📅 Original date posted:2022-10-18
📝 Original message:Hello Andrew and Bryan,
> No, as I understand the proposal, the "public key" held by the wallet is simply
> a signing key used to authenticate addresses, and never leaves the wallet.
That's right (or at least, that's the intent). Think of importing someone's GPG key and then using it to validate future signed messages from them. In this case, the public key stays in your "address book" entry for a person and then whenever you need to fetch a fresh address for them from the Address Server, your wallet can validate that it's for their wallet.
Making sure that you import a legitimate/authentic public key is a problem, but you only need to do it once per recipient, instead of doing it every time you need to transact with that person. Maybe that's something you solve in UI (i.e. Signal has you compare strings with your counter-party), or something you can solve through other metadata (GPG had WoT, or if you're already using an address server maybe there's some PKI scheme that's appropriate, etc.).
Rubin, I think you responded on another branch of the thread, but thanks for the podcast link. I'll check it out!
Cheers,
Rijndael
------- Original Message -------
On Tuesday, October 18th, 2022 at 8:42 AM, Andrew Poelstra <apoelstra at wpsoftware.net> wrote:
> On Mon, Oct 17, 2022 at 07:07:07PM -0500, Bryan Bishop via bitcoin-dev wrote:
>
> > Isn't this the same problem but now for copy-pasting pubkeys instead of an
> > address?
>
>
> No, as I understand the proposal, the "public key" held by the wallet is simply
> a signing key used to authenticate addresses, and never leaves the wallet. Yes,
> if the wallet's own memory is compromised, it can be tricked into accepting bad
> addresses, but this is much much harder than compromising data on the clipboard,
> which basically any application can do without any "real" exploits or special
> permissions.
>
> As an extreme, this proposal could be run on a hardware wallet which had some
> out-of-band way to obtain and authenticate public keys (similar to Signal QR
> codes).
>
> --
> Andrew Poelstra
> Director of Research, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> The sun is always shining in space
> -Justin Lewis-Webster
rot13maxi [ARCHIVE] /
npub12a…llglz
2023-06-07 23:14:06
in reply to nevent1q…zdad
Author Public Key
npub12aguh8y7hacsxc3c7fsjzkqh95nu9cuh4ec6htx9y3sz75722npqmllglzPublished at
2023-06-07 23:14:06Event JSON
{
"id": "afce214bddbcbc897e9ad7b379acd0f82435257a15658c73d013d63ff54b340f",
"pubkey": "5751cb9c9ebf71036238f2612158172d27c2e397ae71abacc524602f53ca54c2",
"created_at": 1686179646,
"kind": 1,
"tags": [
[
"e",
"ea43f2af105feface907b52de43940c36932ecd5ba849c28f38155d42df5d943",
"",
"root"
],
[
"e",
"28812a3d80ccd0f839190ad9e803826b81df9f44f9093334a375635089b16026",
"",
"reply"
],
[
"p",
"ee55eb03423bd4db01d5c92ad434d52c602d9da1de37ed37cc5bf7d2a13a4cab"
]
],
"content": "📅 Original date posted:2022-10-18\n📝 Original message:Hello Andrew and Bryan,\n\n\u003e No, as I understand the proposal, the \"public key\" held by the wallet is simply\n\u003e a signing key used to authenticate addresses, and never leaves the wallet. \n\nThat's right (or at least, that's the intent). Think of importing someone's GPG key and then using it to validate future signed messages from them. In this case, the public key stays in your \"address book\" entry for a person and then whenever you need to fetch a fresh address for them from the Address Server, your wallet can validate that it's for their wallet. \n\nMaking sure that you import a legitimate/authentic public key is a problem, but you only need to do it once per recipient, instead of doing it every time you need to transact with that person. Maybe that's something you solve in UI (i.e. Signal has you compare strings with your counter-party), or something you can solve through other metadata (GPG had WoT, or if you're already using an address server maybe there's some PKI scheme that's appropriate, etc.). \n\n\nRubin, I think you responded on another branch of the thread, but thanks for the podcast link. I'll check it out!\n\nCheers,\n\nRijndael\n\n------- Original Message -------\nOn Tuesday, October 18th, 2022 at 8:42 AM, Andrew Poelstra \u003capoelstra at wpsoftware.net\u003e wrote:\n\n\n\u003e On Mon, Oct 17, 2022 at 07:07:07PM -0500, Bryan Bishop via bitcoin-dev wrote:\n\u003e\n\u003e \u003e Isn't this the same problem but now for copy-pasting pubkeys instead of an\n\u003e \u003e address?\n\u003e\n\u003e\n\u003e No, as I understand the proposal, the \"public key\" held by the wallet is simply\n\u003e a signing key used to authenticate addresses, and never leaves the wallet. Yes,\n\u003e if the wallet's own memory is compromised, it can be tricked into accepting bad\n\u003e addresses, but this is much much harder than compromising data on the clipboard,\n\u003e which basically any application can do without any \"real\" exploits or special\n\u003e permissions.\n\u003e\n\u003e As an extreme, this proposal could be run on a hardware wallet which had some\n\u003e out-of-band way to obtain and authenticate public keys (similar to Signal QR\n\u003e codes).\n\u003e\n\u003e --\n\u003e Andrew Poelstra\n\u003e Director of Research, Blockstream\n\u003e Email: apoelstra at wpsoftware.net\n\u003e Web: https://www.wpsoftware.net/andrew\n\u003e\n\u003e The sun is always shining in space\n\u003e -Justin Lewis-Webster",
"sig": "027a0a8a0c5f15d41f2fae5622bfa8fae21948b41c0c9fd63156efedf3e2cb6be48213b984de3f545b8d8ab79828aa3c2ed3f319e2d321bd8bdb7b5ff6fef239"
}