summaryrefslogtreecommitdiff
path: root/b5/e50e3c04b60db8a46fa280eec49b44e2c3d49c
blob: 1211caea302abc089d2f38f24dc6efef941cb704 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
Return-Path: <rsomsen@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 6B145C002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 18 Oct 2022 12:40:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 35E4241932
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 18 Oct 2022 12:40:51 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 35E4241932
Authentication-Results: smtp4.osuosl.org;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.a=rsa-sha256 header.s=20210112 header.b=qmp7HCuM
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4MsOLpoO7uGl
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 18 Oct 2022 12:40:50 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C9BE34183E
Received: from mail-oo1-xc32.google.com (mail-oo1-xc32.google.com
 [IPv6:2607:f8b0:4864:20::c32])
 by smtp4.osuosl.org (Postfix) with ESMTPS id C9BE34183E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 18 Oct 2022 12:40:49 +0000 (UTC)
Received: by mail-oo1-xc32.google.com with SMTP id
 s125-20020a4a5183000000b0047fbaf2fcbcso3038882ooa.11
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 18 Oct 2022 05:40:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=lqAB2G0fs6wEN+LSIKjHmckOCTcBABBxw9J2GbRZE1M=;
 b=qmp7HCuMMxPPNPMHFuhFGT8XFPk1nvK4UfJYaDendEK1YmNzUcUU1xfabBW1kydkTz
 7KZxhKUGF7kTmuctPnUrHFLIuQPxqpJ14w7xvMkJX2t7glrFKzmw4P2Rulo/EgEFVLzy
 wPNCBL0V35zacgtJAfnY5GC0Zu7gDIJgXY+sC1tJG/M4ys+y9v/qEvB4cnDda+me96ZA
 DQUhCn7D/8/VLOUwquGkjlFaL8qlw2sK8Ai6DrvkOn8JtplN9xNX9t6868pox7j06whM
 xKH2OtHscj9yl38+Ni3i2bpiYx8Oa2hbxZpMfAyrRCljm4rT84+Q3C0Y3bmUzW0bNi/g
 PIZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=lqAB2G0fs6wEN+LSIKjHmckOCTcBABBxw9J2GbRZE1M=;
 b=mEfpGMyvbPSNOEA/znh9/K4YoiNHklImxTOvMqc4CC723ui7KUBUDEwUPPN4xgcv0u
 pEKQRAPOxAJyKRmvW5szF7yeLXgYzmzlxZWcWwBMcoPOfqC3mhF9vrnwQR0tEu8xWuZk
 I8LIQNnS4ewDNTVh27FCknwpHLtsYaqiO1YB456cqgbvWxzK+8SFp3V5ClEf8Xhd2WHC
 3aQgXFG3J8WA/9FiedL31unlb7/A5knwwdOwN2WuFD6eHqaSGmI7WJICEVo6lToBAMH9
 0zKqqrZD88Rj+L91Wa/Zo2JPIrmVFKqGdZyVTkxs4H9kuJjbiq216fsZTAhXUJ+86714
 WWJw==
X-Gm-Message-State: ACrzQf0SaB2dlGF0pj0E1RgZ000ma4k+d3u06ooRqYBI4CZM7LyZhkug
 brGq0grxWFZ0eqt+J6sb/GbPNojVQIRxyaz3hRk=
X-Google-Smtp-Source: AMsMyM66KYFmo1EfLvBORIuSK1Q5cVnTzk92stk3nt9EJvD/wvFdFWEZJqCwUyFCU+YPhZiObbyqeYq8XR2Dx3KM+cQ=
X-Received: by 2002:a4a:af4d:0:b0:475:dcf4:65fb with SMTP id
 x13-20020a4aaf4d000000b00475dcf465fbmr1141619oon.1.1666096848705; Tue, 18 Oct
 2022 05:40:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAPv7TjbOcH2mte8SWALc2o5aEKLO7qoZ-M_e1wHdGSp6EmMc2Q@mail.gmail.com>
 <9f399e0c2713f2b1d2534cd754356bb5@dtrt.org>
 <CAPv7TjY=35H2rmCxBavLwe3+8A9osao0QAMF_grb6WFA502b5Q@mail.gmail.com>
 <1-euAstnYmNT7A9s0rniXdimmudFXODjkXiYXLK1hx1W7f_2rBLD1lPpaNi9Vx9tq2oahdCs6wDuXMy9SR6WfRTYzl2vDxSi6IVQLELKNLs=@protonmail.com>
 <CABaSBazV-ZO2kUEZzDubGQbxn-zt4acJ1wQxzJo9y4qFYtWM-w@mail.gmail.com>
In-Reply-To: <CABaSBazV-ZO2kUEZzDubGQbxn-zt4acJ1wQxzJo9y4qFYtWM-w@mail.gmail.com>
From: Ruben Somsen <rsomsen@gmail.com>
Date: Tue, 18 Oct 2022 14:40:38 +0200
Message-ID: <CAPv7TjYnM=3RMAwXe_Ssa-RXz5CxP0xAxxLdQVq79T5BYvT9mQ@mail.gmail.com>
To: rot13maxi <rot13maxi@protonmail.com>
Content-Type: multipart/alternative; boundary="000000000000d41cea05eb4e6688"
X-Mailman-Approved-At: Tue, 18 Oct 2022 12:49:26 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev]
	=?utf-8?q?Trustless_Address_Server_=E2=80=93_Outsou?=
	=?utf-8?q?rcing_handing_out_addresses_to_prevent_address_reuse?=
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 12:40:51 -0000

--000000000000d41cea05eb4e6688
Content-Type: text/plain; charset="UTF-8"

Hi Rijndael,

I think your thoughts are pretty much compatible with this proposal, as
what I'm describing (the recipient signing their keys) is also essentially
a form of authentication.

It's a good observation that in general this makes the communication of
addresses more secure. I do wish to re-emphasize Bryan's remark that you
still need to ensure the pubkey itself is securely communicated.

>depending on the setup, this could be that the address server also has the
Address Authentication privkey for bob, or it could be that bob gets some
callback or notification, or that bob has pre-signed a batch of addresses

In my opinion the only meaningful distinction is whether Bob runs the
Trustless Address Server himself (full privacy) or not. In either case I
see no reason to diverge from the model where Bob deposits a batch of
signed keys to the server, ensuring that no malicious addresses can be
handed out.

Note I discussed the Trustless Address Server design in the first 20
minutes of this podcast:
https://twitter.com/bitcoinoptech/status/1580573594656333825

And I also brought it up in my presentation at Tabconf last Saturday, but
that video isn't online yet.

Cheers,
Ruben



On Tue, Oct 18, 2022 at 2:07 AM Bryan Bishop via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On Mon, Oct 17, 2022 at 7:05 PM rot13maxi via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Unbeknownst to them, the clipboard contents have been replaced with an
>> address controlled by some bad actor.
>>
> [snip]
>
>> Now imagine instead that the wallet has some address book with a pubkey
>> for each recipient the user wants to send bitcoin to.
>>
>
> Isn't this the same problem but now for copy-pasting pubkeys instead of an
> address?
>
> - Bryan
> https://twitter.com/kanzure
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--000000000000d41cea05eb4e6688
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi=C2=A0Rijndael,<div><br></div><div>I think your thoughts=
 are pretty much compatible with this proposal, as what I&#39;m describing =
(the=C2=A0recipient signing their keys) is also essentially a form of authe=
ntication.</div><div><br></div><div>It&#39;s a good=C2=A0observation that i=
n general this makes the communication of addresses more secure. I do wish =
to re-emphasize Bryan&#39;s remark that you still need to ensure the pubkey=
 itself is securely communicated.</div><div><br></div><div>&gt;depending on=
 the setup, this could be that the address server also has the Address Auth=
entication privkey for bob, or it could be that bob gets some callback or n=
otification, or that bob has pre-signed a batch of addresses</div><div><br>=
</div><div>In my opinion the only meaningful distinction is whether Bob run=
s the Trustless Address Server himself (full privacy) or not. In either cas=
e I see no reason to diverge from the model where Bob deposits a batch of s=
igned keys to the server,=C2=A0ensuring that no malicious addresses can be =
handed out.</div><div><br></div><div>Note I discussed the Trustless Address=
 Server design in the first 20 minutes of this podcast:</div><div><a href=
=3D"https://twitter.com/bitcoinoptech/status/1580573594656333825">https://t=
witter.com/bitcoinoptech/status/1580573594656333825</a><br></div><div><br><=
/div><div>And I also brought it up in my presentation at Tabconf last Satur=
day, but that video isn&#39;t online yet.</div><div><br></div><div>Cheers,<=
/div><div>Ruben</div><div><br></div><div><br></div></div><br><div class=3D"=
gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Oct 18, 2022 at =
2:07 AM Bryan Bishop via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@list=
s.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:=
<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr=
"><div dir=3D"ltr">On Mon, Oct 17, 2022 at 7:05 PM rot13maxi via bitcoin-de=
v &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_b=
lank">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br></div><div cl=
ass=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div =
style=3D"font-family:Arial;font-size:14px">Unbeknownst to them, the clipboa=
rd contents have been replaced with an address controlled by some bad actor=
.<br></div></blockquote><div>[snip]=C2=A0</div><blockquote class=3D"gmail_q=
uote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,2=
04);padding-left:1ex"><div style=3D"font-family:Arial;font-size:14px">Now i=
magine instead that the wallet has some address book with a pubkey for each=
 recipient the user wants to send bitcoin to.<br></div></blockquote><div><b=
r>Isn&#39;t this the same problem but now for copy-pasting pubkeys instead =
of an address?<br><br></div></div><div dir=3D"ltr"><div dir=3D"ltr">- Bryan=
<br><a href=3D"https://twitter.com/kanzure" target=3D"_blank">https://twitt=
er.com/kanzure</a></div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--000000000000d41cea05eb4e6688--