1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <wendel@314t.com>) id 1V7lLv-0007oM-VP
for bitcoin-development@lists.sourceforge.net;
Fri, 09 Aug 2013 11:59:31 +0000
X-ACL-Warn:
Received: from mail-ea0-f172.google.com ([209.85.215.172])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1V7lLu-00027t-Jx
for bitcoin-development@lists.sourceforge.net;
Fri, 09 Aug 2013 11:59:31 +0000
Received: by mail-ea0-f172.google.com with SMTP id r16so1994463ead.17
for <bitcoin-development@lists.sourceforge.net>;
Fri, 09 Aug 2013 04:59:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=x-gm-message-state:sender:subject:mime-version:content-type:from
:in-reply-to:date:cc:content-transfer-encoding:message-id:references
:to; bh=Oq8v8QEKUACwXnguSSodlWh1XkHIZnQkfcIeuiKSmjg=;
b=RpOWxPnA+P1ZAJDoE6lgZzn8CIzP1FaVhXbZOxZEzcOR1xTP4oq4GlQMLGmAKA/jlz
6wDy2Gpe1MAOp/dNvSjYfPJWlO5vAUydnzWdwetkhAjUy4Lf5bwbQH9VzK9kqNHcLMR9
kHJGhaSVtkoqRMIC0D+zXQPwHr4lDdprciekqLxH0GgE1jMV8QmXHQ6uhymJwmP2248y
QAj8jG3zHWSmByG2P1WOkYP+QYe3XJV827pogCMNFS+0h/bSXP0eoNL1QqT85bleJb1S
lDSTX+b1oa6OiLt/iQUk3ZBtVnzO9ep9IRdjYog8rTdg/xaxfE0XJvXh1RR21TndKTHk
3eBw==
X-Gm-Message-State: ALoCoQlt93xiOryESR1CQN+ICT0RB0qeU3zVX6SASoq16BVhxZLeROCr1r+M8Y2a5XfY7xs9qZYf
X-Received: by 10.15.43.193 with SMTP id x41mr13041289eev.31.1376049558641;
Fri, 09 Aug 2013 04:59:18 -0700 (PDT)
Received: from [127.0.0.1] ([180.149.96.169])
by mx.google.com with ESMTPSA id c3sm28091790eev.3.2013.08.09.04.59.14
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Fri, 09 Aug 2013 04:59:17 -0700 (PDT)
Sender: w grabhive <wendel@314t.com>
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset=us-ascii
From: Wendell <w@grabhive.com>
In-Reply-To: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com>
Date: Fri, 9 Aug 2013 13:59:09 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <4A46BA74-F2C2-4139-AABE-67CFE4BC4FA4@grabhive.com>
References: <CANEZrP3w+pGVJijxLr1N6wQiqg4U=RUP3Mrph2=fwF+Ga_U9sQ@mail.gmail.com>
To: Mike Hearn <mike@plan99.net>
X-Mailer: Apple Mail (2.1283)
X-Spam-Score: 3.4 (+++)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.5 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[180.149.96.169 listed in psbl.surriel.com]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?180.149.96.169>]
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[180.149.96.169 listed in dnsbl.sorbs.net]
X-Headers-End: 1V7lLu-00027t-Jx
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Idea for new payment protocol PKI
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2013 11:59:32 -0000
We have been discussing something like this over here too, as well as =
exploring more esoteric blockchain+signature-based "SSO" implementations =
as discussed by John Light and others.
One of our long-term ambitions with Hive is to provide a (mostly) =
user-transparent, decentralized authentication service. It sounds like =
our infrastructure could already handle a Persona implementation, and we =
very much want to get behind some forward-thinking standard. So as long =
as the plan _IS_ to remove said 'centralized struts' at the appropriate =
time, I'd say we're interested in exploring this further.
-wendell
grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote:
> This is just me making notes for myself, I'm not seriously suggesting =
this be implemented any time soon.
>=20
> Mozilla Persona is an infrastructure for web based single sign on. It =
works by having email providers sign temporary certificates for their =
users, whose browsers then sign server-provided challenges to prove =
their email address.
>=20
> Because an SSO system is a classic chicken/egg setup, they run various =
fallback services that allow anyone with an email address to take part. =
They also integrate with the Google/Yahoo SSO systems as well. The =
intention being that they do this until Persona becomes big enough to =
matter, and then they can remove the centralised struts and the system =
becomes transparently decentralised.
>=20
> In other words, they seem to do a lot of things right.
>=20
> Of course you can already sign payments using an X.509 cert issued to =
an email address with v1 of the payment protocol, so technically no new =
PKI is needed. But the benefit of leveraging Persona would be =
convenience - you can get yourself a Persona cert and use it to sign in =
to websites with a single click, and the user experience is smart and =
professional. CAs in contrast are designed for web site admins really so =
the experience of getting a cert for an email address is rather variable =
and more heavyweight.
>=20
> Unfortunately Persona does not use X.509. It uses a custom thing based =
on JSON. However, under the hood it's just assertions signed by RSA =
keys, so an implementation is likely to be quite easy. =46rom the users =
perspective, their wallet app would embed a browser and drive it as if =
it were signing into a website, but stop after the user is signed into =
Persona and a user cert has been provisioned. It can then sign payment =
requests automatically. For many users, it'd be just one click, which is =
pretty neat.
|
