1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1WL8uW-00031Y-3X
for bitcoin-development@lists.sourceforge.net;
Wed, 05 Mar 2014 10:18:48 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.53 as permitted sender)
client-ip=209.85.219.53; envelope-from=mh.in.england@gmail.com;
helo=mail-oa0-f53.google.com;
Received: from mail-oa0-f53.google.com ([209.85.219.53])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WL8uV-0003vt-32
for bitcoin-development@lists.sourceforge.net;
Wed, 05 Mar 2014 10:18:48 +0000
Received: by mail-oa0-f53.google.com with SMTP id j17so796874oag.40
for <bitcoin-development@lists.sourceforge.net>;
Wed, 05 Mar 2014 02:18:41 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.182.19.164 with SMTP id g4mr875951obe.58.1394014721605; Wed,
05 Mar 2014 02:18:41 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.71.231 with HTTP; Wed, 5 Mar 2014 02:18:41 -0800 (PST)
In-Reply-To: <5303B110.70603@bitpay.com>
References: <le05ca$qn5$1@ger.gmane.org>
<5303B110.70603@bitpay.com>
Date: Wed, 5 Mar 2014 11:18:41 +0100
X-Google-Sender-Auth: D30jqIEGWroNF5QDBurYsI0kDH8
Message-ID: <CANEZrP3mUnU9h20V_Ss_FH0md91PnKhUTKmuM_8rPPuZuvjdJA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: "Ryan X. Charles" <ryan@bitpay.com>
Content-Type: multipart/alternative; boundary=001a11c2a5f64b09a304f3d9588e
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WL8uV-0003vt-32
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP70 proposed changes
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 10:18:48 -0000
--001a11c2a5f64b09a304f3d9588e
Content-Type: text/plain; charset=UTF-8
>
> On an unrelated note, X.509 is a terrible standard that should be
> abandoned as quickly as possible. BitPay is working on a new standard
> based on bitcoin-like addresses for authentication. It would be great if
> we could work with the community to establish a complete, decentralized
> authentication protocol. The sooner we can evolve beyond X.509 the better.
Because this is such a common sentiment, I wrote a couple of articles on
the matter.
The first is about why BIP 70 uses the SSL PKI and an examination of the
most commonly proposed alternative ideas:
https://medium.com/p/b64cf5912aa7
... including the web of trust, using bitcoin addresses/the block chain,
allowing multiple certs, trust-on-first-use and (for SSL only)
perspectives/convergence.
The second is a summary of some of the most famous crypto-usability
research papers published in the past 10-15 years. They cover SSL and PGP.
If you're interested in designing alternatives, reading these papers would
be a good place to start:
https://medium.com/p/d04ea6a2c771
There's a book from O'Reilly called Security & Usability that contains 34
papers and essays. It's very good:
http://shop.oreilly.com/product/9780596008277.do
--001a11c2a5f64b09a304f3d9588e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;paddi=
ng-left:1ex">
On an unrelated note, X.509 is a terrible standard that should be<br>
abandoned as quickly as possible. BitPay is working on a new standard<br>
based on bitcoin-like addresses for authentication. It would be great if<br=
>
we could work with the community to establish a complete, decentralized<br>
authentication protocol. The sooner we can evolve beyond X.509 the better.<=
/blockquote><div><br></div><div>Because this is such a common sentiment, I =
wrote a couple of articles on the matter.</div><div><br></div><div>The firs=
t is about why BIP 70 uses the SSL PKI and an examination of the most commo=
nly proposed alternative ideas:</div>
<div><br></div><div>=C2=A0 =C2=A0<a href=3D"https://medium.com/p/b64cf5912a=
a7">https://medium.com/p/b64cf5912aa7</a> =C2=A0</div><div><br></div><div>.=
.. including the web of trust, using bitcoin addresses/the block chain, all=
owing multiple certs, trust-on-first-use and (for SSL only) perspectives/co=
nvergence.</div>
<div><br></div><div>The second is a summary of some of the most famous cryp=
to-usability research papers published in the past 10-15 years. They cover =
SSL and PGP. If you're interested in designing alternatives, reading th=
ese papers would be a good place to start:</div>
<div><br></div><div>=C2=A0 =C2=A0 <a href=3D"https://medium.com/p/d04ea6a2c=
771">https://medium.com/p/d04ea6a2c771</a><br></div><div><br></div><div>The=
re's a book from O'Reilly called Security & Usability that cont=
ains 34 papers and essays. It's very good:</div>
<div><br></div><div>=C2=A0 =C2=A0<a href=3D"http://shop.oreilly.com/product=
/9780596008277.do">http://shop.oreilly.com/product/9780596008277.do</a></di=
v><div><br></div><div><br></div></div></div></div>
--001a11c2a5f64b09a304f3d9588e--
|