path: root/fc/272d5dbac443587c7e1ba883d9d7f396c57975

Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1XSSth-0007Go-HF
	for bitcoin-development@lists.sourceforge.net;
	Fri, 12 Sep 2014 15:36:29 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.179 as permitted sender)
	client-ip=209.85.214.179; envelope-from=mh.in.england@gmail.com;
	helo=mail-ob0-f179.google.com; 
Received: from mail-ob0-f179.google.com ([209.85.214.179])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1XSStg-0004IC-EG
	for bitcoin-development@lists.sourceforge.net;
	Fri, 12 Sep 2014 15:36:29 +0000
Received: by mail-ob0-f179.google.com with SMTP id uz6so692057obc.24
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 12 Sep 2014 08:36:18 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.181.3 with SMTP id ds3mr9009453obc.11.1410536178483;
	Fri, 12 Sep 2014 08:36:18 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.22.108 with HTTP; Fri, 12 Sep 2014 08:36:18 -0700 (PDT)
In-Reply-To: <luv0dp$qms$1@ger.gmane.org>
References: <mailman.341412.1410515709.2178.bitcoin-development@lists.sourceforge.net>
	<A4CC413B-D5A5-423C-9D56-463FCDBDDE08@coinqy.com>
	<luuk5f$i8o$1@ger.gmane.org>
	<CANEZrP1iTfZxY915hzoAEApz1+wd_S9j5RCwVJCNFqQ_+DNTSQ@mail.gmail.com>
	<luv0dp$qms$1@ger.gmane.org>
Date: Fri, 12 Sep 2014 17:36:18 +0200
X-Google-Sender-Auth: 09bf43kZf_1eztRw2KjEnEh3ERM
Message-ID: <CANEZrP1r3sObKjxz3KAtOBGOeCOOsJP0RszfgN3mUAVCT4gbSA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Andreas Schildbach <andreas@schildbach.de>
Content-Type: multipart/alternative; boundary=089e01182856dc89c70502e00bd0
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XSStg-0004IC-EG
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP72 amendment proposal
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 15:36:29 -0000

--089e01182856dc89c70502e00bd0
Content-Type: text/plain; charset=UTF-8

Your example doesn't have an address in it at all, so isn't compatible with
non-BIP70 wallets. Maybe for QRcodes specifically there are no longer any
such wallets out there. For clickable links it can still be an issue.


> I thought SHA1 has a bad reputation these days, and we don't save much
> by using it. I don't know anything about Murmur. MD5 is clearly broken.
> What hash function would you recommend?
>

Can just truncate SHA256, I think.


> It is. People can't check names. People don't want to check names.
>

Their wallet checks the name, though. It sees:

bitcoin:1AbCd?r=https://bitpay.com/r/12345

and the wallet verifies that the presented certificate is for CN=bitpay.com


> People can't get certificates for lots of reasons. X.509 is centralized.
> X.509 has had serious security issues in the past. And shit continues to
> happen.
>

Well, I wrote an article that argues with this PoV:

https://medium.com/@octskyward/why-you-think-the-pki-sucks-b64cf5912aa7

No disagreement that it's a more complex mechanism. But seeing as we end up
depending on it anyway the moment you load any kind of web page to find out
the URI, adding another mechanism only increases complexity, it doesn't
remove any.

Sure. But signing is harder than just calculating a hash.


Well, again, it saves qrcode bytes. You don't have to include a dedicated
hash. The existing address hash can double up as both a backwards
compatibility measure, and also an auth mechanism.

--089e01182856dc89c70502e00bd0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div=
>Your example doesn&#39;t have an address in it at all, so isn&#39;t compat=
ible with non-BIP70 wallets. Maybe for QRcodes specifically there are no lo=
nger any such wallets out there. For clickable links it can still be an iss=
ue.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204)=
;border-left-style:solid;padding-left:1ex">I thought SHA1 has a bad reputat=
ion these days, and we don&#39;t save much<br>
by using it. I don&#39;t know anything about Murmur. MD5 is clearly broken.=
<br>
What hash function would you recommend?<br></blockquote><div><br></div><div=
>Can just truncate SHA256, I think.</div><div>=C2=A0</div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;bo=
rder-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">=
It is. People can&#39;t check names. People don&#39;t want to check names.<=
br></blockquote><div><br></div><div>Their wallet checks the name, though. I=
t sees:</div><div><br></div><div>bitcoin:1AbCd?r=3D<a href=3D"https://bitpa=
y.com/r/12345">https://bitpay.com/r/12345</a></div><div><br></div><div>and =
the wallet verifies that the presented certificate is for CN=3D<a href=3D"h=
ttp://bitpay.com">bitpay.com</a></div><div>=C2=A0</div><blockquote class=3D=
"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;borde=
r-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
People can&#39;t get certificates for lots of reasons. X.509 is centralized=
.<br>
X.509 has had serious security issues in the past. And shit continues to<br=
>
happen.<br></blockquote><div><br></div><div>Well, I wrote an article that a=
rgues with this PoV:</div><div><br></div><div><a href=3D"https://medium.com=
/@octskyward/why-you-think-the-pki-sucks-b64cf5912aa7">https://medium.com/@=
octskyward/why-you-think-the-pki-sucks-b64cf5912aa7</a><br></div><div><br><=
/div><div>No disagreement that it&#39;s a more complex mechanism. But seein=
g as we end up depending on it anyway the moment you load any kind of web p=
age to find out the URI, adding another mechanism only increases complexity=
, it doesn&#39;t remove any.</div><div><br></div><blockquote class=3D"gmail=
_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left=
-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Sure. But=
 signing is harder than just calculating a hash.</blockquote><div><br></div=
><div>Well, again, it saves qrcode bytes. You don&#39;t have to include a d=
edicated hash. The existing address hash can double up as both a backwards =
compatibility measure, and also an auth mechanism.=C2=A0</div></div></div><=
/div>

--089e01182856dc89c70502e00bd0--