Pages:
Author

Topic: Dark Wallet Certification (Read 5602 times)

sr. member
Activity: 279
Merit: 250
March 24, 2014, 11:16:04 AM
#29
I feel like a DarkWallet should require the full chain, although I know that's an unreasonable expectation.

Quote
The actual BIP37 standard, and existing implementations of it, have a number of other flaws that reduce privacy. For instance the standard lets the seed value of the hash function be tweaked with a 32-bit integer, nTweak. However on the one hand if randomly chosen and rarely changed, as suggested by BIP37, the 32-bit integer can be used by an attacker to correlate multiple connections from the same wallet. On the other hand if nTweak is changed an attacker that can link multiple bloom filters can AND those filters together to greatly decrease the
false-positive rate and determine exactly what funds are in the user's wallet.

http://article.gmane.org/gmane.comp.bitcoin.devel/3625
sr. member
Activity: 378
Merit: 325
hivewallet.com
December 23, 2013, 06:01:52 PM
#28
legendary
Activity: 1120
Merit: 1164
December 10, 2013, 07:29:33 AM
#27
The beginnings of organizing this on a wiki:
https://wiki.unsystem.net/index.php/DarkWallet/Certification

I'm also working on a summary document of my take on the certification requirements, including decentralization and security issues as well as privacy.
sr. member
Activity: 378
Merit: 325
hivewallet.com
December 09, 2013, 11:29:58 AM
#26
The beginnings of organizing this on a wiki:
https://wiki.unsystem.net/index.php/DarkWallet/Certification
legendary
Activity: 1232
Merit: 1076
November 20, 2013, 03:50:15 PM
#25
I would like if we're altogether to organise an assembly for discussion of these ideas.
sr. member
Activity: 378
Merit: 325
hivewallet.com
November 19, 2013, 09:18:37 PM
#24
I think the term you're looking for is "Best Practices", perhaps "Dark Wallet Best Practices"

Indeed.

please excuse my blunt ignorance on this but was one of the features going to be a built in mixer? 

Yes. That's CoinJoin.
full member
Activity: 182
Merit: 100
November 19, 2013, 02:28:44 PM
#23
please excuse my blunt ignorance on this but was one of the features going to be a built in mixer? 
legendary
Activity: 1120
Merit: 1164
November 19, 2013, 12:23:50 AM
#22
In the end, "certifications" are a public knowledge campaign. How that's carried out remains to be seen, but I think we're all pretty open-minded here, so if you've got a more polished idea, we're all ears.

That's exactly right. Please throw out any notion that we are looking to do some kind of top-down board or anything like that. Certification is just a word. Maybe it should say "Dark Wallet Recommended Guidelines"

I think the term you're looking for is "Best Practices", perhaps "Dark Wallet Best Practices"
sr. member
Activity: 378
Merit: 325
hivewallet.com
November 18, 2013, 09:45:35 PM
#21
And why exactly do you believe certifications are the way to go here ? For this specifically I'm not taking into consideration any of the recent events, so you can scrap that from your line of thought towards me.
In the end, "certifications" are a public knowledge campaign. How that's carried out remains to be seen, but I think we're all pretty open-minded here, so if you've got a more polished idea, we're all ears.

That's exactly right. Please throw out any notion that we are looking to do some kind of top-down board or anything like that. Certification is just a word. Maybe it should say "Dark Wallet Recommended Guidelines"
full member
Activity: 142
Merit: 100
Hive/Ethereum
November 18, 2013, 10:23:51 AM
#20
And why exactly do you believe certifications are the way to go here ? For this specifically I'm not taking into consideration any of the recent events, so you can scrap that from your line of thought towards me.

In the end, "certifications" are a public knowledge campaign. How that's carried out remains to be seen, but I think we're all pretty open-minded here, so if you've got a more polished idea, we're all ears.
staff
Activity: 4284
Merit: 8808
November 18, 2013, 09:29:42 AM
#19
Touching on gmaxwell's point about whether or not features should be forced, I think we can divide the features into two main categories:
  • Individual protections: Anything where the strength of the protection is not dependent or is only "linearly" dependent on how many other people also use it. For instance local encryption of wallets, encryption of p2p communication channels, etc.
  • Communal protections: Anything where the protection is made significantly stronger as more people use it. Examples include CoinJoin, CoinSwap and mix networks.
See also Eben's brilliant comments regarding privacy problems as an ecological disaster.
member
Activity: 98
Merit: 10
nearly dead
November 18, 2013, 12:11:01 AM
#18

All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.

Are you interested in privacy, security and decentralization being a standard part of wallets? If so, please consider taking a less cynical attitude towards the proposal. It's understandable (especially lately) that there is a lot of fear and doubt lingering around, but on the other hand that's all the more reason to push forward. It may be that the initial attempt goes nowhere... But let's try.


And why exactly do you believe certifications are the way to go here ? For this specifically I'm not taking into consideration any of the recent events, so you can scrap that from your line of thought towards me.
sr. member
Activity: 378
Merit: 325
hivewallet.com
November 18, 2013, 12:06:29 AM
#17
Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?

Let's figure that out together. It will be discussed, so if you are not attending the Milan meeting and have some ideas, please throw them out here. What we can definitely tell you is that we would keep this as open and democratic as possible. Certification could be anointed by vote, or by self-appointment (with justification). Probably the latter is best, so we can spawn thousands of additional threads on bitcointalk where we bicker about this-or-that detail. Who knows.

All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.

Are you interested in privacy, security and decentralization being a standard part of wallets? If so, please consider taking a less cynical attitude towards the proposal. It's understandable (especially lately) that there is a lot of fear and doubt lingering around, but on the other hand that's all the more reason to push forward. It may be that the initial attempt goes nowhere... But let's try.

And please see our comment above to crazy_rabbit. We don't yet know how this could be done without corruption in some respect, but openly discussing it without blind dismissal is surely the best way to figure that out, no?

*hug*
member
Activity: 98
Merit: 10
nearly dead
November 17, 2013, 10:55:03 PM
#16
Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?

All idiotic questions, goes well along the idiotic topic's title.

What should be done instead is just create a page with the features expected for An (Vaporware) App With a Name I Like. Then if you make My App I Like Best with those features, you just say that you have all the features for that (Vaporware) App With a Name I Like with a reference to that page created previously.

After reading some of the comments here, I'm surprised that the bitcoin-qt client is still free and open source. Calling for certifications (even more than one, lol) is certainly a joke, a bad one.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
November 17, 2013, 10:19:39 PM
#15
Who is going to implement certification? And check it? And enforce it? And Pay for it? Or is it just voluntary and you get to throw a gif up on your webpage that says your a member a-la Bitcoin foundation?
sr. member
Activity: 378
Merit: 325
hivewallet.com
November 17, 2013, 08:38:09 PM
#14
I'm going to try to make it for at least a couple days. Being this is such a long running meeting, is there any sort of agenda being drawn up?

That's precisely what we are trying to encourage here.

Is this free?

The meeting or the certification? They are both free/should be free, presumably.
legendary
Activity: 1120
Merit: 1164
November 17, 2013, 04:07:30 PM
#13
Touching on gmaxwell's point about whether or not features should be forced, I think we can divide the features into two main categories:

  • Individual protections: Anything where the strength of the protection is not dependent or is only "linearly" dependent on how many other people also use it. For instance local encryption of wallets, encryption of p2p communication channels, etc.
  • Communal protections: Anything where the protection is made significantly stronger as more people use it. Examples include CoinJoin, CoinSwap and mix networks.

Now what really distinguishes those two situations is that for the former, whether or not everyone adopts the same standard doesn't matter all that much, so a certification should be about what goals were achieved, not how.

However with the latter, there are really good reasons to try to get as many users on the same underlying protocol. For instance with CoinJoin/CoinSwap, you want the anonymity set to be all Bitcoin users, not "recent versions of electrum". This is especially important because CoinJoin won't get used if it's not convenient - the more people using it, the faster a join can be arranged and the more likely a casual user who mainly just wants his transaction to go through will be protected.

That doesn't mean every CoinJoin implementation has to be the same, but I do think we should make sure we come up with a lowest-common-denominator form of CoinJoin that is reasonable for any implementation to support and participate in. In this case I think we want the standard to eventually specify that common denominator explicitly.
full member
Activity: 238
Merit: 100
November 17, 2013, 07:57:50 AM
#12

... We assume the lack of centralized services wherever possible...

What ideas or thoughts do you all have?

Can you, or anyone really, see a situation where this is not possible?
sr. member
Activity: 279
Merit: 250
November 17, 2013, 07:45:51 AM
#11
Yea sorry that was a pretty empty comment on my part. I'll think of a name today.

Well, I guess we can start a running list of features a wallet that meets the standards support out of the box:
Like you said, CoinJoin, CoinSwap, most of the features of Bitcoin OMG (Coin Control, gmaxwell's privacy enhancement, etc...), extended public keys/HD wallets, and others I don't have time to list right now... will come back later.

Like gmaxwell said, none of these things should be forced on the end user, but should be available at the very least.

Is this mainly to enable network-wide privacy or are we trying to enforce more feature rich wallets in general? or both
sr. member
Activity: 378
Merit: 325
hivewallet.com
November 17, 2013, 06:52:35 AM
#10
Someone's name needs to change. I like the idea of a standard vetted and approved by the community, but conflating the unSYSTEM project and the certification names is misleading and a bit odd.

Let's call it a tentative name then. Any suggestions for the long-term one?

More importantly, does anyone have anything to contribute to the meat and fabric of this discussion? It would really be nice if Peter Todd and gmaxwell could speak up here with more leading direction.
Pages:
Jump to: