URI scheme for signing and verifying messages

Summary:

Luke Dashjr expressed his concern about the need to rethink the current signed message process in Bitcoin. He believes that most of its common uses are insecure and not working properly, especially in proving ownership or sending bitcoins. He also suggested that a new method should be designed to avoid using the same key for signing transactions. Furthermore, as addresses are losing their importance due to the payment protocol, it may be necessary to design an entire authentication system, which could be complex. Arthur from bitcoin-fr.io proposed giving users easier access to existing tools, including the current signing process, even though it is not perfect. However, Luke Dashjr cautioned that making the existing signatures even easier could increase overall risk by causing incompatible uses to become more accepted. Instead, he recommended satisfying existing use cases with a safe signature first.Regarding privacy concerns, Luke explained that the signed message proves that the person who receives payment with the address agrees to a given message/contract. It is best practice for web wallet providers to allow users to sign messages with their deposit addresses. However, such a signature does not prove that the user presently still has the bitcoins received as the UTXO representing the bitcoins in the wallet is not associated with the address itself. Additionally, the UTXO can be redeemed at a low-level by the wallet when an entirely unrelated user is sending a transaction, making it possible for the original recipient of the bitcoins to sign a message even though they have nothing to do with nor any right to the goods/services purchased with the transaction redeeming that UTXO.Although there are some good use cases for the current signed messages, they appear to be a minority. Implementing any URI-based signing would actually make them more difficult as well, since it is additional code on the requester's part.

Updated on: 2023-06-10T22:26:46.571331+00:00