These questions come up repeatedly, which is why I wrote an FAQ:
https://bitcointalk.org/index.php?topic=300809.0Please do read it. I really think by now that a lot of you will never stop discussing this or going round in circles, but ONE LAST TIME
1. In the post-NSA-snowden era, are you sure it is wise to participate in creation of a centralized mechanism, which governments can easily control ? Why would we trust *any* CA ?
As I have pointed out multiple times now, what we learned from the Snowden leaks is that
the PKI works. The NSA and friends are
not engaged in mass forgery of SSL certificates or any other kind of bulk attack on the certificate system, because they are unable to. Instead they are building large databases of whatever private keys they can obtain, via whatever mechanisms can be found.
There was one documented case where a forged certificate appeared to have been used. It was deployed in highly targeted attacks of the kind of that can take out basically any real-world software system. If an entire team of professional hackers goes after you, the chances of them failing are pretty low. The CA targeted could easily have been hacked and never even knew.
But even with that caveat, the certificate transparency upgrade is designed to expose hacked or malicious CA's publicly.
What's more, after Lavabit were forced to give up their SSL private key to the FBI, GoDadddy (the epitome of corporatism) revoked the SSL cert because industry policies required them to. I don't see how the existing set of CA's could have done a better job really, given the enormous scale on which the entire system operates.
But ultimately X.509 does not dictate any particular set of root certs. If you don't like the current set, feel free to go ahead and set up the ShadowOfHarbringer wallet that trusts the ShadowOfHarbringer CA, then start handing out certificates yourself. You can adopt whatever policies you want, including running your CA over Tor and being entirely anonymous.
2. What would Satoshi think of this ? Isn't adding a centralized stuff to a decentralized-by-design system kind of senseless ?
Given that Bitcoin 0.1 had a payment protocol in it, and he ended up disabling it due to the lack of authentication allowing MITM attacks, I can only assume he'd be fine with bringing it back in a fixed form.
But at any rate, calling the PKI "centralised" vs Bitcoin "decentralised" is kind of amusing, given that there are more root CA's than mining pools.
3. How do you think will the tinfoil-hatted-extremely-paranoid Bitcoin community react, when they realize you added a broken by design schema to the most important Bitcoin app ?
We know already. A few people on bitcointalk will get upset because they have a kneejerk reaction that says "companies == bad". The fact that there's a free market with hundreds of competitors to choose from will be ignored, the fact that they have not proposed anything better will cause them to be ignored. Also calling it "broken by design" is a way to get an insta-ignore because it simply isn't "broken by design", it's exactly the same system used to encrypt the internet connections of over a billion people daily. Rage that it isn't perfect if you like, but it's what we've got.
4. What problem exactly are you trying to solve with this solution ? I don't see Bitpay, Inpay, Coinbase or others complain that they cannot do business using Bitcoin without this feature ?
Go read my FAQ, it's covered very thoroughly there.
Isn't the invoicing possible to do through third party app or in-browser using SSL ?
You do realize that SSL is exactly the same system supported by the payment protocol, right? You can't use SSL without getting a certificate from this so-called "centralized" system. Realistically all online web shops are expected to use SSL already, as Jeff has pointed out many times. So it doesn't make much difference in the end.
5. Why add such a non-critical feature to the core client ? Isn't it supposed to be as clean, fast and efficient as possible without unnecessary bloat ?
You mean the core client that has a complete cross-platform GUI? It's a reference implementation. Even if not many people choose to use it, it gives developers something to test against and it allows us to verify that what we've designed actually works in the real world. Plus, there are plenty of users who may choose to run a full node wallet, anyone who has a computer switched on 24/7 is a good candidate for using Bitcoin-Qt. With this question, you're really asking "why does anyone bother to maintain the Bitcoin-Qt GUI at all?" which is a topic for another time.
