summaryrefslogtreecommitdiff
path: root/45/caca6cd27ddfa81334493991cfc87b28bdc5f1
blob: 02d0a77c9354e4be3a5b8f9cdcc7bfbb796ab6b9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <peter@coinlab.com>) id 1UA4RS-0003do-GE
	for bitcoin-development@lists.sourceforge.net;
	Mon, 25 Feb 2013 20:14:30 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of coinlab.com
	designates 209.85.216.44 as permitted sender)
	client-ip=209.85.216.44; envelope-from=peter@coinlab.com;
	helo=mail-qa0-f44.google.com; 
Received: from mail-qa0-f44.google.com ([209.85.216.44])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1UA4RR-0005KH-Ef
	for bitcoin-development@lists.sourceforge.net;
	Mon, 25 Feb 2013 20:14:30 +0000
Received: by mail-qa0-f44.google.com with SMTP id bv4so1851776qab.3
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 25 Feb 2013 12:14:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=x-received:mime-version:in-reply-to:references:from:date:message-id
	:subject:to:cc:content-type:x-gm-message-state;
	bh=r1aHwqySkhUa4x90QGERsrCb8SAmCmkWoYo4K0sk/0c=;
	b=M2CADlwM7lEOFoS6m2ttyiLTkUDliVIgCc2rG4oPkVFAG9JOZJsvb9BKHRlPL7YD18
	usMxxsnyAhPriWKvru0L9OotkZ6cBod1J2phx4BbeFYHyeEFtgWEy4gwJGL3O9NIlML+
	kw5PWUPlb5rhPvYpTSpLg1FYmtUpMDQOvl55V0jhTS2pqarroRkDZbV+zozmjjzuCJyd
	20LX8v2imPLnFwWWiqcC0Bz6X/zjtgwlz/yTiAbZD3RfflPJcGI0CyaUz4ASjYA2bojB
	9QxpQzFcX1UkBjtrzS6NjFRFjIbotD4zh3iZ9hZfoShhHakl9TNBVCgpVbBmLUJ09SUe
	Dy/Q==
X-Received: by 10.224.26.196 with SMTP id f4mr13234985qac.58.1361821462583;
	Mon, 25 Feb 2013 11:44:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.49.87.66 with HTTP; Mon, 25 Feb 2013 11:44:02 -0800 (PST)
In-Reply-To: <CABOyFfpy7WEYKKhdoFbEHriCYoHt8hr_5BO992yb_GRV35TmmA@mail.gmail.com>
References: <20130222230851.GO2030@giles.gnomon.org.uk>
	<CABOyFfpy7WEYKKhdoFbEHriCYoHt8hr_5BO992yb_GRV35TmmA@mail.gmail.com>
From: Peter Vessenes <peter@coinlab.com>
Date: Mon, 25 Feb 2013 11:44:02 -0800
Message-ID: <CAMGNxUusTxVBbp7L0v5fC9d2ERQaMMBzX5-T70risVF3jd1tVg@mail.gmail.com>
To: =?ISO-8859-1?Q?Jorge_Tim=F3n?= <jtimonmv@gmail.com>
Content-Type: multipart/alternative; boundary=bcaec51b9f7986704604d691c475
X-Gm-Message-State: ALoCoQnEkmM+8fobdOOiqEQ4dlPn9wxsk1mitsQXWpWgpQ0SSDh4VP/Hpz4QUiiN1+iSRFCXMD28
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
X-Headers-End: 1UA4RR-0005KH-Ef
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Key retirement and key compromise
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2013 20:14:30 -0000

--bcaec51b9f7986704604d691c475
Content-Type: text/plain; charset=ISO-8859-1

We've been toying with the idea of a 'dead' button, one that issues a bunch
of pre-generated txs sending stuff out to a previously secured 'backup' set
of addresses (we don't think in terms of wallets, just keypairs).

In this scenario, you have a long-term storage address (or set of them),
and if you need to hit the panic button, previously signed transactions
send value over to your emergency storage.

If you've mucked around sending / receiving with your long-term storage,
you'd only catch some BTC, not necessarily all, but what's nice is the
panic transaction leaking has lower security requirements than your private
keys -- worst case it's out, and you've got to deal with stuff in emergency
storage, as opposed to losing all your coins.

You could pair this with a server that checks if 'safe' addresses have
'unauthorized' transactions showing up on the blockchain, and you'd have a
reasonable automated security layer. Maybe. :)

I'm interested in thoughts on this approach as well.

Jorge -- I respectfully disagree with you, there are a number of enterprise
scenarios where your method is not appropriate.

--bcaec51b9f7986704604d691c475
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra" style>We&#39;ve been toying wit=
h the idea of a &#39;dead&#39; button, one that issues a bunch of pre-gener=
ated txs sending stuff out to a previously secured &#39;backup&#39; set of =
addresses (we don&#39;t think in terms of wallets, just keypairs).
</div><div class=3D"gmail_extra" style><br></div><div class=3D"gmail_extra"=
 style>In this scenario, you have a long-term storage address (or set of th=
em), and if you need to hit the panic button, previously signed transaction=
s send value over to your emergency storage.</div>

<div class=3D"gmail_extra" style><br></div><div class=3D"gmail_extra" style=
>If you&#39;ve mucked around sending / receiving with your long-term storag=
e, you&#39;d only catch some BTC, not necessarily all, but what&#39;s nice =
is the panic transaction leaking has lower security requirements than your =
private keys -- worst case it&#39;s out, and you&#39;ve got to deal with st=
uff in emergency storage, as opposed to losing all your coins.</div>

<div class=3D"gmail_extra" style><br></div><div class=3D"gmail_extra" style=
>You could pair this with a server that checks if &#39;safe&#39; addresses =
have &#39;unauthorized&#39; transactions showing up on the blockchain, and =
you&#39;d have a reasonable automated security layer. Maybe. :)</div>

<div class=3D"gmail_extra" style><br></div><div class=3D"gmail_extra" style=
>I&#39;m interested in thoughts on this approach as well.</div><div class=
=3D"gmail_extra" style><br></div><div class=3D"gmail_extra" style>Jorge -- =
I respectfully disagree with you, there are a number of enterprise scenario=
s where your method is not appropriate.=A0</div>

</div>

--bcaec51b9f7986704604d691c475--