* [bitcoin-dev] URI scheme for signing and verifying messages
@ 2015-09-14 18:57 Arthur - bitcoin-fr.io
2015-09-14 23:51 ` Thomas Kerin
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Arthur - bitcoin-fr.io @ 2015-09-14 18:57 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]
Hi,I realized that there isn't any way to ask for a signature (or to verify a message) as easily you can do when requesting a payment using a bitcoin URI scheme (BIP0021).I think a URI scheme to use the signing tools in bitcoin core might be useful, and with a proper consensus it could become available in most bitcoin clients who already support message signing/verifying and payment url (or QRCode) and enable new uses of bitcoin signatures.A way to gain proper consensus is going through a BIP, so that's why I'm here: to present my idea publicly before going any further (draft BIP and reference implementation).Some thoughts - like BIP0021: "Bitcoin clients MUST NOT act on URIs without getting the user's authorization." so signing requires the user to manually approve the process - it could use the same URI scheme than BIP0021 with an additional parameter (ex: signaction=) or use another one like BIP121 (ex: btcsig:)PS : I'll also post a topic in "Development & Technical Discussion" section on Bitcointalk
--Arthur Bouquet
[-- Attachment #2: Type: text/html, Size: 1594 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] URI scheme for signing and verifying messages
2015-09-14 18:57 [bitcoin-dev] URI scheme for signing and verifying messages Arthur - bitcoin-fr.io
@ 2015-09-14 23:51 ` Thomas Kerin
2015-09-15 4:03 ` Luke Dashjr
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Kerin @ 2015-09-14 23:51 UTC (permalink / raw)
To: Arthur - bitcoin-fr.io; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1576 bytes --]
I think it would be more akin to bip70. I have a similar proposal, largely
already written up around this. I'm very interested in having this for
multi signature wallets.
On 14 Sep 2015 8:06 pm, "Arthur - bitcoin-fr.io via bitcoin-dev" <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> Hi,
> I realized that there isn't any way to ask for a signature (or to verify a
> message) as easily you can do when requesting a payment using a bitcoin URI
> scheme (BIP0021).
> I think a URI scheme to use the signing tools in bitcoin core might be
> useful, and with a proper consensus it could become available in most
> bitcoin clients who already support message signing/verifying and payment
> url (or QRCode) and enable new uses of bitcoin signatures.
> A way to gain proper consensus is going through a BIP, so that's why I'm
> here: to present my idea publicly before going any further (draft BIP and
> reference implementation).
> Some thoughts
> - like BIP0021: "Bitcoin clients MUST NOT act on URIs without getting the
> user's authorization." so signing requires the user to manually approve the
> process
> - it could use the same URI scheme than BIP0021 with an additional
> parameter (ex: signaction=<verify/sign>) or use another one like BIP121
> (ex: btcsig:)
> PS : I'll also post a topic in "Development & Technical Discussion"
> section on Bitcointalk
>
> --
> Arthur Bouquet
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
[-- Attachment #2: Type: text/html, Size: 2287 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] URI scheme for signing and verifying messages
2015-09-14 18:57 [bitcoin-dev] URI scheme for signing and verifying messages Arthur - bitcoin-fr.io
2015-09-14 23:51 ` Thomas Kerin
@ 2015-09-15 4:03 ` Luke Dashjr
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2 siblings, 0 replies; 6+ messages in thread
From: Luke Dashjr @ 2015-09-15 4:03 UTC (permalink / raw)
To: bitcoin-dev, Arthur - bitcoin-fr.io
On Monday, September 14, 2015 6:57:01 PM Arthur - bitcoin-fr.io via bitcoin-
dev wrote:
> Hi,I realized that there isn't any way to ask for a signature (or to verify
> a message) as easily you can do when requesting a payment using a bitcoin
> URI scheme (BIP0021).I think a URI scheme to use the signing tools in
> bitcoin core might be useful, and with a proper consensus it could become
> available in most bitcoin clients who already support message
> signing/verifying and payment url (or QRCode) and enable new uses of
> bitcoin signatures.A way to gain proper consensus is going through a BIP,
> so that's why I'm here: to present my idea publicly before going any
> further (draft BIP and reference implementation).Some thoughts - like
> BIP0021: "Bitcoin clients MUST NOT act on URIs without getting the user's
> authorization." so signing requires the user to manually approve the
> process - it could use the same URI scheme than BIP0021 with an additional
> parameter (ex: signaction=) or use another one like BIP121 (ex: btcsig:)PS
> : I'll also post a topic in "Development & Technical Discussion" section
> on Bitcointalk --Arthur Bouquet
I think probably the whole signed message thing needs to be rethought. The
most common "uses" today seem to be insecure cases that it doesn't actually
work in: people trying to prove ownership of bitcoins and/or that they sent
bitcoins (current signed messages can do neither). Ideally, whatever the new
method is should also avoid using the same key as for signing transactions,
since the public key is technically private information. Furthermore, since
addresses are semi-deprecated (by the payment protocol), I'm not sure it
makes sense to do this without designing an entire authentication system,
which may be rather complex.
Luke
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] URI scheme for signing and verifying messages
2015-09-14 18:57 [bitcoin-dev] URI scheme for signing and verifying messages Arthur - bitcoin-fr.io
2015-09-14 23:51 ` Thomas Kerin
2015-09-15 4:03 ` Luke Dashjr
@ 2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2015-09-15 12:08 ` Luke Dashjr
2015-09-15 13:21 ` Arthur - bitcoin-fr.io
2 siblings, 2 replies; 6+ messages in thread
From: Arthur - bitcoin-fr.io @ 2015-09-15 10:49 UTC (permalink / raw)
To: Luke Dashjr, bitcoin-dev
September 15 2015 6:04 AM, "Luke Dashjr" <luke@dashjr•org> wrote:
> I think probably the whole signed message thing needs to be rethought. The
> most common "uses" today seem to be insecure cases that it doesn't actually
> work in: people trying to prove ownership of bitcoins and/or that they sent
> bitcoins (current signed messages can do neither). Ideally, whatever the new
> method is should also avoid using the same key as for signing transactions,
> since the public key is technically private information. Furthermore, since
> addresses are semi-deprecated (by the payment protocol), I'm not sure it
> makes sense to do this without designing an entire authentication system,
> which may be rather complex.
>
> Luke
My proposal is about the current signing process (which exists event it it's not perfect) but it could also work with a new signing message system tomorrow. It more about give users an easier way to access existing tools than the "sign message thing" itself.
BTW I'm aware of privacy issues, but could you elaborate on why the use case your are referring to doesn't actually work?
Here are a use of bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to speak about a real case.
--
Arthur
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] URI scheme for signing and verifying messages
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
@ 2015-09-15 12:08 ` Luke Dashjr
2015-09-15 13:21 ` Arthur - bitcoin-fr.io
1 sibling, 0 replies; 6+ messages in thread
From: Luke Dashjr @ 2015-09-15 12:08 UTC (permalink / raw)
To: Arthur - bitcoin-fr.io; +Cc: bitcoin-dev
On Tuesday, September 15, 2015 10:49:36 AM Arthur - bitcoin-fr.io wrote:
> September 15 2015 6:04 AM, "Luke Dashjr" <luke@dashjr•org> wrote:
> > I think probably the whole signed message thing needs to be rethought.
> > The most common "uses" today seem to be insecure cases that it doesn't
> > actually work in: people trying to prove ownership of bitcoins and/or
> > that they sent bitcoins (current signed messages can do neither).
> > Ideally, whatever the new method is should also avoid using the same key
> > as for signing transactions, since the public key is technically private
> > information. Furthermore, since addresses are semi-deprecated (by the
> > payment protocol), I'm not sure it makes sense to do this without
> > designing an entire authentication system, which may be rather complex.
> >
> > Luke
>
> My proposal is about the current signing process (which exists event it
> it's not perfect) but it could also work with a new signing message system
> tomorrow. It more about give users an easier way to access existing tools
> than the "sign message thing" itself.
One of my concerns is that making the existing signatures even easier will
cause incompatible uses to become more prolific and accepted, increasing the
overall risk. Hence my recommendation to satisfy these clearly-existing use
cases with a safe signature *first*.
> BTW I'm aware of privacy issues, but could you elaborate on why the use
> case your are referring to doesn't actually work?
The signed message proves that the person who *receives* payment with the
address agrees to a given message/contract.
It is therefore appropriate and a best practice for web wallet providers
(inherent problems with webwallets aside) to allow users to sign messages
with their deposit addresses. When bitcoins are received by this address, the
transaction creates a low-level UTXO representing the bitcoins *in the
wallet*, but this UTXO is not associated with the address itself. Therefore,
it is entirely possible that this UTXO remains unspent/valid on the
blockchain even after the user in question has spent their entire balance at
the webwallet and therefore such a signature proves only that they once
received the payment, but *not* that they presently still have the bitcoins
received.
Furthermore, it is proper for the UTXO to be redeemed at a low-level by the
wallet when an entirely unrelated user is sending a transaction. In such a
circumstance, the original recipient of the bitcoins would still be able to
sign a message, even though they have nothing to do with nor any right to the
goods/services purchased with the transaction redeeming that UTXO.
> Here are a use of
> bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to
> speak about a real case.
Yes, there are a few good use cases for the current signed messages, but they
appear to be a minority at the moment. I suspect implementing any URI-based
signing would actually make them more difficult as well, since it is
additional code on the requester's part.
Luke
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] URI scheme for signing and verifying messages
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2015-09-15 12:08 ` Luke Dashjr
@ 2015-09-15 13:21 ` Arthur - bitcoin-fr.io
1 sibling, 0 replies; 6+ messages in thread
From: Arthur - bitcoin-fr.io @ 2015-09-15 13:21 UTC (permalink / raw)
To: Luke Dashjr; +Cc: bitcoin-dev
September 15 2015 2:10 PM, "Luke Dashjr" <luke@dashjr•org> wrote:
> On Tuesday, September 15, 2015 10:49:36 AM Arthur - bitcoin-fr.io wrote:
>
>> September 15 2015 6:04 AM, "Luke Dashjr" <luke@dashjr•org> wrote:
>>> I think probably the whole signed message thing needs to be rethought.
>>> The most common "uses" today seem to be insecure cases that it doesn't
>>> actually work in: people trying to prove ownership of bitcoins and/or
>>> that they sent bitcoins (current signed messages can do neither).
>>> Ideally, whatever the new method is should also avoid using the same key
>>> as for signing transactions, since the public key is technically private
>>> information. Furthermore, since addresses are semi-deprecated (by the
>>> payment protocol), I'm not sure it makes sense to do this without
>>> designing an entire authentication system, which may be rather complex.
>>>
>>> Luke
>>
>> My proposal is about the current signing process (which exists event it
>> it's not perfect) but it could also work with a new signing message system
>> tomorrow. It more about give users an easier way to access existing tools
>> than the "sign message thing" itself.
>
> One of my concerns is that making the existing signatures even easier will
> cause incompatible uses to become more prolific and accepted, increasing the
> overall risk. Hence my recommendation to satisfy these clearly-existing use
> cases with a safe signature *first*.
>
Ideally yes, but it will take some time to make a new signature system.
I could also propose a URI scheme that will work with a future implementation but be compatible with the current one explaining its limitations (ex: sigversion=1 to use the current system, default value is sigversion=2 which won't work until a new system is developped).
>> BTW I'm aware of privacy issues, but could you elaborate on why the use
>> case your are referring to doesn't actually work?
>
> The signed message proves that the person who *receives* payment with the
> address agrees to a given message/contract.
>
> It is therefore appropriate and a best practice for web wallet providers
> (inherent problems with webwallets aside) to allow users to sign messages
> with their deposit addresses. When bitcoins are received by this address, the
> transaction creates a low-level UTXO representing the bitcoins *in the
> wallet*, but this UTXO is not associated with the address itself. Therefore,
> it is entirely possible that this UTXO remains unspent/valid on the
> blockchain even after the user in question has spent their entire balance at
> the webwallet and therefore such a signature proves only that they once
> received the payment, but *not* that they presently still have the bitcoins
> received.
>
> Furthermore, it is proper for the UTXO to be redeemed at a low-level by the
> wallet when an entirely unrelated user is sending a transaction. In such a
> circumstance, the original recipient of the bitcoins would still be able to
> sign a message, even though they have nothing to do with nor any right to the
> goods/services purchased with the transaction redeeming that UTXO.
>
>> Here are a use of
>> bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to
>> speak about a real case.
>
> Yes, there are a few good use cases for the current signed messages, but they
> appear to be a minority at the moment. I suspect implementing any URI-based
> signing would actually make them more difficult as well, since it is
> additional code on the requester's part.
Ok,thx for your answer, I actually agree with you up until the last sentence. (if not I wouldn't propose this URI scheme :-)
--
Arthur
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-09-15 13:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-14 18:57 [bitcoin-dev] URI scheme for signing and verifying messages Arthur - bitcoin-fr.io
2015-09-14 23:51 ` Thomas Kerin
2015-09-15 4:03 ` Luke Dashjr
2015-09-15 10:49 ` Arthur - bitcoin-fr.io
2015-09-15 12:08 ` Luke Dashjr
2015-09-15 13:21 ` Arthur - bitcoin-fr.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox