1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <timo.hanke@web.de>) id 1U3koM-0001ih-SO
for bitcoin-development@lists.sourceforge.net;
Fri, 08 Feb 2013 10:04:02 +0000
Received: from mout.web.de ([212.227.15.3])
by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1U3koL-0007IP-Dw for bitcoin-development@lists.sourceforge.net;
Fri, 08 Feb 2013 10:04:02 +0000
Received: from crunch ([93.129.7.120]) by smtp.web.de (mrweb103) with ESMTPA
(Nemesis) id 0LkyEb-1Ubz260JgD-00ao20; Fri, 08 Feb 2013 11:03:55 +0100
Date: Fri, 8 Feb 2013 11:03:54 +0100
From: Timo Hanke <timo.hanke@web.de>
To: bitcoin-development@lists.sourceforge.net
Message-ID: <20130208100354.GA26627@crunch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Provags-ID: V02:K0:zHdzA7kFElxKpD+apdFwJPDlWERudDw4M4VT/AwahVD
yQcWdtfksLpySZKsHRXbfHL5Tzar3IG8aFPVB6ZTd8+S/g8M91
lwtDLIeTowxo0eWks81Dh5bqHg27iKxhUdKdhBqByj4QPX4h9C
7rvOV8/0lpGST28x9RwtwR2NLAsP+FnJW2qXmSNAQ2gpYTfeer
aM2GSqPs2O3bolBH+tOfQ==
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(timo.hanke[at]web.de)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [212.227.15.3 listed in list.dnswl.org]
-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
X-Headers-End: 1U3koL-0007IP-Dw
Subject: [Bitcoin-development] Blockchain as root CA for payment protocol
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: timo.hanke@web.de
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 10:04:03 -0000
There have been proposals to use the blockchain to establish
"identities". firstbits is a simple example. I would like to announce a
project that extends this idea to turn the blockchain into a "root CA"
that can sign arbitrary certificates. The purpose is to use these
certificates in the payment protocol, where some might consider
traditional centralized root CAs unsatisfactory.
Code is here: https://github.com/bcpki
Technical specification and full-length examples are found in the wiki.
I therefore spare myself from repeating the details here, even though,
of course, discussion about those details is welcome on this list.
Excerpt from README.md follows:
First, we have drafted a quite general specification for bitcoin certificates (protobuf messages) that allow for a variety of payment protocols (e.g. static as well as customer-side-generated payment addresses).
This part has surely been done elsewhere as well and is orthogonal to the goal of this project.
What is new here is the signatures _under_ the certificates.
We have patched the bitcoind to handle certificates, submit signatures to the blockchain, verify certificates against the blockchain, pay directly to certificates (with various payment methods), revoke certificates.
Signatures in the blockchain are stored entirely in the UTXO set (i.e. the unspend, unprunable outputs).
This seems to make signature lookup and verification reasonably fast:
it took us 10s in the mainnet test we performed (lookup is instant on the testnet, of course).
Payment methods include: static bitcoin addresses, client-side derived
payment addresses (pay-to-contract), pay-to-contract with multisig destinations (P2SH)
Full-length real-world examples for all payment methods are provided in the tutorial pages.
These examples have actually been carried out on testnet3.
For further details and specifications see the wiki.
timo hanke
|
