Bitcoin Forum
September 28, 2022, 05:30:59 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: IDEA: a service that bind bitcoin receiving addresses to your email...  (Read 1478 times)
lixiaolai (OP)
a friend of time
VIP
Full Member
*
Offline Offline

Activity: 169
Merit: 100



View Profile
May 09, 2013, 03:03:28 PM
Last edit: May 09, 2013, 03:29:04 PM by lixiaolai
 #1

I confront a difficulty when I initiated the charity donation for Lushan Earthquake (https://bitcointalk.org/index.php?topic=181336): somebody reposted the text and replaced the receiving address with his own.

It's not the first time it occurred to me. I've once posted a receiving address in one of my article, which was quite popular, however, I lost that wallet, while the post were being reposted all the time.

Therefore, I want a service that can bind my bitcoin receiving address to my email address, which is almost "permanent" to me. With this service, I might change the bitcoin receiving address, but for others, what they only need to do is to send bitcoin to my email address.

Is this useful to you? If the idea is viable, I'll try to make it.

Thanks for your suggestions.


inblockchain.com
1664386259
Hero Member
*
Offline Offline

Posts: 1664386259

View Profile Personal Message (Offline)

Ignore
1664386259
Reply with quote  #2

1664386259
Report to moderator
1664386259
Hero Member
*
Offline Offline

Posts: 1664386259

View Profile Personal Message (Offline)

Ignore
1664386259
Reply with quote  #2

1664386259
Report to moderator
1664386259
Hero Member
*
Offline Offline

Posts: 1664386259

View Profile Personal Message (Offline)

Ignore
1664386259
Reply with quote  #2

1664386259
Report to moderator
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Brushan
Member
**
Offline Offline

Activity: 224
Merit: 10



View Profile
May 09, 2013, 10:20:43 PM
 #2

I think it's a great idea and something like this is a must to make Bitcoin hit the mainstream.
Knecke
Full Member
***
Offline Offline

Activity: 152
Merit: 100



View Profile
May 10, 2013, 11:03:23 AM
 #3

We need a service like a DNS, where a bitcoin client makes a request for the mail address "name@domain.com" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.
lixiaolai (OP)
a friend of time
VIP
Full Member
*
Offline Offline

Activity: 169
Merit: 100



View Profile
May 10, 2013, 11:07:32 AM
 #4

We need a service like a DNS, where a bitcoin client makes a request for the mail address "name@domain.com" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

inblockchain.com
sairon
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


One does not simply mine Bitcoins


View Profile
May 10, 2013, 11:10:51 AM
 #5

GPG would be perfect for this, although I'm not sure how many people would be comfortable with using it. Cheesy

GPG key ID: 5E4F108A || BTC: 1hoardyponb9AMWhyA28DZb5n5g2bRY8v
Knecke
Full Member
***
Offline Offline

Activity: 152
Merit: 100



View Profile
May 10, 2013, 11:29:55 AM
 #6

We need a service like a DNS, where a bitcoin client makes a request for the mail address "name@domain.com" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through
sairon
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


One does not simply mine Bitcoins


View Profile
May 10, 2013, 11:42:34 AM
Last edit: May 10, 2013, 11:53:01 AM by sairon
 #7

We need a service like a DNS, where a bitcoin client makes a request for the mail address "name@domain.com" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through

The service need not to be trusted if you use some kind of crypto... The best way as I said would be to use PGP/GPG with included Bitcoin address in the note field along with your email or just signing the current BTC address with you GPG key and posting the clearsign text on the 3rd party website where users can view it and optionally check in their own gpg client.

EDIT: It would be nice if you could do it all with just Bitcoin signatures, but that's impossible for this use-case (you would be signing e-mail address with an "untrusted" Bitcoin key pair).

EDIT2: Also note that all previously created clearsigned addresses can be securely revoked as long as you keep your private key private, which is good in case your wallet gets compromised (but not your GPG private key; but there's also way to create GPG revocation certificate and broadcast it to keyservers when you private key gets compromised and it invalidates everything signed with the now compromised key).

GPG key ID: 5E4F108A || BTC: 1hoardyponb9AMWhyA28DZb5n5g2bRY8v
bujiraso
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
May 10, 2013, 05:38:12 PM
 #8

I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.
edmundedgar
Sr. Member
****
Offline Offline

Activity: 352
Merit: 250


https://www.realitykeys.com


View Profile WWW
May 11, 2013, 05:25:26 AM
 #9

We need a service like a DNS, where a bitcoin client makes a request for the mail address "name@domain.com" and the service responses the Bitcoin address.

But the response must be signed or something like that, to avoid (man-in-the-middle)attacks of the service.

works like namecoin?

No, i mean a centralized service.

You sign up, sign in, insert your address and sign the address.
But you need a trusted service.

Only a thought experiment from me... not yet thoroughly thought through

The service need not to be trusted if you use some kind of crypto... The best way as I said would be to use PGP/GPG with included Bitcoin address in the note field along with your email or just signing the current BTC address with you GPG key and posting the clearsign text on the 3rd party website where users can view it and optionally check in their own gpg client.

EDIT: It would be nice if you could do it all with just Bitcoin signatures, but that's impossible for this use-case (you would be signing e-mail address with an "untrusted" Bitcoin key pair).

EDIT2: Also note that all previously created clearsigned addresses can be securely revoked as long as you keep your private key private, which is good in case your wallet gets compromised (but not your GPG private key; but there's also way to create GPG revocation certificate and broadcast it to keyservers when you private key gets compromised and it invalidates everything signed with the now compromised key).

I'll post a proper announcement later but I've been working on a service a bit like this. I'm planning on starting with a version that runs on Twitter for Twitter usernames, then doing email, then other kinds of identity. (My original motivation was virtual world avatars for OpenSim, which I'd also like to do.)

The way I see it, the problem is split into two parts, which could conceivably be run by different people:

1) Confirming identity-address pairs (eg this address belongs to this email) and signing them with the identity-confirmer's GPG certificate. This is done either by sending a confirmation message (email) or by trusting the information given by a system's API (Twitter). Traditionally this is the kind of thing that webs of trust can help with, and that may turn out to be the ultimate solution, but I think we get something usable quicker with just a few trusted parties. If somebody turns out not to be trustworthy we can stop serving data they've signed.

2) Storing and serving the GPG-signed identity-address pairs, and making them available through an API to anyone who knows the identity side (eg the email address). People using the API would check the signature of the data they fetched against a list of known good identity-confirmers, which should protect against the web server serving the data getting hacked.

Ideally I'd envisage this data being shared by at least 2 or 3 different people or organizations which all support the same API, so that you could develop applications that use it and be reasonably confident that it won't suddenly disappear. In a world full of technical people the data would all be entirely public, but in the real world that we sadly inhabit non-technical people generally have reservations about the way their email addresses are shared, so in practice I think this is also better done by a smallish number of independent people or organizations that agree to try hard not to leak it. Email addresses can be stored hashed, but that can be brute-forced in a lot of cases as they're fairly predictable. If somebody ends up accidentally leaking the data, that's bad, but not devastating.
lixiaolai (OP)
a friend of time
VIP
Full Member
*
Offline Offline

Activity: 169
Merit: 100



View Profile
May 11, 2013, 12:05:42 PM
 #10

I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.

If you embed this feature into a wallet client, that means the feature is only available to a portion of bitcoin users, which is a limit...

inblockchain.com
btharper
Sr. Member
****
Offline Offline

Activity: 389
Merit: 250



View Profile
May 11, 2013, 07:49:38 PM
 #11

I feel like a smart enough wallet client could solve this problem entirely, using many of the above suggestions -- most importantly crypto
I'm a dev... I'll think on whether or not I could make something that works for this purpose.

If you embed this feature into a wallet client, that means the feature is only available to a portion of bitcoin users, which is a limit...
I think the intent is to be able to add this functionality to any wallet (the wallet could confirm the address you're adding goes to the correct person), and users of wallets that don't support this functionality natively can just use a standalone program or web interface
lixiaolai (OP)
a friend of time
VIP
Full Member
*
Offline Offline

Activity: 169
Merit: 100



View Profile
May 12, 2013, 03:12:57 AM
 #12

This has been done so many times, and have failed cause the users don't know how to handle a trust-less system.

essentially I think namecoin is nearest solution for this purpose.

inblockchain.com
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!