Can we talk about removing SSL from the payment protocol and put PGP?

[gweedo]

I think PGP would be better than SSL, plus all can be keyservers or a DHT keyserver. It really wouldn't be too hard to add this. I think we need to reopen this discussion. Remember the payment protocol doesn't hinder users because of how technical it is but companies that want to use bitcoins can easily do this.

[1714717360]

1714717360

[1714717360]

1714717360

[1714717360]

1714717360

[roslinpl]

This is not bad idea at all but it need to be think about and it would be not so easy to implement. But idea seems not bad.

[mjosephs]

I think PGP would be better than SSL

You can talk about it all you like; the devs will just ignore you, like everybody else who told them this.

The payment coin tracking protocol's use of SSL CAs has been a suicidal idea from day one.  The non-excuse proffered is "yeah but the CAs are the best of a lot of bad solutions".  Guess what folks, if all the solutions are bad then maybe the problem isn't actually a "problem" and doesn't need solving.

Or more specifically, as in this case, you aren't solving a problem you're just hiding a problem (invoice authentication) behind a much harder, much more-unsolved and probably-never-solvable problem (general purpose PKI) so you can piggyback off of the excuses crafted by the probably-never-solvable-problem's non-solution vendors.

General-purpose, worldwide, universally trusted PKI will never exist.

Tossing your lot in with the "most popular failed attempt" at solving this problem is much, much worse than admitting that nobody knows how to solve this problem and secure systems shouldn't be based on the assumption that it can be solved.

[Kenshin]

I totally agreed that PGP might be a better option. Because it will be more decentralized then using SSL.

[trior]

PGP, SSL What's the difference?
please explain a little , so that non technical people like me fallow you.

[cbeast]

Couldn't we just have a small no fee unconfirmed payment required for security?

[kjj]

If you write good patches to add PGP/WoT authentication, I suspect they would be merged in a heartbeat.

As far as I can tell, no one is opposed to such a thing, they just don't think it has a very good payoff to effort ratio compared to authentication using the global SSL PKI.  Because of this, it is not a good candidate for being built first.  If you disagree, feel free to write some code, or convince/bribe someone to do so.

[gweedo]

If you write good patches to add PGP/WoT authentication, I suspect they would be merged in a heartbeat.

As far as I can tell, no one is opposed to such a thing, they just don't think it has a very good payoff to effort ratio compared to authentication using the global SSL PKI.  Because of this, it is not a good candidate for being built first.  If you disagree, feel free to write some code, or convince/bribe someone to do so.

Yes I know if I want it I should write it myself. I just don't have the time.

[wumpus]

If you write good patches to add PGP/WoT authentication, I suspect they would be merged in a heartbeat.

As far as I can tell, no one is opposed to such a thing, they just don't think it has a very good payoff to effort ratio compared to authentication using the global SSL PKI.  Because of this, it is not a good candidate for being built first.  If you disagree, feel free to write some code, or convince/bribe someone to do so.

Indeed. 100% agreed.

I'm certainly not against better, more distributed alternatives to the payment protocol. BIP0070 was not meant as the be-all and end-all idea, but a immediate workable solution.

But there has been enough talk on this subject. Long, handwavy discussions are just not useful. Show us code.

[DeathAndTaxes]

Not trying to flame gweedo but what would we gain from using PGP over say self signed SSL cert?  SSL doesn't need to mean that CA are used.

[gweedo]

Not trying to flame gweedo but what would we gain from using PGP over say self signed SSL cert?  SSL doesn't need to mean that CA are used.

Well first SSL cert are one-way. You only validate them for the company you are connecting to. With PGP we could validate two way, that the company is talking to the right user and user could be talking to the right company. Also PKI are expensive so we can't really have any community involvement this yet. Where is we used a key server that was decentralized like using a DHT, we can then not have to worry about hacks on CA's or it being expensive to start your own.

We also could use each full node be a key server and then you query everyone of them for the public key for the company you want to validate from. With majority rule on what is the correct public key.

[gweedo]

If you write good patches to add PGP/WoT authentication, I suspect they would be merged in a heartbeat.

As far as I can tell, no one is opposed to such a thing, they just don't think it has a very good payoff to effort ratio compared to authentication using the global SSL PKI.  Because of this, it is not a good candidate for being built first.  If you disagree, feel free to write some code, or convince/bribe someone to do so.

Indeed. 100% agreed.

I'm certainly not against better, more distributed alternatives to the payment protocol. BIP0070 was not meant as the be-all and end-all idea, but a immediate workable solution.

But there has been enough talk on this subject. Long, handwavy discussions are just not useful. Show us code.

Yes I agree that code is the overrules talking about it, but by having these talks I am hoping to get a developer who could do this and has the time. Right now many of us just don't have the time to develop this protocol write the features and then convince people to use it.

I don't think a bounty is appropriate with this feature.

[DeathAndTaxes]

With PGP we could validate two way, that the company is talking to the right user and user could be talking to the right company.

That is a valid point although SSL does support client certs.  Bitcoin would be extended to expose that support making it identical to PGP in that respect.

  Also PKI are expensive so we can't really have any community involvement this yet. Where is we used a key server that was decentralized like using a DHT, we can then not have to worry about hacks on CA's or it being expensive to start your own.  We also could use each full node be a key server and then you query everyone of them for the public key for the company you want to validate from. With majority rule on what is the correct public key.

All of that can be done with SSL self signed SSL certs as well.  I guess my point is you seem to be indicating that CA = bad therefore don't use SSL.  SSL can be used in a self signed fashion.  You could have SSL self signed key servers, you could load them into the network DHT style essentially replace public key in your example with SSL cert and the same thing applies.

[gweedo]

With PGP we could validate two way, that the company is talking to the right user and user could be talking to the right company.

That is a valid point although SSL does support client certs.  Bitcoin would be extended to expose that support making it identical to PGP in that respect.

Yes SSL protocol supports it but no browsers (Firefox does) really support that feature, no web server really makes use of that of feature. So what makes bitcoin going to support?

 Also PKI are expensive so we can't really have any community involvement this yet. Where is we used a key server that was decentralized like using a DHT, we can then not have to worry about hacks on CA's or it being expensive to start your own.  We also could use each full node be a key server and then you query everyone of them for the public key for the company you want to validate from. With majority rule on what is the correct public key.

All of that can be done with SSL self signed SSL certs as well.  I guess my point is you seem to be indicating that CA = bad therefore don't use SSL.  SSL can be used in a self signed fashion.  You could have SSL self signed key servers, you could load them into the network DHT style essentially replace public key in your example with SSL cert and the same thing applies.

Well the X509 also isn't that strong. I mean if people think that SSL cert would work better in a decentralized environment I am open to it but I don't think SSL certificates aren't strong enough for this.

[DeathAndTaxes]

Yes SSL protocol supports it but no browsers (Firefox does) really support that feature, no web server really makes use of that of feature. So what makes bitcoin going to support?

How would Bitcoin support PGP client public keys?  Whatever the solution replace PGP public key with SSL Client cert.  Not saying SSL is better but not seeing how we gain anything by going to PGP.

Well the X509 also isn't that strong. I mean if people think that SSL cert would work better in a decentralized environment I am open to it but I don't think SSL certificates aren't strong enough for this.

Ok now we are talking or at least to the heart of the matter.  Do you have a cite or link where X509 would fail that PGP wouldn't?

[gweedo]

Yes SSL protocol supports it but no browsers (Firefox does) really support that feature, no web server really makes use of that of feature. So what makes bitcoin going to support?

How would Bitcoin support PGP client public keys?  Whatever the solution replace PGP public key with SSL Client cert.  Not saying SSL is better but not seeing how we gain anything by going to PGP.

Well the X509 also isn't that strong. I mean if people think that SSL cert would work better in a decentralized environment I am open to it but I don't think SSL certificates aren't strong enough for this.

Ok now we are talking or at least to the heart of the matter.  Do you have a cite or link where X509 would fail that PGP wouldn't?

Well technically you can use a X509 to relay pgp information. I think a PGP certificate would be stronger and better in this case. Also X509 is weak with the signature algorithms, you don't need a link to show that.

[kgo]

Note that the BIP doesn't tell you what certificates should be trusted.  That's up to the implementation, not the protocol:

"Trusted root certificates may be obtained from the operating system; if validation is done on a device without an operating system, the Mozilla root store is recommended."

If you want to use a WoT, you can just use something like monkeysphere http://web.monkeysphere.info/ instead of the normal PKI/root-CAs.

There isn't a widely used transport layer standard for OpenPGP, which is what the protocol needs, so TLS is probably a better choice then PGP for the actual encryption.

[gweedo]

There isn't a widely used transport layer standard for OpenPGP, which is what the protocol needs, so TLS is probably a better choice then PGP for the actual encryption.

This is very much false, all information could be encrypted using the public key of the user that wants to send the bitcoins and then decrypt by their machine. Also I wouldn't include gpg into the actually bitcoin client I would have it called out to the shell so their is a disconnect of passwords and stuff.

[kgo]

There isn't a widely used transport layer standard for OpenPGP, which is what the protocol needs, so TLS is probably a better choice then PGP for the actual encryption.

This is very much false, all information could be encrypted using the public key of the user that wants to send the bitcoins and then decrypt by their machine. Also I wouldn't include gpg into the actually bitcoin client I would have it called out to the shell so their is a disconnect of passwords and stuff.

No it's not false.  TLS (per its name) happens at the transport layer.  It's baked into every http library in the world.  There really isn't a standard to do this for OpenPGP that anyone uses or is supported by any library.  What you're proposing requires everyone to implement an ad-hoc poorly specified made-up-just-for-bip-70 encryption scheme and shoving it into the presentation layer.

[gweedo]

There isn't a widely used transport layer standard for OpenPGP, which is what the protocol needs, so TLS is probably a better choice then PGP for the actual encryption.

This is very much false, all information could be encrypted using the public key of the user that wants to send the bitcoins and then decrypt by their machine. Also I wouldn't include gpg into the actually bitcoin client I would have it called out to the shell so their is a disconnect of passwords and stuff.

No it's not false.  TLS (per its name) happens at the transport layer.  It's baked into every http library in the world.  There really isn't a standard to do this for OpenPGP that anyone uses or is supported by any library.  What you're proposing requires everyone to implement an ad-hoc poorly specified made-up-just-for-bip-70 encryption scheme and shoving it into the presentation layer.

We are talking about two different things, you are saying I want to take the transport layer and wrap it in a PGP encryption which is not what i am talking about. I am talking taking a public key encrypting data so only that private key can read it. Two very different things.