#bitcoin-wizards

/

      • sipa joined the channel
      • adlai
        bsm117532: i discussed "solv[ing] this damn problem" (well, not quite this one, but its parent problem) with sipa irl at milan. his reaction was similar. paying bitcoins to store data which is not output sizes or spending conditions is quite an interesting game and i suggest you keep playing, but carefully.
      • sipa
        how to solve the PKI problem:
      • 1. Fail
      • 2. Go to 1
      • adlai
        iirc, our conversation went roughly thus: me: "the blockchain eventually becomes the most backed-up data on earth, so it should be treated as the most expensive datastore" sipa: "pruning" me: "s/blockchain/utxo set/" sipa: "[let's change topic]"
      • sipa
        i don't see how using the blockchain helps in any way; publishing data doesn't make it trusted
      • adlai
        sipa: please correct me if i misremember this?
      • sipa
        adlai: i don't remember, but it totally sounds like a conversation we could have had
      • there are useful-but-still-incentive-incompatible ways to use a blockchain
      • this one isn't even useful, as far as i can see
      • adlai
        ok, thank you! btw i agree re:pki... that data is boring and typically is supposed to have expiry dates.
      • Belkaar has quit
      • Belkaar joined the channel
      • Belkaar has quit
      • Belkaar joined the channel
      • Aaronvan_ joined the channel
      • bsm117532
        sipa: a PKI system needs several of the same properties as bitcoin. Namely: censorship resistance for public broadcast of revocation events.
      • I know of no comparable system.
      • If you have a censorship resistant public broadcast, it's fundamentally a new tool for PKI
      • Belkaar has quit
      • Anyway, this doesn't necessarily have to be an element in a BIP70 replacement
      • adrao has quit
      • sipa
        yes, using a blockchain for revocation is useful (but still incentive incompatible)
      • but that's only a tiny part of solving the PKI problem
      • bsm117532
        It's the huge unsolved part, and why CA's don't work: you can't reliably distribute certs (CA's keep getting compromised) and you can't reliably revoke (crl's are unreliable and easy to DDoS).
      • Why do you claim it's incentive incompatible?
      • Belkaar joined the channel
      • Belkaar has quit
      • Belkaar joined the channel
      • sipa
        it conflicts with the chain's use as a financial transfer system, threatening its value, which indirectly threatens its security (if BTC has no value, its chain provides zero security)
      • bsm117532
        It's only a financial transfer system if you can determine where you're sending funds.
      • sipa
        ?
      • bsm117532
        If you have no idea who the receiver is, it's not very useful...
      • sipa
        you're on their website
      • they're sending you email
      • you're scanning their QR code IRL
      • you're accessing their NFC POS system
      • bsm117532
        I know how to hijack all of them
      • Because there's no good PKI solution
      • sipa
        none of these things need a PKI
      • or at least, not in addition to being able to access them
      • bsm117532
        Website needs PKI in the cert. SMTP is easy to falsify the sender. Mobile phone malware can display the wrong QR. etc.
      • sipa
        yes ,sure
      • if you're *on their website* you're already trusting the site
      • i'm not saying PKI is solved
      • i'm saying it's a much deeper problem, and doesn't have much to do with bitcoin
      • but claiming that BTC can't work without solving PKI is a bit ridiculous
      • bsm117532
        Would you use bitcoin without HTTPS?
      • sipa
        no
      • bsm117532
        so...
      • sipa
        what is your point?
      • BTC has no value because PKI isn't solved?
      • bsm117532
        HTTPS is a PKI solution that is fundamentally required in order to transfer bitcoin on the web.
      • sipa
        can i buu your BTC? I'll offer $1 per BTC
      • please.
      • yes, PKI needs improvement
      • bsm117532
        In any financial system you need hard and fast answers to: who, when, and how much. Bitcoin gets 2 of the three.
      • sipa
        but it's (a) a boring problem (b) using blockchain to "fix" PKI is not a solution and (c) BTC is useful and valuable without PKI being solved
      • bsm117532
        Can I come back to your "incentive incompatible" claim? If exchanges used spent pubkeys to sign off-chain messages indicating addresses, how would that be incentive incompatible?
      • sipa
        Revoking keys using a chain requires publishing.
      • You can't do that offchain.
      • (or you lose the censorshio resistance)
      • bsm117532
        Yes, you have to do it on chain. First spend reveals a pubkey, second spend revokes it.
      • sipa
        yes, that conflicts with the use of the chain for financial purposes
      • bsm117532
        Clearly pushing this as a PKI solution beyond bitcoin transfers would be a big incentive incompatibility, I think...
      • But it's exactly for the purpose of transfering bitcoin!
      • sipa
        god
      • sipa has left the channel
      • bsm117532
        We need a BIP70 replacement to keep sipa in the room.
      • Belkaar has quit
      • maaku
        bsm117532: it's easier to discuss an actual proposal. maybe make a strawman replacement for payment protocol?
      • bsm117532 wrote a BIP describing this. It got lost in a failed startup.
      • bsm117532
        I'm loath to write it again. But I'm not seeing better ideas.
      • Belkaar joined the channel
      • Belkaar has quit
      • Belkaar joined the channel
      • But I wasn't thinking of the issues sipa was mentioning (refund addresses, receipts).
      • Also it seems to me that BIP70 fell largely on the notion of "identifying" bitcoin users, which is not my intent.
      • My only intent was to make absolutely goddamn sure that if I intend to send bitcoin to coinbase, I actually send it to fucking coinbase and not somewhere else.
      • TheoStorm has quit
      • maaku
        "identifying bitcoin users"? I'm not really sure what you mean
      • Chris_Stewart_5 has quit
      • bsm117532: regarding your intent in any case, I think you're looking at the wrong tool
      • any payment protocol is not going to tackle the communication channel problem. it's out of scope and layer violating
      • ASSUME a trusted channel, what should a payment protocol look like?
      • that was more my question from before
      • whether bitcoin outputs (spent or unspent) work as secure anchors for a trusted identity is an interesting question and worth working on a proposal for too, but it is a different problem
      • TheoStorm joined the channel
      • kanzure
        maaku: was bip70 meant to work offline? what about the lightning one?
      • maaku: for online interaction the problem reduces to negotiating network connection information. and then receipts and other messages can fly around if you want.
      • bsm117532
        maaku: you can't assume a trusted channel without key exchange. And if you have key exchange you don't need a trusted channel (because you can sign/encrypt messages over any channel)
      • maaku: I'm referring mostly to petertodd's objections to BIP75
      • Chris_Stewart_5 joined the channel
      • bildramer1 joined the channel
      • bildramer has quit
      • Belkaar has quit
      • Belkaar joined the channel
      • Belkaar has quit
      • Belkaar joined the channel
      • Emcy has quit
      • coinsmurf joined the channel
      • TheoStorm has quit
      • TheoStorm joined the channel
      • samm__ is now known as samm_
      • Xantanium joined the channel
      • Xantanium2 has quit
      • TheoStorm has quit
      • TheoStorm joined the channel
      • TheoStorm has quit
      • ynakasone joined the channel
      • Xantanium has quit
      • Xantanium joined the channel
      • ynakasone has quit
      • ynakasone joined the channel
      • jtimon joined the channel
      • ynakasone has quit
      • ynakasone joined the channel
      • TheoStorm joined the channel
      • ynakasone has quit
      • ynakasone joined the channel
      • ynakasone has quit
      • ynakasone joined the channel
      • TheoStorm has quit
      • d9b4bef9 has quit
      • d9b4bef9 joined the channel
      • TheoStorm joined the channel
      • ynakasone has quit
      • ynakasone joined the channel
      • ynakasone joined the channel
      • ynakasone has quit
      • TheoStorm has quit
      • ynakasone joined the channel
      • TheoStorm joined the channel
      • maaku
        bsm117532: that's non-pragmatic objection I think. you need a secure channel to setup a secure channel, yes. but you need a secure channel once and then you can remember the root key
      • not to mention things like web of trust
      • TheoStorm has quit
      • rusty has quit
      • TheoStorm joined the channel
      • mikez__ has quit
      • TheoStorm has quit
      • TheoStorm joined the channel
      • setpill joined the channel
      • da2ce7 joined the channel
      • Krellan has quit
      • ynakasone has quit
      • ynakasone joined the channel
      • kenshi84 has quit
      • ynakasone joined the channel
      • ynakason_ joined the channel