📅 Original date posted:2015-09-15
📝 Original message:On Tuesday, September 15, 2015 10:49:36 AM Arthur - bitcoin-fr.io wrote:
> September 15 2015 6:04 AM, "Luke Dashjr" <luke at dashjr.org> wrote:
> > I think probably the whole signed message thing needs to be rethought.
> > The most common "uses" today seem to be insecure cases that it doesn't
> > actually work in: people trying to prove ownership of bitcoins and/or
> > that they sent bitcoins (current signed messages can do neither).
> > Ideally, whatever the new method is should also avoid using the same key
> > as for signing transactions, since the public key is technically private
> > information. Furthermore, since addresses are semi-deprecated (by the
> > payment protocol), I'm not sure it makes sense to do this without
> > designing an entire authentication system, which may be rather complex.
> >
> > Luke
>
> My proposal is about the current signing process (which exists event it
> it's not perfect) but it could also work with a new signing message system
> tomorrow. It more about give users an easier way to access existing tools
> than the "sign message thing" itself.
One of my concerns is that making the existing signatures even easier will
cause incompatible uses to become more prolific and accepted, increasing the
overall risk. Hence my recommendation to satisfy these clearly-existing use
cases with a safe signature *first*.
> BTW I'm aware of privacy issues, but could you elaborate on why the use
> case your are referring to doesn't actually work?
The signed message proves that the person who *receives* payment with the
address agrees to a given message/contract.
It is therefore appropriate and a best practice for web wallet providers
(inherent problems with webwallets aside) to allow users to sign messages
with their deposit addresses. When bitcoins are received by this address, the
transaction creates a low-level UTXO representing the bitcoins *in the
wallet*, but this UTXO is not associated with the address itself. Therefore,
it is entirely possible that this UTXO remains unspent/valid on the
blockchain even after the user in question has spent their entire balance at
the webwallet and therefore such a signature proves only that they once
received the payment, but *not* that they presently still have the bitcoins
received.
Furthermore, it is proper for the UTXO to be redeemed at a low-level by the
wallet when an entirely unrelated user is sending a transaction. In such a
circumstance, the original recipient of the bitcoins would still be able to
sign a message, even though they have nothing to do with nor any right to the
goods/services purchased with the transaction redeeming that UTXO.
> Here are a use of
> bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to
> speak about a real case.
Yes, there are a few good use cases for the current signed messages, but they
appear to be a minority at the moment. I suspect implementing any URI-based
signing would actually make them more difficult as well, since it is
additional code on the requester's part.
Luke
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 17:40:13
in reply to nevent1q…vyjh
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nSeen on
wss://relay.noswhere.comPublished at
2023-06-07 17:40:13Event JSON
{
"id": "196b3cf93ae2533bc83aa38189c2779175d12c1039cb2063453c36d4c515f487",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686159613,
"kind": 1,
"tags": [
[
"e",
"ed09e32b01930221eafa4cc0bbb2df7e182ba1118a4b04b94811e6ad692ba894",
"",
"root"
],
[
"e",
"52120c76f5b93b75efe71bfec0733f5213e5250f70ac46ac6b57179f6a435de3",
"",
"reply"
],
[
"p",
"9132400eec4c3c6b89adfda150c2f03f82f8121d2bb89f5647f276319e791d57"
]
],
"content": "📅 Original date posted:2015-09-15\n📝 Original message:On Tuesday, September 15, 2015 10:49:36 AM Arthur - bitcoin-fr.io wrote:\n\u003e September 15 2015 6:04 AM, \"Luke Dashjr\" \u003cluke at dashjr.org\u003e wrote:\n\u003e \u003e I think probably the whole signed message thing needs to be rethought.\n\u003e \u003e The most common \"uses\" today seem to be insecure cases that it doesn't\n\u003e \u003e actually work in: people trying to prove ownership of bitcoins and/or\n\u003e \u003e that they sent bitcoins (current signed messages can do neither).\n\u003e \u003e Ideally, whatever the new method is should also avoid using the same key\n\u003e \u003e as for signing transactions, since the public key is technically private\n\u003e \u003e information. Furthermore, since addresses are semi-deprecated (by the\n\u003e \u003e payment protocol), I'm not sure it makes sense to do this without\n\u003e \u003e designing an entire authentication system, which may be rather complex.\n\u003e \u003e \n\u003e \u003e Luke\n\u003e \n\u003e My proposal is about the current signing process (which exists event it\n\u003e it's not perfect) but it could also work with a new signing message system\n\u003e tomorrow. It more about give users an easier way to access existing tools\n\u003e than the \"sign message thing\" itself.\n\nOne of my concerns is that making the existing signatures even easier will \ncause incompatible uses to become more prolific and accepted, increasing the \noverall risk. Hence my recommendation to satisfy these clearly-existing use \ncases with a safe signature *first*.\n\n\u003e BTW I'm aware of privacy issues, but could you elaborate on why the use\n\u003e case your are referring to doesn't actually work?\n\nThe signed message proves that the person who *receives* payment with the \naddress agrees to a given message/contract.\n\nIt is therefore appropriate and a best practice for web wallet providers \n(inherent problems with webwallets aside) to allow users to sign messages \nwith their deposit addresses. When bitcoins are received by this address, the \ntransaction creates a low-level UTXO representing the bitcoins *in the \nwallet*, but this UTXO is not associated with the address itself. Therefore, \nit is entirely possible that this UTXO remains unspent/valid on the \nblockchain even after the user in question has spent their entire balance at \nthe webwallet and therefore such a signature proves only that they once \nreceived the payment, but *not* that they presently still have the bitcoins \nreceived.\n\nFurthermore, it is proper for the UTXO to be redeemed at a low-level by the \nwallet when an entirely unrelated user is sending a transaction. In such a \ncircumstance, the original recipient of the bitcoins would still be able to \nsign a message, even though they have nothing to do with nor any right to the \ngoods/services purchased with the transaction redeeming that UTXO.\n\n\u003e Here are a use of\n\u003e bitcoin signatures ( https://bitcointalk.org/index.php?topic=497545.0 ) to\n\u003e speak about a real case.\n\nYes, there are a few good use cases for the current signed messages, but they \nappear to be a minority at the moment. I suspect implementing any URI-based \nsigning would actually make them more difficult as well, since it is \nadditional code on the requester's part.\n\nLuke",
"sig": "e59d1f04ca0107cf46befa4ed062e0c6ffcb4c7fc1e9590e84a2b71d34769f9a0339eddc6d47cfc6e94227b75e95a12435c40228b0c7835d4b3c7e0f625138ae"
}