ð
Original date posted:2012-11-27
ð Original message:On Tuesday 27 November 2012 17:14:19 Mike Hearn wrote:
> That's pretty much what we have today - in future other schemes can be
> proposed as extensions. Protocol buffers are easily extended, they
> ignore unknown fields. Then you'd wait and see what the invoice
> request looked like and produce an invoice with the right security
> bits.
That's good; I've not done anything with protocol buffers, so wasn't aware it
was that simple.
> > In particular two additional identification types:
> > - GnuPG (obviously)
>
> It's not obvious to me, incidentally. The web of trust has been
> dead-on-arrival since it was first proposed, and for good reasons.
> SSL/X.509, for better or worse, has significant usage.
Sorry, I meant "obviously" in the sense that "obviously that's the other one
that everyone will want". The web-of-trust as a universal identity mechanism
is, I agree, not useful. However, as a localised, smaller-scale identity
verification system it's used by every GnuPG user. You become your own
certificate authority. For example, I've set up my whole family with GnuPG;
I've set them up to trust me to authenticate (and I doubt any of them has ever
added anyone else). Then I take on the responsibility of signing all my
family/friends keys and they don't need to worry about it.
There's no reason that a small group of companies wouldn't do exactly the same
sort of thing.
> Your case of a small business is a perfect example of people who won't
> be using GPG. If they don't want to buy an SSL cert, they can just as
Bear in mind, I was using that example as an example of a hash protected in a
GPG envelope, not a GPG-signed invoice. People who've already got their GPG
system in place will appreciate being able to leverage it.
> well put a reference number in the memo field or a "Hey Bob, here is
> the bill we discussed". The payer does not get the multi-factor auth
How can they put a hash of an invoice inside the invoice? In my "hash mode"
invoices, it would be a random number (or possibly specifying the hash
algorithm) then the SignedInvoice would simply be the original invoice + hash.
That hash would then be reported via some secure channel outside of bitcoin's
domain.
> protection so if their computer has a virus, they may be hosed. But
> that's good incentive for sellers to get verified. Some CA authorities
> do it for free these days.
I don't understand what the relevance of multi-factor is to invoices? The
payment is performed via normal bitcoin mechanisms isn't it -- multi-factor or
not? This invoice system has one primary job: to ensure that the target of
the payment is who the payer thinks it is -- that's not affected by multi-
factor methods of protecting my wallet.
Andy
--
Dr Andy Parkins
andyparkins at gmail.com
Andy Parkins [ARCHIVE] /
npub1nxâŠ7wjrv
2023-06-07 10:41:26
in reply to nevent1qâŠjr9a
Author Public Key
npub1nxlvf9mj3jzgue25n5d9y47s3h5hvg0ded9hwpejdxj9mtrs34vs97wjrvSeen on
wss://relay.nostr.bandPublished at
2023-06-07 10:41:26Event JSON
{
"id": "fa131e6ee717be555ded574c8f27ed5ef12b9fd15be9a7895e7a7bc47e9c8a37",
"pubkey": "99bec497728c848e65549d1a5257d08de97621edcb4b77073269a45dac708d59",
"created_at": 1686134486,
"kind": 1,
"tags": [
[
"e",
"f5f2400f8aa8a7067be3d080f096fd7cbfeecdd6e589c178b85b63a9338150a5",
"",
"root"
],
[
"e",
"3e3c61009c7f4da54f6639320770db013fb28912683b70d7f04dc564c0340265",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "ð
Original date posted:2012-11-27\nð Original message:On Tuesday 27 November 2012 17:14:19 Mike Hearn wrote:\n\n\u003e That's pretty much what we have today - in future other schemes can be\n\u003e proposed as extensions. Protocol buffers are easily extended, they\n\u003e ignore unknown fields. Then you'd wait and see what the invoice\n\u003e request looked like and produce an invoice with the right security\n\u003e bits.\n\nThat's good; I've not done anything with protocol buffers, so wasn't aware it \nwas that simple.\n\n\u003e \u003e In particular two additional identification types:\n\u003e \u003e - GnuPG (obviously)\n\u003e \n\u003e It's not obvious to me, incidentally. The web of trust has been\n\u003e dead-on-arrival since it was first proposed, and for good reasons.\n\u003e SSL/X.509, for better or worse, has significant usage.\n\nSorry, I meant \"obviously\" in the sense that \"obviously that's the other one \nthat everyone will want\". The web-of-trust as a universal identity mechanism \nis, I agree, not useful. However, as a localised, smaller-scale identity \nverification system it's used by every GnuPG user. You become your own \ncertificate authority. For example, I've set up my whole family with GnuPG; \nI've set them up to trust me to authenticate (and I doubt any of them has ever \nadded anyone else). Then I take on the responsibility of signing all my \nfamily/friends keys and they don't need to worry about it.\n\nThere's no reason that a small group of companies wouldn't do exactly the same \nsort of thing.\n\n\u003e Your case of a small business is a perfect example of people who won't\n\u003e be using GPG. If they don't want to buy an SSL cert, they can just as\n\nBear in mind, I was using that example as an example of a hash protected in a \nGPG envelope, not a GPG-signed invoice. People who've already got their GPG \nsystem in place will appreciate being able to leverage it.\n\n\u003e well put a reference number in the memo field or a \"Hey Bob, here is\n\u003e the bill we discussed\". The payer does not get the multi-factor auth\n\nHow can they put a hash of an invoice inside the invoice? In my \"hash mode\" \ninvoices, it would be a random number (or possibly specifying the hash \nalgorithm) then the SignedInvoice would simply be the original invoice + hash. \nThat hash would then be reported via some secure channel outside of bitcoin's \ndomain.\n\n\u003e protection so if their computer has a virus, they may be hosed. But\n\u003e that's good incentive for sellers to get verified. Some CA authorities\n\u003e do it for free these days.\n\nI don't understand what the relevance of multi-factor is to invoices? The \npayment is performed via normal bitcoin mechanisms isn't it -- multi-factor or \nnot? This invoice system has one primary job: to ensure that the target of \nthe payment is who the payer thinks it is -- that's not affected by multi-\nfactor methods of protecting my wallet.\n\n\n\nAndy\n\n-- \nDr Andy Parkins\nandyparkins at gmail.com",
"sig": "93f1c10c642ebcbe6cf108a487342d7a22ca49be243e839284b2b71b4f66be35bbcf6b1f9b1d1f1e174c00fca9cec8a88403b9527f3c949c50e8a8e577538f9e"
}