Title: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: copumpkin on January 28, 2012, 06:46:05 PM Overview
The goal of this protocol is to:
The key guiding principles I follow in the protocol are:
To Borrow 1) The borrower prepares a roughly standardized (in the sense that it includes all relevant details; the format itself need not be standardized) document outlining sought loan terms, signed with their #bitcoin-otc WOT public key: For example: Code: -----BEGIN PGP SIGNED MESSAGE----- I generated this message by saving it to a text file, then running: Code: gpg -u 9280FBD6 --clearsign sample-loan-request.txt where the -u selects the key I want to use (it must match the one used on the WOT for this request to be meaningful). It is important to note that the message does not include an address to send to, because that opens a hole for disputes later. To verify the loan request, the lender must feed the complete signed message into gpg: Code: gpg --verify sample-loan-request.txt.asc which should reveal the keyid: Code: gpg: Signature made Sat Jan 28 12:15:50 2012 EST using RSA key ID 9280FBD6 Note that my key (and probably many of the keys used here) will not be certified by system-trusted signatures. This is fine, as we don't care so much about external identity verification as we care about associating the loan request with a known OTC reputation. If the key is also signed by someone you know and trust, all the better, but the important part there is the key ID (9280FBD6). To verify it, you should visit http://bitcoin-otc.com/viewgpg.php?nick=copumpkin (linked from the main user rating page) and check that it matches there. In this cases it does, so you can evaluate the message according to your usual creditworthiness criteria. If I were evaluating this loan request, I'd be willing to make the loan because it has a high return but also pays small amounts at regular intervals. This should give a lender additional confidence because it means that even if something bad happens to the borrower at the end of the term, the loan isn't a complete loss to the lender. Also, money now is better than money later, if you have a choice :) Additionally, the prospective borrower has a good WOT reputation. Less ideally, the borrower doesn't state what the loan is for, but I'm willing to let that slide for someone with a good WOT reputation. Other lenders might have more of a problem with that. Borrowers with less of a WOT reputation should probably state their loan purpose in the original request. 2) The lender has evaluated the request and has decided to make the loan. To proceed, he takes the lender's request and includes it, signature and all, in a new message signed with his own key. He sends this message to the borrower, privately: Code: -----BEGIN PGP SIGNED MESSAGE----- The borrower checks the signature and makes sure it matches a WOT identity. The lender doesn't actually need to trust the borrower at all at this stage, but it is important to have a valid identity associated with all communication, in case there are disputes later. 3) The borrower responds, again privately, with: Code: -----BEGIN PGP SIGNED MESSAGE----- 4) The lender responds with: Code: -----BEGIN PGP SIGNED MESSAGE----- And the borrower now has some coins. There is no need to post any confirmation to the forum as both parties have proof of what the terms were, if something goes wrong. For example, if the borrower never receives the coins, he can post a transcript of the correspondence, third parties can check the signatures and also check the bitcoin network for transactions to the address (or the txid) and see that no coins were received at that address. To repay There is no need for any GPG communication here if everything goes smoothly. The original loan agreement has all the information needed in it to verify that the repayment terms are being respected by checking the blockchain. Because the repayment address is private, only the borrower or a delegate of the borrower can send coins to that address. Because the protocol specifies that the repayment address must be private, the lender can't claim that his buddy Joe also uses that address and that the 2 btc payments we see in the blockchain were from Joe, not from the borrower, so the borrower is protected from predatory lenders. To renegotiate terms At any point during the loan period, both the lender and the borrower can attempt to renegotiate terms, again following the convention of keeping all correspondence signed. The counterparty is free to reject an attempt at renegotiation, of course. For example, let's say that the borrower's having cashflow problems and will be unable to make his third 2 btc payment on time. He sends a signed email to the lender explaining that his dwolla transfer into mtgox will arrive in three business days and the payment will thus be three days late. The borrower responds, again including all past signed correspondence, and tells the lender that he would like an extra bitcoin of principal repayment (41 at the end) in that case. The lender reluctantly accepts in a third signed email. If shit hits the fan copumpkin the borrower warned his lender that his 3rd payment would be late, and also paid his 4th 2 btc payment late without notice and is currently 2 days late on his principal repayment. He sends copumpkin a signed email giving him a final chance to redeem himself before he gets a negative rating on the WOT and the correspondence is posted publicly. copumpkin responds and says that he is very sorry for the lateness and he was having computer and cashflow trouble. A day later, copumpkin repays his lender 42 btc. The lender might then post publicly (or privately to designated credit report collectors if we don't want public credit reporting) the full correspondence acknowledging that he has received the full amount back from copumpkin, with a discussion of lateness. It would include addresses for people to verify all payment claims, including the lender's claims that payments were late. Discussion This document is a lot longer than it needs to be, and is just an implementation of the basic guiding principles I outlined at the beginning, but I do hope it gives an idea of how something like this might work. The simplest approach to making this happen would be to use signed email, since the annoying parts involving signing and verifying messages (and including earlier messages) are taken care of for us. The original signed loan request could be posted publicly on the forum, then a PM could be sent over the forum to exchange email addresses, and then all further correspondence could happen over signed emails. Some people would understandably be uncomfortable exchanging emails (if unpleasantness happens, a party could get signed up for spam against their will), so in that case manually signed messages could still be exchanged through forum PMs. I can't think of any gaping holes in this system if everyone follows it correctly, but would be interested to see if anyone can think of ways in which one party could get away with screwing the other without the other party being able to prove innocence using the blockchain or signed correspondence. The system is admittedly pretty cumbersome, and might only be worthwhile for larger loans, especially considering that many forum-based lenders might not even have GPG set up or a WOT reputation. I welcome any constructive feedback :) I would like to extend this into a discussion of how we would like credit ratings to work, too. Swaps/insurance can come later. Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: BurtW on January 28, 2012, 07:20:29 PM Thinking this over...
Assuming everything is properly signed can you explain to me the fraud vectors that necessitate keeping the public addresses of either the borrower of lender or both private? Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: copumpkin on January 28, 2012, 07:40:31 PM Thinking this over... Assuming everything is properly signed can you explain to me the fraud vectors that necessitate keeping the public addresses of either the borrower of lender or both private? Sure. It boils down to the example I gave in the original proposal: if an address is public, there is nothing connecting someone sending to the address to the identity you're corresponding with. Take it to the extreme: I use one address for everything, including my loan requests. The address is in my signature and I include it on all my websites. Now when I make a loan request, two undesirable things could happen:
A similar situation can happen for repayment to a public address:
In all these cases, we can use the blockchain and verify that coins were indeed received at the specified address, but we don't know who sent them. There are systems for proving you own a source address using bitcoin, but they're cumbersome and there's no easy way to access them from the standard GUI, as far as I know. The added conflict and time spent resolving issues like these make loans more risky for all parties, and should be avoided if possible. The reason I actively specify that addresses must be kept secret is that it prevents people from claiming that their buddy was also sending a scheduled payment to the same address. In the above system, if a payment reaches an address, it must be assumed to come from the counterparty. If you publicize the address you want to be receiving at, you give up the right to claim that any coins you might have received to that address were not from the counterparty you supposedly generated it for. If you insist on giving it out and then claim your counterparty didn't pay you (but your buddy Joe did), you are knowingly undermining the system and would receive negative ratings for doing so. So basically, I think that keeping addresses private not only avoids a class of misunderstandings but also aligns the parties' incentives with what is best for everyone. I might be wrong though :) Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: BurtW on January 28, 2012, 08:43:15 PM Fair enough. Off to think some more on this.
Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: PatrickHarnett on January 28, 2012, 08:45:46 PM A few observations:
- I don't use IRC or #bitcoin-otc - I don't use linux or the gpg command line command (but I think that's what it is) - I don't really want to understand SHA cryptology, but for some people it helps them feel safe. Going back to read the other stuff now. Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: copumpkin on January 28, 2012, 08:59:37 PM A few observations: - I don't use IRC or #bitcoin-otc - I don't use linux or the gpg command line command (but I think that's what it is) - I don't really want to understand SHA cryptology, but for some people it helps them feel safe. Going back to read the other stuff now. Fair enough :) Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: copumpkin on January 28, 2012, 09:12:03 PM A few observations: - I don't use IRC or #bitcoin-otc - I don't use linux or the gpg command line command (but I think that's what it is) - I don't really want to understand SHA cryptology, but for some people it helps them feel safe. Going back to read the other stuff now. On that note, could you (or others) elaborate on what you think of the state of things around here? Do you think the current state of affairs is fine? The crypto-nerd in me wants a nice decentralized system for loans like bitcoin itself, but realistically I think that even if such a system were possible, it would probably be too cumbersome for most people. In the real world, loans are often accompanied by lots of paperwork, and I think that not having (as much of) that is considered a plus in bitcoin. My proposal puts all that back and also requires the parties to be very tech-savvy, which is probably silly. Would you be more interested in a dedicated website for loans with profiles and easy tracking of open loans and histories? It'd introduce a trusted third party in every transaction (the website admin) but we already have that here and it doesn't stop people. I'm just looking for ideas, honestly :) I just don't want people to get scammed and I want lenders to have low (or easily measurable, at least) risk and borrowers to pay low interest! Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: JusticeForYou on January 28, 2012, 09:31:37 PM A few observations: - I don't use IRC or #bitcoin-otc - I don't use linux or the gpg command line command (but I think that's what it is) - I don't really want to understand SHA cryptology, but for some people it helps them feel safe. Going back to read the other stuff now. Patrick, The WoT is at otc-bitcoin.com http://bitcoin-otc.com/viewratings.php Not necessarily a solution for your purposes, but it could be used as another step in your precautions. I.E. Another, you trust, could verify the KeyID and <nick>. As for example: Recently Theymos failed to identify me cause of an obfuscation method employed. Nanotube acted as a trusted third party to verify my nick. Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: PatrickHarnett on January 28, 2012, 09:36:14 PM Patrick, The WoT is at otc-bitcoin.com http://bitcoin-otc.com/viewratings.php Not necessarily a solution for your purposes, but it could be used as another step in your precautions. I.E. Another, you trust, could verify the KeyID and <nick>. Thanks - I have looked it up occasionally. Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: imsaguy on January 29, 2012, 06:51:37 AM A few observations: - I don't use IRC or #bitcoin-otc - I don't use linux or the gpg command line command (but I think that's what it is) - I don't really want to understand SHA cryptology, but for some people it helps them feel safe. Going back to read the other stuff now. We just saw a rash of account hackings where people asked for loans. How do we know that you are you without some sort of verification? Using GPG (which isn't linux only, many of us use Windows) allows reputation to be protected by a private key vs just a simple password. Much more secure. Title: Re: Proposal for (cumbersome) loan protocol that allows secure credit ratings Post by: brendio on January 29, 2012, 11:26:24 PM Generally good proposal (I think you mixed up lender and borrower a few times in your OP).
I think having at least one GPG signed message from each side would go about 95% of the way to linking identities, without the added hassle of signing every message. Also, I think your issue with keeping addresses private could be resolved if you made it a requirement to have a unique address for each loan. If the lender claims Joe paid in to the same address, it is their loss for not using a unique address, and the dispute would be resolved in favour of the borrower in that case. |