|
Title: Tying BTC to PKI keys / certificates Post by: tjkoury on December 02, 2021, 09:29:00 PM I am working on a project to take Bitcoin private keys and integrate them into legacy PKI applications.
The basic gist is if you need to trust someone has kept their keys secure, send them some BTC. If the UTXO stays put, then it's a good chance they have kept the key safe. Monitoring a wallet is much cheaper than a red team. Opinions? Title: Re: Tying BTC to PKI keys / certificates Post by: jackg on December 02, 2021, 10:34:53 PM Well the two main flaws of this system are that:
1. What happens if the person wants the funds that are stored there and don't care for it being there/their keys being a larger target than they were. 2. What if an attacker thinks they'll get more by not emptying the wallet than they will by taking the funds. Realistically though, it might work and be a good idea in some cases. I could imagine a large security firm putting something on their main signature private keys similar to this (if an attacker can get $10m from that exploit, they might not bother trying to sell the keys on). Title: Re: Tying BTC to PKI keys / certificates Post by: HCP on December 03, 2021, 12:25:27 AM Yeah... I guess one flaw is that the "bounty" sent to the "PKI wallet", would need to be sufficiently large that it would actually make an attacker want to steal it.
For instance, if you only send $100... and they could potentially make thousands from exploiting access to the PKI in other ways, then they could just ignore the BTC in the wallet, steal thousands from abusing the PKI access and the entire system fails. Also, with this system, you're potentially tying up large amounts of money, to "prove" that the keys are "safe"... which doesn't really prove that the keys are safe anyway... it just tells you that no one has moved the coins. Either way, you're likely losing out on a substantial amount of money. It's either stuck in the wallet, or an attacker steals it. Even if the other party was "staking" their own BTC to prove that their keys were safe... it still doesn't really prove that at all. Just that no one has moved the BTC. Title: Re: Tying BTC to PKI keys / certificates Post by: pooya87 on December 03, 2021, 05:52:05 AM The basic gist is if you need to trust someone has kept their keys secure, send them some BTC. Generally speaking the sender doesn't care about what the receiver is doing with their wallet. They could be using a very safe one or a custodial wallet (that doesn't let the balance stay in the address anyways) or a very insecure one.So the real question is what is the application of this project of yours since senders don't care about receiver's security? |