๐
Original date posted:2015-09-15
๐ Original message:September 15 2015 2:10 PM, "Luke Dashjr" <luke at dashjr.org> wrote:
> On Tuesday, September 15, 2015 10:49:36 AM Arthur - bitcoin-fr.io wrote:
>
>> September 15 2015 6:04 AM, "Luke Dashjr" <luke at dashjr.org> wrote:
>>> I think probably the whole signed message thing needs to be rethought.
>>> The most common "uses" today seem to be insecure cases that it doesn't
>>> actually work in: people trying to prove ownership of bitcoins and/or
>>> that they sent bitcoins (current signed messages can do neither).
>>> Ideally, whatever the new method is should also avoid using the same key
>>> as for signing transactions, since the public key is technically private
>>> information. Furthermore, since addresses are semi-deprecated (by the
>>> payment protocol), I'm not sure it makes sense to do this without
>>> designing an entire authentication system, which may be rather complex.
>>>
>>> Luke
>>
>> My proposal is about the current signing process (which exists event it
>> it's not perfect) but it could also work with a new signing message system
>> tomorrow. It more about give users an easier way to access existing tools
>> than the "sign message thing" itself.
>
> One of my concerns is that making the existing signatures even easier will
> cause incompatible uses to become more prolific and accepted, increasing the
> overall risk. Hence my recommendation to satisfy these clearly-existing use
> cases with a safe signature *first*.
>
Ideally yes, but it will take some time to make a new signature system.
I could also propose a URI scheme that will work with a future implementation but be compatible with the current one explaining its limitations (ex: sigversion=1 to use the current system, default value is sigversion=2 which won't work until a new system is developped).
>> BTW I'm aware of privacy issues, but could you elaborate on why the use
>> case your are referring to doesn't actually work?
>
> The signed message proves that the person who *receives* payment with the
> address agrees to a given message/contract.
>
> It is therefore appropriate and a best practice for web wallet providers
> (inherent problems with webwallets aside) to allow users to sign messages
> with their deposit addresses. When bitcoins are received by this address, the
> transaction creates a low-level UTXO representing the bitcoins *in the
> wallet*, but this UTXO is not associated with the address itself. Therefore,
> it is entirely possible that this UTXO remains unspent/valid on the
> blockchain even after the user in question has spent their entire balance at
> the webwallet and therefore such a signature proves only that they once
> received the payment, but *not* that they presently still have the bitcoins
> received.
>
> Furthermore, it is proper for the UTXO to be redeemed at a low-level by the
> wallet when an entirely unrelated user is sending a transaction. In such a
> circumstance, the original recipient of the bitcoins would still be able to
> sign a message, even though they have nothing to do with nor any right to the
> goods/services purchased with the transaction redeeming that UTXO.
>
>> Here are a use of
>> bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to
>> speak about a real case.
>
> Yes, there are a few good use cases for the current signed messages, but they
> appear to be a minority at the moment. I suspect implementing any URI-based
> signing would actually make them more difficult as well, since it is
> additional code on the requester's part.
Ok,thx for your answer, I actually agree with you up until the last sentence. (if not I wouldn't propose this URI scheme :-)
--
Arthur