#tlsnotary-chat

dansmith_btc: you mean HTTP response headers? What are you lookign at?

moo-_-, hi, yes http headers if SO proxied by CF show no indication of SO.

dansmith_btc: maybe you were getting one of those cloudflare captcha street sign things? :)

(see earlier "raging argument" :) )

which makes it convenient to add the more compact Schnorr multisig types, which allow further scale by making smaller multisig and (singleSig) multiple input transactions which improve also fungibility and are coinJoin compatible.

FYI, I have added the "notarize after click " functionality. Im asking for feedback wrt to the UI aspect of it here https://github.com/tlsnotary/pagesigner/issues/23

waxwing: could you send me a raw CJ transaction?

or point me to it

proslogion: what specific type is interesting? in general, they're no different from non-CJ transactions.

so you put all the signatures in the scriptsig field and that's it? how are the signatures ordered then, or no order is required?

each input has its own scriptSig

okay then i get it

you just fill in the signature in the redeemscript that satisfies the requirement of your input

it's unfortunate

i PMed you on just for the hell of it :) but only testnet

hmmm...then how is Segwit going to work for a CJ or a geneal multi-input tx?

i haven't looked at it yet. let me know if you find out something interesting. my first guess is it shouldn't really be different in function.

k so compressed keys start with 03

proslogion: or 02

the 02/03 flag tells you which of the 2 possible y coordinates for this x coordinate is the correct one

dansmith_btc: waxwing sent

lol waxwing there is a decentralized communication network junseth just reminded me, the bitcoin testnet

proslogion: true, but unauthenticated right

you could figure it out like ThomasV

proslogion: wrt your key, looks fine, but ofc we can't tell much from looking at it; how did you generate it? otoh we can do tests better than before :)

yeah bitcoin's p2p layer can be very light because you don't need auth

ofc still sybil/dos problems, but seems that's ok

it's the one we used the last time, basically this time i go for the second half

of the 65 bytes

so is the second half the x or the y? and were you able to check the parity?

if you don't think it's good i will generate a new one anyway

no that's fine, i used the same as last time also; either let's make sure the method you're using is sound, or else we can do a test spend anyway.

what wallet do you usually used for generating a pubkey?

nah i just want to do it properly

i just use pybitcointools because it's what i've used a lot before

you could use any wallet i guess? or any similar tool

e.g. run electrum and make a brand new wallet, and just take one pubkey. should work i think.

come to think of it i'd be surprised if bitcoin's own rpc doesn't have everything you need, although i haven't checked

just trying to figure how much work could it take for something as simple as this

it's no work at all to do it; it's some work to be sure you're doing it right of course (at least, the first time).

you could play on testnet or regtest of course.

the latter is the best, but a pain to set up first time.

if i didn't want to deal with it, i would make a fresh electrum wallet and store the private and public key somewhere. or, i'd bet you can do it with the rpc api with bitcoin-cli if that's easier.

no i don't mean it's difficult for me :)

just how much work it needs to go from 0 to get it done

dansmith_btc: the 'way too fast' error can happen if you're not on the right server, correct?

waxwing, yes whenever theres no response

someone tried on twitter and got too fast, i told him that could mean wrong (old) server. seems to be fine from here.

i mean, someone on twitter tried.

dansmith_btc: i just tried a stackoverflow page and it worked for me.

worked as in got correct headers? cause n10n worked for me too

hang on, will come back to that, got interesting question:

"would corporate firewalls make a difference?"

i guess the obvious point is they would if they block you connecting

possibly they're filtering on ports?

and it's not an http connection right

hmm, well, http responses but .. seems quite plausible

i guess given your firewall work dansmith_btc this would be a good Q for you :)

well the easiest one can do is wget http://52.91.68.11:10011 , if it says connection established than no firewall is blocking you

right, good idea

it is probable that exotic ports like 10011 get blocked

ah, let me go back to that headers question

yeah i agree

yeah, i see no reference to stackoverflow in the headers

also if u enter http://52.91.68.11:10011/ in the browser, u ll immediately get "no data received" error

well, it's in the title of course :) but cloudflare is evil, i think we've established :)

title can be faked by any other site hosted on CF :)

sure, "irrefutable as long as you trust the public key" etc etc

bitfinex = incapsula is same deal except set-cookie: _bfx_session

and domain=.bitfinex.com in set-cookie too

but i must have missed a point; are the headers really special? couldn't a site spoof that too? i mean, we're ultimately trusting cloudflare somehow in that example, aren't we?

i should go back and reread that keyless ssl idea

wow bitfinex.com serves an incredible amount of text on its homepage

the headers are sent by CF,so they can be trusted

yeah, i get the distinction, and it still isn't great; but even so, are we sure CF doesn't allow clients to add to headers themselves?

if they always promised a standardised thing like 'one particular header always contains the domain name' then at least that would be something.

so here's the thing, the certificate for the bitfinex.com page is for CN *.bitfinex.com

who owns the private key? gotta go back and read keyless ssl

yeah, it's as bad as I remember:

TLDR cloudflare owns the expanded keys, cloudflare controls everything for the session.

so an auditor (reader of pgsg) has to trust stackoverflow AND cloudflare AND Amazon .. starting to get shorter to list who you don't trust :)

it's time to develop a WoT for cert owners!

"But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved CloudFlare"

there was that reddit post about a year ago

pointing out how cloudflair on its own could end basically every bitcoin service