I appreciate your distaste for that comment. I'm going to leave my signature intact, as it will hopefully dissuade anyone from getting cute in the future. I cannot be compelled to apologize, nor can I vouch for slush's character beyond what has already been written by everyone.

And thanks to whoever sent me the 20BTC.

Ok, you want to use your private key for bitcoin instead of a private key in PGP; see my first post in this thread. I think you'll face some resistance because this is redundant functionality. As for seeing the amount in a certain account, can't you already do this is blockexplorer (a distinct application)?

But you need to have established trust through some other mechanism beforehand. Establishing trust is an inherently "out of band" process. See my points about PKI and Webs of Trust.

My point is that the lack of evidence is not evidence of a lack. Pretty fundamental distinctions here.

This I understand this very well.

Sure. If I have access to the private key (the wallet), then I can spend all my money.

Of course. Nobody needs to know to any degree of certainty which bitcoin accounts are mine. Isn't that rather the point of digital cash? Now, If I want to sign arbitrary data (as per the OP), I would rather use existing software and would hope that such redundancy would be avoided in bitcoin. If I want to make sure that my factory only sends bitcoins that I earned while building Cadillacs to my account, I can make sure by signing a message with one of my bitcoin IDs with my PGP key which they trust is mine.

Top class. But you should see me at the PTA meetings. I'm very popular there.

How do you know this?

I think I understand, but can't we already do that via blockexplorer? Why not just do something like this:

I identify myself as Joe and generate a corresponding PGP key (sorry to keep going back to PGP, but it is easier than saying "your public key software of choice"). I can then send a signed message with by bitcoin address to a recipient who already trusts that I am Joe and that it is my PGP key. Simply copy the bitcoin address from your gui or whatever and pgp/gpg away. In fact, I already do exactly this with some regularity, although my name may or may not really be Joe.

Good. Would it be possible to discuss in some detail what solution you implemented? What exactly the problems were and how you overcame them? Us code monkeys would like to know. Any chance to see actual code? That would go a long way in restoring some confidence with those who care about such issues.

To those who are obsessed with the issue of the sums involved, I will only say that if one can't be trusted with small sums, how can one be trusted with large sums? Not that it is at all relevant, but the anonymous nature of this forum and bitcoin allow me to experiment with pools using whichever resources I have, especially those which are less productive. Hint: I live in a cold climate. Quite simply, I don't tolerate abuse or evasiveness.

We need a vigilant community. This need will only become more pressing as the currency gains prominence.

You are correct in making the distinction between trust and "proof" via cryptographic transforms, so forgive me if I am repeating something you already understand. I am also writing to others who may not be as familiar with some of these concepts. However, when it comes to a digital ID (be it a bitcoin address or a PGP ID) there are some qualities that you can take at face value. For example, if a digital signature matches a public key, you can be quite certain that the corresponding private key created it. You are less certain, however, about who actually controls the private key. You now face an issue of trust. Do you trust the person to not allow his key to be stolen? Do you trust the people that vouched that a key matches a certain name? Do you trust the ID card or passport that says that John Smith is who he says he is and that the name matches the key? The issues are orthogonal.

So, if I have a bitcoin ID, the question (or at least what I interpreted as the question) is "how do I let someone know that this really is my account number and not to send money to other accounts who claim to be me?" Again, this is a trust issue. Typically, it is handled using either a centralized chain of trust (PKI {SSL certs}) or a distributed chain of trust (Web of Trust {PGP, CaCert(actually a hybrib), etc}). What the OP suggested was essentially to use bitcoin's private keys as a general form of digital ID, similar to the way PGP keys are already used. My point was that such functionality already exists in well-tested and standardized tools, such as GnuPG and that reproducing those features would not help bitcoin. In fact, by invoking well-known arguments pertaining to the unwelcome effects of increasing codebase complexity, I conjecture that the additional code would likely hurt it.

Incidentally, all these issues of trust have been well explored for many years, with much credit to the cypherpunks in the 90s (and digital cash, of course).

Emphasis mine. In general, the balance can change immediately. If you are saying what I think you are saying, then this functionality offers sharply limited practical use. If I am trying to buy something that costs 20BTC and I only have 10BTC, the transaction will fail immediately. At no point does the seller need to know how much money I have in my account. All he really has to know is if I produce enough to complete the transaction. Bitcoin is not a system of credit, it is a currency. Its entire appeal is that it behaves like cash.

I think that we're talking past each other.

Can you please explain a situation where one would like to prove the amount of money in an account at some point in time? Are you planning on paying taxes? The benefits would have to outweigh the considerable drawbacks of implementation and maintenance, requiring a compelling argument.

The OP requested (very concisely) the ability to use a bitcoin private key to sign data. I can detect no mention of anything else in what he wrote.

It wasn't wrong for you to ask. That's what discussions are for.

Interesting. To what ends? What good is the proof after the proof has been generated?


What about this?

You can prove ownership of funds at the time you make a signature? What good does that do you after the time of signature?

===
That's where trust comes in. The old PKI/WOT issue.

See above.

Maybe I am overlooking something critical. What is the point of telling somebody how much money you have at some instant, when at any subsequent time, the proof is no longer valid?

This is correct. In a position of accepting trust, the burden of proof is on him to show he is capable and trustworthy. I will correct you on one point; the service has not been free for some.

I'm not terribly concerned with what he finds annoying or insulting. Either you take the burden of proof seriously and are immediately clear with explanations or you accept the fact that people will ask tough questions. He voluntarily accepted the role, after all. It disturbs me that so many here are willing to accept the situation as is (i.e., cavalier attitudes toward trust and reputation), especially in the context of a critical phase of the development of a distributed currency.

Proof of ownership of an account number? Or of funds in an account? Proof of ownership of an account number can be done with pgp.

Perhaps, but I see this as an issue separate from signatures.

You can associate a public key to an arbitrary identity, not just a name or email address. Gpg allows this. If you want to prove you hold certain funds in an account, I am not sure how extending bitcoin to perform cryptographic signatures can help.

I certainly do not see why. If anything, it seems that the people complaining have accelerated action. Also, I still haven't seen any money. You seem to have a bizarre concept of gratitude and when it is merited.

The entire payment scheme remains opaque.

It all depends on what you want bitcoin to be. If you wish for it to become a monolithic application which can perform arbitrary cryptographic functions, by all means, go for it. I think this would be exactly the wrong way to go. I want bitcoin to succeed as a currency. The slimmer the standard and codebase, the easier it is to develop portable implementations and improve chances for adoption. Really, how hard is it to associate a pgp key to an account?

Security is also of paramount importance for bitcoin, and you can't exploit code that doesn't exist.

My point is that bitcoin is a currency. It shouldn't be in the business of general-use public key crypto. If you want to sign data, something like gpg would do a better job. You can already associate a gpg key to an account. I think it would be best to avoid encumbering bitcoin with redundant functionality. We should be mindful that with features come code. Code which must be written, debugged, maintained... and code which may potentially be exploited. The slimmer bitcoin remains, the better.

My balance is a few orders of magnitude greater than the threshold and has been since 18 Dec. I have no way of knowing to which blocks my work corresponds, but according to the information on slush's website, blocks 98425 (solved 2010-12-19 18:21:26) and earlier have all matured as of now. My work went to solving several of those blocks. That should suffice to show that something is seriously wrong.

This violates the "one job and do it well" philosophy. There already exist established standards for cryptographic signatures.

This ad hominem attack is feeble, even by your standards.

This thread is entitled "Cooperative mining (>4000Mhash/s, join us!)." It is clearly the appropriate place to discuss issues pertaining to your pool. A person discussing obvious issues and holding your feet to the fire is not "trolling" or "spamming." Those labels are not reserved for posts with which you happen to disagree or would rather not see posted.

Slush has offered several excuses, some more incoherent than others. Specifically, the argument that blocks take time to mature (and contrary to what many posters seem to think, most of the "complainers" understand this well) is becoming stale as more and more of the blocks, as listed on his own site, are maturing. With each passing day, it is becoming painfully clear that he is either incompetent or dishonest -- perhaps some degree of both.

How charming. I haven't been paid.

I also note that you haven't actually disputed anything I stated.


I'm not there. Again. What a surprise.

When shall I expect mine?

I'm not. How are these payments being processed? Without code or a breakdown of the logic involved, you have zero credibility.