summaryrefslogtreecommitdiff
path: root/e0/83a922f86e6eebb49b1b036cd127afcfddfd49
blob: 539483913c1e7204eab91c13e3ac6685b91c4f16 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1WW4Ot-0006dm-Ty
	for bitcoin-development@lists.sourceforge.net;
	Fri, 04 Apr 2014 13:43:19 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.219.43 as permitted sender)
	client-ip=209.85.219.43; envelope-from=mh.in.england@gmail.com;
	helo=mail-oa0-f43.google.com; 
Received: from mail-oa0-f43.google.com ([209.85.219.43])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WW4Os-00028B-W0
	for bitcoin-development@lists.sourceforge.net;
	Fri, 04 Apr 2014 13:43:19 +0000
Received: by mail-oa0-f43.google.com with SMTP id eb12so3553672oac.30
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 04 Apr 2014 06:43:13 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.60.141.9 with SMTP id rk9mr19433831oeb.12.1396618993519;
	Fri, 04 Apr 2014 06:43:13 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.96.180 with HTTP; Fri, 4 Apr 2014 06:43:13 -0700 (PDT)
In-Reply-To: <CA+WZAEqYKv8T1OMCKhOJvf5FAy=WujJ=OhtsYP9aBf=4ZPNxmw@mail.gmail.com>
References: <CA+WZAEp3HsW5ESGUZ7YfR1MZXGC5jd+LucUt_MUP8K94Xwhuhg@mail.gmail.com>
	<CANEZrP0KVyp2Va7Wyy=t0qYkLNK9BDUaSzBfuzQss+=weLJ1Fw@mail.gmail.com>
	<CA+WZAEqYKv8T1OMCKhOJvf5FAy=WujJ=OhtsYP9aBf=4ZPNxmw@mail.gmail.com>
Date: Fri, 4 Apr 2014 15:43:13 +0200
X-Google-Sender-Auth: oj_GPybGvkFTn6I29zM1BRkuWus
Message-ID: <CANEZrP0DTYqobECBbw6eZqdk+-TR_2jhBtOviN08r31EQGmZHQ@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: =?UTF-8?Q?Eric_Larchev=C3=AAque?= <elarch@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b3a9cacff3d4304f637b2ad
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WW4Os-00028B-W0
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Draft BIP for seamless website
 authentication using Bitcoin address
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 13:43:20 -0000

--047d7b3a9cacff3d4304f637b2ad
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 4, 2014 at 3:22 PM, Eric Larchev=C3=AAque <elarch@gmail.com> wr=
ote:

> I see only benefits for the entire ecosystem, and if I'm working on such =
a
> proposition it is because I really need this feature.
>

Why do you need it? Because you don't want to implement a login system?
Very, very few websites are the sort of place where they'd want to
authenticate with only a Bitcoin address. If for no other reason than
they'd have no way to email you, and if you lost your wallet, you'd lose
all your associated data.


> Without such a standard protocol, you could never envision a pure Bitcoin
> physical locker rental, or booking an hotel room via Bitcoin and opening
> the door through the paying address.
>

In future there often won't be a simple paying address. For instance, if my
coins are in a multi-sig relationship with a risk analysis service, there
will be two keys for each input and an arbitrary number of inputs. So does
that mean the risk analysis service gets to open my locker? Why?

What if I do a shared spend/CoinJoin type tx? Now anyone who took part in
the shared tx with me can get into my hotel room too?

These are the kinds of problems that crop up when you mix together two
different things: the act of paying, and the act of identifying yourself.
You're assuming that replacing a password people can remember with a
physical token (their phone) which can be stolen or lost, would be seen as
an upgrade. Given a choice between two physical lockers, one of which lets
me open it with a password and one of which insists on a cryptographic
token, I'm going to go for the former because the chances of me losing my
phone is much higher than me forgetting my password.

All the tools you need already exist in the form of client certificates,
with the advantage that web servers and web browsers already support them.
The biggest pain point with them is backup and cross-device sync, which of
course wallets suffer from too!

--047d7b3a9cacff3d4304f637b2ad
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F=
ri, Apr 4, 2014 at 3:22 PM, Eric Larchev=C3=AAque <span dir=3D"ltr">&lt;<a =
href=3D"mailto:elarch@gmail.com" target=3D"_blank">elarch@gmail.com</a>&gt;=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>I see only benefits fo=
r the entire ecosystem, and if I&#39;m working on such a proposition it is =
because I really need this feature.<br>
</div></div></blockquote><div><br></div><div>Why do you need it? Because yo=
u don&#39;t want to implement a login system? Very, very few websites are t=
he sort of place where they&#39;d want to authenticate with only a Bitcoin =
address. If for no other reason than they&#39;d have no way to email you, a=
nd if you lost your wallet, you&#39;d lose all your associated data.</div>
<div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div></div=
><div><span style=3D"font-family:arial,sans-serif">Without such a standard =
protocol, you could never envision a pure Bitcoin physical locker rental, o=
r booking an hotel room via Bitcoin and opening the door through the paying=
 address.</span></div>
</div></blockquote><div><br></div><div>In future there often won&#39;t be a=
 simple paying address. For instance, if my coins are in a multi-sig relati=
onship with a risk analysis service, there will be two keys for each input =
and an arbitrary number of inputs. So does that mean the risk analysis serv=
ice gets to open my locker? Why?</div>
<div><br></div><div>What if I do a shared spend/CoinJoin type tx? Now anyon=
e who took part in the shared tx with me can get into my hotel room too?</d=
iv><div><br></div><div>These are the kinds of problems that crop up when yo=
u mix together two different things: the act of paying, and the act of iden=
tifying yourself. You&#39;re assuming that replacing a password people can =
remember with a physical token (their phone) which can be stolen or lost, w=
ould be seen as an upgrade. Given a choice between two physical lockers, on=
e of which lets me open it with a password and one of which insists on a cr=
yptographic token, I&#39;m going to go for the former because the chances o=
f me losing my phone is much higher than me forgetting my password.</div>
<div><br></div><div>All the tools you need already exist in the form of cli=
ent certificates, with the advantage that web servers and web browsers alre=
ady support them. The biggest pain point with them is backup and cross-devi=
ce sync, which of course wallets suffer from too!</div>
</div></div></div>

--047d7b3a9cacff3d4304f637b2ad--