Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2013-07-23 📝 Original message:On Tue, Jul 23, 2013 at ...
📅 Original date posted:2013-07-23
📝 Original message:On Tue, Jul 23, 2013 at 12:17 PM, Andreas Schildbach
<andreas at schildbach.de> wrote:
> Sweeping paper wallets is a common feature request. People switch to
> centralized services just for getting that.
That means they value convenience more than the trust-freeness of a
decentralized solution. The only way to avoid that is by making sure
the decentralized one is convenient enough. But relying on
unauthenticated data itself is equally bad - it means you lose
whatever benefit the decentralization had.
> It is my understanding that for the usecase, an address-indexed UXTO is
> enough. So you probably don't need to worry about script-indexed for now.
The difference between script-indexed and address-indexed is
absolutely trivial compared to the effort needed to implement and
maintain such authenticated trees by all full nodes. Restricting
things at the network level (which doesn't even know about a thing
like an address) to address-based indexes is ridiculous IMHO.
> Security issues could be mitigated by applying trust to the REST server,
> e.g. because its your own or the one of your apps vendor. Of course,
> link-level security would be needed for this (e.g. SSL).
Sure, once you introduce trust, a lot can be done. But it's not really
Bitcoin anymore in that case - it's relying on a third party to do the
heavy indexing for you. And if that is the best-scaling solution, sure
- but I don't think we should encourage that. Or at least, we should
first search for alternatives. And encourage infrastructure that
doesn't require it.
> Paper wallets that include the necessary additional information is
> something I have been thinking about. I see some issues:
>
> - Paper wallets are already quite widespread. You still won't be able to
> sweep those.
> - Some people like to "top up" a paper wallet or even just sweep a
> portion of it. That would not be possible, and in some cases even lead
> to loss of coins because of the "involuntary fee" you described.
Yeah, those are inherent problems with how there are used today. But
today there is also little problem - the UTXO set is tiny.
> - Does the necessary info fit into a QR code?
Absolutely, though a slightly bigger one.
--
Pieter
📝 Original message:On Tue, Jul 23, 2013 at 12:17 PM, Andreas Schildbach
<andreas at schildbach.de> wrote:
> Sweeping paper wallets is a common feature request. People switch to
> centralized services just for getting that.
That means they value convenience more than the trust-freeness of a
decentralized solution. The only way to avoid that is by making sure
the decentralized one is convenient enough. But relying on
unauthenticated data itself is equally bad - it means you lose
whatever benefit the decentralization had.
> It is my understanding that for the usecase, an address-indexed UXTO is
> enough. So you probably don't need to worry about script-indexed for now.
The difference between script-indexed and address-indexed is
absolutely trivial compared to the effort needed to implement and
maintain such authenticated trees by all full nodes. Restricting
things at the network level (which doesn't even know about a thing
like an address) to address-based indexes is ridiculous IMHO.
> Security issues could be mitigated by applying trust to the REST server,
> e.g. because its your own or the one of your apps vendor. Of course,
> link-level security would be needed for this (e.g. SSL).
Sure, once you introduce trust, a lot can be done. But it's not really
Bitcoin anymore in that case - it's relying on a third party to do the
heavy indexing for you. And if that is the best-scaling solution, sure
- but I don't think we should encourage that. Or at least, we should
first search for alternatives. And encourage infrastructure that
doesn't require it.
> Paper wallets that include the necessary additional information is
> something I have been thinking about. I see some issues:
>
> - Paper wallets are already quite widespread. You still won't be able to
> sweep those.
> - Some people like to "top up" a paper wallet or even just sweep a
> portion of it. That would not be possible, and in some cases even lead
> to loss of coins because of the "involuntary fee" you described.
Yeah, those are inherent problems with how there are used today. But
today there is also little problem - the UTXO set is tiny.
> - Does the necessary info fit into a QR code?
Absolutely, though a slightly bigger one.
--
Pieter