Author: slush 2014-04-04 14:56:25
Published on: 2014-04-04T14:56:25+00:00
The discussion revolves around the idea of using TREZOR for web authentication purposes. The suggestion is to not use bitcoin addresses directly and not encourage services to use this "login" for financial purposes. Instead, some function can be used to generate another private/public key from the bitcoin's seed/private key to avoid leaking bitcoin-related data to websites. There is a proposal for a BIP to get different wallet authors to write code for the project. However, one wallet author suggests that getting traction with a new scheme should not rely solely on different wallet authors to write lots of code for the project. The idea is leveraging the fact that everyone in Bitcoinland has a wallet and building interesting apps combining address auth and the blockchain. Some reasons why client certificates aren't more widely used are discussed. People like passwords and forgetting them, and there is little incentive to improve the UI for managing client certs in browsers because of this. Cross-device sync doesn't work well, and there is no obvious fix lurking within Bitcoin for these issues. However, there is the benefit of revocation with certificates and central authority. The suggestion is to add a simple auth protocol that people would use at no cost since they already have a wallet and a Bitcoin address.
Updated on: 2023-06-08T18:27:00.466569+00:00