Hi Rijndael,

I think your thoughts are pretty much compatible with this proposal, as what I'm describing (the recipient signing their keys) is also essentially a form of authentication.

It's a good observation that in general this makes the communication of addresses more secure. I do wish to re-emphasize Bryan's remark that you still need to ensure the pubkey itself is securely communicated.

>depending on the setup, this could be that the address server also has the Address Authentication privkey for bob, or it could be that bob gets some callback or notification, or that bob has pre-signed a batch of addresses

In my opinion the only meaningful distinction is whether Bob runs the Trustless Address Server himself (full privacy) or not. In either case I see no reason to diverge from the model where Bob deposits a batch of signed keys to the server, ensuring that no malicious addresses can be handed out.

Note I discussed the Trustless Address Server design in the first 20 minutes of this podcast:
https://twitter.com/bitcoinoptech/status/1580573594656333825

And I also brought it up in my presentation at Tabconf last Saturday, but that video isn't online yet.

Cheers,
Ruben



On Tue, Oct 18, 2022 at 2:07 AM Bryan Bishop via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
On Mon, Oct 17, 2022 at 7:05 PM rot13maxi via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Unbeknownst to them, the clipboard contents have been replaced with an address controlled by some bad actor.
[snip] 
Now imagine instead that the wallet has some address book with a pubkey for each recipient the user wants to send bitcoin to.

Isn't this the same problem but now for copy-pasting pubkeys instead of an address?

- Bryan
https://twitter.com/kanzure
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev