Pages:
Author

Topic: Invoices/Payments/Receipts proposal discussion - page 16. (Read 24742 times)

legendary
Activity: 1400
Merit: 1013
Regardless of how much you get pay to get a signed a certificate to run your website from some "corporate overlord," you are getting security against MitM attacks.
Really? That's news to me.

http://tech.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june
https://www.net-security.org/secworld.php?id=11537
http://threatpost.com/en_us/blogs/mozilla-warn-cas-about-issuing-mitm-certificates-021412

It looks more like the CA system is a bad joke that provides the illusion of protection only.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
Don't know nothin about any mailing list, but this scares me: "Requests for payment (Invoices) are tied to authenticated identities using the only widely-deployed identity authentication system we have right now (X.509 certificates signed by root certificate authorities)"

I'm certainly no expert on bitcoin's protocol or code, but it sounds like a bad idea to add any sort of centralization. I've never really trusted 'root certificate authorities' and I have heard of exploits being successful against them.

Why does anyone need identities when invoicing? Or more accurately, why must every invoice have an identity attached?


I too, felt uncomfortable about using the CA system.  It feels like a psuedo-centralized, corporate-privileged system that milks little guys for high profits.  I feel like it's not "in the spirit" of Bitcoin...

But then reality set in -- which is that the CA system does provide quite a bit of value.  Regardless of how much you get pay to get a signed a certificate to run your website from some "corporate overlord," you are getting security against MitM attacks.  And that is important, especially for invoices and payment requests with irreversible Bitcoin transactions.  This protocol can slide right into the existing CA infrastructure, and instantly provide on the protections that the system already gives to most other security-sensitive internet services.

In that sense, it is a massive boon to be able to piggyback off the existing infrastructure, since Bitcoin already has enough hurdles to get wider acceptance.  This won't be one of those hurdles.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
Why does anyone need identities when invoicing? Or more accurately, why must every invoice have an identity attached?

You will be able to generate and send unsigned invoices that has no identity attached.

But they are much less secure than signed invoices, because a "man in the middle" attacker could rewrite the Invoice so the bitcoins go to him.

Or if you have a dispute with the merchant and all you have is an unsigned Invoice, the merchant can claim that "your machine must have been hacked, you sent the bitcoins to an address that isn't mine!"

sr. member
Activity: 382
Merit: 253
Don't know nothin about any mailing list, but this scares me: "Requests for payment (Invoices) are tied to authenticated identities using the only widely-deployed identity authentication system we have right now (X.509 certificates signed by root certificate authorities)"

I'm certainly no expert on bitcoin's protocol or code, but it sounds like a bad idea to add any sort of centralization. I've never really trusted 'root certificate authorities' and I have heard of exploits being successful against them.

Why does anyone need identities when invoicing? Or more accurately, why must every invoice have an identity attached?
newbie
Activity: 56
Merit: 0
I have always been interested in the idea of form based contracts being filled in and cryptographically signed and even for such contracts to be able to control the movement of money when requirements are met.

I think one day such simple contracts will be used from point of sale to real estate escrow.
full member
Activity: 225
Merit: 101
One of my pet use cases is a group of friends splitting a restaurant check, with support for tips. I know the restaurants and bars that accept or want to accept Bitcoin would agree.
legendary
Activity: 1400
Merit: 1013
If I have an ongoing business relationship with a company and we are both using HD wallets I'd like the ability to exchange key parameters exactly once so that each one of us can generate an arbitrary number of unique addresses as needed for each future transaction.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
For those of you not subscribed to [email protected] :

We've been having a productive discussion of a proposal for a simple payment protocol to get a much better user experience than is given by bitcoin addresses:
  http://sourceforge.net/mailarchive/message.php?msg_id=30147926

This is the next big "lets all agree to do things the same way" thing I think we should tackle. Latest pseudo-spec is: https://gist.github.com/4120476

I'd prefer to keep the discussion on the mailing list (I think this forum is a great place for brainstorming, but I think the mailing list is a little better for getting consensus on all the nitty-gritty details of a proposal).
Pages:
Jump to: