Author: Mike Hearn 2012-11-27 08:44:41
Published on: 2012-11-27T08:44:41+00:00
Luke-Jr, a Bitcoin Core developer, believes that the common subset of what operating systems ship is fine for him as long as people do due diligence around mobile OS. He thinks it is easier to grab a list from a popular browser because SSL is mostly used by browsers, so nobody is going to buy an SSL cert rejected by IE/Firefox/Chrome/etc. For his own clients, he would just ship his own copy of the canonical CA certs regardless because integrating with each operating system's proprietary crypto APIs require a lot of work compared to loading a pem file into OpenSSL. If there are many people who want to use the OS cert management UIs, then wallet clients can compete on this point. Luke-Jr acknowledges that X.509 has problems but it is in the proposal because it can get the effect we want (verifiable domain names in the UI) in about 50 lines of code, today, with the id-verified keys people have already bought. The proposal can be extended later with optional fields to extend the protocol in a backwards compatible way.
Updated on: 2023-06-06T08:52:25.723215+00:00