📅 Original date posted:2015-09-15
📝 Original message:September 15 2015 6:04 AM, "Luke Dashjr" <luke at dashjr.org> wrote:
> I think probably the whole signed message thing needs to be rethought. The
> most common "uses" today seem to be insecure cases that it doesn't actually
> work in: people trying to prove ownership of bitcoins and/or that they sent
> bitcoins (current signed messages can do neither). Ideally, whatever the new
> method is should also avoid using the same key as for signing transactions,
> since the public key is technically private information. Furthermore, since
> addresses are semi-deprecated (by the payment protocol), I'm not sure it
> makes sense to do this without designing an entire authentication system,
> which may be rather complex.
>
> Luke
My proposal is about the current signing process (which exists event it it's not perfect) but it could also work with a new signing message system tomorrow. It more about give users an easier way to access existing tools than the "sign message thing" itself.
BTW I'm aware of privacy issues, but could you elaborate on why the use case your are referring to doesn't actually work?
Here are a use of bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to speak about a real case.
--
Arthur
Arthur - bitcoin-fr.io [ARCHIVE] /
npub1jy…afjpa
2023-06-07 17:40:13
in reply to nevent1q…6kqh
Author Public Key
npub1jyeyqrhvfs7xhzddlks4pshs87p0sysa9wuf74j87fmrr8ner4tsqafjpaSeen on
wss://relay.nostr.bandPublished at
2023-06-07 17:40:13Event JSON
{
"id": "52120c76f5b93b75efe71bfec0733f5213e5250f70ac46ac6b57179f6a435de3",
"pubkey": "9132400eec4c3c6b89adfda150c2f03f82f8121d2bb89f5647f276319e791d57",
"created_at": 1686159613,
"kind": 1,
"tags": [
[
"e",
"ed09e32b01930221eafa4cc0bbb2df7e182ba1118a4b04b94811e6ad692ba894",
"",
"root"
],
[
"e",
"0782959b015749927ca9dacfc9716a915d6ce6dcb3c0e6b8f8e0a337cd5acf0b",
"",
"reply"
],
[
"p",
"5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803"
]
],
"content": "📅 Original date posted:2015-09-15\n📝 Original message:September 15 2015 6:04 AM, \"Luke Dashjr\" \u003cluke at dashjr.org\u003e wrote:\n\u003e I think probably the whole signed message thing needs to be rethought. The\n\u003e most common \"uses\" today seem to be insecure cases that it doesn't actually\n\u003e work in: people trying to prove ownership of bitcoins and/or that they sent\n\u003e bitcoins (current signed messages can do neither). Ideally, whatever the new\n\u003e method is should also avoid using the same key as for signing transactions,\n\u003e since the public key is technically private information. Furthermore, since\n\u003e addresses are semi-deprecated (by the payment protocol), I'm not sure it\n\u003e makes sense to do this without designing an entire authentication system,\n\u003e which may be rather complex.\n\u003e \n\u003e Luke\n\nMy proposal is about the current signing process (which exists event it it's not perfect) but it could also work with a new signing message system tomorrow. It more about give users an easier way to access existing tools than the \"sign message thing\" itself.\n\nBTW I'm aware of privacy issues, but could you elaborate on why the use case your are referring to doesn't actually work?\nHere are a use of bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to speak about a real case.\n\n--\nArthur",
"sig": "b08c56fe46ca870bc5b579c837e031c8dd0d9428fa5df5893f47b76b994d42ad51c3a8ea558be76631bb6c6c474348a643b8e1ca327f0e819a02c41a8951bc79"
}