1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
Return-Path: <arthur@bitcoin-fr.io>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 14ADC1248
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 15 Sep 2015 10:49:39 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.aaawop.com (area51.powaaa.com [62.210.66.225])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5BCDC145
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 15 Sep 2015 10:49:38 +0000 (UTC)
Received: from rainloop.aaawop.com (area51.powaaa.com [62.210.66.225])
(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: arthur@powaaa.com)
by mail.aaawop.com (Postfix) with ESMTPSA id 4CA2543092;
Tue, 15 Sep 2015 12:49:36 +0200 (CEST)
Mime-Version: 1.0
Date: Tue, 15 Sep 2015 10:49:36 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID: <15ce53e7feabef3c9a40c5d3df9ff283@rainloop.aaawop.com>
X-Mailer: RainLoop/1.8.2.291
From: "Arthur - bitcoin-fr.io" <arthur@bitcoin-fr.io>
To: "Luke Dashjr" <luke@dashjr.org>, bitcoin-dev@lists.linuxfoundation.org
In-Reply-To: <201509150403.40909.luke@dashjr.org>
References: <201509150403.40909.luke@dashjr.org>
<c5f5105e2d5b9cc1873f84cb0b172285@rainloop.aaawop.com>
X-Virus-Scanned: clamav-milter 0.98.6 at area51
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,URIBL_SBL
autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] URI scheme for signing and verifying messages
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 10:49:39 -0000
September 15 2015 6:04 AM, "Luke Dashjr" <luke@dashjr.org> wrote:=0A> I t=
hink probably the whole signed message thing needs to be rethought. The=
=0A> most common "uses" today seem to be insecure cases that it doesn't a=
ctually=0A> work in: people trying to prove ownership of bitcoins and/or =
that they sent=0A> bitcoins (current signed messages can do neither). Ide=
ally, whatever the new=0A> method is should also avoid using the same key=
as for signing transactions,=0A> since the public key is technically pri=
vate information. Furthermore, since=0A> addresses are semi-deprecated (b=
y the payment protocol), I'm not sure it=0A> makes sense to do this witho=
ut designing an entire authentication system,=0A> which may be rather com=
plex.=0A> =0A> Luke=0A=0AMy proposal is about the current signing process=
(which exists event it it's not perfect) but it could also work with a n=
ew signing message system tomorrow. It more about give users an easier wa=
y to access existing tools than the "sign message thing" itself.=0A=0ABTW=
I'm aware of privacy issues, but could you elaborate on why the use case=
your are referring to doesn't actually work?=0AHere are a use of bitcoin=
signatures ( https://bitcointalk.org/index.php?topic=3D497545.0 ) to spe=
ak about a real case.=0A=0A--=0AArthur
|
