1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <etotheipi@gmail.com>) id 1SFDez-0000Sa-HU
for bitcoin-development@lists.sourceforge.net;
Wed, 04 Apr 2012 00:01:13 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.216.175 as permitted sender)
client-ip=209.85.216.175; envelope-from=etotheipi@gmail.com;
helo=mail-qc0-f175.google.com;
Received: from mail-qc0-f175.google.com ([209.85.216.175])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1SFDex-00017q-7t
for bitcoin-development@lists.sourceforge.net;
Wed, 04 Apr 2012 00:01:13 +0000
Received: by qcso7 with SMTP id o7so213906qcs.34
for <bitcoin-development@lists.sourceforge.net>;
Tue, 03 Apr 2012 17:01:05 -0700 (PDT)
Received: by 10.224.73.12 with SMTP id o12mr19378820qaj.98.1333497665823;
Tue, 03 Apr 2012 17:01:05 -0700 (PDT)
Received: from [192.168.1.85] (c-76-111-96-126.hsd1.md.comcast.net.
[76.111.96.126])
by mx.google.com with ESMTPS id bm15sm2861651qab.17.2012.04.03.17.01.04
(version=SSLv3 cipher=OTHER); Tue, 03 Apr 2012 17:01:05 -0700 (PDT)
Message-ID: <4F7B8F46.8060706@gmail.com>
Date: Tue, 03 Apr 2012 20:01:10 -0400
From: Alan Reiner <etotheipi@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Mike Koss <mike@coinlab.com>
References: <4F7A1227.7070306@gmail.com> <CABsx9T3MQzJ5gN5xTZ9y5d-og11=mB86cM3ZP4S-fhjs1U+20g@mail.gmail.com> <201204031455.42265.luke@dashjr.org> <CA+s+GJCKcOky=Kfa9cNaEnpO0Lj4Va8a8N=-OZSoXLoO8aUGgQ@mail.gmail.com> <CAMGNxUujVx0taTh+QR1WFBMKGWcxF-CvCMPwVFWirQ=XyZtquA@mail.gmail.com> <4F7B67D6.7090101@gmail.com>
<CAErK2CjSEvhuHt-fdu-jTL6A9sL9NEXZQM6fUxSz9bxeTxHoAQ@mail.gmail.com>
In-Reply-To: <CAErK2CjSEvhuHt-fdu-jTL6A9sL9NEXZQM6fUxSz9bxeTxHoAQ@mail.gmail.com>
Content-Type: multipart/alternative;
boundary="------------070402000406060702000909"
X-Spam-Score: -0.1 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(etotheipi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.0 FREEMAIL_REPLY From and body contain different freemails
-0.5 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1SFDex-00017q-7t
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Signature Blocks and URI Sign Requests
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 00:01:13 -0000
This is a multi-part message in MIME format.
--------------070402000406060702000909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mike,
You make an excellent point. Neither of these proposals impact the
protocol itself. I hadn't considered that. But I think it's a
critically important problem to solve (signature blocks, not so much,
but it could piggy back on the same solution). So the mailing list is
a good place to discuss this, but it maybe it shouldn't be labeled as a
BIP. I'll leave that up to the others (arguably, the URI scheme is not
a protocol change, either, but was still a BIP).
There is all this fanfare around P2SH and how multi-sig is the solution
to all these security problems, but how the hell do you use it? I
believe that BIP 10 (or successor) is *critical//*to the success of
multi-sig, because the greatest barrier to using multi-sig will be the
ability to actually execute them in less than 14 steps. And if every
client implements it differently, there's even less chance it will be
used (assuming the userbase reaches any level of client diversity).
I think we need to supply a solution to this existing problem before
everyone starts solving it on their own and fragmenting the market. No
one has to use the solution we come up with -- but I believe it's a
problem for which most developers will take any solution that is easy to
exchange, size-efficient and promised to be interoperable (if for no
other reason than the Satoshi client uses it).
-Alan
On 04/03/2012 07:37 PM, Mike Koss wrote:
> Alan, I'm coming in late to the conversation - do I understand that
> BIP 010 does not propose any changes to the protocol - but just an
> intermediate data format that other clients might use to collect the
> need key material to sign a multi-signature block?
>
> If so - one might ask what the role of BIP's are if they actually do
> not impact the protocol?
>
> If there is any encapsulated data format that is expected to be
> interpreted by clients - I'd call that a "protocol change"; but I take
> it in this instance that you will transmit these signature block out
> of band from the client ... yet they would have to be parsed and
> converted into a Transaction Script once collected by SOME client?
> Would we expect the standard client do so?
>
> Sorry if this has been discussed before - I'm trying to understand the
> proposal.
>
>
> On Tue, Apr 3, 2012 at 2:12 PM, Alan Reiner <etotheipi@gmail.com
> <mailto:etotheipi@gmail.com>> wrote:
>
> Just to clarify, I'm not proposing anything to the protocol
> itself. Simply that some applications might benefit from users
> being to sign messages with existing Bitcoin identities, and what
> can we do to accommodate that (out of band)? It's not a high
> priority, but I think it's potentially useful, and most codebases
> already have everything they need in place to implement it.
>
>
>
> On 04/03/2012 04:04 PM, Peter Vessenes wrote:
>> I don't think it's minimally invasive to layer PGP's web of trust
>> on top of Bitcoin, in fact, the opposite.
>>
>> From a certain angle, bitcoin exists as a sort of answer /
>> alternate solution to the web of trust. Digital cash with an
>> existing web of trust in place was a working concept in the
>> mid-1990s, courtesy of David Chaum, I believe.
>>
>> I totally agree on the kitchen sink concern; I would personally
>> like to see something like a one-year required discussion period
>> on all non-security changes proposed to the blockchain protocol.
>> We know almost nothing about how bitcoin will be used over the
>> next 20 years; I believe it's a mistake to bulk up the protocol
>> too rapidly right now.
>>
>> There's a famous phrase from the founder of Lotus about Lotus'
>> engineering process: "add lightness." The equivalent for protocol
>> design might be "add simplicity." I'd like to see us adding
>> simplicity for now, getting a core set of tests together for
>> alternate implementations like libbitcoin, and thinking hard
>> about the dangers of cruft over a 10+ year period when it comes
>> to a technology which will necessarily include a complete history
>> of every crufty decision embodied in transaction histories.
>>
>> Peter
>>
>>
>> On Tue, Apr 3, 2012 at 1:42 PM, Wladimir <laanwj@gmail.com
>> <mailto:laanwj@gmail.com>> wrote:
>>
>>
>> On Tue, Apr 3, 2012 at 8:55 PM, Luke-Jr <luke@dashjr.org
>> <mailto:luke@dashjr.org>> wrote:
>>
>> On Tuesday, April 03, 2012 2:46:17 PM Gavin Andresen wrote:
>> > We should avoid reinventing the wheel, if we can. I
>> think we should
>> > extend existing standards whenever possible.
>>
>> I wonder if it's possible to make sigs compatible with
>> PGP/EC ?
>>
>>
>> Or we could take a step back, further into "don't reinvent
>> the wheel" territory. Why not simply make use of PGP(/EC) to
>> sign and verify messages? It has many advantages, like an
>> already existing web-of-trust and keyserver infrastructure.
>>
>> I still feel like this is sign message stuff is dragging the
>> kitchen sink into Bitcoin. It's fine for logging into a
>> website, what you use it for, but anything that approaches
>> signing email (such as S/MIME implementations and handling
>> different character encodings) is going too far IMO.
>>
>> Wladimir
>>
>>
>> ------------------------------------------------------------------------------
>> Better than sec? Nothing is better than sec when it comes to
>> monitoring Big Data applications. Try Boundary one-second
>> resolution app monitoring today. Free.
>> http://p.sf.net/sfu/Boundary-dev2dev
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> <mailto:Bitcoin-development@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>>
>>
>> --
>>
>> Peter J. Vessenes
>> CEO, CoinLab
>> M: 206.595.9839 <tel:206.595.9839>
>>
>>
>> ------------------------------------------------------------------------------
>> Better than sec? Nothing is better than sec when it comes to
>> monitoring Big Data applications. Try Boundary one-second
>> resolution app monitoring today. Free.
>> http://p.sf.net/sfu/Boundary-dev2dev
>>
>>
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net <mailto:Bitcoin-development@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> <mailto:Bitcoin-development@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
>
> --
> Mike Koss
> CTO, CoinLab
> (425) 246-7701 (m)
>
> A Bitcoin Primer <http://coinlab.com/a-bitcoin-primer.pdf> - What you
> need to know about Bitcoins.
>
--------------070402000406060702000909
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Mike,<br>
<br>
You make an excellent point. Neither of these proposals impact the
protocol itself. I hadn't considered that. But I think it's a
critically important problem to solve (signature blocks, not so
much, but it could piggy back on the same solution). So the
mailing list is a good place to discuss this, but it maybe it
shouldn't be labeled as a BIP. I'll leave that up to the others
(arguably, the URI scheme is not a protocol change, either, but was
still a BIP).<br>
<br>
There is all this fanfare around P2SH and how multi-sig is the
solution to all these security problems, but how the hell do you use
it? I believe that BIP 10 (or successor) is <b>critical<i> </i></b>to
the success of multi-sig, because the greatest barrier to using
multi-sig will be the ability to actually execute them in less than
14 steps. And if every client implements it differently, there's
even less chance it will be used (assuming the userbase reaches any
level of client diversity). <br>
<br>
I think we need to supply a solution to this existing problem before
everyone starts solving it on their own and fragmenting the market.
No one has to use the solution we come up with -- but I believe it's
a problem for which most developers will take any solution that is
easy to exchange, size-efficient and promised to be interoperable
(if for no other reason than the Satoshi client uses it).<br>
<br>
-Alan<br>
<br>
<br>
<br>
On 04/03/2012 07:37 PM, Mike Koss wrote:
<blockquote
cite="mid:CAErK2CjSEvhuHt-fdu-jTL6A9sL9NEXZQM6fUxSz9bxeTxHoAQ@mail.gmail.com"
type="cite">Alan, I'm coming in late to the conversation - do I
understand that BIP 010 does not propose any changes to the
protocol - but just an intermediate data format that other clients
might use to collect the need key material to sign a
multi-signature block?
<div>
<div><br>
</div>
<div>If so - one might ask what the role of BIP's are if they
actually do not impact the protocol?</div>
<div><br>
</div>
<div>If there is any encapsulated data format that is expected
to be interpreted by clients - I'd call that a "protocol
change"; but I take it in this instance that you will transmit
these signature block out of band from the client ... yet they
would have to be parsed and converted into a Transaction
Script once collected by SOME client? Would we expect the
standard client do so?</div>
<div><br>
</div>
<div>Sorry if this has been discussed before - I'm trying to
understand the proposal.</div>
<div><br>
</div>
<div><br>
<div class="gmail_quote">On Tue, Apr 3, 2012 at 2:12 PM, Alan
Reiner <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:etotheipi@gmail.com">etotheipi@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000"> Just to clarify,
I'm not proposing anything to the protocol itself.
Simply that some applications might benefit from users
being to sign messages with existing Bitcoin identities,
and what can we do to accommodate that (out of band)?
It's not a high priority, but I think it's potentially
useful, and most codebases already have everything they
need in place to implement it.
<div>
<div class="h5"><br>
<br>
<br>
On 04/03/2012 04:04 PM, Peter Vessenes wrote:
<blockquote type="cite">I don't think it's minimally
invasive to layer PGP's web of trust on top of
Bitcoin, in fact, the opposite.
<div><br>
</div>
<div>From a certain angle, bitcoin exists as a
sort of answer / alternate solution to the web
of trust. Digital cash with an existing web of
trust in place was a working concept in the
mid-1990s, courtesy of David Chaum, I believe.</div>
<div><br>
</div>
<div>I totally agree on the kitchen sink concern;
I would personally like to see something like a
one-year required discussion period on all
non-security changes proposed to the blockchain
protocol. We know almost nothing about how
bitcoin will be used over the next 20 years; I
believe it's a mistake to bulk up the protocol
too rapidly right now.</div>
<div><br>
</div>
<div>There's a famous phrase from the founder of
Lotus about Lotus' engineering process: "add
lightness." The equivalent for protocol design
might be "add simplicity." I'd like to see us
adding simplicity for now, getting a core set of
tests together for alternate implementations
like libbitcoin, and thinking hard about the
dangers of cruft over a 10+ year period when it
comes to a technology which will necessarily
include a complete history of every crufty
decision embodied in transaction histories.</div>
<div><br>
</div>
<div>Peter</div>
<div><br>
<br>
<div class="gmail_quote">On Tue, Apr 3, 2012 at
1:42 PM, Wladimir <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:laanwj@gmail.com"
target="_blank">laanwj@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:
0pt 0pt 0pt 0.8ex; border-left: 1px solid
rgb(204, 204, 204); padding-left: 1ex;"> <br>
<div class="gmail_quote">
<div>On Tue, Apr 3, 2012 at 8:55 PM,
Luke-Jr <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:luke@dashjr.org"
target="_blank">luke@dashjr.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;">
<div>On Tuesday, April 03, 2012
2:46:17 PM Gavin Andresen wrote:<br>
> We should avoid reinventing the
wheel, if we can. I think we should<br>
> extend existing standards
whenever possible.<br>
<br>
</div>
I wonder if it's possible to make sigs
compatible with PGP/EC ?<br>
</blockquote>
</div>
<div><br>
Or we could take a step back, further
into "don't reinvent the wheel"
territory. Why not simply make use of
PGP(/EC) to sign and verify messages? It
has many advantages, like an already
existing web-of-trust and keyserver
infrastructure.<br>
<br>
I still feel like this is sign message
stuff is dragging the kitchen sink into
Bitcoin. It's fine for logging into a
website, what you use it for, but
anything that approaches signing email
(such as S/MIME implementations and
handling different character encodings)
is going too far IMO. <br>
<span><font color="#888888"> <br>
Wladimir<br>
<br>
</font></span></div>
</div>
<br>
------------------------------------------------------------------------------<br>
Better than sec? Nothing is better than sec
when it comes to<br>
monitoring Big Data applications. Try
Boundary one-second<br>
resolution app monitoring today. Free.<br>
<a moz-do-not-send="true"
href="http://p.sf.net/sfu/Boundary-dev2dev"
target="_blank">http://p.sf.net/sfu/Boundary-dev2dev</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a moz-do-not-send="true"
href="mailto:Bitcoin-development@lists.sourceforge.net"
target="_blank">Bitcoin-development@lists.sourceforge.net</a><br>
<a moz-do-not-send="true"
href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development"
target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<br>
<div>Peter J. Vessenes</div>
<div>CEO, CoinLab</div>
<div>M: <a moz-do-not-send="true"
href="tel:206.595.9839" value="+12065959839"
target="_blank">206.595.9839</a></div>
<br>
</div>
<pre><fieldset></fieldset>
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
<a moz-do-not-send="true" href="http://p.sf.net/sfu/Boundary-dev2dev" target="_blank">http://p.sf.net/sfu/Boundary-dev2dev</a></pre>
<pre><fieldset></fieldset>
_______________________________________________
Bitcoin-development mailing list
<a moz-do-not-send="true" href="mailto:Bitcoin-development@lists.sourceforge.net" target="_blank">Bitcoin-development@lists.sourceforge.net</a>
<a moz-do-not-send="true" href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
------------------------------------------------------------------------------<br>
Better than sec? Nothing is better than sec when it comes
to<br>
monitoring Big Data applications. Try Boundary one-second<br>
resolution app monitoring today. Free.<br>
<a moz-do-not-send="true"
href="http://p.sf.net/sfu/Boundary-dev2dev"
target="_blank">http://p.sf.net/sfu/Boundary-dev2dev</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a moz-do-not-send="true"
href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a moz-do-not-send="true"
href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development"
target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Mike Koss
<div>CTO, CoinLab</div>
<div>(425) 246-7701 (m)</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://coinlab.com/a-bitcoin-primer.pdf"
target="_blank">A Bitcoin Primer</a> - What you need to
know about Bitcoins.</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>
--------------070402000406060702000909--
|
