Author: solar 2011-12-19 14:46:12
Published on: 2011-12-19T14:46:12+00:00
Laszlo, a Bitcoin developer, believes that trusting software vendors to decide who should be trusted is not a good idea. He thinks that while HTTPS and x.509 PKI certs and CAs are a good concept and technically secure, the problem arises when it comes to trusting third parties who have no relationship with you to serve your interests. He argues that internet CAs just want to sell certificates and generally abuse the certificate validity dates to charge more money. Laszlo proposes that trying to follow this paradigm in Bitcoin alias resolution is a bad idea because it tries to solve two problems at once, one of which does not have any 'good' solution, and forces a specific policy. First, we need to resolve an alias to a Bitcoin address somehow, but secondly, we need to establish trust with the entity doing the alias resolution - to make sure that we can trust the response. He suggests that having to pre-trust the resolver would be an acceptable solution for all, and those whose policy requires a simpler process can get a 3rd party CA list, much like the ones provided with web browsers and operating systems. Those with strict verification policies can choose to pre-verify every public key.Laszlo believes that the most successful standards and implementations are the ones which provide the most flexibility, primarily because that allows users to extend them in ways the original designers didn't necessarily plan for. He concludes by saying that whatever concerns are created by 'insecure' alias resolution may well be addressed in another part of the system since Bitcoin will be used as part of a larger system.
Updated on: 2023-06-04T21:57:45.670203+00:00