Published on: 2015-09-15T13:21:56+00:00
Luke Dashjr expressed concerns about the current signed message system in Bitcoin, stating that it is commonly used in insecure cases where it doesn't work properly. He suggested that a new method should be developed to avoid using the same key for signing transactions. Additionally, he mentioned that addresses are losing their importance due to the payment protocol, so designing an entire authentication system may be necessary. Arthur from bitcoin-fr.io proposed a URI scheme to make it easier for users to access existing tools, including the current signing process. However, Luke Dashjr cautioned against making the existing signatures even easier, as it could increase overall risk and make incompatible uses more accepted. Instead, he recommended focusing on satisfying existing use cases with a safe signature first. Regarding privacy concerns, Luke explained that the signed message only proves that the person who received payment with the address agrees to a given message/contract. It does not prove that they still have the bitcoins received. This is because the UTXO representing the bitcoins in the wallet is not associated with the address itself and can be redeemed by the wallet for unrelated transactions. While there are some good use cases for the current signed messages, they appear to be in the minority. Implementing any URI-based signing could actually make them more difficult. In September 2015, Arthur proposed the idea of a URI scheme to request or verify a signature as easily as requesting payment using a bitcoin URI scheme (BIP0021). He suggested that this could become available in most bitcoin clients that support message signing/verifying and payment URLs. To gain consensus, he proposed going through a BIP and presented his idea publicly before drafting a BIP and reference implementation. Luke Dashjr responded by suggesting that the whole signed message process needs to be rethought, as it is commonly used in insecure cases and does not work for proving ownership or sending bitcoins. He also noted that using the same key for signing transactions is not ideal. Arthur's proposal for the URI scheme aims to simplify the process of requesting and verifying signatures, similar to the BIP0021 bitcoin URI scheme for requesting payments. He suggests that it should require manual approval from the user, similar to BIP0021, and could use the same format or a different one. Bouquet plans to post a topic on the Bitcointalk forum for further discussion.
Updated on: 2023-08-01T16:06:30.601741+00:00