Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VZvIE-00055v-UL for bitcoin-development@lists.sourceforge.net; Sat, 26 Oct 2013 04:16:07 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.56 as permitted sender) client-ip=62.13.149.56; envelope-from=pete@petertodd.org; helo=outmail149056.authsmtp.com; Received: from outmail149056.authsmtp.com ([62.13.149.56]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1VZvID-0003uF-Hs for bitcoin-development@lists.sourceforge.net; Sat, 26 Oct 2013 04:16:06 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt10.authsmtp.com (8.14.2/8.14.2) with ESMTP id r9Q4Fvlq022263; Sat, 26 Oct 2013 05:15:57 +0100 (BST) Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r9Q4Fqp2038829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 26 Oct 2013 05:15:55 +0100 (BST) Date: Sat, 26 Oct 2013 00:15:51 -0400 From: Peter Todd To: Gregory Maxwell Message-ID: <20131026041551.GA15932@savin> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 4f2c03ca-3df5-11e3-b802-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdAQUF1YAAgsB AmUbW1FeUVh7XGY7 bAxPbAVDY01GQQRq WVdMSlVNFUsqCH0F cF9eUBlxfw1EcTB5 YUJmEHQNXhd6dhUs X00AQ2gbZGY1a31N WEBaagNUcgZDfk5E bwQuUz1vNG8XDQg5 AwQ0PjZ0MThBJSBS WgQAK04nCX4CDzsx QQxKBS8oAUoOQCF7 IRs8YlkaHUEXengI FUBnMQAA X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: petertodd.org] X-Headers-End: 1VZvID-0003uF-Hs Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Payment protocol for onion URLs. X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2013 04:16:07 -0000 --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 25, 2013 at 08:31:05PM -0700, Gregory Maxwell wrote: > One limitation of the payment protocol as speced is that there is no > way for a hidden service site to make use of its full authentication > capability because they are unable to get SSL certificates issued to > them. >=20 > A tor hidden service (onion site) is controlled by an RSA key. >=20 > It would be trivial to pack a tor HS pubkey into a self-signed x509 > certificate with the cn set to foooo.onion. >=20 > If we specified in the payment protocol an additional validation > procedure for [base32].onion hosts that just has it hash and base32 > encode the pubkey (as tor does) then the payment protocol could work > seamlessly with tor hosts. (Displaying that the payment request came > from "foooo.onion"). I believe that the additional code for this > would be trivial (and I'll write it if there is support for making > this a standard feature). >=20 > This would give us an fully supported option which is completely CA > free... it would only work for tor sites, but the people concerned > about CA trechery are likely to want to use tor in any case. >=20 > Thoughts? Strong ACK on the basis of responding for forum trolls alone. It's easy enough to make it a genuinely useful tool for multisig wallets too: keep a copy of your Tor URL bookmarks on your second signing computer. So long as either computer has the correct URL you're safe. --=20 'peter'[:-1]@petertodd.org 0000000000000006fbd917e8b4770c566dbc8ed4bedd00f441286ffb6e7f73ac --T4sUOijqQbZv57TR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGrBAEBCACVBQJSa0H3XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDZmYmQ5MTdlOGI0NzcwYzU2NmRiYzhlZDRiZWRkMDBmNDQx Mjg2ZmZiNmU3ZjczYWMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfskDgf9FqAe40s1p4PX7C22a4un56PO Iz18EexpGa5hyk0Y3juCxBzIAvSZJKBiOjUGy3fn4TPQrhYD6ioPVS2c1ORKyvm5 Pmtpqf1+yqpw5Syrtz28KR7JK5XOyfldAW+5gyzLhYAqWBo78zmz5byJJdp5LTy6 +DJQm7FV81YuxmVHXdrfB1KYFUkqLwBqOOIJ9vKGZjlGMjRlHENnOqV86ndgpesQ Bz2Z8qULsp+/97JqQAifABS0zMi2KPHqb1bmNzuY62TeNSHC6GfVXMtiO9LCcG+8 CczkqlrBq17Y1eP83FxBl1pkja1ACKMCNah++NiLH2HNRO1AuaiWoEqysxvs2w== =fz7A -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR--