What is Nostr?
Peter Todd [ARCHIVE] /
npub1m23ā€¦2np2
2023-06-07 15:16:48
in reply to nevent1qā€¦0t73

Peter Todd [ARCHIVE] on Nostr: šŸ“… Original date posted:2014-03-31 šŸ“ Original message:On Mon, Mar 31, 2014 at ...

šŸ“… Original date posted:2014-03-31
šŸ“ Original message:On Mon, Mar 31, 2014 at 12:21:03PM +0200, vv01f wrote:
> Some users on bitcointalk[0] would like to have their vanity addresses
> available for others easily to find and verify the ownership over a kind
> of WoT. Right now they sign their own addresses and quote them in the
> forums.
> As I pointed out there already the centralized storage in the forums is
> not secury anyhow and signed messages could be swapped easily with the
> next hack of the forums.
>
> Is that use case taken care of in any plans already?
>
> I thought about abusing pgp keyservers but that would suit for single
> vanity addresses only.
> It seems webfinger could be part of a solution where servers of a
> business can tell and proof you if a specific address is owned by them.

Good timing! I'm at a hackathon right now working with a group to come
up with a standard for adding Bitcoin addresses to OpenPGP keys. You're
correct in thinking that doing so with standard Bitcoin addresses is a
privacy problem, however we can also define new types of Bitcoin
addresses that address the privacy issue; stealth addresses can handle
the case where you want to pay someone without a formal payment request,
and integrating OpenPGP into the payment protocol handles the scenario
where you want to send or pay to a formal payment request.


On Mon, Mar 31, 2014 at 12:49:14PM +0200, Natanael wrote:
> Does't BIP70 cover this already via Certificate Authorities?

Incidentally on my todo list is to come up for a reasonable standard for
taking X.509 certificates and using them to sign OpenPGP user IDs.
Essentially the certificate authority is then making the statement that
a keypair is authorized to sign on behalf of a domain-name, and in turn
that keypair signs that the email address on the user ID is correct.
It's a best of both worlds option in the same spirit of keybase.io

--
'peter'[:-1]@petertodd.org
0000000000000000f4f5ba334791a4102917e4d3f22f6ad7f2c4f15d97307fe2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140331/6994a7da/attachment.sig>;
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2