Author

Topic: Instant confirmation via payment protocol - BIP70 Extension (Read 1045 times)

legendary
Activity: 1162
Merit: 1007
I think the spirit of this idea is a good one, but I haven't investigated enough to comment on your proposed implementation.  

Is it possible for a secure hardware wallet or a bitcoin signing tag to provide the "green address" signature?  The idea would be that the secure hardware contains a signing key that the user does not know and uses this to sign authorized transactions.  The secure hardware would track which outputs it has signed in the past to prevent the possibility of double spending.

Now let's say the manufacturer of the secure hardware learns that one of its signing keys loaded into a device (or devices) in the field is compromised.  The manufacturer can't stop his in-field hardware from producing signatures with the now-compromised green-address key.  Would it be possible for the manufacturer to revoke certification for just this particular key (or keychain)?  If so, can you explain in more detail how this would be done?

AFAIK the BIP proposal extension doesn't cover HOW to provide a "green address" signature. It covers how a payee can communicate which entities it trust to avoid problems in accepting transactions prior the confirmation and how a listed trusted entity can communicate its identity in response.

Yes, I recognize that.  But I think a discussion of the "how" is important as it might imply changes to the BIP in order to make the "how" possible for a wider range of signers.  For instance, I see Mike Hearn made similar comments to the first draft (which I assume Tryexcept took into account when he modified it to use X.509 certificates).  My understanding of X.509 is weak, so perhaps if I understood it better it would be obvious how Tryexcept's recent changes solves this issue identified by Mike here:

Quote
Now someone observes that not all wallets are websites. Perhaps a hardware wallet like the TREZOR is upgraded to start tracking which outputs it signed for and refusing to do so again. It wants to take part in this protocol too, using a device-specific key that's embedded into the chips at the factory. But now it doesn't fit with your design because there's no way to do an HTTPS GET from a TREZOR. So you say maybe the manufacturer key could sign device keys in a chain, and then the signature contains the signed device key .... now you have a cert chain.

If this new hardware wallet gets put under a scanning electron microscope and the per-device key is extracted then used for fraud, it'd be nice if there was a way to revoke it without revoking all the devices at once. Now you have OCSP.
member
Activity: 175
Merit: 10
Excellent use of multisig and the payment protocol.
I'll try to find time to comment on the draft BIP....
full member
Activity: 162
Merit: 100
I think the spirit of this idea is a good one, but I haven't investigated enough to comment on your proposed implementation.  

Is it possible for a secure hardware wallet or a bitcoin signing tag to provide the "green address" signature?  The idea would be that the secure hardware contains a signing key that the user does not know and uses this to sign authorized transactions.  The secure hardware would track which outputs it has signed in the past to prevent the possibility of double spending.

Now let's say the manufacturer of the secure hardware learns that one of its signing keys loaded into a device (or devices) in the field is compromised.  The manufacturer can't stop his in-field hardware from producing signatures with the now-compromised green-address key.  Would it be possible for the manufacturer to revoke certification for just this particular key (or keychain)?  If so, can you explain in more detail how this would be done?

AFAIK the BIP proposal extension doesn't cover HOW to provide a "green address" signature. It covers how a payee can communicate which entities it trust to avoid problems in accepting transactions prior the confirmation and how a listed trusted entity can communicate its identity in response.
legendary
Activity: 1162
Merit: 1007
I think the spirit of this idea is a good one, but I haven't investigated enough to comment on your proposed implementation.  

Is it possible for a secure hardware wallet or a bitcoin signing tag to provide the "green address" signature?  The idea would be that the secure hardware contains a signing key that the user does not know and uses this to sign authorized transactions.  The secure hardware would track which outputs it has signed in the past to prevent the possibility of double spending.

Now let's say the manufacturer of the secure hardware learns that one of its signing keys loaded into a device (or devices) in the field is compromised.  The manufacturer can't stop his in-field hardware from producing signatures with the now-compromised green-address key.  Would it be possible for the manufacturer to revoke certification for just this particular key (or keychain)?  If so, can you explain in more detail how this would be done?
staff
Activity: 4270
Merit: 1209
I support freedom of choice
Yeah, it's a cool idea Smiley
full member
Activity: 192
Merit: 100
Hello!

Quick introduction/background: my name is Lawrence Nahum and I'm the founder of GreenAddress, a BIP32 multisignature service and instant confirmation platform available in form of web socket APIs and Wallet for mobile, desktop and web. My background is in CS with distributed systems and I've worked most of my career in the City on OTC financial services like confirmation and clearing platforms.

This post is to gather feedback, comments and reviews about a BIP70 payment protocol proto buffer extension proposal.


Reddit discussion:
http://www.reddit.com/r/Bitcoin/comments/284me8/instant_confirmation_via_payment_protocol_bip70/

from a comment http://www.reddit.com/r/Bitcoin/comments/284me8/instant_confirmation_via_payment_protocol_bip70/ci7cqsp from that discussion:

Quote
If I read well a company such as Bitpay could insert two fields in their payment request which state that they will trust that the payment won't be double spent from second one without needing to wait the confirmation if the payment come from let's say a greenaddress wallet (but it could be any other party the decide to trust).

It could be interesting in many fields in which transactions need to be fast: for instance an exchange could support a bunch of wallets because they have anti double spending policies they have decided to trust enabling faster arbitrage operations.

One bitcoin atm producer could decide to trust some wallets as well to provide user provide with those specific wallets instantaneous withdrawals from their machines.

Private bitcoin purchases could be safer if the wallet of the receiver of the bitcoins could trust the sender's wallet because of its ability to prevent double spend and so on.

Bitcoin development mailing list:
http://permalink.gmane.org/gmane.comp.bitcoin.devel/5628


Cheers!
Lawrence
Jump to: