Author: Pieter Wuille 2011-12-16 16:17:00
Published on: 2011-12-16T16:17:00+00:00
In an email thread about hardening protocols and usability, Rick Wesson suggests looking at the work done in the IETF and the elegance of the bitcoin protocols. He criticizes the proposals in the thread for lacking clarity and elegance and suggests rethinking the scheme if it cannot reach a similar level of sophistication. One solution proposed is using URI + bitcoin address pairs and SSL communication authenticated using the respective bitcoin pubkey. This approach would prevent spoofing of DNS servers and faking of requested private keys. However, the issue then becomes securely getting the URL + address to the client. To address this, client software could cache the address corresponding to a particular server or URL, similar to how an ssh client caches host keys and warns when they change. While this solution may not rely on a pre-trusted certificate authority and PKI, it still requires careful consideration of security measures.
Updated on: 2023-05-18T22:28:56.797711+00:00