Hi Daryl, I think the reason nobody has done that is that BIP70 isn't really that much work. It's basically just certs inside a protobuf, with a bit of extra data. I'm not sure yet another way to do the same thing is worth much. On Wed, Apr 2, 2014 at 2:59 AM, Daryl Banttari wrote: > Chris, > > Thank you for taking the time to look at my proposal. > > 1) pay to addresses are not fixed - ie you can have a different address >> for each transaction (which is why BIP70 is necessary to allow per >> transaction addresses via https.) >> > > This is certainly true for a "published" address; however a new address > (and URL) can be generated for each one-off peer-to-peer transaction. > However, I'd expect that most of the time this use case will be handed by > BIP70. Still, this could allow someone to implement a authenticated, > non-repudiable payment request without having to go through the hassle of a > full BIP70 implementation. > > >> 2) unless you are already aware of the public key of the signature, you >> do not know if the signature is made by the person you think it is supposed >> to be from. See recent concern over fake key for Gavin Andresen. Ie a >> signature can always be verified with a valid public key, the question is >> was it the real person's key. That is what WoT tried to resolve with >> so-called "signing parties", nowadays keys posted to a public forum by a >> known user, but it's not a standard and not ideal. >> > > My proposal leverages the existing SSL key system (yes, PKI), so there is > a reasonable expectation that if the signature verifies, it came from the > party indicated on the cert. While SSL (and the PKI system underpinning > it) have its faults, the example you highlighted was specifically a problem > with WoT, not PKI. Can a compromised web server cause payments to be made > to the wrong party? Of course-- but that's already true. And that's not > something BIP70 solves (or attempts to solve) either. > > (To explain [better than I could] why I feel PKI is a pragmatic solution, > I defer to Mike Hearn 's article: > https://medium.com/bitcoin-security-functionality/b64cf5912aa7) > > --Daryl > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >