Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tue, Jan 20, 2015 at 08:43:57AM -0800, Daniel Stadulis wrote: Hey Peter, What would you say to the argument: given developers have auto update capabilities they only have the ability to *give themselves* *the ability* to have custodial rights? Heh, well, courts tend not to have the narrow-minded pedantic logic that programmers do; quite likely that they'd see having the ability to give themselves the ability as equivalent to simply having the ability. What matters more is intent: the authors of an operating system had no intent to have a custodial relationship over anyones' BTC, so they'd be off the hook. The authors of a Bitcoin wallet on the other hand, depends on how you go about it. For instance Lighthouse has something called UpdateFX, which allows for multi-signature updates. It also supports deterministic builds, and allows users to chose whether or not they'll follow new updates automatically, or only update on demand. In a court that could be all brought up as examples of intent *not* to have a custodial relationship, which may be enough to sway judge/jury, and certainly will help avoid ending up in court in the first place by virtue of the fact that all those protections help avoid theft, and increase the # of people that an authority need to involve to seize funds via an update. -- 'peter'[:-1]@petertodd.org 1a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c signature.asc Description: Digital signature -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
Justus, In contrary. Not being in the jurisdiction of the wallet provider makes it harder for the user to reclaim funds taken by the wallet provider. The legal hurdle to force confiscation through a wallet provider might also be lower if the target user is not domestic. Tamas Blummer signature.asc Description: Message signed with OpenPGP using GPGMail -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Request for Comment: Bitcoin Wallet Privacy Ratings Criteria
The Open Bitcoin Privacy Project is seeking public comment on our ratings criteria for Bitcoin wallet privacy. Please provide your feedback within the next week through Jan 23, 2015 to ensure that it will be considered for version 1.0 of the document. https://github.com/OpenBitcoinPrivacyProject/wallet-ratings/blob/master/criteria.md In conjunction with a scoring matrix that will determine the weight of each sub-category, this criteria will be used to evaluate and score a variety of Bitcoin wallets, which will be published on our website at openbitcoinprivacyproject.org. Feedback through this mailing list is, of course, welcome; if you have a GitHub account, this is the preferred medium for proposing changes to the document. The current version of the criteria was authored by myself, as well as other OBPP members including Justus Ranvier (Monetas), Chris Pacia (Bitcoin Authenticator), and Samuel Patterson (Open Bazaar). Thank you in advance for your feedback, Kristov Atlas kristovat...@gmail.com aut...@anonymousbitcoinbook.com -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
I was talking to a lawyer with a background in finance law the other day and we came to a somewhat worrying conclusion: authors of Bitcoin wallet software probably have a custodial relationship with their users, especially if they use auto-update mechanisms. Unfortunately this has potential legal implications as custodial relationships tend to be pretty highly regulated. Why is this? Well, in most jurisdictions financial laws a custodial relationship is defined as having the ability, but not the right, to dispose of an asset. If you have the private keys for your users' bitcoins - e.g. an exchange or online wallet - you clearly have the ability to spend those bitcoins, thus you have a custodial relationship. However if you can trivially obtain those private keys you can also argue you have a custodial relationship. For instance StrongCoin was able to seize funds stolen from OzCoin¹ with a small change to the client-side Javascript their users download from them every time they visit the site. Portraying that as the ability to dispose of an asset in a court of law would be pretty easy. Equally on a technical level this isn't much different from how auto-updating software works. Now I'm sure people in this audience will immediately point out that by that logic your OS vendor is also in a custodial relationship - they after all can push an update that steals everyones' bitcoins regardless of what local wallet you use. But the law isn't a deterministic algorithm, it's a political process. Circle is easy to portray as having a custodial relationship, StrongCoin and Blockchain.info are a little harder, Android Wallet harder still, Bitcoin Core's multi-party deterministicly compiled releases even harder. But ultimately we're not going to know until court cases start happening. In the meantime probably the best advice - other than getting out of the wallet business! - is to do everything you can to prevent losses through malicious auto-updates. Create systems where as many people as possible have to sign off and review an update before it has the opportunity to spend user funds. Not having auto-updates at all is a (legally) safe way to achieve that goal; if you do have them make sure the process by which an update happens is controlled by more than one person and there are mechanisms in place to create good audit logs of how exactly an update happened. Finally keep in mind that one of the consequences of a custodial relationship is that some legal authority might try to *force* you to seize user funds. StrongCoin made it 100% clear to authorities that they and sites like them are able to seize funds at will - I won't be surprised if authorities use that power in the future. The more automatic and less transparent an update is, the higher the chance some authority will lean on you to seize funds. So don't make it easy for yourself to meet those demands. 1) https://bitcoinmagazine.com/4273/ozcoin-hacked-stolen-funds-seized-and-returned-by-strongcoin/ -- 'peter'[:-1]@petertodd.org 1a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c signature.asc Description: Digital signature -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote: On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote: I was talking to a lawyer with a background in finance law the other day and we came to a somewhat worrying conclusion: authors of Bitcoin wallet software probably have a custodial relationship with their users, especially if they use auto-update mechanisms. Unfortunately this has potential legal implications as custodial relationships tend to be pretty highly regulated. Why is this? Well, in most jurisdictions financial laws a custodial relationship is defined as having the ability, but not the right, to dispose of an asset. If you have the private keys for your users' bitcoins - e.g. an exchange or online wallet - you clearly have the ability to spend those bitcoins, thus you have a custodial relationship. If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key. Posessing a private key certainly does not give you an automatic legal right to anything. As an example I could sign an agreement with you that promised I would manage some BTC on your behalf. That agreement without any doubt takes away any legal right I had to your BTC, enough though I may have have the technical ability to spend them. This is the very reason why the law has the notion of a custodial relationship in the first place. Don't assume the logic you'd use with tech has anything to do with the logic courts use. -- 'peter'[:-1]@petertodd.org 1a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c signature.asc Description: Digital signature -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/20/2015 03:46 PM, Peter Todd wrote: But ultimately we're not going to know until court cases start happening. In the meantime probably the best advice - other than getting out of the wallet business! - is to do everything you can to prevent losses through malicious auto-updates. Create systems where as many people as possible have to sign off and review an update before it has the opportunity to spend user funds. Not having auto-updates at all is a (legally) safe way to achieve that goal; if you do have them make sure the process by which an update happens is controlled by more than one person and there are mechanisms in place to create good audit logs of how exactly an update happened. Finally keep in mind that one of the consequences of a custodial relationship is that some legal authority might try to *force* you to seize user funds. StrongCoin made it 100% clear to authorities that they and sites like them are able to seize funds at will - I won't be surprised if authorities use that power in the future. The more automatic and less transparent an update is, the higher the chance some authority will lean on you to seize funds. So don't make it easy for yourself to meet those demands. One suggestion you didn't mention was jurisdictional arbitrage - don't be located in the same country as the majority of your users. Or, from the other perspective, users should be strongly encouraged to get their wallet software from companies/organizations not located in the same country as them. - -- Justus Ranvier | Monetas http://monetas.net/ mailto:jus...@monetas.net | Public key ID : C3F7BB2638450DB5 | BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJUvpSqAAoJECpf2nDq2eYj0oQQAI62vLPzFrkLZoRw3bIw5GWt 6L8dpLUviRS7ZaQlNB49TT4L4Ky+MJ1PxaHwb4YPxrVcCWDLiJb51CtODduF/9rR 8N4xoQuf/6DhsBHWJE8NDwP+9JUOlY23xdSe/BlLz9N1Ql/EV0HTCu28A9xbhK1L QHgwX3p5/ZCJo7PCARF3o+EZOif5MsA4MdQ11HhyFWN/fgww9AVOIg/0m+tIqkjR yoOzFww4AejC7nxi+Q+elljpvp2Q/Nv8cVOVlp9l4+f9P7sg0em9YUCE+iAxoZTT 7b9soUXFUjWlxFITR5RnjlDUnmra9QhBIhogBQbLelt/vdoRInz+kXxroR2x3uKh EJoet2czRB1oiRKHE4iSAv+1pnavQJDVo5/mUMzeM15zCnQ16Mfu9aOpqvijK0cw u67E4IAPJ2PmUy4sPPJ/4H4FPLmJrSUkLxxzq/4prmLLmeZZvPwjavnULHir4jyG aaxFqMkbeJSeK3hLk7hnlrwpQRAEq7om+EpQ7fAx1lmEoA3eOHaeclh7/XzDwIB4 AK/jX+1ylhGvfuKNzwTQVX8dEzaHRwLAfLfHUNnP80WhBzH5ODicwcOwwOanL6/A qgqwDSSB/Q5aj3VsThQ+PR81u/wA5t/Av9+Wn/g+AEMyzCnJcnHxDe41ZEn4UzYY +RAX1P8yzF/M2ZQUeMLh =G0GE -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tuesday, 20 January 2015, at 12:40 pm, Peter Todd wrote: On Tue, Jan 20, 2015 at 12:23:14PM -0500, Matt Whitlock wrote: If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key. Posessing a private key certainly does not give you an automatic legal right to anything. As an example I could sign an agreement with you that promised I would manage some BTC on your behalf. That agreement without any doubt takes away any legal right I had to your BTC, enough though I may have have the technical ability to spend them. This is the very reason why the law has the notion of a custodial relationship in the first place. I never signed any kind of agreement with Andreas Schildbach. I keep my bitcoins in his wallet with the full knowledge that an auto-update could clean me out. (I only hold walking around amounts of money in my mobile wallet for exactly this reason.) I would love it if Andreas offered me an agreement not to spend my bitcoins without my consent, but I doubt he'd legally be allowed to offer such an agreement, as that would indeed set up a custodial relationship, which would put him into all sorts of regulatory headache. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
Knowing the private key and owning the linked coins is not necessarily the same in front of a court. At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it. Being able to deal with an asset does not make you the owner. Tamas Blummer On Jan 20, 2015, at 6:23 PM, Matt Whitlock b...@mattwhitlock.name wrote: If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key. signature.asc Description: Message signed with OpenPGP using GPGMail -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tuesday, 20 January 2015, at 10:46 am, Peter Todd wrote: I was talking to a lawyer with a background in finance law the other day and we came to a somewhat worrying conclusion: authors of Bitcoin wallet software probably have a custodial relationship with their users, especially if they use auto-update mechanisms. Unfortunately this has potential legal implications as custodial relationships tend to be pretty highly regulated. Why is this? Well, in most jurisdictions financial laws a custodial relationship is defined as having the ability, but not the right, to dispose of an asset. If you have the private keys for your users' bitcoins - e.g. an exchange or online wallet - you clearly have the ability to spend those bitcoins, thus you have a custodial relationship. If you have the private keys for your users' bitcoins, then you are every bit as much the owner of those bitcoins as your users are. There is no custodial relationship, as you have both the ability and the right to spend those bitcoins. Possession of a private key is equivalent to ownership of the bitcoins controlled by that private key. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote: Knowing the private key and owning the linked coins is not necessarily the same in front of a court. At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it. Being able to deal with an asset does not make you the owner. So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
On Tue, Jan 20, 2015 at 12:47:04PM -0500, Matt Whitlock wrote: On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote: Knowing the private key and owning the linked coins is not necessarily the same in front of a court. At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it. Being able to deal with an asset does not make you the owner. So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective. The law concerns itself with what should be done, not what can be done. Bitcoin the technology doesn't have a concept of ownership - that's a legal notion, not a mathematical one. -- 'peter'[:-1]@petertodd.org 1a5e1dc75b28e8445c6e8a5c35c76637e33a3e96d487b74c signature.asc Description: Digital signature -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
I am not a lawyer, just thinking loud. I think that technology is a strong argument before court, but I suspect that it is just that, as of now. Tamas Blummer On Jan 20, 2015, at 6:47 PM, Matt Whitlock b...@mattwhitlock.name wrote: On Tuesday, 20 January 2015, at 6:44 pm, Tamas Blummer wrote: Knowing the private key and owning the linked coins is not necessarily the same in front of a court. At least in german law there is a difference between ‘Eigentum' means ownership and ‘Besitz’ means ability to deal with it. Being able to deal with an asset does not make you the owner. So what we're telling the newbies in /r/bitcoin is plain wrong. Bitcoins *do* have an owner independent from the parties who have access to the private keys that control their disposition. That's pretty difficult to reconcile from a technological perspective. signature.asc Description: Message signed with OpenPGP using GPGMail -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
Why is this? Well, in most jurisdictions financial laws a custodial relationship is defined as having the ability, but not the right, to dispose of an asset. So if I leave my window open while I'm out and there's some cash on my desk, visible from the street, then every passer by now has a custodial relationship with me? Your example of a malicious software update seems more akin to a theft like that (which is clearly not a custodial relationship) rather than a true custodial relationship. roy -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] [softfork proposal] Strict DER signatures
Hello everyone, We've been aware of the risk of depending on OpenSSL for consensus rules for a while, and were trying to get rid of this as part of BIP 62 (malleability protection), which was however postponed due to unforeseen complexities. The recent evens (see the thread titled OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection. on this mailing list) have made it clear that the problem is very real, however, and I would prefer to have a fundamental solution for it sooner rather than later. I therefore propose a softfork to make non-DER signatures illegal (they've been non-standard since v0.8.0). A draft BIP text can be found on: https://gist.github.com/sipa/5d12c343746dad376c80 The document includes motivation and specification. In addition, an implementation (including unit tests derived from the BIP text) can be found on: https://github.com/sipa/bitcoin/commit/bipstrictder Comments/criticisms are very welcome, but I'd prefer keeping the discussion here on the mailinglist (which is more accessible than on the gist). -- Pieter -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Why Bitcoin is and isn't like the Internet
This is a response to a wonderfully insightful recent post by Joichi Ito, the Director of the MIT Media Lab. In it, Dr. Ito, notably a former Board Member of ICANN, offered his thoughts on Why Bitcoin is and isn't like the Internet and asked a most pertinent question: Whether there is an ICANN equivalent needed for Bitcoin. As suggested in recent posts to the mailing list, I believe there might be, but for a reason that may not seem obvious at first. Alan Reiner expressed the need this way: I think one of the biggest issues facing Bitcoin right now is not the lack of a 'killer app.' It is lack of insurance options. Early adopters would like to believe that the majority of users will hold their own Bitcoin, but I believe that is not a realistic option when life-changing quantities of Bitcoin are involved. We should not trust Grandma to secure her own retirement savings via complicated computer maneuvers. More to the point, she should not trust herself or anyone else (sic!) to hold it unless there is a strong protection against loss events. Right now the solution is for Grandma to avoid keeping her money in Bitcoin. Bitcoin needs a strong backbone of insured storage options so that Grandma can confidently participate in this new technology. This is certainly an observation to take heed of coming from the founder of Armory Technologies. The protection against loss events ought to be understood in the broadest sense. What is needed is a disaster recovery mechanism. Andreas Antonopoulos remarks expressed this candidly last year: Bitcoin doesn't have a middle of the road mediocre growth model. It basically either dies, because of a fundamental flaw in the Bitcoin system. Not an external factor, an internal factor: We blow it up by accident. And that could happen... Bitcoin will play out in the next three years. In the next three years we're going to see Bitcoin arrive on the global stage and make a substantial impact, both in financial terms and in political terms. It will happen. Or it will die. Either way. I'm not sure. In which case we'll reboot another currency. A body, not entirely unlike ICANN, can manage the nexus to the physical world, and help address Bitcoin's catastrophic failure modes. Bitcoin's coin ownership protocol would thus join the ranks of its payment protocol, coin issuance protocol, consensus mechanism and inflation control that pose no lethal threat to the ecosystem. In addition to their coin-agnostic nature, I suspect the high valuation of large Bitcoin hubs relative to Bitcoin's market cap at this stage in its lifecycle is partly reflective of the sneaking suspicion that a custodial bitcoin (a bitcoin attached to an identity) may be worth more than a non-custodial one. With this in mind, I'll pitch in for the ticket should Dr. Ito decide to join the next month's DevCore Boston conference aimed at supporting the future development of Bitcoin. It's an hour's walk from MIT after all. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Um ~ jurisdiction of wallet provider? If that's the (perhaps ot) bit you want to run on this thread then my comments are: Get out of web wallet businesses now. It's not a jurisdictional question anymore, although I think there used to be very valid long running debates on where it would be best to do business. Now it just feels like you will be bouncing from one place to another - determining where your exit is as soon as you establish a (physical) presence, because jurisdictions sense a serious threat from the advancement of financial cryptography as it will evolve in the next several years. So you have to be mobile, or do something like what they are establishing at blueseed (see http://blueseed.com which is just off coast of San Francisco). Please perk up and don't just swipe to delete, read the whole e-mail. There are some configurations (e.g. the zero knowledge bit) you can do to mitigate the issues but if you are asking users to log in and log out of a service that relies on a web site then in the end you doom them (and any service you provide) to mandatory storage of customer data and ultimately loss of customer resources due to identification of the customer. I think you need to stop quibbling about the details and just get over it and understand that the problem of web wallet users and corporations that serve web wallet customers being forced to give up information constantly to governments means that web wallets are certainly no longer a viable solution. And post-cromnibus with the extra financial surveillance provisions now passed on 3rd party matters, it's even worse. This is not subject to debate, it's just a fact. Period. Web wallet corps exist now only on a model that exists to burn the users. Convenient? Yes. But is it good for the users in the long haul? Absolutely not. Do alternative to the web wallets exist? Absolutely. Back off.. Go to p2p. Stop advocating for webby solutions. In fact, I don't think that anyone working for coinbase or bitpay should be, anymore. I think that on principle you should withdraw and end your employment from such services. Core? Good. Electrum Wallet? good. Mycelium? Local Trader? Open Bazaar? Could be better, but great. These are the kind of things we need. No signups, avoids centralizations, no grabbing your data, no ID collection and requirements. As to the issue of auto-updating itself... I think the simplest answer to this question (personally) is that (go ahead and attack me here) there shouldn't be auto-updates... but that there should be auto-notifications for update when (a) update is available, but that (b) this notification should never push the user to update (e.g. the notification should never say oh hey user if you don't update by such and such a date, your wallet will not work or satoshis will die because of your inaction (stays quiet while likely 100-e-mail thread is spawned from this) - -O Tamas Blummer: Justus, In contrary. Not being in the jurisdiction of the wallet provider makes it harder for the user to reclaim funds taken by the wallet provider. The legal hurdle to force confiscation through a wallet provider might also be lower if the target user is not domestic. Tamas Blummer -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development - -- http://abis.io ~ a protocol concept to enable decentralization and expansion of a giving economy, and a new social good https://keybase.io/odinn -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJUvsnBAAoJEGxwq/inSG8CGekIAJH4lUdk81sVfQqxZ4sKOKFM 5iAvCD4JNuV+xcCZBiNNr1GxIZEVoDRQYupo7wB1A5uGW+STLHDGsEMuDNyiOcNl oSsJQFZJabxL7dIn8g89Gw+8J8LtYKEkHHZLk5J5QF0DkRljXjEcOV4KL6WXhdl5 ToV01POMUBbSJsQt2lLznmCvQ+4QW5/GJ9Hk04HIub+kzuil0R23CgRH9QFevC9S 2/RT3NnfGFu+jU5+K/o8RbuUuzExq94x4w266IEmJc0NsLHxnxsg2PefabQbfdzp P7FU7+D9NsIOaBGTXnQK80kpgRCJ49Gf9HXHKFYg2KCFuqgJYa8DnHm1Xlfo7DQ= =yS8H -END PGP SIGNATURE- -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list
Re: [Bitcoin-development] [softfork proposal] Strict DER signatures
Pieter Wuille pieter.wui...@gmail.com writes: Hello everyone, We've been aware of the risk of depending on OpenSSL for consensus rules for a while, and were trying to get rid of this as part of BIP 62 (malleability protection), which was however postponed due to unforeseen complexities. The recent evens (see the thread titled OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection. on this mailing list) have made it clear that the problem is very real, however, and I would prefer to have a fundamental solution for it sooner rather than later. I therefore propose a softfork to make non-DER signatures illegal (they've been non-standard since v0.8.0). A draft BIP text can be found on: https://gist.github.com/sipa/5d12c343746dad376c80 Cut and paste bug in the last check: // Null bytes at the start of R are not allowed, unless it would otherwise be // interpreted as a negative number. if (lenS 1 (sig[lenR + 6] == 0x00) !(sig[lenR + 7] 0x80)) return false; You mean null bytes at the start of S. Cheers, Rusty. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Why Bitcoin is and isn't like the Internet
Ultimately the only way to insure bitcoin holdings is with an insurer who themselves holds enough bitcoin to cover replacement of insured funds. In the existing insurance industry, this is handled through a system of re-insurance, where smaller firms are themselves insured against catastrophic events that might cause a large number of simultaneous claims. At the top of the chain sits super-cat insurance firms like Berkshire Hathaway who do actually have the reserves to pay out in case of such a super catastrophy. This is one of the most lucrative businesses in the world, and one that today's very large bitcoin holders will find themselves uniquely positioned to engage in as bitcoin grows into a major global currency. Aaron Voisine breadwallet.com On Tue, Jan 20, 2015 at 10:07 PM, 21E14 21x...@gmail.com wrote: This is a response to a wonderfully insightful recent post by Joichi Ito, the Director of the MIT Media Lab. In it, Dr. Ito, notably a former Board Member of ICANN, offered his thoughts on Why Bitcoin is and isn't like the Internet and asked a most pertinent question: Whether there is an ICANN equivalent needed for Bitcoin. As suggested in recent posts to the mailing list, I believe there might be, but for a reason that may not seem obvious at first. Alan Reiner expressed the need this way: I think one of the biggest issues facing Bitcoin right now is not the lack of a 'killer app.' It is lack of insurance options. Early adopters would like to believe that the majority of users will hold their own Bitcoin, but I believe that is not a realistic option when life-changing quantities of Bitcoin are involved. We should not trust Grandma to secure her own retirement savings via complicated computer maneuvers. More to the point, she should not trust herself or anyone else (sic!) to hold it unless there is a strong protection against loss events. Right now the solution is for Grandma to avoid keeping her money in Bitcoin. Bitcoin needs a strong backbone of insured storage options so that Grandma can confidently participate in this new technology. This is certainly an observation to take heed of coming from the founder of Armory Technologies. The protection against loss events ought to be understood in the broadest sense. What is needed is a disaster recovery mechanism. Andreas Antonopoulos remarks expressed this candidly last year: Bitcoin doesn't have a middle of the road mediocre growth model. It basically either dies, because of a fundamental flaw in the Bitcoin system. Not an external factor, an internal factor: We blow it up by accident. And that could happen... Bitcoin will play out in the next three years. In the next three years we're going to see Bitcoin arrive on the global stage and make a substantial impact, both in financial terms and in political terms. It will happen. Or it will die. Either way. I'm not sure. In which case we'll reboot another currency. A body, not entirely unlike ICANN, can manage the nexus to the physical world, and help address Bitcoin's catastrophic failure modes. Bitcoin's coin ownership protocol would thus join the ranks of its payment protocol, coin issuance protocol, consensus mechanism and inflation control that pose no lethal threat to the ecosystem. In addition to their coin-agnostic nature, I suspect the high valuation of large Bitcoin hubs relative to Bitcoin's market cap at this stage in its lifecycle is partly reflective of the sneaking suspicion that a custodial bitcoin (a bitcoin attached to an identity) may be worth more than a non-custodial one. With this in mind, I'll pitch in for the ticket should Dr. Ito decide to join the next month's DevCore Boston conference aimed at supporting the future development of Bitcoin. It's an hour's walk from MIT after all. -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] The legal risks of auto-updating wallet software; custodial relationships
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/20/2015 12:48 PM, Tamas Blummer wrote: The legal hurdle to force confiscation through a wallet provider might also be lower if the target user is not domestic. Depending on the threat model, the incentive to force confiscation might also be lower. - -- Justus Ranvier | Monetas http://monetas.net/ mailto:jus...@monetas.net | Public key ID : C3F7BB2638450DB5 | BM-2cTepVtZ6AyJAs2Y8LpcvZB8KbdaWLwKqc -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJUvq0CAAoJECpf2nDq2eYjr9kP/RWEg8Az43T+7qMFnrk37+y/ 0pyEQ/zisao1d0LouxyGFu704U8Qayk96hUu+2GAQpS8hHVA0CmDW8E1hqKG2nGl MTTQYp7932NY2NysIvNaQDhVErZZFqMpPYCnsSrnwUrygh+QjWAI8nvrrcgprG5/ zybzs5IJjFQ7QwYJ92D01shkqQJLYYspp2ME3z97AwPCBanN8eG4Iji/V8/aJqcZ ZqF7yUjAySVUOUzR+Vju1C7N1i9MHzIG9vZA/jkaCiqZ8bvyQTm9LwSK3quoxGAB lTplIwKjWsEvs0nm0RyurcPIWq1ppfPiWCaMCNDA5Byz3mJbSrRW5ErFgBtpYkgw CF+WqoWU8fajQjqd8xcsKJmVyQqk4dUWXJQLGnd6pC3DCZGOPhr+6674vgmEQG5A bXoBAtJfAJkxkDGEsngs4EBGc08iy+t6tJUh7+wI/La8xulM5BgJkQRTnL4Hn6KS pcgYV9JP1BWMB4fkdL81mKnG98BJ98pj019C0nuPYQtSA0rUsWG9d3NYDPe87I+K 7UJ6NlNxTLxnS7nhr8Wk9UdqkFMsCQxF/RFR6I9vCQ/FMSD+i1786I72kkyf4cWJ 4ZssTX3yo6pN/faU2cBk84PQlA2ziARXqO+jzbxVR7AFpT2BESUtBdirh1CPEMfR piBBTr6I86R2bpZYv046 =pJvU -END PGP SIGNATURE- 0xEAD9E623.asc Description: application/pgp-keys -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
