Hi I have a small interjection about the point on error correction (excuse
me if it seems elementary). Isn't there an argument to be made where a
wallet software should never attempt to figure out the 'correct' address,
or in this case private key? I don't think it's crazy to suggest somebody
could import a slightly erroneous WIF, the software gracefully
error-corrects any problem, but then the user copies that error onward such
as in their backup processes like a paper wallet. I always hate to advocate
against a feature, I'm just worried too much error correcting removes the
burden of exactitude and attention of the user (eg. "I know I can have up
to 4 errors").

I'm pretty sure I read those arguments somewhere in a documentation or
issue tracker/forum post. Maybe I'm misunderstanding the bigger picture in
this particular case, but I was just reminded of that concept (even if it
only applies generally).

Thanks,
AJ West

On Sun, Sep 17, 2017 at 4:10 AM, Thomas Voegtlin via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> On 17.09.2017 04:29, Pieter Wuille wrote:
> >
> > This has been a low-priority thing for me, though, and the computation
> work
> > to find a good checksum is significant.
> >
>
> Thanks for the info. I guess this means that a bech32 format for private
> keys is not going to happen soon. Even if such a format was available,
> the issue would remain for segwit-in-p2sh addresses, which use base58.
>
> The ambiguity of the WIF format is currently holding me from releasing a
> segwit-capable version of Electrum. I believe it is not acceptable to
> use the current WIF format with segwit scripts; that would just create
> technological debt, forcing wallets to try all possible scripts. There
> is a good reason why WIF adds a 0x01 byte for compressed pubkeys; it
> makes it unambiguous.
>
> I see only two options:
>  1. Disable private keys export in Electrum Segwit wallets, until a
> common WIF extension has been agreed on.
>  2. Define my own WIF extension for Electrum, and go ahead with it.
>
> Defining my own format does make sense for the xpub/xprv format, because
> Electrum users need to share master public keys across Electrum wallets.
> It makes much less sense for WIF, though, because WIF is mostly used to
> import/sweep keys from other wallets.
>
> I would love to know what other wallet developers are going to do,
> especially Core. Are you going to export private keys used in segwit
> scripts in the current WIF format?
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>