On Fri, Apr 4, 2014 at 4:56 PM, slush <slush@centrum.cz> wrote:

> I'm cracking my head for many months with the idea of using TREZOR for web
> auth purposes. Unfortunately I'm far from any usable solution yet.
>
> My main comments to your BIP: Don't use bitcoin addresses directly and
> don't encourage services to use this "login" for financial purposes. Mike
> is right, mixing authentication and financial services is wrong. Use some
> function to generate other private/public key from bitcoin's seed/private
> key to not leak bitcoin-related data to website.
>
>
I'm probably very naive, but the fact that the authentication key is your
Bitcoin address was for me a great feature :)
What are the risks associated of id yourself with a bitcoin address you
plan to use on the website for transaction ?

I mean, what is the difference between doing that, and id with a login/pass
and add your bitcoin address in a settings field ? (knowing you could
always find a mechanism to transfer the account to another bitcoin address
if needed)

Eric