We need smart contract based exchange

[szuetam]

That is a form of decentralisation; each asset is handled by its issuer, who you already have to trust anyway.

To do it as a web thing though you still need some kind of browser plugin that will talk to your bitcoin daemon to sign messages and to validate messages it receives from the server.

If you look at the tabs in the Open Transactions GUI, you will see that it has a tab for bitcoin, in which it does talk to your bitcoind daemon.

If people really insist on using bitcoin address signing instead of their 'nym maybe that functionality can be added into Open Transactions too.

-MarkM-

Not sure why you would need a browser plugin. The software can just give you a message to sign as plain text, then once you use your own Bitcoin client to sign it, can verify it using it's own signature verification service (own Bitcoin, or third party)

Site could just generate a bitcoin link which is accepted now as I know already by main client.
And it's all no add-ons or anything needed, and there could be competing websites for link generation.

For security encryption is of course recommended.

I have to install IRC client to start chat ing posting is to slow.

[markm]

Apparently GLBSE did not even actually have proper encrypted https, it had pretend/fake man in the middle system with a commercial professional man in the middle corporation that pretends to browsers that they have a secure connection but in fact is a deliberate man in the middle that Nefario actually deliberately conspired to set up as man in the middle intercepting all communications between browsers and GLBSE?

Is that correct?

-MarkM-

[Ichthyo]

...in the special case of using an https connection though actually I hear that is itself pretty much a built in man in the middle in the person of the certificate issuer plus maybe also people can fake the certificates too.

If you're about to say that for HTTPS, the certificate issuer acts as "man in the middle" then no -- that is blatantly wrong.

With HTTPS, you get a secure encrypted connection to some "entity" running a server. But you don't have any idea or guarantees about who is your communication partner. Now, to help with that, a known and "trusted" other entity certifies that this "entity" actually is what it claims to be. This certificate issuer certifies this by signing the "entitie's" server certificate. In practice, certificate issuer companies are selling that serive for money. It is a well known unofficial fact that many, if not most certificate issuer copanies don't go into mouch trouble for actually verifying the identity of their customers. It is said that oftern there is just a cursory check about the domain registration. Well, this is inofficial knowledge, because, officially, by the terms of law, the certificate issuer guarantees that the identity of your communication partner is "verified".

But this does in no way mean that the certificate issuer is able to intercept a HTTPS communication.

There is another thing. Today, many more elaborate corporate firewalls perform a dedicated man-in-the-middle attack on any HTTPS connection from the general internet to a client within the company. They intercept the connection, decrypt the content, and forward it with another HTTPS connection, signed with the certificate of the firewall proxy. Of course, this triggers a huuuuge alarm in any sensible internet browser. Now, unfortunately, since this practice has become so common, a lot of people routinely click away any "breach of security" alert given by their browser indicating a mismatch on the HTTPS certificate.

...maybe also people can fake the certificates too.

No, it is not possible to fake a Certificate, without again triggering an alarm in the client's browser. But, see above, thanks to improved corporate security measures, we have now trained a lot of people to ignore any such alarm.

[markm]

http://www.lmgtfy.com/?q=cloudflare

-MarkM-

[szuetam]

Huh, I didn't even know what he was talking about (maninthemiddle?) until you answered.

This week I'll get some changes at my work and university and I will know if I'm time capable to start project as it is said in topic.

[LegalEagle]

I'm personally going to be very careful about dealing with securities.  The SEC could get (easily) involved and that would get messy fast.

[kjj]

I'm personally going to be very careful about dealing with securities.  The SEC could get (easily) involved and that would get messy fast.

With a distributed record of ownership, a lot of things become possible.  TOR-hidden exchanges, brokerages, and dealers, for example.  And person to person transactions, which I'm almost positive are totally legal.