๐
Original date posted:2013-02-11
๐ Original message:I prefer to leverage the signing of the (.) root in the DNS tree. The
amount of effort in signing the root holds more weight than building a CA
off the bitcoin blockchain.
If you want to associate identifiers for payment addresses I suggest
putting those in DNSSEC signed records in the DNS.
For routing around x.509 CAs I suggest participating in the DANE working
group in the IETF.
-rick
On Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke <timo.hanke at web.de> wrote:
> There have been proposals to use the blockchain to establish
> "identities". firstbits is a simple example. I would like to announce a
> project that extends this idea to turn the blockchain into a "root CA"
> that can sign arbitrary certificates. The purpose is to use these
> certificates in the payment protocol, where some might consider
> traditional centralized root CAs unsatisfactory.
>
> Code is here: https://github.com/bcpki
>
> Technical specification and full-length examples are found in the wiki.
> I therefore spare myself from repeating the details here, even though,
> of course, discussion about those details is welcome on this list.
>
> Excerpt from README.md follows:
>
> First, we have drafted a quite general specification for bitcoin
> certificates (protobuf messages) that allow for a variety of payment
> protocols (e.g. static as well as customer-side-generated payment
> addresses).
> This part has surely been done elsewhere as well and is orthogonal to the
> goal of this project.
> What is new here is the signatures _under_ the certificates.
>
> We have patched the bitcoind to handle certificates, submit signatures to
> the blockchain, verify certificates against the blockchain, pay directly to
> certificates (with various payment methods), revoke certificates.
> Signatures in the blockchain are stored entirely in the UTXO set (i.e. the
> unspend, unprunable outputs).
> This seems to make signature lookup and verification reasonably fast:
> it took us 10s in the mainnet test we performed (lookup is instant on the
> testnet, of course).
>
> Payment methods include: static bitcoin addresses, client-side derived
> payment addresses (pay-to-contract), pay-to-contract with multisig
> destinations (P2SH)
>
> Full-length real-world examples for all payment methods are provided in
> the tutorial pages.
> These examples have actually been carried out on testnet3.
>
> For further details and specifications see the wiki.
>
> timo hanke
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130211/079342ad/attachment.html>;
Rick Wesson [ARCHIVE] /
npub1xzโฆ2925u
2023-06-07 11:31:36
in reply to nevent1qโฆnnt3
Author Public Key
npub1xz8q68hmzur6c6uje593nscy3q4njx05h4vnxmz2wxxptx7u7casl2925uPublished at
2023-06-07 11:31:36Event JSON
{
"id": "06b7e2747c90f461b1bdeeb40220d186e8634a43c4151c56750a25f98c587269",
"pubkey": "308e0d1efb1707ac6b92cd0b19c304882b3919f4bd59336c4a718c159bdcf63b",
"created_at": 1686137496,
"kind": 1,
"tags": [
[
"e",
"e992a0596803801bdc60b39e6a8f2a9b5632f4cd93d71e49809fd4b4885dc86d",
"",
"root"
],
[
"e",
"3626544a068ec40283f8b6d8b0202673693965e248dc49e54c646a61f5e18980",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "๐
Original date posted:2013-02-11\n๐ Original message:I prefer to leverage the signing of the (.) root in the DNS tree. The\namount of effort in signing the root holds more weight than building a CA\noff the bitcoin blockchain.\n\nIf you want to associate identifiers for payment addresses I suggest\nputting those in DNSSEC signed records in the DNS.\n\nFor routing around x.509 CAs I suggest participating in the DANE working\ngroup in the IETF.\n\n-rick\n\n\nOn Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke \u003ctimo.hanke at web.de\u003e wrote:\n\n\u003e There have been proposals to use the blockchain to establish\n\u003e \"identities\". firstbits is a simple example. I would like to announce a\n\u003e project that extends this idea to turn the blockchain into a \"root CA\"\n\u003e that can sign arbitrary certificates. The purpose is to use these\n\u003e certificates in the payment protocol, where some might consider\n\u003e traditional centralized root CAs unsatisfactory.\n\u003e\n\u003e Code is here: https://github.com/bcpki\n\u003e\n\u003e Technical specification and full-length examples are found in the wiki.\n\u003e I therefore spare myself from repeating the details here, even though,\n\u003e of course, discussion about those details is welcome on this list.\n\u003e\n\u003e Excerpt from README.md follows:\n\u003e\n\u003e First, we have drafted a quite general specification for bitcoin\n\u003e certificates (protobuf messages) that allow for a variety of payment\n\u003e protocols (e.g. static as well as customer-side-generated payment\n\u003e addresses).\n\u003e This part has surely been done elsewhere as well and is orthogonal to the\n\u003e goal of this project.\n\u003e What is new here is the signatures _under_ the certificates.\n\u003e\n\u003e We have patched the bitcoind to handle certificates, submit signatures to\n\u003e the blockchain, verify certificates against the blockchain, pay directly to\n\u003e certificates (with various payment methods), revoke certificates.\n\u003e Signatures in the blockchain are stored entirely in the UTXO set (i.e. the\n\u003e unspend, unprunable outputs).\n\u003e This seems to make signature lookup and verification reasonably fast:\n\u003e it took us 10s in the mainnet test we performed (lookup is instant on the\n\u003e testnet, of course).\n\u003e\n\u003e Payment methods include: static bitcoin addresses, client-side derived\n\u003e payment addresses (pay-to-contract), pay-to-contract with multisig\n\u003e destinations (P2SH)\n\u003e\n\u003e Full-length real-world examples for all payment methods are provided in\n\u003e the tutorial pages.\n\u003e These examples have actually been carried out on testnet3.\n\u003e\n\u003e For further details and specifications see the wiki.\n\u003e\n\u003e timo hanke\n\u003e\n\u003e\n\u003e ------------------------------------------------------------------------------\n\u003e Free Next-Gen Firewall Hardware Offer\n\u003e Buy your Sophos next-gen firewall before the end March 2013\n\u003e and get the hardware for free! Learn more.\n\u003e http://p.sf.net/sfu/sophos-d2d-feb\n\u003e _______________________________________________\n\u003e Bitcoin-development mailing list\n\u003e Bitcoin-development at lists.sourceforge.net\n\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130211/079342ad/attachment.html\u003e",
"sig": "865f8e88b82bb39db412238158d0daa85d7640b4853923003386285477983ad6426aed25400b2ea4f104d8a15f846f42593d64433ac3dfc112d494743cfb3eb7"
}