1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <rick.wesson@iidf.org>) id 1U4zfd-0004Tx-14
for bitcoin-development@lists.sourceforge.net;
Mon, 11 Feb 2013 20:08:09 +0000
X-ACL-Warn:
Received: from mail-qa0-f49.google.com ([209.85.216.49])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1U4zfb-0003A5-5B
for bitcoin-development@lists.sourceforge.net;
Mon, 11 Feb 2013 20:08:09 +0000
Received: by mail-qa0-f49.google.com with SMTP id o13so1333034qaj.15
for <bitcoin-development@lists.sourceforge.net>;
Mon, 11 Feb 2013 12:08:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=mime-version:x-received:in-reply-to:references:date:message-id
:subject:from:to:cc:content-type:x-gm-message-state;
bh=ELVoq4x+2yR+FFehAt1BrKTHFNCV8zffOIVqUE6/1bs=;
b=P1rtLBbMnf5DXJ1siFwWJBOvm4Vlk0Ee/8pF93kXA2Wl/TOUzGoMePAKSqoIO7Rc83
Fl1671WpSn3VuRyFD3KNz+frqVSGfkp5jsr4hywdrGleuBh3INgsxcZpThcc6SNGohG3
6OGkYdpHKCrAlR1tamXezxucBYHBd45yduIdgRrIKxjgFCfaPMlCzo74vg9LZN1JHA+4
Nux0C/XbExHA/T2FiC+6lL7TpP0NuYV8W5ENdZ1zDPJBMhBI3iyxHlAoInF7qe2dsY6c
BL2RN/mjhBlRi2tUlsgKJFwQ73b9xTRJyGXB+yKK58zbvXHDLLHBhx+tLu+6cwIXtAsr
H5fQ==
MIME-Version: 1.0
X-Received: by 10.224.52.68 with SMTP id h4mr5703671qag.17.1360611543131; Mon,
11 Feb 2013 11:39:03 -0800 (PST)
Received: by 10.49.12.39 with HTTP; Mon, 11 Feb 2013 11:39:03 -0800 (PST)
In-Reply-To: <20130208100354.GA26627@crunch>
References: <20130208100354.GA26627@crunch>
Date: Mon, 11 Feb 2013 11:39:03 -0800
Message-ID: <CAJ1JLtsAC5mxAXCdGBh_6byuLmjxc5kBrK6HMeDWwbXCRc5UWw@mail.gmail.com>
From: Rick Wesson <rick@support-intelligence.com>
To: timo.hanke@web.de
Content-Type: multipart/alternative; boundary=20cf3074afa8b4a56e04d5780fdf
X-Gm-Message-State: ALoCoQnPjn8VeIDwZI88GOuyou2jFcizCR9IJjyIN4oa5jyHvQItsytJDVQQEZ6okeWLc1aVrubE
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1U4zfb-0003A5-5B
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Blockchain as root CA for payment protocol
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 20:08:09 -0000
--20cf3074afa8b4a56e04d5780fdf
Content-Type: text/plain; charset=ISO-8859-1
I prefer to leverage the signing of the (.) root in the DNS tree. The
amount of effort in signing the root holds more weight than building a CA
off the bitcoin blockchain.
If you want to associate identifiers for payment addresses I suggest
putting those in DNSSEC signed records in the DNS.
For routing around x.509 CAs I suggest participating in the DANE working
group in the IETF.
-rick
On Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke <timo.hanke@web.de> wrote:
> There have been proposals to use the blockchain to establish
> "identities". firstbits is a simple example. I would like to announce a
> project that extends this idea to turn the blockchain into a "root CA"
> that can sign arbitrary certificates. The purpose is to use these
> certificates in the payment protocol, where some might consider
> traditional centralized root CAs unsatisfactory.
>
> Code is here: https://github.com/bcpki
>
> Technical specification and full-length examples are found in the wiki.
> I therefore spare myself from repeating the details here, even though,
> of course, discussion about those details is welcome on this list.
>
> Excerpt from README.md follows:
>
> First, we have drafted a quite general specification for bitcoin
> certificates (protobuf messages) that allow for a variety of payment
> protocols (e.g. static as well as customer-side-generated payment
> addresses).
> This part has surely been done elsewhere as well and is orthogonal to the
> goal of this project.
> What is new here is the signatures _under_ the certificates.
>
> We have patched the bitcoind to handle certificates, submit signatures to
> the blockchain, verify certificates against the blockchain, pay directly to
> certificates (with various payment methods), revoke certificates.
> Signatures in the blockchain are stored entirely in the UTXO set (i.e. the
> unspend, unprunable outputs).
> This seems to make signature lookup and verification reasonably fast:
> it took us 10s in the mainnet test we performed (lookup is instant on the
> testnet, of course).
>
> Payment methods include: static bitcoin addresses, client-side derived
> payment addresses (pay-to-contract), pay-to-contract with multisig
> destinations (P2SH)
>
> Full-length real-world examples for all payment methods are provided in
> the tutorial pages.
> These examples have actually been carried out on testnet3.
>
> For further details and specifications see the wiki.
>
> timo hanke
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--20cf3074afa8b4a56e04d5780fdf
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
I=A0prefer=A0to leverage the signing of the (.) root in the DNS tree. The a=
mount of effort in signing the root holds more weight than building a CA of=
f the bitcoin blockchain.<div><br></div><div>If you want to associate ident=
ifiers for payment addresses I suggest putting those in DNSSEC signed recor=
ds in the DNS.</div>
<div><br></div><div>For routing around x.509 CAs I suggest=A0participating=
=A0in the DANE working group in the IETF.</div><div><br></div><div>-rick</d=
iv><div>=A0<br><br><div class=3D"gmail_quote">On Fri, Feb 8, 2013 at 2:03 A=
M, Timo Hanke <span dir=3D"ltr"><<a href=3D"mailto:timo.hanke@web.de" ta=
rget=3D"_blank">timo.hanke@web.de</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">There have been proposals to use the blockch=
ain to establish<br>
"identities". firstbits is a simple example. I would like to anno=
unce a<br>
project that extends this idea to turn the blockchain into a "root CA&=
quot;<br>
that can sign arbitrary certificates. The purpose is to use these<br>
certificates in the payment protocol, where some might consider<br>
traditional centralized root CAs unsatisfactory.<br>
<br>
Code is here: <a href=3D"https://github.com/bcpki" target=3D"_blank">https:=
//github.com/bcpki</a><br>
<br>
Technical specification and full-length examples are found in the wiki.<br>
I therefore spare myself from repeating the details here, even though,<br>
of course, discussion about those details is welcome on this list.<br>
<br>
Excerpt from README.md follows:<br>
<br>
First, we have drafted a quite general specification for bitcoin certificat=
es (protobuf messages) that allow for a variety of payment protocols (e.g. =
static as well as customer-side-generated payment addresses).<br>
This part has surely been done elsewhere as well and is orthogonal to the g=
oal of this project.<br>
What is new here is the signatures _under_ the certificates.<br>
<br>
We have patched the bitcoind to handle certificates, submit signatures to t=
he blockchain, verify certificates against the blockchain, pay directly to =
certificates (with various payment methods), revoke certificates.<br>
Signatures in the blockchain are stored entirely in the UTXO set (i.e. the =
unspend, unprunable outputs).<br>
This seems to make signature lookup and verification reasonably fast:<br>
it took us 10s in the mainnet test we performed (lookup is instant on the t=
estnet, of course).<br>
<br>
Payment methods include: static bitcoin addresses, client-side derived<br>
payment addresses (pay-to-contract), pay-to-contract with multisig destinat=
ions (P2SH)<br>
<br>
Full-length real-world examples for all payment methods are provided in the=
tutorial pages.<br>
These examples have actually been carried out on testnet3.<br>
<br>
For further details and specifications see the wiki.<br>
<br>
timo hanke<br>
<br>
---------------------------------------------------------------------------=
---<br>
Free Next-Gen Firewall Hardware Offer<br>
Buy your Sophos next-gen firewall before the end March 2013<br>
and get the hardware for free! Learn more.<br>
<a href=3D"http://p.sf.net/sfu/sophos-d2d-feb" target=3D"_blank">http://p.s=
f.net/sfu/sophos-d2d-feb</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div><br></div>
--20cf3074afa8b4a56e04d5780fdf--
|