[Bitcoin-development] secure assigned bitcoin address directory
Some users on bitcointalk[0] would like to have their vanity addresses available for others easily to find and verify the ownership over a kind of WoT. Right now they sign their own addresses and quote them in the forums. As I pointed out there already the centralized storage in the forums is not secury anyhow and signed messages could be swapped easily with the next hack of the forums. Is that use case taken care of in any plans already? I thought about abusing pgp keyservers but that would suit for single vanity addresses only. It seems webfinger could be part of a solution where servers of a business can tell and proof you if a specific address is owned by them. [0] https://bitcointalk.org/index.php?topic=502538 [1] https://bitcointalk.org/index.php?topic=505095 signature.asc Description: OpenPGP digital signature -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments
Companies can have a Cert with their name via CAcert. It requires some work though to get assured as an organisation. Did you already think about what CA is to be trusted or do users need to do that. The least good decision in my POV would be to accept OS/browser built in CAs only. Am 27.03.2014 um 11:08 schrieb Mike Hearn m...@plan99.net: But these cases are the norm, rather than the exception. Well, you're lucky, you live in Berlin. Most of the payments I make with Bitcoin are online, to websites. So this will differ between people. I wonder how critical it is. Let's say you are paying for a meal. In your head the place you're at is just the little Indian restaurant on the corner. In the companies register and therefore certificate it's something like Singh Food GmbH. That's probably good enough to prevent shenanigans. Even if there's a virus on your phone, it can't really replace the cert with a random stolen one, otherwise your meal could show up like IronCore Steel Inc or something that's obviously bogus. It'd have to be an incredibly smart virus that knew how to substitute one name for a different one, from a large library of stolen identities, such that the swap seemed plausible. That sounds very hard, certainly too hard to bother with for stealing restaurant fees. And if a waiter at the restaurant is corrupt and they replace the cert with one that's for their own 1-man business BP-Gupta or something, OK, you might pay the wrong person by mistake. But eventually the corrupt waiter will be discovered and then someone will have proof of what they did. It's FAR more likely they'd just strip the signature entirely and try to convince you the restaurant doesn't use BIP70 at all. Still, if we want to fix this, one approach I was thinking about is to have a super-cheesy CA just for us that issues certs with addresses in them, for any name you ask for. That is, if you say you want a cert for Shamrock Irish Pub, Wollishofen, Zurich, CH then it either sends a postcard to that address with a code to check ownership of the address, or it checks ownership of the place on Google Maps (which does the same postcard trick but for free!). That doesn't work for vending machines, but perhaps we just don't care about those. If a MITM steals your lunch money, boo hoo. -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] moving the default display to mbtc
I think * if we change to mBTC because your state currencys price for bitcoin make this a valid option we will change again in future * users do not like changes * we should keep a good standard A good standard should be * built on standards (e.g. SI) * backed by best practice: never force the user to take an option he cannot change * do not make changes without users permission * take care of users at fault when entering 5.967 ot should be pointed out before sending that e.g. the sw understood 5967.000 000 00 BTC instead of 5.967 000 00 BTC because the user failed to use the correct delimiter. For now a good standard is * simply bitcoin as BTC with eight decimal places or could be * uBTC as SI prefix, probably using XBT as a symbol for compatibility with other software * satoshis (w. SI prefixes if numbers are to big) for regions where decimal places in prices are uncommon So I'd prefer: Make the choice transparent to users and set a standard that the user alway should be empowered to use all available decimal places. And there should be a set of official test-cases for wallet software and the desired behavior. -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
