Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

[continued] > 3> We use a 2 tier lookup format. The first lookup returns a list of >> currencies or payment types supported by the Wallet Name. The second >> lookup goes to a record specific to that currency type to get the >> address to go to. We believe this to be a more scalable solution i

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> I appreciate the thought :) I think where we differ is on where we > believe the trade offs should be on perceived privacy versus censorship > resistance and centralization. > > > By having a limited number of proxies people need to go through to easily > implement, be it the 4 you recommend, or

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 27/07/2015 23:51, Justin Newton via bitcoin-dev a écrit : > Thomas, > I think this is interesting and has some good thoughts behind it. For > clarity, are you recommending that the "_oa2" portion of the domain name be > "hidden" as a way to make it easier to delegate just wallet names from

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

There are several reasons why we rejected doing it this way with OpenAlias: 1. It adds complexity for the alias creator. This may seem unimportant, but the OpenAlias standard was created to empower people to create their own aliases as simply as possible, not to make it overly complex. 2. It's ha

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Thomas, I think this is interesting and has some good thoughts behind it. For clarity, are you recommending that the "_oa2" portion of the domain name be "hidden" as a way to make it easier to delegate just wallet names from a zone? On Thu, Jul 23, 2015 at 6:07 AM, Thomas Voegtlin via bitcoin

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 23/07/2015 11:48, Thomas Voegtlin via bitcoin-dev a écrit : > > One benefit of having an intermediate "_wallet" level is to allow zone > delegation. Is that the reason for that choice? > Thinking about it, I think that it would be better to separate those two operations: on one hand, the list

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 17/07/2015 03:01, Justin Newton via bitcoin-dev a écrit : >> 3> We use a 2 tier lookup format. [...] >> >> We do the same thing, except in a single call. [...] > > We looked at doing this in a single lookup as you did. With one or two > currencies this can be potentially more efficient. As

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> > What do you mean by "under some new roots" ? > I mean, most users will need to sign up for some new identity under a DNS tree that they don't currently use (whether that's netki.com or whatever). ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfo

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 20/07/2015 17:14, Mike Hearn a écrit : > > By "alias" you mean domain name? I'm not sure what DNS key means in this > context. > yes, sorry, I mean the domain name corresponding to the TXT record. it's called 'alias' in the context of OpenAlias. > I'm still not really convinced that a dom

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> > The final signature is a signature of the payment request, it is not > part of DNSSEC. So, yes, that signature can be EC. > Right, got it. I think we've been talking about two related but separate issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow). So: DNSSEC attests via a

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 20/07/2015 16:42, Mike Hearn a écrit : >> >> In my previous post, I was suggesting to *not* include the proof in the >> request, because the payer can download it independently. Only the final >> signature is needed. What makes DNSSEC interesting is not the size of >> the proof, but rather the

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> > In my previous post, I was suggesting to *not* include the proof in the > request, because the payer can download it independently. Only the final > signature is needed. What makes DNSSEC interesting is not the size of > the proof, but rather the fact that you can request it easily, and in a >

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

hi Mike, I hope you had a good trip! > To get more specific, DNSSEC uses RSA 1024 bit. This causes two problems: > >1. A DNSSEC proof is large, bytes wise. Even a single RSA signature >won't fit nicely in a QR code, I think. > >2. 1024 bit is the absolute minimum strength you can g

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Hey Thomas, Was great to hang out with you in Berlin last week! > Bitcoin addresses do not require a webserver. If we want to build > something that competes with that, we should have at least that level of > convenience. > Absolutely agree! Convenience for the user is an absolute must. I just

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 19/07/2015 01:01, Justin Newton via bitcoin-dev a écrit : >> >> I would rather not make Namecoin part of the standard, because .bit >> records cannot be verified easily by lightweight/spv wallets; they would >> need a copy of the Namecoin blockchain for that. > > You are the second person to

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Hi Mike, The reason why I would like to extend BIP70 is because it is currently not being used in transactions between end-users. BIP70 works very well in B2C situations, where users buy products from a website. However, end-users still share Bitcoin addresses. Before BIP70 was written, I had pro

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

On Sat, Jul 18, 2015 at 6:29 AM, Thomas Voegtlin via bitcoin-dev wrote: > > Le 14/07/2015 19:29, Justin Newton a écrit : > > > Sorry to answer late, and thanks for the clarification. After talking > with you, I believe that it will not be difficult to agree on a common > standard, that gives maxi

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 14/07/2015 19:29, Justin Newton a écrit : > Hi there. You are correct that we are a company providing a service, > however, that service is also based on an open standard which we are > proposing. I'll be honest that we haven't done the greatest job in > promoting the standard so far. More c

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> > Agreed, although I guess the bootstrap time for that is a little on > the high side, and maybe a little too chunky on mobile devices With warm Tor directory caches it's surprisingly fast - fast enough to be usable and I'm a notorious stickler for low latency UX. If you want to do LOTS of look

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> It is worth noting that DNS lookups can be done via Tor. In effect that > gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that > can do this. Agreed, although I guess the bootstrap time for that is a little on the high side, and maybe a little too chunky on mobile devices,

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

It is worth noting that DNS lookups can be done via Tor. In effect that gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that can do this. I would agree that it makes sense for proxying of DNS requests to be an optional part of the protocol. Wallet developers can then compete

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> I appreciate the thought :) I think where we differ is on where we believe > the > trade offs should be on perceived privacy versus censorship resistance and > centralization. > > By having a limited number of proxies people need to go through to easily > implement, be it the 4 you recommend, o

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

[CONTINUED] > > Additionally, we just released another open source API server to help >> with the "other half" of the lookup problem. Its in its infancy, and >> we are certainly taking feedback on it at this time. It is called >> Addressimo and will serv

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

[continued] > 3> We use a 2 tier lookup format. The first lookup returns a list of >> currencies or payment types supported by the Wallet Name. The second >> lookup goes to a record specific to that currency type to get the >> address to go to. We believe this to be a more scalable solution i

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

I am breaking this into a couple of pieces as my first response has been in a moderator queue for some time because it is too long. TL;DR version - Wallet Name Service has always been a decentralized and distributed service that it no way requires you to ever touch the Netki infrastructure. We w

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

> To break it down briefly, we have an open lookup standard based on > both the namecoin blockchain as well as traditional DNSSEC. (You can > choose your own adventure of using namecoin based names or traditional > ICANN names). Good, that's roughly analogous with what OpenAlias defines. We DO

[bitcoin-dev] Proposal: extend bip70 with OpenAlias

[Sorry to break list threading, I joined the list to respond here, and don't have the original message to respond to] [Copying message 9412 from thom...@electrum.org] Mike Hearn wrote: >* Hi Thomas, *> >* FYI there is a company called Netki is also working on a kind of DNSSEC *>* integration wit

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Le 14/07/2015 13:19, Milly Bitcoin a écrit : > >> If your email account is hacked and someone else gets a certificate in >> your name, you'd be unable to *know* about it, because they would use a >> different CA. > > Maybe I am confused but I thought you are using DNSSEC to sign the zones > so

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Hi Thomas, Re: NetKi, I think any proposal in this space has to be an open standard, almost by the definition of what it is. At any rate, it may be worth talking to them. They have signed up to implement their system at least. I did understand that your proposal does not rely on email - for insta

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

If your email account is hacked and someone else gets a certificate in your name, you'd be unable to *know* about it, because they would use a different CA. Maybe I am confused but I thought you are using DNSSEC to sign the zones so only the domain owner could issue certificates for a zone (o

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Hi Mike, FYI there is a company called Netki is also working on a kind of DNSSEC > integration with BIP70, there's a thread here about their efforts: > > > > https://groups.google.com/forum/#!searchin/bitcoinj/dnssec/bitcoinj/QFAH1F2dEwE/36oWDwREEV4J > > If you would like to work on this, perhaps

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Mike Hearn wrote: > Hi Thomas, > > FYI there is a company called Netki is also working on a kind of DNSSEC > integration with BIP70, > there's a thread here about their efforts: > https://groups.google.com/forum/#!searchin/bitcoinj/dnssec/bitcoinj/QFAH1F2dEwE/36oWDwREEV4J Hi Mike, Thanks! I be

Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias

Hi Thomas, FYI there is a company called Netki is also working on a kind of DNSSEC integration with BIP70, there's a thread here about their efforts: https://groups.google.com/forum/#!searchin/bitcoinj/dnssec/bitcoinj/QFAH1F2dEwE/36oWDwREEV4J If you would like to work on this, perhaps it's wort

[bitcoin-dev] Proposal: extend bip70 with OpenAlias

Dear Bitcoin developers, I would like to propose an extension of the signature scheme used in the Payment Protocol (BIP70), in order to authorize payment requests signed by user@domain aliases, where the alias is verified using DNSSEC (OpenAlias). Note that the Payment Protocol already includes t