Author

Topic: IDEA: a service that bind bitcoin receiving addresses to your email... (Read 1497 times)

vip
Activity: 169
Merit: 100
This has been done so many times, and have failed cause the users don't know how to handle a trust-less system.

essentially I think namecoin is nearest solution for this purpose.
sr. member
Activity: 389
Merit: 250
I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.

If you embed this feature into a wallet client, that means the feature is only available to a portion of bitcoin users, which is a limit...
I think the intent is to be able to add this functionality to any wallet (the wallet could confirm the address you're adding goes to the correct person), and users of wallets that don't support this functionality natively can just use a standalone program or web interface
vip
Activity: 169
Merit: 100
I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.

If you embed this feature into a wallet client, that means the feature is only available to a portion of bitcoin users, which is a limit...
sr. member
Activity: 352
Merit: 250
https://www.realitykeys.com
We need a service like a DNS, where a bitcoin client makes a request for the mail address "[email protected]" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through

The service need not to be trusted if you use some kind of crypto... The best way as I said would be to use PGP/GPG with included Bitcoin address in the note field along with your email or just signing the current BTC address with you GPG key and posting the clearsign text on the 3rd party website where users can view it and optionally check in their own gpg client.

EDIT: It would be nice if you could do it all with just Bitcoin signatures, but that's impossible for this use-case (you would be signing e-mail address with an "untrusted" Bitcoin key pair).

EDIT2: Also note that all previously created clearsigned addresses can be securely revoked as long as you keep your private key private, which is good in case your wallet gets compromised (but not your GPG private key; but there's also way to create GPG revocation certificate and broadcast it to keyservers when you private key gets compromised and it invalidates everything signed with the now compromised key).

I'll post a proper announcement later but I've been working on a service a bit like this. I'm planning on starting with a version that runs on Twitter for Twitter usernames, then doing email, then other kinds of identity. (My original motivation was virtual world avatars for OpenSim, which I'd also like to do.)

The way I see it, the problem is split into two parts, which could conceivably be run by different people:

1) Confirming identity-address pairs (eg this address belongs to this email) and signing them with the identity-confirmer's GPG certificate. This is done either by sending a confirmation message (email) or by trusting the information given by a system's API (Twitter). Traditionally this is the kind of thing that webs of trust can help with, and that may turn out to be the ultimate solution, but I think we get something usable quicker with just a few trusted parties. If somebody turns out not to be trustworthy we can stop serving data they've signed.

2) Storing and serving the GPG-signed identity-address pairs, and making them available through an API to anyone who knows the identity side (eg the email address). People using the API would check the signature of the data they fetched against a list of known good identity-confirmers, which should protect against the web server serving the data getting hacked.

Ideally I'd envisage this data being shared by at least 2 or 3 different people or organizations which all support the same API, so that you could develop applications that use it and be reasonably confident that it won't suddenly disappear. In a world full of technical people the data would all be entirely public, but in the real world that we sadly inhabit non-technical people generally have reservations about the way their email addresses are shared, so in practice I think this is also better done by a smallish number of independent people or organizations that agree to try hard not to leak it. Email addresses can be stored hashed, but that can be brute-forced in a lot of cases as they're fairly predictable. If somebody ends up accidentally leaking the data, that's bad, but not devastating.
newbie
Activity: 28
Merit: 0
I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.
sr. member
Activity: 406
Merit: 250
One does not simply mine Bitcoins
We need a service like a DNS, where a bitcoin client makes a request for the mail address "[email protected]" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through

The service need not to be trusted if you use some kind of crypto... The best way as I said would be to use PGP/GPG with included Bitcoin address in the note field along with your email or just signing the current BTC address with you GPG key and posting the clearsign text on the 3rd party website where users can view it and optionally check in their own gpg client.

EDIT: It would be nice if you could do it all with just Bitcoin signatures, but that's impossible for this use-case (you would be signing e-mail address with an "untrusted" Bitcoin key pair).

EDIT2: Also note that all previously created clearsigned addresses can be securely revoked as long as you keep your private key private, which is good in case your wallet gets compromised (but not your GPG private key; but there's also way to create GPG revocation certificate and broadcast it to keyservers when you private key gets compromised and it invalidates everything signed with the now compromised key).
full member
Activity: 140
Merit: 100
We need a service like a DNS, where a bitcoin client makes a request for the mail address "[email protected]" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through
sr. member
Activity: 406
Merit: 250
One does not simply mine Bitcoins
GPG would be perfect for this, although I'm not sure how many people would be comfortable with using it. Cheesy
vip
Activity: 169
Merit: 100
We need a service like a DNS, where a bitcoin client makes a request for the mail address "[email protected]" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?
full member
Activity: 140
Merit: 100
We need a service like a DNS, where a bitcoin client makes a request for the mail address "[email protected]" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.
member
Activity: 224
Merit: 10
I think it's a great idea and something like this is a must to make Bitcoin hit the mainstream.
vip
Activity: 169
Merit: 100
I confront a difficulty when I initiated the charity donation for Lushan Earthquake (https://bitcointalksearch.org/topic/help-lushan-first-public-bitcoin-donation-in-china-for-lushan-earthquake-181336): somebody reposted the text and replaced the receiving address with his own.

It's not the first time it occurred to me. I've once posted a receiving address in one of my article, which was quite popular, however, I lost that wallet, while the post were being reposted all the time.

Therefore, I want a service that can bind my bitcoin receiving address to my email address, which is almost "permanent" to me. With this service, I might change the bitcoin receiving address, but for others, what they only need to do is to send bitcoin to my email address.

Is this useful to you? If the idea is viable, I'll try to make it.

Thanks for your suggestions.

Jump to: