Published on: 2014-04-22T08:57:18+00:00
The development of BitID has made progress with a working wallet prototype based on Android Bitcoin Wallet. A short video demonstration is available for those interested in the user flow.By default, each new first auth request creates and saves a new address (SQRL-like), which could be based on BIP32 but works without it. This requires adding metadata to addresses as described in the link provided. The development also offers fields for decentralized 2FA as well as "pay as guest" checkout in conjunction with BIP70 payment request.In a discussion about client-side certificates, Jan Moller notes that safely storing and backing up secrets has been a challenge. He suggests using a mechanism similar to BIP32 for generating a parallel hierarchy for authentication purposes. Client side certificates have never gained popularity due to the difficulty in safely storing and backing up secrets. The use of two different mechanisms for managing secrets is not necessary. While using a Bitcoin address for authentication may link funds with identity, a mechanism for generating a hierarchy of private keys from a master seed has been agreed upon for authentication purposes.The issue of users not installing plugins was discussed in an email conversation between Mike Hearn and Jeff Garzik. Jeff warned against making generalizations as it depends on the product's value. However, he noted that based on personal observations and data from Mozilla and other browsers, most users do not install plugins except for Flash.In an email conversation between Eric Larchevêque and Jeff Garzik, they both agreed that while it is cool to do bitcoin and PGP in a client, only 0.01% of users actually install plugins.In an email thread, Troy Benjegerdes proposed using a Bitcoin address as a persistent identity key. Ricardo Filipe agrees with this idea but wonders if a multisig seed would work instead. Eric Martindale responds, cautioning that implementing such a proposal could have significant implications for the economics of cryptofinance. In a discussion thread, Troy Benjegerdes proposed the use of Bitcoin addresses as a persistent identity key, suggesting that it could become the "killer app" for Bitcoin adoption.A proposed BIP has been put forth by Eric Larchevêque as a way to authenticate users with one Bitcoin address from their wallet. Currently, services require users' Bitcoin addresses and request an email/password to store it. However, if a standard protocol is not established, it would be difficult to envision a pure Bitcoin locker rental or booking hotel rooms via Bitcoin and opening the door through the paying address.The discussion revolves around the usage of plugins for TREZOR and how it can pose a problem if people are reluctant to install them. However, the author mentions that browsers can handle the process without the need for a plugin. The main focus of the conversation is on making the sign-up and login process for Bitcoin ecosystem websites and apps more user-friendly.In an email exchange, Mike Hearn expressed concern about the use of a web plugin for TREZOR. Marek responded by stating that they saw the plugin as a temporary solution and hoped to eliminate it once there was a way to communicate with USB HID directly from the browser.The conversation revolves around the use of TREZOR for web authentication purposes. While TREZOR requires a web plugin, it is not mandatory as browsers have the capability to create private keys and upload public parts seamlessly for the user. Upgrades can be made in key management. Slush's main comments on BIP were not to use bitcoin addresses directly and not to encourage services to use "login" for financial purposes.In an email conversation between Eric Larchevêque and slush, they discuss the idea of using TREZOR for web authentication purposes. Slush suggests not to use Bitcoin addresses directly and to avoid encouraging services to use this login for financial purposes. He also advises using some function to generate another private/public key from the bitcoin seed/private key to avoid leaking bitcoin-related data to websites. In response, Eric raises the question of risks associated with using your Bitcoin address as an authentication key.The article discusses the issue of authentication on websites with Bitcoin. It questions whether a login system is necessary and argues that very few websites would want to authenticate with only a Bitcoin address, as there would be no way to email the user or retrieve data if the wallet is lost. However, having a standard protocol for authentication could lead to new use cases such as physical locker rental or booking hotel rooms via Bitcoin. The author acknowledges potential issues with shared transactions and losing phones but believes that leveraging existing tools such as client certificates could help overcome these challenges.In an email conversation, Mike Hearn expresses doubt that Bitcoin addresses can replace passwords as a means of authentication. Lombrozo acknowledges the objections but mentions having at least two enthusiastic wallets interested in implementing the protocol.
Updated on: 2023-08-01T08:34:04.741406+00:00