EDIT: 3 September 2014
THe software now is near feature-complete, but in order to test its compatibility with the large number of banks out there, we need testers! Please, if you want to help freeing Bitcoin from the harassment of the banks, come and talk to us.
E-mail: tlsnotarygroup-at-gmail.com
Freenode IRC: #tlsnotary-chat
Code:
https://github.com/tlsnotary/tlsnotaryEDIT: 29 July 2014
The goal of tlsnotary is to allow the buyer of BTC to prove to a 3rd party arbitrator that a money transfer to the seller has been made.
While logged into their bank account, the buyer requests a TLS-secured (HTTPS) statement page and presents it as proof to the arbitrator.
We use a scheme which leverages the TLS crypto in order to prevent the buyer from forging the proof. The novelty of this scheme is that it doesn't MITM the auditee's connection.
We have released software which implements the goal of this project. Now we are looking for people to test the software.
The final idea on which the ultimate release is based started with this post:
https://bitcointalksearch.org/topic/m.4998488Then it was enhanced by oakpacific in this post:
https://bitcointalksearch.org/topic/m.6160307The announcement of a software release was made here:
https://bitcointalksearch.org/topic/m.7143321P.S. For real-time support, find us on #tlsnotary-chat on irc.freenode.net
----------------------------------------------------------------
THE INFORMATION BELOW IS OUTDATED. I LEFT IT HERE ONLY FOR HISTORICAL PURPOSES. WE HAVE TRIED VARIOUS SCHEMES UNTIL WE ARRIVED AT THE ONE WHICH DOES WORK.
----------------------------------------------------------------
EDIT2: 14 June 2013
There are many ways of going about implementing SSL logging, but I particularly like the one proposed in post#61
https://bitcointalksearch.org/topic/m.2304618Feel free to jump to #61 as the rest of the discussion basically springs from there.
EDIT:
Ever since starting this thread I realised that proxying SSL through escrow means that the bank can ban escrow's IP. While rather unlikely, I have come up with a more resilient method (post #10 in this thread) where all traffic goes through the user's IP while the escrow controls the SSL key.
https://bitcointalksearch.org/topic/m.2266868Goal: a payer needs to prove that he made a money transfer into the account of the seller (of BTC). This proof is only needed to be presented to an escrow agent in case a dispute arises. This proof aka SSL dump should not disclose payer's online bank login credentials.
Here is the workflow:
1. The user starts up his Firefox with an open-source plugin provided by the escrow agent
2. The user initiates an SSL connection to his online banking site
3. The user enters his username/password and logges in
4. After that all further traffic between user<<-->>bank gets redirected by the plugin through the escrow agent's proxy
5. The proxy collects all encrypted communication dumps.
6. The Firefox plugin knows the symmetric key which was used for SSL communication and which is needed to decrypt the dumps.
7. In case a dispute arises, the payer can provide the symetric key to the escrow agents.
8. The escrow agent decrypts the SSL dumps and verifies that the user has indeed initiated the funds transfer.
Cool?
Can I please get some criticism/peer reviews on this model.
Because I'm burning now to start coding right away!