1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1YwwmT-0002Sy-45
for bitcoin-development@lists.sourceforge.net;
Mon, 25 May 2015 18:07:17 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.182 as permitted sender)
client-ip=209.85.212.182; envelope-from=mh.in.england@gmail.com;
helo=mail-wi0-f182.google.com;
Received: from mail-wi0-f182.google.com ([209.85.212.182])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YwwmR-00048v-SO
for bitcoin-development@lists.sourceforge.net;
Mon, 25 May 2015 18:07:17 +0000
Received: by wicmx19 with SMTP id mx19so54538021wic.0
for <bitcoin-development@lists.sourceforge.net>;
Mon, 25 May 2015 11:07:09 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.96.196 with SMTP id du4mr4685481wib.77.1432577229864;
Mon, 25 May 2015 11:07:09 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.194.143.9 with HTTP; Mon, 25 May 2015 11:07:09 -0700 (PDT)
In-Reply-To: <CAPkFh0tWykVJU-9mCTR95eqUF0B5TO-ZO7B3L0wf_QYAmAuuBA@mail.gmail.com>
References: <CAPkFh0tWykVJU-9mCTR95eqUF0B5TO-ZO7B3L0wf_QYAmAuuBA@mail.gmail.com>
Date: Mon, 25 May 2015 20:07:09 +0200
X-Google-Sender-Auth: bC_8_45L2W_ohSP6FWdEoepCaDk
Message-ID: <CANEZrP2BChNrX-GKse82CtjeMe2Trt8CfaZDyvH2b85EGF+FeQ@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: =?UTF-8?Q?Emin_G=C3=BCn_Sirer?= <el33th4x0r@gmail.com>
Content-Type: multipart/alternative; boundary=f46d043bdabce645540516ebe0e1
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YwwmR-00048v-SO
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Virtual Notary.
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2015 18:07:17 -0000
--f46d043bdabce645540516ebe0e1
Content-Type: text/plain; charset=UTF-8
Very nice Emin! This could be very useful as a building block for oracle
based services. If only there were opcodes for working with X.509 ;)
I'd suggest at least documenting in the FAQ how to extract the data from
the certificate:
openssl pkcs12 -in virtual-notary-cert-stocks-16070.p12 -nodes -passin
pass:"" | openssl x509 -text|less
That's good enough to get started, but I note two issues:
1. X.509 is kind of annoying to work with: example code in popular
languages/frameworks to extract the statement would be useful.
2. The stock price plugin, at least, embeds the data as text inside the
X.509 certificate. That's also not terribly developer friendly and risks
parsing errors undermining security schemes built on it.
The way I'd solve this is to embed either a protocol buffer or DER
encoded structure inside the extension, so developers can extract the
notarised data directly, without needing to do any additional parsing.
--f46d043bdabce645540516ebe0e1
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Very nice Emin! This could be very useful as a building bl=
ock for oracle based services. If only there were opcodes for working with =
X.509 ;)<br><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div><br>=
</div><div>I'd suggest at least documenting in the FAQ how to extract t=
he data from the certificate:</div><div><br></div><div>
<p class=3D""><span class=3D"">openssl pkcs12 -in virtual-notary-cert-stock=
s-16070.p12 -nodes -passin pass:"" | openssl x509 -text|less</spa=
n></p><p class=3D"">That's good enough to get started, but I note two i=
ssues:</p><p class=3D""></p><ol><li>X.509 is kind of annoying to work with:=
example code in popular languages/frameworks to extract the statement woul=
d be useful.<br><br></li><li>The stock price plugin, at least, embeds the d=
ata as text inside the X.509 certificate. That's also not terribly deve=
loper friendly and risks parsing errors undermining security schemes built =
on it.<br><br>The way I'd solve this is to embed either a protocol buff=
er or DER encoded structure inside the extension, so developers can extract=
the notarised data directly, without needing to do any additional parsing.=
</li></ol><div><br></div><p></p></div></div></div></div>
--f46d043bdabce645540516ebe0e1--
|