Rusty Russell [ARCHIVE] on Nostr: 📅 Original date posted:2018-11-05 📝 Original message: Anthony Towns <aj at ...
📅 Original date posted:2018-11-05
📝 Original message:
Anthony Towns <aj at erisian.com.au> writes:
> FWIW, I don't see reddit as a particularly viable "court"; there's
> no way for reddit to tell who's actually right in a dispute, eg if I
> say blockstream didn't send stickers I paid for, and blockstream says
> they did; ie there's no need for a sock puppet in the above scenario,
> blockstream can just say "according to our records you signed for
> delivery, stop whinging".
Well, in that case they can show a tracking number and Canada Post link?
We will eventually develop systems of arbitration better than "whining
on reddit/twitter", but that's where bitcoin was in its early days, so I
use it as a useful starting point to think about receipts when we lack
an intermediary.
> I think there's maybe four sorts of "proof of payment" people might
> desire:
>
> 0) no proof: "completely" deniable payments (donations?)
>
> 1) shared secret: ability to prove directly to the payee that an
> invoice was paid (what we have now)
We also, importantly, have the ability to tie the receipt to the
invoice.
> 2) signed payment: ability to prove to a different business unit of
> the payee that payment was made, so that you can keep all the
> secrets in the payment-handling part, and have the service-delivery
> part not be at risk for losing all your money
Hmm, this requires auditing the current commitment transaction I think
("see, I'm holding the money!"). I have to think about this some
more...
> 3) third-party verifiable: so you can associate a payment with real
> world identity information, and take them to court (or reddit) as a
> contract dispute; needs PKI infrastructure so you can be confident
> the pubkey maps to the real world people you think it does, etc
Yes, we're still missing that last mile between the merchant and the
nodeid. There's a proposal to do this with DNS records, there's the
LetsEncrypt-style "serve this URL", but we also need something like
Certificate Transparency so I can reliably get old nodeids...
But the perfect is the enemy of the good, too.
Cheers,
Rusty.
📝 Original message:
Anthony Towns <aj at erisian.com.au> writes:
> FWIW, I don't see reddit as a particularly viable "court"; there's
> no way for reddit to tell who's actually right in a dispute, eg if I
> say blockstream didn't send stickers I paid for, and blockstream says
> they did; ie there's no need for a sock puppet in the above scenario,
> blockstream can just say "according to our records you signed for
> delivery, stop whinging".
Well, in that case they can show a tracking number and Canada Post link?
We will eventually develop systems of arbitration better than "whining
on reddit/twitter", but that's where bitcoin was in its early days, so I
use it as a useful starting point to think about receipts when we lack
an intermediary.
> I think there's maybe four sorts of "proof of payment" people might
> desire:
>
> 0) no proof: "completely" deniable payments (donations?)
>
> 1) shared secret: ability to prove directly to the payee that an
> invoice was paid (what we have now)
We also, importantly, have the ability to tie the receipt to the
invoice.
> 2) signed payment: ability to prove to a different business unit of
> the payee that payment was made, so that you can keep all the
> secrets in the payment-handling part, and have the service-delivery
> part not be at risk for losing all your money
Hmm, this requires auditing the current commitment transaction I think
("see, I'm holding the money!"). I have to think about this some
more...
> 3) third-party verifiable: so you can associate a payment with real
> world identity information, and take them to court (or reddit) as a
> contract dispute; needs PKI infrastructure so you can be confident
> the pubkey maps to the real world people you think it does, etc
Yes, we're still missing that last mile between the merchant and the
nodeid. There's a proposal to do this with DNS records, there's the
LetsEncrypt-style "serve this URL", but we also need something like
Certificate Transparency so I can reliably get old nodeids...
But the perfect is the enemy of the good, too.
Cheers,
Rusty.