|
January 28, 2014, 07:33:46 PM Last edit: January 29, 2014, 12:19:38 AM by earonesty |
|
As a merchant, I'd like to provide some assurance to my customers that the wallet address I'm signing with is one linked to my domain, in an irrevocable manner.
Currently, the merchant hosts an ssl connection, the customer typically sees a random, sometimes even recycled, address to send to.
For assurance, the merchant may sign a message with order information : "Order# 4456 Address: 1N57686... Amount: 1.56 BTC", or something like that. For that signature, the merchant will used a published address, typically one on his home page, or a donation page, and/or one associated with these forums.
This is great! Because the customer can come along and prove that the merchant signed that message, and prove he sent the BTC to that address, etc.
But suppose the merchant didn't post that public signing address anywhere? Do customers have to check archive.org first, to ensure the merchant's home page is in the cache with the donation address? Or worse, bitcoinforums (yes, that's the standard these days).
Who's to say a particular address is associated with a particular site?
And of course a customer can always create a wallet, stick a url in it, sign it and "swear it was on the merchant's site".
This is all silly, and we can have a standard, and SSL URI's are the right way to go:
a) publish a message at (https://) URL, can contain anything b) client reads that, stores the results in his wallet c) client sends a "verify transaction" consisting of a {SHA256(url+contents)} + bounty per verification + # of verifications requested d) peers can accept the "verify transaction", verify that ssl url contents hash as stated, obtain the bounty, and publishing the signed {SHA256(url+contents)} message in the bitcoin block chain as a transaction from their address along with 50% of the bounty as a transaction fee.
At the end of the day, miners participating in verification get paid for verification services. Customers can get assurance that verification is irrevocable.
Something like that...not terribly well thought out. But something.
But here's the thing....I think it really should be built-in to bitcoin. It could, of course, work as an "other coin".
If even 10% of the miners upgraded, a customer could pay for URL content verification and get a response within a few minutes. It won't be on the blockchain in a few minutes, sure. But it will propagate fast, and block-chain confirmation would only be needed for a lawsuit later... not for a "confirmation now".
(Note: it could be used to "confirm content" of any kind, enabling interesting new uses)
|