đź“… Original date posted:2014-04-04
đź“ť Original message:On Fri, Apr 4, 2014 at 3:22 PM, Eric LarchevĂŞque <elarch at gmail.com> wrote:
> I see only benefits for the entire ecosystem, and if I'm working on such a
> proposition it is because I really need this feature.
>
Why do you need it? Because you don't want to implement a login system?
Very, very few websites are the sort of place where they'd want to
authenticate with only a Bitcoin address. If for no other reason than
they'd have no way to email you, and if you lost your wallet, you'd lose
all your associated data.
> Without such a standard protocol, you could never envision a pure Bitcoin
> physical locker rental, or booking an hotel room via Bitcoin and opening
> the door through the paying address.
>
In future there often won't be a simple paying address. For instance, if my
coins are in a multi-sig relationship with a risk analysis service, there
will be two keys for each input and an arbitrary number of inputs. So does
that mean the risk analysis service gets to open my locker? Why?
What if I do a shared spend/CoinJoin type tx? Now anyone who took part in
the shared tx with me can get into my hotel room too?
These are the kinds of problems that crop up when you mix together two
different things: the act of paying, and the act of identifying yourself.
You're assuming that replacing a password people can remember with a
physical token (their phone) which can be stolen or lost, would be seen as
an upgrade. Given a choice between two physical lockers, one of which lets
me open it with a password and one of which insists on a cryptographic
token, I'm going to go for the former because the chances of me losing my
phone is much higher than me forgetting my password.
All the tools you need already exist in the form of client certificates,
with the advantage that web servers and web browsers already support them.
The biggest pain point with them is backup and cross-device sync, which of
course wallets suffer from too!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140404/3477a62d/attachment.html>;
Mike Hearn [ARCHIVE] /
npub17t…4qgyd
2023-06-07 15:17:20
in reply to nevent1q…xcql
Author Public Key
npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgydPublished at
2023-06-07 15:17:20Event JSON
{
"id": "bd23978282973acf743cb39fb487e9c50bd7d9ba7f5d447075e1c760be99b345",
"pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2",
"created_at": 1686151040,
"kind": 1,
"tags": [
[
"e",
"4ef6a6393121d94287520af04668f86fde241c789a5b506f18e8d499d4d231da",
"",
"root"
],
[
"e",
"f7f2d7257ffc3e2830fd96640eb5648aa28ceb1acc790943ec39d453262a267d",
"",
"reply"
],
[
"p",
"092601597d30aa94c18773e5c3ebb3d83699778aa298e6d633db9e06da261ed7"
]
],
"content": "đź“… Original date posted:2014-04-04\nđź“ť Original message:On Fri, Apr 4, 2014 at 3:22 PM, Eric LarchevĂŞque \u003celarch at gmail.com\u003e wrote:\n\n\u003e I see only benefits for the entire ecosystem, and if I'm working on such a\n\u003e proposition it is because I really need this feature.\n\u003e\n\nWhy do you need it? Because you don't want to implement a login system?\nVery, very few websites are the sort of place where they'd want to\nauthenticate with only a Bitcoin address. If for no other reason than\nthey'd have no way to email you, and if you lost your wallet, you'd lose\nall your associated data.\n\n\n\u003e Without such a standard protocol, you could never envision a pure Bitcoin\n\u003e physical locker rental, or booking an hotel room via Bitcoin and opening\n\u003e the door through the paying address.\n\u003e\n\nIn future there often won't be a simple paying address. For instance, if my\ncoins are in a multi-sig relationship with a risk analysis service, there\nwill be two keys for each input and an arbitrary number of inputs. So does\nthat mean the risk analysis service gets to open my locker? Why?\n\nWhat if I do a shared spend/CoinJoin type tx? Now anyone who took part in\nthe shared tx with me can get into my hotel room too?\n\nThese are the kinds of problems that crop up when you mix together two\ndifferent things: the act of paying, and the act of identifying yourself.\nYou're assuming that replacing a password people can remember with a\nphysical token (their phone) which can be stolen or lost, would be seen as\nan upgrade. Given a choice between two physical lockers, one of which lets\nme open it with a password and one of which insists on a cryptographic\ntoken, I'm going to go for the former because the chances of me losing my\nphone is much higher than me forgetting my password.\n\nAll the tools you need already exist in the form of client certificates,\nwith the advantage that web servers and web browsers already support them.\nThe biggest pain point with them is backup and cross-device sync, which of\ncourse wallets suffer from too!\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140404/3477a62d/attachment.html\u003e",
"sig": "d2d8c0ea9d69e34d7fff970cbe3d02ea285efcd27b6f3d34b8dff928b5795b6f0542478c6ee13f8c8f3f52c332c388ab2bc86d94d3640361e90bc3ffca408266"
}