Hi Adam - the conversation was pretty open regarding the factor / channel used 
to sign at the bottom.  No argument from me and I agree completely that 
hardened single purpose computers are more secure than desktop browsers, 
browser extensions, SMS, or mobile apps when involved in multisig 
authorization.  The point below was that risks with other channels are far 
higher if auth data is input from two channels through one, such as entering a 
2FA phone token and desktop password into the same desktop browser session - 
MITM phishing attack on websites that bypasses phone 2FA as an example, 
serendipitously timed yet tragic example of this scam with coinbase today: 

On the topic of hardened single purpose computers, and I mean no offense to our 
friends at Trezor, Case, or similar but I think the future of this type of 
security approach with bitcoin is extremely bright.  It’s just far more likely 
to involve chips integrated directly in PC / Mac motherboards and mobile 
devices / wearables where signing is done in the hardware inaccessible to the 
OS or BIOS.  This is a way for mainstream users to use bitcoin securely, 
integrate it with apps running from popular OS’s and get bitcoin into the 
internet on a very granular level, and Joe six pack and Sally soccer mom never 
even know they are using multisig.  It took 20+ years for people to get used to 
cards vs. cash.  The telephone took 50 years to catch on and become cost 
competitive. I think the key is making it invisible to the user.

From: Adam Weiss <a...@signal11.com>
Reply: Adam Weiss <a...@signal11.com>>
Date: February 3, 2015 at 12:25:20 PM
To: Will <will.mad...@novauri.com>>
Cc: bitcoin-development@lists.sourceforge.net 
Subject:  Re: [Bitcoin-development] Subject: Re: Proposal to address Bitcoin 

Using a desktop website and mobile device for 2/3 multisig in lieu of a 
hardware device (trezor) and desktop website (mytrezor) works, but the key is 
that the device used to input the two signatures cannot be in the same band.  
What you are protecting against are MITM attacks.  The issue is that if a 
single device or network is compromised by malware, or if a party is connecting 
to a counterparty through a channel with compromised security, inputing 2 
signatures through the same device/band defeats the purpose of 2/3 multisig.  

Maybe I'm not following the conversation very well, but if you have a small 
hardware device that first displays a signed payment request (BIP70) and then 
only will sign what is displayed, how can a MITM attacker do anything other 
than deny service?  They'd have to get malware onto the signing device, which 
is the vector that a simplified signing device is specifically designed to 

TREZOR like devices with BIP70 support and third party cosigning services are a 
solution I really like the sound of.  I suppose though that adding BIP70 
request signature validation and adding certificate revocation support starts 
to balloon the scope of what is supposed to be a very simple device though.

Regardless, I think a standard for passing partially signed transactions around 
might make sense (maybe a future extension to BIP70), with attention to both PC 
<-> small hardware devices and pushing stuff around on the Internet.  It would 
be great if users had a choice of hardware signing devices, local software and 
third-party cosigning services that would all interoperate out of the box to 
enable easy multisig security, which in the BTC world subsumes the goals of 2FA.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
Bitcoin-development mailing list

Reply via email to