Can we talk about removing SSL from the payment protocol and put PGP? - page 3.

kjj

legendary

Activity: 1302

Merit: 1026

If you write good patches to add PGP/WoT authentication, I suspect they would be merged in a heartbeat.

As far as I can tell, no one is opposed to such a thing, they just don't think it has a very good payoff to effort ratio compared to authentication using the global SSL PKI. Because of this, it is not a good candidate for being built first. If you disagree, feel free to write some code, or convince/bribe someone to do so.

cbeast

donator

Activity: 1736

Merit: 1014

Let's talk governance, lipstick, and pigs.

Couldn't we just have a small no fee unconfirmed payment required for security?

trior

member

Activity: 85

Merit: 10

PGP, SSL What's the difference?
please explain a little , so that non technical people like me fallow you.

Kenshin

sr. member

Activity: 280

Merit: 250

I totally agreed that PGP might be a better option. Because it will be more decentralized then using SSL.

mjosephs

full member

Activity: 129

Merit: 100

Quote from: gweedo on April 08, 2014, 07:16:07 PM

I think PGP would be better than SSL

You can talk about it all you like; the devs will just ignore you, like everybody else who told them this.

The payment ~~coin tracking~~ protocol's use of SSL CAs has been a suicidal idea from day one. The non-excuse proffered is "yeah but the CAs are the best of a lot of bad solutions". Guess what folks, if all the solutions are bad then maybe the problem isn't actually a "problem" and doesn't need solving.

Or more specifically, as in this case, you aren't solving a problem you're just hiding a problem (invoice authentication) behind a much harder, much more-unsolved and probably-never-solvable problem (general purpose PKI) so you can piggyback off of the excuses crafted by the probably-never-solvable-problem's non-solution vendors.

General-purpose, worldwide, universally trusted PKI will never exist.

Tossing your lot in with the "most popular failed attempt" at solving this problem is much, much worse than admitting that nobody knows how to solve this problem and secure systems shouldn't be based on the assumption that it can be solved.

roslinpl

legendary

Activity: 2212

Merit: 1199

This is not bad idea at all but it need to be think about and it would be not so easy to implement. But

idea seems not bad.

gweedo

legendary

Activity: 1498

Merit: 1000

I think PGP would be better than SSL, plus all can be keyservers or a DHT keyserver. It really wouldn't be too hard to add this. I think we need to reopen this discussion. Remember the payment protocol doesn't hinder users because of how technical it is but companies that want to use bitcoins can easily do this.

Topic: Can we talk about removing SSL from the payment protocol and put PGP? - page 3. (Read 2455 times)