From: Mike Hearn <mike@plan99•net>
To: Adam Weiss <adam@signal11•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>,
Will <will.madden@novauri•com>
Subject: Re: [Bitcoin-development] Subject: Re: Proposal to address Bitcoin malware
Date: Tue, 3 Feb 2015 22:01:47 +0100 [thread overview]
Message-ID: <CANEZrP29oJU1i5mN=TmxRsVk4m5mJy9jf-=4gYvRKRfq11pkBg@mail.gmail.com> (raw)
In-Reply-To: <CAFVoEQQHVcY0Ad-4c2wnH+WF_7M-o5SNwVr-nce_9bQ794cwDQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1997 bytes --]
>
> TREZOR like devices with BIP70 support and third party cosigning services
> are a solution I really like the sound of. I suppose though that adding
> BIP70 request signature validation and adding certificate revocation
> support starts to balloon the scope of what is supposed to be a very simple
> device though.
>
Yes, X.509 is ....... unfortunate. We'll have to wait and see how the
TREZOR team get on with implementing it. TREZOR doesn't have any OS at all
at the moment, so an implementation of PKIX will probably end up being
larger than their existing codebase.
That said, X.509 parsing is so security critical that the existing
codebases for it are by now pretty robust. Touch wood. So just having a
super stripped down OpenSSL implementation is probably good enough.
W.R.T revocation, BIP70 doesn't support this. If your private key leaks
you're currently hosed, identity wise, until the certificate expires. This
is obviously suboptimal. In a world where we all have infinite time and
resources the right fix will be to piggy back on an X.509 extension being
proposed in the browser world called "Must Staple". It's a bit in the
certificate flags that tell the client to expect a stapled OCSP response
and to hard-fail if none is provided. By requesting the CA set this flag
when you get your certificate issued, you sign up for more pain but more
security.
An OCSP stapling extension to BIP70 would probably not be very hard to
implement, but it'd be pointless today because the client has no idea
whether to expect it or not. The absence of a certificate changes the UI by
showing you a random Bitcoin address instead of a human readable name, but
the absence of stapled OCSP would not result in any UI change.
> Regardless, I think a standard for passing partially signed transactions
> around might make sense
>
I'm hoping that the hardware wallet world just standardises on the TREZOR
protocol. It's well designed and these devices all have fairly similar
capabilities.
[-- Attachment #2: Type: text/html, Size: 2656 bytes --]
next prev parent reply other threads:[~2015-02-03 21:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-03 12:04 Will
2015-02-03 19:25 ` Adam Weiss
2015-02-03 20:09 ` Brian Erdelyi
2015-02-03 21:01 ` Mike Hearn [this message]
2015-02-03 22:58 ` Will
2015-02-04 1:03 ` Eric Voskuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANEZrP29oJU1i5mN=TmxRsVk4m5mJy9jf-=4gYvRKRfq11pkBg@mail.gmail.com' \
--to=mike@plan99$(echo .)net \
--cc=adam@signal11$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=will.madden@novauri$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox