70 is necessary to=
 allow per transaction addresses via https.)</div>

<div></div></blockquote><div><br></div><div><div>This is certainly true for=
 a &quot;published&quot; address; however a new address (and URL) can be ge=
nerated for each one-off peer-to-peer transaction. =A0However, I&#39;d expe=
ct that most of the time this use case will be handed by BIP70. =A0Still, t=
his could allow someone to implement a authenticated, non-repudiable paymen=
t request without having to go through the hassle of a full BIP70 implement=
ation.</div>

</div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);borde=
r-left-style:solid;padding-left:1ex"><div>2) unless you are already aware o=
f the =A0public key of the signature, you do not know if the signature is m=
ade by the person you think it is supposed to be from. See recent concern o=
ver fake key for Gavin Andresen. Ie a signature can always be verified with=
 a valid public key, the question is was it the real person&#39;s key. That=
 is what WoT tried to resolve with so-called &quot;signing parties&quot;, n=
owadays keys posted to a public forum by a known user, but it&#39;s not a s=
tandard and not ideal.</div>

</blockquote></div><br>My proposal leverages the existing SSL key system (y=
es, PKI), so there is a reasonable expectation that if the signature verifi=
es, it came from the party indicated on the cert. =A0While SSL (and the PKI=
 system underpinning it) have its faults, the example you highlighted was s=
pecifically a problem with WoT, not PKI. =A0Can a compromised web server ca=
use payments to be made to the wrong party? =A0Of course-- but that&#39;s a=
lready true. =A0And that&#39;s not something BIP70 solves (or attempts to s=
olve) either.</div>

<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">(To explain=
 [better than I could] why I feel PKI is a pragmatic solution, I defer to M=
ike Hearn &#39;s article: =A0<a href=3D"https://medium.com/bitcoin-security=
-functionality/b64cf5912aa7">https://medium.com/bitcoin-security-functional=
ity/b64cf5912aa7</a>)</div>

<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">--Daryl</di=
v></div>

--001a11c2f2d4811a2404f604cd1b--