Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id E741FC002D for ; Tue, 18 Oct 2022 22:46:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id AD54C83EEF for ; Tue, 18 Oct 2022 22:46:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org AD54C83EEF Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=ty42ZHV2 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bLviEX1Yz_BL for ; Tue, 18 Oct 2022 22:46:20 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 7986E83E83 Received: from mail-40130.protonmail.ch (mail-40130.protonmail.ch [185.70.40.130]) by smtp1.osuosl.org (Postfix) with ESMTPS id 7986E83E83 for ; Tue, 18 Oct 2022 22:46:19 +0000 (UTC) Date: Tue, 18 Oct 2022 22:46:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1666133176; x=1666392376; bh=kphHIpjglOg5wA8VBzSb4aAYazum0K9huHlXCgNKn3Q=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=ty42ZHV2MGsPreusvSnI/dWYZgEUBsNUemJjjhGOvXDNJjtTC9qUhR+rYV3BtfLGL sUDfw0Wz38d/82TrgDpdtQIcyqdY/SCgmdsw8zCq8MAXkFngpGw42NWvpwjCHp6PSN tFaXbEj64uLvanraEfDQFK1fUM9Plaid7sTjLdvUA32223FMoiTlE20tXQjSx8gUMN dv0cpebRaY894OSFxJy+8duPvufTk1Ak0Y3rFXOnwm0dZmSxn0g75aVRK01pnT0SRV LwlG5WIOrd2xDF0mto4tVcnZlsRJxuWvxzm0r+8fhSNOQVkUoSCRIjNw/A8DJc1U53 jLnNPk+2m/KgQ== To: Andrew Poelstra From: rot13maxi Message-ID: In-Reply-To: References: <9f399e0c2713f2b1d2534cd754356bb5@dtrt.org> <1-euAstnYmNT7A9s0rniXdimmudFXODjkXiYXLK1hx1W7f_2rBLD1lPpaNi9Vx9tq2oahdCs6wDuXMy9SR6WfRTYzl2vDxSi6IVQLELKNLs=@protonmail.com> Feedback-ID: 41648937:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Tue, 18 Oct 2022 22:49:12 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] =?utf-8?q?Trustless_Address_Server_=E2=80=93_Outsou?= =?utf-8?q?rcing_handing_out_addresses_to_prevent_address_reuse?= X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2022 22:46:22 -0000 Hello Andrew and Bryan, > No, as I understand the proposal, the "public key" held by the wallet is = simply > a signing key used to authenticate addresses, and never leaves the wallet= .=20 That's right (or at least, that's the intent). Think of importing someone's= GPG key and then using it to validate future signed messages from them. In= this case, the public key stays in your "address book" entry for a person = and then whenever you need to fetch a fresh address for them from the Addre= ss Server, your wallet can validate that it's for their wallet.=20 Making sure that you import a legitimate/authentic public key is a problem,= but you only need to do it once per recipient, instead of doing it every t= ime you need to transact with that person. Maybe that's something you solve= in UI (i.e. Signal has you compare strings with your counter-party), or so= mething you can solve through other metadata (GPG had WoT, or if you're alr= eady using an address server maybe there's some PKI scheme that's appropria= te, etc.).=20 Rubin, I think you responded on another branch of the thread, but thanks fo= r the podcast link. I'll check it out! Cheers, Rijndael ------- Original Message ------- On Tuesday, October 18th, 2022 at 8:42 AM, Andrew Poelstra wrote: > On Mon, Oct 17, 2022 at 07:07:07PM -0500, Bryan Bishop via bitcoin-dev wr= ote: > > > Isn't this the same problem but now for copy-pasting pubkeys instead of= an > > address? > > > No, as I understand the proposal, the "public key" held by the wallet is = simply > a signing key used to authenticate addresses, and never leaves the wallet= . Yes, > if the wallet's own memory is compromised, it can be tricked into accepti= ng bad > addresses, but this is much much harder than compromising data on the cli= pboard, > which basically any application can do without any "real" exploits or spe= cial > permissions. > > As an extreme, this proposal could be run on a hardware wallet which had = some > out-of-band way to obtain and authenticate public keys (similar to Signal= QR > codes). > > -- > Andrew Poelstra > Director of Research, Blockstream > Email: apoelstra at wpsoftware.net > Web: https://www.wpsoftware.net/andrew > > The sun is always shining in space > -Justin Lewis-Webster