1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <johnathan@corganlabs.com>) id 1VciwO-0007eb-Rh
for bitcoin-development@lists.sourceforge.net;
Sat, 02 Nov 2013 21:41:08 +0000
Received: from mail-pd0-f182.google.com ([209.85.192.182])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VciwM-00016H-Tv
for bitcoin-development@lists.sourceforge.net;
Sat, 02 Nov 2013 21:41:08 +0000
Received: by mail-pd0-f182.google.com with SMTP id q10so5234766pdj.13
for <bitcoin-development@lists.sourceforge.net>;
Sat, 02 Nov 2013 14:41:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
:subject:references:in-reply-to:openpgp:content-type;
bh=CIFg14yi8ASt051cRwP4/X+QoDsi8nZsIUq7fvOvedU=;
b=IJPOQZnHJK9uYJCs6F1PjP5UbceEuTERTDH1bEAgb4dSqXTZtTm8VTgOE4Ktin4n1A
v+WPWW/r+v3jJkuwixe2i1QxTDky+bsR2ZrnX4A1JaikHrZliGTgoLxIno+LHubVl2vW
9aALHp5MOLVHrj3YthgXIxKNzkZdAxnZknzUSPqs4DIOSn1iKPddU9cyIb+iEB8gwX+Q
chevbDp18NwZg9KMRFhHNQuDLk6uwDh2GwB6I3gOisfF7v/TUSfsCTnlLKCjE820rpN4
+IkgOXbbpnqLE63IQkTIWu9Owbev0PlwbZvWGbwlXAJWKYMg3+uaMPQAhlnejD2tbQmC
8avw==
X-Gm-Message-State: ALoCoQkBpuxbC5Lh/Vj1il9RXXjR3PAbRknk79XcetObxAFOmi3mfWSbno5Jch4AD3pbRWW6XOyL
X-Received: by 10.68.125.198 with SMTP id ms6mr9475403pbb.98.1383426874454;
Sat, 02 Nov 2013 14:14:34 -0700 (PDT)
Received: from [192.168.1.10] (64-142-68-61.dsl.static.sonic.net.
[64.142.68.61])
by mx.google.com with ESMTPSA id wd6sm21857533pab.3.2013.11.02.14.14.31
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 02 Nov 2013 14:14:32 -0700 (PDT)
Message-ID: <52756B2E.7030505@corganlabs.com>
Date: Sat, 02 Nov 2013 14:14:22 -0700
From: Johnathan Corgan <johnathan@corganlabs.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: bitcoingrant@gmx.com, bitcoin-development@lists.sourceforge.net
References: <20131102050144.5850@gmx.com>
In-Reply-To: <20131102050144.5850@gmx.com>
X-Enigmail-Version: 1.5.2
OpenPGP: id=671DA2F7
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn"
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [209.85.192.182 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: gmx.com]
X-Headers-End: 1VciwM-00016H-Tv
Subject: Re: [Bitcoin-development] Message Signing based authentication
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2013 21:41:09 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn
Content-Type: multipart/mixed; boundary="------------020305080506030408090404"
This is a multi-part message in MIME format.
--------------020305080506030408090404
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 11/01/2013 10:01 PM, bitcoingrant@gmx.com wrote:
> Server provides a token for the client to sign.
Anyone else concerned about signing an arbitrary string? Could be a
hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my own
randomly generated nonce, sign that, then pass the nonce and the
signature back to the server for verification.
--=20
Johnathan Corgan, Corgan Labs
SDR Training and Development Services
http://corganlabs.com
--------------020305080506030408090404
Content-Type: text/x-vcard; charset=utf-8;
name="johnathan.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="johnathan.vcf"
YmVnaW46dmNhcmQNCmZuOkpvaG5hdGhhbiBDb3JnYW4NCm46Q29yZ2FuO0pvaG5hdGhhbg0K
b3JnOkNvcmdhbiBFbnRlcnByaXNlcyBMTEMgZGJhIENvcmdhbiBMYWJzDQphZHI6Ozs2MDgx
IE1lcmlkaWFuIEF2ZS4gU3VpdGUgNzAtMTExO1NhbiBKb3NlO0NBOzk1MTIwO1VuaXRlZCBT
dGF0ZXMNCmVtYWlsO2ludGVybmV0OmpvaG5hdGhhbkBjb3JnYW5sYWJzLmNvbQ0KdGl0bGU6
TWFuYWdpbmcgUGFydG5lcg0KdGVsO3dvcms6KzEgNDA4IDQ2MyA2NjE0DQp4LW1vemlsbGEt
aHRtbDpGQUxTRQ0KdXJsOmh0dHA6Ly9jb3JnYW5sYWJzLmNvbQ0KdmVyc2lvbjoyLjENCmVu
ZDp2Y2FyZA0KDQo=
--------------020305080506030408090404--
--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlJ1azQACgkQRzB3vGcdovepOAD/YhTldmWnUXvJH0arGXgxwRti
nfxfmk8/hZoqqPRl/3QA/1Kg+pv7KzgeYMySy28wBeJdJKscWnct/3I4p9jC/2vD
=Gy5m
-----END PGP SIGNATURE-----
--Bq8qdU3XUMQSsUfV871dhJUGlTkK7oRIn--
|
