Topic: Idea for a new trust system. (Read 835 times)
Decent idea, but hasn't this been done before for the web of trust on OTR?
Despite the fact that zetaray didn't see the fact that the private key didn't change, his point was sorta right.
It is already possible to completely secure an account by PMing your public key (BTC address or PGP pub ) and then signing a message with it to reclaim your account and reset email and password.
I doubt a noticeable number of trusted accounts have changed hands, so this is not as pressing an issue as it could be.
It is already possible to completely secure an account by PMing your public key (BTC address or PGP pub ) and then signing a message with it to reclaim your account and reset email and password.
I doubt a noticeable number of trusted accounts have changed hands, so this is not as pressing an issue as it could be.
Not quite true. For example, there was a case recently in which an account seemed to be hacked. The account then was purged of all bitcoin addresses / pgp keys and then sold to an account reseller. The account reseller sold the account to another person.
The account reseller and other person both argued that the account wasn't hacked and it was the original owner just trying to claim back the account. Now in either case, all the original owner would be able to do is revoke the trading history.
I don't know, it seems as though there already were a few rather trusted accounts that traded hands, but the original members are still around.
Escrows are often sent to completely new addresss. If the trusted address holds no coins, trusted key pairs can be sold with the trusted accounts. Nothing changed.
READ
THE
OP
This also means selling private keys would be rather difficult as it's not just transferring a username / password. The private key CAN'T change, so the original owner still can go back on the deal at any point in time.
Despite the fact that zetaray didn't see the fact that the private key didn't change, his point was sorta right.
It is already possible to completely secure an account by PMing your public key (BTC address or PGP pub ) and then signing a message with it to reclaim your account and reset email and password.
I doubt a noticeable number of trusted accounts have changed hands, so this is not as pressing an issue as it could be.
Its sound like you are trying to ban account selling not improving the trust system.
Escrows are often sent to completely new addresss. If the trusted address holds no coins, trusted key pairs can be sold with the trusted accounts. Nothing changed.
Rather than having trust tied to the account, I think it should be tied to a private / public key pair. I believe you should be able to "blacklist" private / public key pairs as well. This removes any chance at someone selling a trusted account.
Say a trusted member's private key was compromised by some chance. The main user still has it and can blacklist the public key using the private key.
This also means selling private keys would be rather difficult as it's not just transferring a username / password. The private key CAN'T change, so the original owner still can go back on the deal at any point in time.
The only abuse I can think of is those with negative trust generating a new key pair after each and every scam attempt. I think once a pair has be tied to a BTCtalk account, it remains 'public' information so people can always look at previous transactions.
Thoughts? Comments? Concerns? This was literally just a few mins of thinking, and not really a developed idea.
Say a trusted member's private key was compromised by some chance. The main user still has it and can blacklist the public key using the private key.
This also means selling private keys would be rather difficult as it's not just transferring a username / password. The private key CAN'T change, so the original owner still can go back on the deal at any point in time.
The only abuse I can think of is those with negative trust generating a new key pair after each and every scam attempt. I think once a pair has be tied to a BTCtalk account, it remains 'public' information so people can always look at previous transactions.
Thoughts? Comments? Concerns? This was literally just a few mins of thinking, and not really a developed idea.
Jump to: