On Thu, Apr 25, 2013 at 4:13 PM, Mike Caldwell <mcaldwell@swipeclock.com> wrote:
I am not sure if my replies hit the list. If not, can anyone who sees this help?

In the past, I have pre signed (with PGP) large batches of Bitcoin addresses for distribution on my server. This way, even in the event of compromise, there is no way someone could substitute an address of their own and have it have the same characteristics as other addresses I have signed.  The same general concept could be used to keep signing keys off the web server. 

Mike

I didn't see your other replies but got this one.

The assumption you made by doing that is that people can obtain your PGP key. This leads to the question of how someone knows what your key is or that you signed the list in the first place. The most obvious way is to go to https://www.casascius.com/ and click "My PGP key" -> but we already failed at this point if your web server was hacked. I'd have to learn about your cryptographic identity via some other secure channel, but usually that doesn't exist.

Being able to survive web server hacks is intuitively attractive because web servers tend to be so insecure. But unfortunately there doesn't seem to be any good way to do this with todays infrastructure because for most businesses, their website is their identity, and if a hacker controls that they it's very hard for anyone (including CAs) to know that something has gone wrong.

I think there are some simple mitigations we can use in the short term.

One is that wallets could count how many times you paid to addresses signed by a particular cert. If you're a repeat customer and your wallet says "You have never paid this recipient before" instead of "You have paid this recipient 4 times" then you might be suspicious. Someone pointed out to me that the current payment protocol has nothing to say on phishing using confusible domains - this could help with that too, and it's easy to implement. Of course it means you get reset whenever your certificate expires and has to be renewed, and crying wolf is often worse than doing nothing at all. So that's an issue.

With time there might be more complex solutions available, like extensions to X.509/CA infrastructure (if bitcoin stays growing and popular). Also, alternative PKIs like DNSSEC or the ePassport PKI might be useful. In your case Mike you aren't really a company, you're trading under your own name, so signing the key list under your legal identity is really the best solution. It's just not easily available right now.