1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1WUaHR-0001kz-CL
for bitcoin-development@lists.sourceforge.net;
Mon, 31 Mar 2014 11:21:29 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.149.75 as permitted sender)
client-ip=62.13.149.75; envelope-from=pete@petertodd.org;
helo=outmail149075.authsmtp.net;
Received: from outmail149075.authsmtp.net ([62.13.149.75])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1WUaHQ-0005H3-4H for bitcoin-development@lists.sourceforge.net;
Mon, 31 Mar 2014 11:21:29 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s2VBLLY2081328;
Mon, 31 Mar 2014 12:21:21 +0100 (BST)
Received: from tilt (cust.static.84-253-54-151.cybernet.ch [84.253.54.151])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s2VBLEZ4049470
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Mon, 31 Mar 2014 12:21:16 +0100 (BST)
Date: Mon, 31 Mar 2014 13:21:14 +0200
From: Peter Todd <pete@petertodd.org>
To: vv01f <vv01f@riseup.net>, Natanael <natanael.l@gmail.com>
Message-ID: <20140331112114.GB30139@tilt>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="VywGB/WGlW4DM4P8"
Content-Disposition: inline
In-Reply-To: <CAAt2M19HNUjr2OET5YjOB9YQKptOtVAmcPXWwoaxPHVTLOMYbg@mail.gmail.com>
<5339418F.1050800@riseup.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 939a1d24-b8c6-11e3-94fa-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdQMUFVQGAgsB AmIbWlZeUlx7WGQ7 Yw5PbwBefE9KQQRv
UVdMSlVNFUsrA3pz emt0Vhl2fgFBeDBx YUZrXD5SX00rdBJ/
RlMGHT4AeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA4QEzUh XR1KFC40HEIDSil7
JR06IVkdGg4YPkko PEA6EV4ZKRIZFgpE DikA
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 84.253.54.151/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FAKE_REPLY_C FAKE_REPLY_C
X-Headers-End: 1WUaHQ-0005H3-4H
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] secure assigned bitcoin address directory
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 31 Mar 2014 11:21:29 -0000
--VywGB/WGlW4DM4P8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Mar 31, 2014 at 12:21:03PM +0200, vv01f wrote:
> Some users on bitcointalk[0] would like to have their vanity addresses
> available for others easily to find and verify the ownership over a kind
> of WoT. Right now they sign their own addresses and quote them in the
> forums.
> As I pointed out there already the centralized storage in the forums is
> not secury anyhow and signed messages could be swapped easily with the
> next hack of the forums.
>=20
> Is that use case taken care of in any plans already?
>=20
> I thought about abusing pgp keyservers but that would suit for single
> vanity addresses only.
> It seems webfinger could be part of a solution where servers of a
> business can tell and proof you if a specific address is owned by them.
Good timing! I'm at a hackathon right now working with a group to come
up with a standard for adding Bitcoin addresses to OpenPGP keys. You're
correct in thinking that doing so with standard Bitcoin addresses is a
privacy problem, however we can also define new types of Bitcoin
addresses that address the privacy issue; stealth addresses can handle
the case where you want to pay someone without a formal payment request,
and integrating OpenPGP into the payment protocol handles the scenario
where you want to send or pay to a formal payment request.
On Mon, Mar 31, 2014 at 12:49:14PM +0200, Natanael wrote:
> Does't BIP70 cover this already via Certificate Authorities?
Incidentally on my todo list is to come up for a reasonable standard for
taking X.509 certificates and using them to sign OpenPGP user IDs.
Essentially the certificate authority is then making the statement that
a keypair is authorized to sign on behalf of a domain-name, and in turn
that keypair signs that the email address on the user ID is correct.
It's a best of both worlds option in the same spirit of keybase.io
--=20
'peter'[:-1]@petertodd.org
0000000000000000f4f5ba334791a4102917e4d3f22f6ad7f2c4f15d97307fe2
--VywGB/WGlW4DM4P8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGcBAEBCAAGBQJTOU+mAAoJEGJeboN5AaHKX+oL/jPde/D6uECroJem3S3Etohq
aOwmSs5sR4ZFJCbvkQJa3e2OK6EnTQSZkwyNDI6VFZi3GZKznC+CAByAd5AXea6D
gDqx/hWyd1T/P7IrSi+dhmVqi+8CrbECyJlM8ELH37ydz+7D1uklwZlSKmw1mSSe
JJ4JN0EguKhMy/ehTElLuZ2b+jX8nx3DlIIdKesrXnRuCbeiSA6beEMcsZ/WWKqE
fTaTInknEz0muaOCfIbEkBIO3uxhDFi5lHgsLFn1j2Sx+zgjOtNwyHlbRULffgXw
PhEHRgV1ijGQPXWyJZG2hg9hOVtAsppK0hCCkFC04TqlPTVrU8Edy2+Ui9ElhLzr
18lIq+FxnDoayYjmvj3NaCue8Q9U2HghHdFhVCyEKNt+QuOKI5O7tN3tFmQizVVS
bX3q/ktqri8Ia8fN1Beq3vX9WyYTUHsS1vi6ADhpCAHdgft1w7GakL7Ze8MzQpzC
bGBgn39mq34/nAt8LHYTSPGqW28gkUG3rdKFDQ+GBw==
=0cH8
-----END PGP SIGNATURE-----
--VywGB/WGlW4DM4P8--
|
