1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id AE5CA884
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 23 Jun 2016 13:03:39 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw0-f174.google.com (mail-yw0-f174.google.com
[209.85.161.174])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BB7D418D
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 23 Jun 2016 13:03:38 +0000 (UTC)
Received: by mail-yw0-f174.google.com with SMTP id l125so69851294ywb.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 23 Jun 2016 06:03:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=hDU42FHmSu4v99sQz505QxUCURP0A0pMihenZk8oazA=;
b=Y9nOhIhcJRsvMnozim10Fpk5FM9VB+nRyVeWZ6VmsAn35IlPpGTy0tjW41NGOBVuPS
Mx1oFTnrX7eU2pviTrdBh6lqDv2iWqQVeeGQ53TT+sxghBr96qL2FbrTRtfVlHkFukgr
59LxBkkfFlFm89k6aBbxeK6ldsMQgFHJin4riNStWIJ9hPCMzpjR6ogBoB6BFSf4SaiB
jeD1Vz3a4hHx0SJENOv4vD3Gz1YRkA+gfWUZVIDXdR1J+Qfxdo4+gbuRZD00aCrmtVJP
MTuCQLvmbbFewe4rGpCt1vzo+b/g/79ETlHWOu/aAt02b5Rk1/cbwPUYFLF/HfXyt82i
qpMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=hDU42FHmSu4v99sQz505QxUCURP0A0pMihenZk8oazA=;
b=eGRYcK38gb0YG3aqYhphDF1POlWIxv6HbFioPT2lItCFO6duCpaDTP0kl/6CW1Lt/R
gzMfodxikR7d3VceCoSZUmFLzvy2/Uah+0Lfa1wD/6jC6Vc4YN+sNhhgblj+ftg4Bop6
iJRumIifcBVs8mT9eYde8LiFM0N6nfwJZvXduALzs4gMB4wFqohy4b1u4PZcwPAg/vCL
iCx366pEuZpdWg/tTbobifNfHcMgNbHpveRqAVWn3NkG+ZjIjIbD5zaeC1zYN6xGJ23E
3iD+FoQ5605cNyen77Pb1ypTUWpJdMwu5XjG3yMmSkZkBlYupWZ/Bq07u/sweKh2RmD3
ktwg==
X-Gm-Message-State: ALyK8tK9Toqh5YoVy2bLTy818PMQf4475l1UV/t4lPE6/SOUgeYNmNGTiIdpOiFN+mx7Uz4/27MCqqtL9z5N7A==
X-Received: by 10.37.50.150 with SMTP id y144mr18126858yby.17.1466687017808;
Thu, 23 Jun 2016 06:03:37 -0700 (PDT)
MIME-Version: 1.0
Sender: earonesty@gmail.com
Received: by 10.37.72.68 with HTTP; Thu, 23 Jun 2016 06:03:36 -0700 (PDT)
In-Reply-To: <20160623105632.GB19241@fedora-21-dvm>
References: <CAJowKg+zYtUnHv+ea--srehVa5K46sjpWbHVcVGRY5x0w5XRTQ@mail.gmail.com>
<20160621221347.GC10196@fedora-21-dvm>
<CABqynxJCiXL0djx+xt9i=HJqC=0=5sZ9ecL7k1_a_XHiJ8qibw@mail.gmail.com>
<20160623105632.GB19241@fedora-21-dvm>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 23 Jun 2016 09:03:36 -0400
X-Google-Sender-Auth: Qn7F3bW1AKsxJmNwLww7QHS2U7k
Message-ID: <CAJowKgJ8YQ9V891phx1qzJvFD3iWyPVU5iZ1w2LryALWAK5aHQ@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: multipart/alternative; boundary=001a1146cb90b17c070535f1ae39
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Even more proposed BIP extensions to BIP 0070
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2016 13:03:39 -0000
--001a1146cb90b17c070535f1ae39
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
AML/KYC is a *side-effect *of a some very important features of BIP0075.
Features that have nothing to do with public names for wallet seeds,
and moniker *consistency *should be scrapped.
BIP 75 formalises what someone could do today with a bunch of PGP emails
back and forth.
I create a public key, and I exchange it via QR code with you. From then
on, You can initiate invoice requests with me, knowing my moniker is the
same as it was the last time. I publish this key to a server (via DNSSEC)
so anyone can obtain it. Sounds exactly like PGP.
Identity in BIP 75 is merely "moniker consistency". Nothing says that
identity has to be "real"... only publicly verifiably consistent and
accessible. This consistency and the ability to have public names for both
merchants and users are the important features of BIP 075.
Other features linking monikers to real-world identity should be surgically
removed from the standard.
- Users need to be able to send Bitcoin to an address without MITM attacks
during the address exchange.
- Merchants need to be able to supply memorable names linked to internet
services, like web servers and email addresses.
- Merchants and users both need to be able to initiate transaction
off-chain, with a workflow that allows things like rejection, subscription,
etc.
On Thu, Jun 23, 2016 at 6:56 AM, Peter Todd <pete@petertodd.org> wrote:
> On Tue, Jun 21, 2016 at 05:14:31PM -0700, Justin Newton wrote:
> > On Tue, Jun 21, 2016 at 3:13 PM, Peter Todd via bitcoin-dev <
> > Hi Peter,
> > Certainly AML/KYC compliance is one of the use cases that BIP 75 and
> our
> > certificates can support. As a quick summary,
> >
> > There are individuals and entities that would like to buy, sell, and us=
e
> > bitcoin, and other public blockchains, but that have compliance
> > requirements that they need to meet before they can do so. Similarly,
> > companies and entrepreneurs in the space suffer under the potential
> threat
> > of fines, or in extreme cases, jail time, also for not meeting AML or
> > sanctions list compliance. We wanted to build tools that allowed
> > entrepreneurs to breathe easy, while at the same time allow more people
> and
> > companies to enter the ecosystem. We also believe that the solution we
> are
> > using has the characteristics that you want in such a solution, for
> example:
> >
> > 1> Only the counterparties (and possibly their service providers in the
> > case of hosted services) in a transaction can see the identity data,
> > protecting user privacy.
> >
> > 2> The counterparties themselves (and possibly their service providers =
in
> > the case of hosted services) decide whether identity information is
> > required for any given transaction.
> >
> > 3> No trace is left on the blockchain or anywhere else (other than with
> the
> > counterparties) that identity information was even exchanged, protectin=
g
> > fungibility
> >
> > 4> The solution is based on open source and open standards, allowing op=
en
> > permissionless innovation, versus parties building closed networks base=
d
> on
> > closed standards. The very fact that this solution went through the BI=
P
> > process and was adapted based on feedback is an example of how this is
> > better for users than the inevitable closed solution that would arise i=
f
> > the open source, community vetted version didn=E2=80=99t already exist.
> >
> > I don=E2=80=99t know if you are opposed to organizations that have AML
> requirements
> > from using the bitcoin blockchain, but if you aren=E2=80=99t, why would=
n=E2=80=99t you
> > prefer an open source, open standards based solution to exclusionary,
> > proprietary ones?
>
> In some (most?) countries, it is illegal to offer telecoms services witho=
ut
> wiretap facilities. Does that mean Tor builds into its software "open
> source"
> "open standards" wiretapping functionality? No. And interestingly, people
> trying to add support for that stuff is actually a thing that keeps
> happening
> in the Tor community...
>
> In any case, I'd strongly argue that we remove BIP75 from the bips
> repository,
> and boycott wallets that implement it. It's bad strategy for Bitcoin
> developers
> to willingly participate in AML/KYC, just the same way as it's bad for To=
r
> to
> add wiretapping functionality, and W3C to support DRM tech. The minor
> tactical
> wins you'll get our of this aren't worth it.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
--001a1146cb90b17c070535f1ae39
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">AML/KYC is a <i>side-effect </i>of a some very important f=
eatures of BIP0075. =C2=A0=C2=A0<div><br></div><div>Features that have noth=
ing to do with public names for wallet seeds, and=C2=A0moniker=C2=A0<i>cons=
istency=C2=A0</i>should be scrapped.<br><div><br></div><div>BIP 75 formalis=
es what someone could do today with a bunch of PGP emails back and forth.<b=
r><div><br></div><div>I create a public key, and I exchange it via QR code =
with you. =C2=A0 From then on, You can initiate invoice requests with me, k=
nowing my moniker is the same as it was the last time. =C2=A0 I publish thi=
s key to a server (via DNSSEC) so anyone can obtain it. =C2=A0 Sounds exact=
ly like PGP.</div><div><br></div><div>Identity in BIP 75 is merely "mo=
niker consistency".=C2=A0 Nothing says that identity has to be "r=
eal"... only=C2=A0publicly verifiably=C2=A0consistent and accessible.=
=C2=A0 This consistency and the ability to have public names for both merch=
ants and users are the important features of BIP 075. =C2=A0=C2=A0</div><di=
v><br></div><div>Other features linking monikers to real-world identity sho=
uld be surgically removed from the standard.</div><div><br></div><div>- Use=
rs need to be able to send Bitcoin to an address without MITM attacks durin=
g the address exchange. =C2=A0=C2=A0</div><div><br></div><div>- Merchants n=
eed to be able to supply memorable names linked to internet services, like =
web servers and email addresses. =C2=A0<br><br></div><div>- Merchants and u=
sers both need to be able to initiate transaction off-chain, with a workflo=
w that allows things like rejection, subscription, etc.</div><div><br></div=
><div><br></div></div></div></div><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Thu, Jun 23, 2016 at 6:56 AM, Peter Todd <span dir=3D"l=
tr"><<a href=3D"mailto:pete@petertodd.org" target=3D"_blank">pete@petert=
odd.org</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=
=3D"">On Tue, Jun 21, 2016 at 05:14:31PM -0700, Justin Newton wrote:<br>
> On Tue, Jun 21, 2016 at 3:13 PM, Peter Todd via bitcoin-dev <<br>
</span><div><div class=3D"h5">> Hi Peter,<br>
>=C2=A0 =C2=A0 Certainly AML/KYC compliance is one of the use cases that=
BIP 75 and our<br>
> certificates can support.=C2=A0 As a quick summary,<br>
><br>
> There are individuals and entities that would like to buy, sell, and u=
se<br>
> bitcoin, and other public blockchains, but that have compliance<br>
> requirements that they need to meet before they can do so.=C2=A0 Simil=
arly,<br>
> companies and entrepreneurs in the space suffer under the potential th=
reat<br>
> of fines, or in extreme cases, jail time, also for not meeting AML or<=
br>
> sanctions list compliance.=C2=A0 We wanted to build tools that allowed=
<br>
> entrepreneurs to breathe easy, while at the same time allow more peopl=
e and<br>
> companies to enter the ecosystem.=C2=A0 We also believe that the solut=
ion we are<br>
> using has the characteristics that you want in such a solution, for ex=
ample:<br>
><br>
> 1> Only the counterparties (and possibly their service providers in=
the<br>
> case of hosted services) in a transaction can see the identity data,<b=
r>
> protecting user privacy.<br>
><br>
> 2> The counterparties themselves (and possibly their service provid=
ers in<br>
> the case of hosted services) decide whether identity information is<br=
>
> required for any given transaction.<br>
><br>
> 3> No trace is left on the blockchain or anywhere else (other than =
with the<br>
> counterparties) that identity information was even exchanged, protecti=
ng<br>
> fungibility<br>
><br>
> 4> The solution is based on open source and open standards, allowin=
g open<br>
> permissionless innovation, versus parties building closed networks bas=
ed on<br>
> closed standards.=C2=A0 The very fact that this solution went through =
the BIP<br>
> process and was adapted based on feedback is an example of how this is=
<br>
> better for users than the inevitable closed solution that would arise =
if<br>
> the open source, community vetted version didn=E2=80=99t already exist=
.<br>
><br>
> I don=E2=80=99t know if you are opposed to organizations that have AML=
requirements<br>
> from using the bitcoin blockchain, but if you aren=E2=80=99t, why woul=
dn=E2=80=99t you<br>
> prefer an open source, open standards based solution to exclusionary,<=
br>
> proprietary ones?<br>
<br>
</div></div>In some (most?) countries, it is illegal to offer telecoms serv=
ices without<br>
wiretap facilities. Does that mean Tor builds into its software "open =
source"<br>
"open standards" wiretapping functionality? No. And interestingly=
, people<br>
trying to add support for that stuff is actually a thing that keeps happeni=
ng<br>
in the Tor community...<br>
<br>
In any case, I'd strongly argue that we remove BIP75 from the bips repo=
sitory,<br>
and boycott wallets that implement it. It's bad strategy for Bitcoin de=
velopers<br>
to willingly participate in AML/KYC, just the same way as it's bad for =
Tor to<br>
add wiretapping functionality, and W3C to support DRM tech. The minor tacti=
cal<br>
wins you'll get our of this aren't worth it.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
--<br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
s://petertodd.org</a> 'peter'[:-1]@<a href=3D"http://petertodd.org"=
rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
</div></div></blockquote></div><br></div>
--001a1146cb90b17c070535f1ae39--
|
