summaryrefslogtreecommitdiff
path: root/7b/ee16e4dbf8b1f1160535bcf2756a5007859986
blob: 0c9ca67b17f0bfe9b77d1cdeb6dd52cfe20a5cbb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gmaxwell@gmail.com>) id 1VZuan-0003Mh-KU
	for bitcoin-development@lists.sourceforge.net;
	Sat, 26 Oct 2013 03:31:13 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.215.45 as permitted sender)
	client-ip=209.85.215.45; envelope-from=gmaxwell@gmail.com;
	helo=mail-la0-f45.google.com; 
Received: from mail-la0-f45.google.com ([209.85.215.45])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1VZuam-0005ey-PO
	for bitcoin-development@lists.sourceforge.net;
	Sat, 26 Oct 2013 03:31:13 +0000
Received: by mail-la0-f45.google.com with SMTP id hp15so3758389lab.32
	for <bitcoin-development@lists.sourceforge.net>;
	Fri, 25 Oct 2013 20:31:06 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.112.234.168 with SMTP id uf8mr617930lbc.35.1382758265996;
	Fri, 25 Oct 2013 20:31:05 -0700 (PDT)
Received: by 10.112.89.72 with HTTP; Fri, 25 Oct 2013 20:31:05 -0700 (PDT)
Date: Fri, 25 Oct 2013 20:31:05 -0700
Message-ID: <CAAS2fgRRobkE2GdYomtJof7HCH-9ZczE9EBj7DBS-pCGscUSNQ@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gmaxwell[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VZuam-0005ey-PO
Subject: [Bitcoin-development] Payment protocol for onion URLs.
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 26 Oct 2013 03:31:13 -0000

One limitation of the payment protocol as speced is that there is no
way for a hidden service site to make use of its full authentication
capability because they are unable to get SSL certificates issued to
them.

A tor hidden service (onion site) is controlled by an RSA key.

It would be trivial to pack a tor HS pubkey into a self-signed x509
certificate with the cn set to foooo.onion.

If we specified in the payment protocol an additional validation
procedure for [base32].onion hosts that just has it hash and base32
encode the pubkey (as tor does) then the payment protocol could work
seamlessly with tor hosts. (Displaying that the payment request came
from "foooo.onion").  I believe that the additional code for this
would be trivial (and I'll write it if there is support for making
this a standard feature).

This would give us an fully supported option which is completely CA
free... it would only work for tor sites, but the people concerned
about CA trechery are likely to want to use tor in any case.

Thoughts?