1 2015-02-21 01:12:27 <fanquake> ;;blocks
  2 2015-02-21 01:12:28 <gribble> 344449
  3 2015-02-21 02:34:41 <Heart^KilleR> I want to buy bitcoins is there anyone can help me? I have never bought them before, i want to buy bitcoins so i can pay for this service i want to use online, unfortunately they only accept bitcoins :(
  4 2015-02-21 02:35:58 <fanquake> Heart^KilleR off topic here, try #bitcoin or #bitcoin-otc
  5 2015-02-21 03:03:16 <jtimon> cfields #5812
  6 2015-02-21 04:37:44 <Luke-Jr> petertodd: poke ☺
  7 2015-02-21 04:46:53 <aliasaila_> "The seed is used after 100,000 rounds of SHA256" - https://en.bitcoin.it/wiki/Deterministic_wallet#Type_2_hierarchical_deterministic_wallet
  8 2015-02-21 04:46:57 <aliasaila_> is that correct?
  9 2015-02-21 04:47:19 <aliasaila_> bip32.org says 50,000 rounds
 10 2015-02-21 05:00:49 <Luke-Jr> aliasaila_: BIP 39 appears to specify 2048, unless I'm reading it wrong ("The iteration count is set to 2048")
 11 2015-02-21 05:02:48 <Luke-Jr> aliasaila_: in any case, using human-chosen passphrases is stupid and almost guaranteed to be compromised
 12 2015-02-21 05:04:50 <gmaxwell> I don't recommend BIP39 generally (in particular, that iteration count is basically snake-oil low, but the authors couldn't be talked out of it)
 13 2015-02-21 05:05:12 <gmaxwell> might be worth mentioning that one of the authors of the document also disagreed with it and asked for his name to be removed.
 14 2015-02-21 11:25:27 <robbak> Does anyone have a use case for using both the daemon and the gui on the same system?
 15 2015-02-21 11:31:01 <ciemon> robbak: short term node runner here, I've wanted to do that in the past, but only to get a better understanding of connected users.
 16 2015-02-21 11:31:28 <ciemon> ie connections in in comparison to connections out.
 17 2015-02-21 11:57:58 <robbak> Where do most packagers put the bitcoin-cli and bitcon-tx tools? Are they bundled with the daemon, the gui or in a separtae package? What do they call it?
 18 2015-02-21 11:58:30 <koobs> o/~
 19 2015-02-21 11:59:24 <koobs> robbak: fedora has 'bitcoin' (provides QT gui) and bitcoin-server, and bitcoin-cli
 20 2015-02-21 11:59:42 <koobs> I lie, bitcoin-utils (provides -cli and -tx)
 21 2015-02-21 12:00:11 <koobs> robbak: consensus library comes with bicoin-devel (which we dont do in freebsd)
 22 2015-02-21 12:15:29 <mnmx> hi, building 0.10.0 form official source relase, it looks like autogen.sh is missing in de source
 23 2015-02-21 12:18:05 <fanquake> mnmx Yes, there’s an issue open https://github.com/bitcoin/bitcoin/issues/4997
 24 2015-02-21 12:19:06 <mnmx> is there a way to build it without it?
 25 2015-02-21 12:20:30 <mnmx> so far it was always included...
 26 2015-02-21 12:20:54 <mnmx> fanquake: anyway thanks for the link
 27 2015-02-21 12:53:14 <koobs> mnmx: tried using autoreconf ?
 28 2015-02-21 16:31:03 <Luke-Jr> petertodd: so rbf appears to be a clean merge with my patchset already, including cpfp - is that expected? I guess you're doing cpfp in a different part of rbf? O.o
 29 2015-02-21 16:44:05 <Luke-Jr> petertodd: when you're around: assuming no changes are needed to improve merging with ljrP, do you plan to support merging with Bitcoin XT any time soon? (if not within a few days, I'm going to go ahead and simply make XT and RBF incompatible options in Gentoo for the initial package)
 30 2015-02-21 18:14:38 <instagibbs> for gitian build, I'm trying to follow the guide, but the link to the prescribed debian iso is down. is 7.8 fine?
 31 2015-02-21 18:18:17 <instagibbs> fwiw I dropped an issue on github for this issue
 32 2015-02-21 18:27:13 <Luke-Jr> instagibbs: 7.8 should be fine
 33 2015-02-21 18:27:31 <earlz> So, which one is faster at ecsda signing and verification. libsecp256k or openssl?
 34 2015-02-21 18:27:47 <Luke-Jr> earlz: libsecp256k1 for sure
 35 2015-02-21 18:28:18 <earlz> like significantly faster? h
 36 2015-02-21 18:28:26 <instagibbs> yes
 37 2015-02-21 18:28:43 <instagibbs> pwuille(sp?) benchmarked recently. he said wihtout fancy optimizations, 3.6x faster
 38 2015-02-21 18:28:58 <instagibbs> with handcoded assembly 4.9x
 39 2015-02-21 18:29:35 <earlz> is there handcoded assembly in it? I haven't really looked into it much beyond the header file
 40 2015-02-21 18:30:09 <Luke-Jr> yes
 41 2015-02-21 18:34:00 <Luke-Jr> cfields: why can't I PR direct to the trivial branch?
 42 2015-02-21 18:37:22 <cfields> Luke-Jr: you can. theuni/trivial-next
 43 2015-02-21 18:37:33 <Luke-Jr> cfields: theuni is not an option for a PR
 44 2015-02-21 18:37:53 <cfields> Luke-Jr: should be. others have done it ok
 45 2015-02-21 18:38:19 <Luke-Jr> weird
 46 2015-02-21 19:05:38 <instagibbs> cfields: is there any way I could have reasonably found the pull request before submitting my own issue? I don't know the order/importance of various branches, etc
 47 2015-02-21 19:06:54 <cfields> instagibbs: not really. I'm starting to doubt whether trivial is going to end up being useful. By nature, not as much time is invested in them.
 48 2015-02-21 19:08:14 <grim21> does anyone know if there are plans to integrate BIP0032 into Bitcoin Core?
 49 2015-02-21 19:09:15 <instagibbs> no current plans, afaik.
 50 2015-02-21 19:10:17 <grim21> instagibbs: thanks for your response
 51 2015-02-21 19:10:41 <instagibbs> np. I think the main thrust right now is to separate consensus/wallet code
 52 2015-02-21 19:10:50 <instagibbs> afterwards maybe?
 53 2015-02-21 20:00:18 <Luke-Jr> instagibbs: I would assume jonasschnelli's wallet would be BIP32 from the start?
 54 2015-02-21 20:01:13 <instagibbs> I had to google the name; aka not sure :) which wallet is he working on?
 55 2015-02-21 20:10:47 <harding> instagibbs: jonasschnelli is rewriting the Bitcoin Core wallet.
 56 2015-02-21 20:11:17 <instagibbs> ah, then I assume it will?
 57 2015-02-21 20:11:28 <instagibbs> seems like a waste not to
 58 2015-02-21 20:13:10 <instagibbs> is it in a public repo yet?
 59 2015-02-21 20:19:51 <harding> instagibbs: I think he's working on it patch by patch https://github.com/bitcoin/bitcoin/pulls/jonasschnelli
 60 2015-02-21 21:03:08 <sipa> instagibbs: pwuille is correctly spelled :)
 61 2015-02-21 21:08:11 <instagibbs> just means im stalking devs too much
 62 2015-02-21 21:08:28 <sipa> at least if you're referring to my reddit name...
 63 2015-02-21 21:10:37 <instagibbs> that was the attempt
 64 2015-02-21 21:10:53 <instagibbs> since it was in that context
 65 2015-02-21 21:16:15 <Genitrust> heya gmaxwell
 66 2015-02-21 21:17:18 <Genitrust> glad to see BIPs look a bit like PEPs :D
 67 2015-02-21 21:17:33 <sipa> they're inspired by the,
 68 2015-02-21 21:17:47 <Genitrust> by theeeeeee
 69 2015-02-21 21:18:01 <sipa> by them
 70 2015-02-21 21:18:04 <rgenito_> ok i iz now rgenito
 71 2015-02-21 21:18:08 <afk11> ls
 72 2015-02-21 21:18:17 <rgenito_> i'm a big fan of python sooo yez
 73 2015-02-21 21:18:20 <afk11> woops :)
 74 2015-02-21 21:18:54 <rgenito_> i'm looking to write up a bip
 75 2015-02-21 21:18:59 <rgenito_> says to talk with community first
 76 2015-02-21 21:19:05 <sipa> rgenito_: about what?
 77 2015-02-21 21:19:23 <rgenito_> i haven't seen a bip for this, though Luke-Jr said it existed , so maybe an addition
 78 2015-02-21 21:19:40 <rgenito_> sipa to solve people having to constantly copy/paste bitcoin addresses to websites
 79 2015-02-21 21:19:46 <rgenito_> or to apps
 80 2015-02-21 21:19:47 <sipa> payment protocol exists
 81 2015-02-21 21:19:51 <sipa> BIP 70-73
 82 2015-02-21 21:19:53 <rgenito_> not as a payment protocol
 83 2015-02-21 21:19:59 <sipa> read those first, still
 84 2015-02-21 21:20:00 <rgenito_> i'm familiar with those pips
 85 2015-02-21 21:20:03 <rgenito_> and i've read them
 86 2015-02-21 21:20:08 <sipa> then what's the point?
 87 2015-02-21 21:20:45 <rgenito_> sipa can you think of an app where it asks you to input your bitcoin address so you can withdraw or have bitcoin sent to you?
 88 2015-02-21 21:21:09 <sipa> yes, and with the payment protocol that shouldn't be necessary anymore
 89 2015-02-21 21:21:26 <rgenito_> so, how do you give that app your bitcoin address?
 90 2015-02-21 21:21:32 <sipa> you don't
 91 2015-02-21 21:21:46 <rgenito_> ok good :)
 92 2015-02-21 21:21:50 <rgenito_> how does that app get your bitcoin address?
 93 2015-02-21 21:22:06 <sipa> it uses the payment protocol
 94 2015-02-21 21:22:07 <sipa> please
 95 2015-02-21 21:22:26 <rgenito_> i feel you're wasting your time with "it uses the payment protocol"
 96 2015-02-21 21:22:34 <rgenito_> now unless you're just buying time to read the BIPs again yourself...
 97 2015-02-21 21:22:41 <sipa> lol
 98 2015-02-21 21:22:44 <rgenito_> ...what item from the bip would you use?
 99 2015-02-21 21:22:44 <sipa> i'm very familiar with them
100 2015-02-21 21:22:50 <sipa> the whole thing
101 2015-02-21 21:22:55 <sipa> #bitcoin please
102 2015-02-21 21:23:11 <rgenito_> then there's either 1) something obvious i'm not seeing, or 2) you're misunderstanding the use case
103 2015-02-21 21:23:36 <ciemon> Luke-Jr: thanks for the prompt about a second file to update when adding a Debian man page, it's bitcoind.manpages and I'll update that if my pull request is accepted.
104 2015-02-21 21:23:38 <ThomasV> the payment protocol is well designed for websites requesting payments, because they can sign requests. For end users it's a bit more complicated to produce a signed requests
105 2015-02-21 21:23:48 <sipa> ThomasV: they can be unsigned
106 2015-02-21 21:23:56 <rgenito_> ThomasV: yes, and this isn't about a website requesting payments
107 2015-02-21 21:23:58 <ThomasV> sure
108 2015-02-21 21:24:20 <sipa> ThomasV: and yes, there are weaknesses for the payment protocol wrt end users
109 2015-02-21 21:24:25 <sipa> but let's fix those
110 2015-02-21 21:24:29 <sipa> there are several good ideas
111 2015-02-21 21:24:32 <ThomasV> rgenito: can you get straight to the point and explain what's in your bip?
112 2015-02-21 21:24:40 <rgenito_> ThomasV: yes, can you read what i wrote above?
113 2015-02-21 21:24:45 <Luke-Jr> ciemon: it should be updated in the same PR. just commit --amend and force-push
114 2015-02-21 21:24:55 <rgenito_> actually i'll just copy/paste it for ya, i think that'd be easier
115 2015-02-21 21:25:11 <rgenito_>  to solve people having to constantly copy/paste bitcoin addresses to websites
116 2015-02-21 21:25:22 <rgenito_> if this bip already exists, i want to use it.
117 2015-02-21 21:25:22 <sipa> ... that's exactly what the payment protocol solves
118 2015-02-21 21:25:27 <ThomasV> rgenito: I read what you wrote, it's not a concrete proposal
119 2015-02-21 21:25:31 <sipa> it gets rid of the concept of bitcoin addresses entirely
120 2015-02-21 21:25:34 <rgenito_> sipa yes, and if that's the case, i'm trying to figure that out
121 2015-02-21 21:25:45 <rgenito_> ThomasV: ahh ok, thank you for your patience with me :)
122 2015-02-21 21:26:00 <sipa> please, you'll waste more time trying to explain people here that that's not what the payment protocol does
123 2015-02-21 21:26:59 <rgenito_> so then, what functionality can i use to have my app (on iOS) ask whatever iOS app is installed for the user's bitcoin address?
124 2015-02-21 21:27:18 <sipa> there should not be such a thing as 'the user's bitcoin address'
125 2015-02-21 21:27:25 <Luke-Jr> rgenito_: the point is that bitcoin addresses are deprecated
126 2015-02-21 21:27:31 <rgenito_> ^--- sipa , ThomasV ... any input would be greatly appreciated. i apologize if i need to actually be pointed to the correct line
127 2015-02-21 21:27:33 <sipa> ah, you mean to communicate with a local wallet?
128 2015-02-21 21:27:50 <sipa> on a mobile phone
129 2015-02-21 21:27:54 <rgenito_> yup.
130 2015-02-21 21:27:57 <ThomasV> rgenito: I believe bip70 is not sufficient and should be extended
131 2015-02-21 21:28:08 <sipa> that's indeed a different use case, and pretty hard to do
132 2015-02-21 21:28:11 <rgenito_> sipa or communicate with a website and a local wallet.
133 2015-02-21 21:28:22 <sipa> with a website, the payment protocol could be used
134 2015-02-21 21:28:31 <rgenito_> sipa really? i pretty much wrote how our software will do it. it's simple, but i dont know about "security" simple
135 2015-02-21 21:28:33 <sipa> (you'd enter the url of your wallet)
136 2015-02-21 21:28:39 <rgenito_> :: listening ::
137 2015-02-21 21:28:46 <Luke-Jr> sipa: I think rgenito needs some way for a wallet to send a payment request to a website, rather than vice-versa
138 2015-02-21 21:29:01 <sipa> rgenito_: who is sending the money, the website or the app?
139 2015-02-21 21:29:19 <rgenito_> Luke-Jr: maybe. i HAVE a way for the app to respond to the "give me your bitcoin address" request
140 2015-02-21 21:29:28 <rgenito_> but if this already exists, i'd rather follow it on the BIP
141 2015-02-21 21:29:33 <ThomasV> sipa: he's atlking abour a website sending coins to an end user
142 2015-02-21 21:29:35 <rgenito_> sipa no one is sending $$
143 2015-02-21 21:29:38 <rgenito_> no one is sending bitcoin
144 2015-02-21 21:29:40 <rgenito_> yet.
145 2015-02-21 21:29:43 <sipa> ?
146 2015-02-21 21:29:48 <ThomasV> lol
147 2015-02-21 21:29:50 <sipa> then why do you need a bitcoin address?
148 2015-02-21 21:29:54 <rgenito_> ThomasV: yes, so should the user want to withdraw bitcoin
149 2015-02-21 21:29:57 <Luke-Jr> ACTION facepalms
150 2015-02-21 21:30:00 <rgenito_> sipa i just wanted to be clear
151 2015-02-21 21:30:34 <rgenito_> i just wanted to be clear that this is strictly to obtain a bitcoin wallet address without the user copy/pasting into the web app (to communicate with the web app the end user's own bitcoin address)
152 2015-02-21 21:30:39 <rgenito_> or for app to app
153 2015-02-21 21:31:06 <ThomasV> rgenito: what you want is a secure way for a wallet user to authenticate a payment request. how they send it is of secondary importance
154 2015-02-21 21:31:25 <rgenito_> Luke-Jr: just caught your input "bitcoin addresses are deprecated". interesting...and sweet :D
155 2015-02-21 21:31:26 <Luke-Jr> rgenito_: there never has been "a bitcoin wallet address". there was an address for each individual transaction. that is being replaced with a "payment request".
156 2015-02-21 21:31:39 <rgenito_> Luke-Jr: yes i know but what else am i gunna call it??? :P
157 2015-02-21 21:31:52 <rgenito_> interesting
158 2015-02-21 21:32:07 <rgenito_> sweeet, this is exciting.
159 2015-02-21 21:32:08 <Luke-Jr> so unless someone needs to send bitcoins, there is no need for either
160 2015-02-21 21:32:18 <Luke-Jr> s/unless/until
161 2015-02-21 21:32:43 <Luke-Jr> user->website is already supported today by major wallet software
162 2015-02-21 21:32:53 <Luke-Jr> website->user is not AFAIK
163 2015-02-21 21:33:09 <Luke-Jr> BUT the specs for website->user mostly all exist I think
164 2015-02-21 21:33:18 <rgenito_> ya
165 2015-02-21 21:33:37 <rgenito_> let's assume user->website is the same as user->app
166 2015-02-21 21:33:48 <Luke-Jr> uh?
167 2015-02-21 21:34:18 <rgenito_> if website->website (app->app) ... i believe this is what i'm talking about
168 2015-02-21 21:35:17 <rgenito_> i'm making a way (or looking to use the BIP, or looking to write the BIP), for an app/website to ask the local wallet where to send bitcoin.
169 2015-02-21 21:36:10 <rgenito_> there's your BIP with bitcoin:// , which i'm looking to extend using x-callback-url
170 2015-02-21 21:36:17 <rgenito_> http://x-callback-url.com/
171 2015-02-21 21:36:52 <rgenito_> that way the local wallet can communicate and tell the other app (or website) where to remit payment to so the user gets paid, receives their bitcoin, etc, however you want to call it
172 2015-02-21 21:37:22 <rgenito_> sipa's quiet...
173 2015-02-21 21:37:38 <rgenito_> aww he's gone ;(
174 2015-02-21 21:38:33 <rgenito_> Luke-Jr: for example, for an iOS app to fetch the "payment address" of the end user from the local iOS bitcoin wallet installed
175 2015-02-21 21:38:51 <Luke-Jr> rgenito_: there is no "the payment address", ever
176 2015-02-21 21:39:15 <Luke-Jr> rgenito_: if the app wishes to pay the local wallet immediately, it could in theory ask it for a payment request, and respond with a payment
177 2015-02-21 21:39:29 <rgenito_> Luke-Jr: bitcoin://x-callback-url/paymentaddress?x-success=myapp://paymentaddress?address=whatever
178 2015-02-21 21:39:38 <Luke-Jr> I don't think there is any standard for establishing that communication channel at this time
179 2015-02-21 21:39:54 <rgenito_> i see
180 2015-02-21 21:40:39 <rgenito_> so let's say we were using the URL i put above: in that case, the local wallet app would create the payment request, and then send the information for that payment request back to the app that called the bitcoin:// protocol ?
181 2015-02-21 21:40:57 <ThomasV> rgenito: the communication channel is not really the problem. the real issue is authentication.
182 2015-02-21 21:41:01 <rgenito_> instead of the local wallet app responding with a bitcoin address , it responds with the payment request?
183 2015-02-21 21:41:25 <rgenito_> ThomasV: i understand. that's what i've been trying to get to this whole time
184 2015-02-21 21:41:40 <Luke-Jr> I would discourage doing something based on x-callback-url.com, as it looks braindead
185 2015-02-21 21:42:04 <ThomasV> rgenito: maybe you should have a look at openalias.org
186 2015-02-21 21:42:25 <rgenito_> Luke-Jr: i'm sure you have a much better reason other than "it looks braindead" :) maybe another time when it's not the weekend and time to rest :D
187 2015-02-21 21:42:40 <rgenito_> ThomasV: i've seen it =\
188 2015-02-21 21:42:52 <Luke-Jr> it's totally contrary to what URIs are specified to be used
189 2015-02-21 21:43:45 <rgenito_> openalias.org might be a good solution, but with tools not existing today, it could be a problem.
190 2015-02-21 21:44:48 <rgenito_> Luke-Jr: i wouldn't say it's totally contrary ... you could say URIs are just for communicating.
191 2015-02-21 21:45:13 <Luke-Jr> rgenito_: except you'd be wrong
192 2015-02-21 21:45:23 <rgenito_> technically, yes.
193 2015-02-21 21:45:27 <Luke-Jr> Uniform Resource Identifiers are not for communicating at all
194 2015-02-21 21:45:44 <rgenito_> Luke-Jr: you're wasting your time telling me what a URI is.
195 2015-02-21 21:45:51 <rgenito_> i know it as well as you do.
196 2015-02-21 21:46:04 <Luke-Jr> ACTION stops wasting his time.
197 2015-02-21 21:46:11 <ThomasV> ACTION too
198 2015-02-21 21:46:17 <rgenito_> i just disagree that something like x-callback-url is completely contrary to their "specifications" (if you have those anywhere
199 2015-02-21 21:46:38 <rgenito_> Luke-Jr: i'm not wasting your time, unless i somehow control you :D
200 2015-02-21 21:46:55 <rgenito_> anyways
201 2015-02-21 21:47:08 <rgenito_> i really appreciate all of your feedback! :)
202 2015-02-21 21:47:18 <rgenito_> to me it sounds like the solution for this doesn't exist today
203 2015-02-21 21:47:46 <rgenito_> Luke-Jr: ThomasV, if I am wrong by that assumption from this conversation, please let me know that i am confused.
204 2015-02-21 21:47:56 <rgenito_> thx
205 2015-02-21 21:48:44 <rgenito_> ThomasV: i'll be over in #electrum :)
206 2015-02-21 21:48:44 <ThomasV> rgenito: I agree that there is no satisfactory solution today
207 2015-02-21 21:48:58 <rgenito_> thx ThomasV
208 2015-02-21 21:49:18 <rgenito_> and i'm not trying to make a satisfactory solution.
209 2015-02-21 21:49:27 <rgenito_> just saying.
210 2015-02-21 21:49:35 <rgenito_> i think we can all come up with one
211 2015-02-21 21:49:59 <ThomasV> IMO it's not because of a missing communication channel. solving that part is trivial
212 2015-02-21 21:50:36 <rgenito_> what is it then? the security and reliability of that bitcoin address?
213 2015-02-21 21:50:42 <ThomasV> yes
214 2015-02-21 21:50:47 <rgenito_> i agree
215 2015-02-21 21:50:50 <rgenito_> however, i just realized....
216 2015-02-21 21:50:57 <rgenito_> um, you're trusting that your bitcoin wallet doesn't rob you. period.
217 2015-02-21 21:51:07 <rgenito_> soooooo, is that security really necessary?
218 2015-02-21 21:51:20 <rgenito_> the app can just ask you, "are you sure you want to give your payment details to this company?"
219 2015-02-21 21:51:27 <rgenito_> and user inputs pin or touch id or whichever
220 2015-02-21 21:51:41 <rgenito_> are you suggesting a different security weakness?
221 2015-02-21 21:52:40 <ThomasV> if you replace a bitcoin address by an alias or an URI, or whatever else, you run the risk of MITM
222 2015-02-21 21:53:34 <ThomasV> someone else than the legitimate payee can intercept the message and write his own bitcoin address in place of yours
223 2015-02-21 21:54:44 <rgenito_> if that were the case, this app would likely be altering the clipboard as well, eh? =\
224 2015-02-21 21:54:53 <ThomasV> bip70 payment requests can be signed with the ssl key of the website that sends them
225 2015-02-21 21:55:01 <rgenito_> i'm not a security analyst sooo, ya
226 2015-02-21 21:55:36 <rgenito_> ya
227 2015-02-21 21:56:12 <ThomasV> well, I'm just telling you that bitcoin addresses are used, instead of something else, because they are more secure
228 2015-02-21 21:56:26 <rgenito_> i'll talk with a security analyst about MITM-ing something like that x-callback-url, or what needs to be done as far as security
229 2015-02-21 21:57:16 <rgenito_> ThomasV: ahh, i didn't think that for bitcoin addresses.
230 2015-02-21 21:57:26 <rgenito_> surprised Luke-Jr isn't here to correct you on that ;)
231 2015-02-21 21:57:31 <rgenito_> or hasn't already
232 2015-02-21 21:57:56 <rgenito_> hehe sorry Luke-Jr, just wanted to poke :D you know i love you man.
233 2015-02-21 21:58:05 <Luke-Jr> ThomasV: if the wallet and third-party app are on the same phone, I'm not sure there's a security issue for the wallet end
234 2015-02-21 21:58:20 <rgenito_> man, maybe i can get Devin in here?
235 2015-02-21 21:58:29 <rgenito_> 1 sec. he can talk all about this as far as security is concerned
236 2015-02-21 21:58:58 <Luke-Jr> ThomasV: bitcoin addresses can be MITM'd just as well O.o
237 2015-02-21 21:59:16 <ThomasV> Luke-Jr: how do you mean?
238 2015-02-21 21:59:31 <Luke-Jr> ThomasV: if you can change the payment request, you can change an address too
239 2015-02-21 21:59:52 <ThomasV> Luke-Jr: that's why PRs should be signed
240 2015-02-21 22:01:25 <Luke-Jr> ThomasV: point is that addresses are never more secure than payment requests
241 2015-02-21 22:01:36 <gmaxwell> ThomasV: I think luke is pointing out that a payment request cannot be less secure.  If a PR URI could be subsituted, then an address communicated in the same place could to too.  (though perhaps there is not enough binding between the URI and the payment request; I stopped paying attention to the payment request path after it made the N-th decision I disagreed with)
242 2015-02-21 22:02:41 <ThomasV> gmaxwell: what decision was that?
243 2015-02-21 22:02:53 <rgenito_> back
244 2015-02-21 22:03:06 <rgenito_> Luke-Jr: that makes sense
245 2015-02-21 22:03:33 <ThomasV> gmaxwell: what decisions were that? (plural)
246 2015-02-21 22:03:42 <rgenito_> Luke-Jr: for the "call back url", unless i find a way for apps to sign and trust those with each other..... the x-callback-url option wont work :)
247 2015-02-21 22:04:45 <rgenito_> gmaxwell: i'm trying to propose something (for a talk later), and items with BIP70-73, bitcoin:// URIs, and MITM came up :D
248 2015-02-21 22:05:20 <rgenito_> ThomasV: i talked with our security analyst , tried to get him in here, but he's in san fran downtown with his love for some late lunch =[
249 2015-02-21 22:05:26 <gmaxwell> ThomasV: I'm not very happy with the fact that you're not guareteed to get the response back directly, or can't even force it on a request by request basis.. so you can't count on it to get refund addresses. Plus a bunch of minutia; Not super happy with the rather beefy protobuf dependency.
250 2015-02-21 22:06:33 <rgenito_> in a nutshell he stated that bitcoin addresses and a x-callback-url between apps can equally be MITM
251 2015-02-21 22:06:40 <rgenito_> and that SSL is a joke and he hates it.
252 2015-02-21 22:06:50 <rgenito_> (but the best thing we commoners have)
253 2015-02-21 22:07:04 <rgenito_> ok the "he hates it" part i added for dramatic effect.
254 2015-02-21 22:07:32 <gmaxwell> Sure, SSL is a joke but if your solution to a problem begins with 'first replace SSL in the world' thats a sign you need to rethink the scope of your solution. :)
255 2015-02-21 22:07:46 <rgenito_> hehe, ya:)
256 2015-02-21 22:08:19 <rgenito_> gmaxwell: btw, everything we discussed here since 16:18 EST i will be going to you with about a BIP :D
257 2015-02-21 22:10:06 <gmaxwell> Don't hit me up about a BIP first, hit up bitcoin-development.  I am not the BIP approver, I just assign numbers to things which have been publically discussed.
258 2015-02-21 22:11:28 <phantomcircuit> gmaxwell, unless of course you're writing TLS v ... 4?
259 2015-02-21 22:11:34 <rgenito_> ahh my bad, i assumed by "bitcoin-dev" they meant this IRC channel. i was wondering about that
260 2015-02-21 22:12:26 <gmaxwell> ah no, the mailing list, bitcoin-development  though the IRC channel is also useful. When you make a post on bitcoin development feel free to link the discussion here, and also comment here and nag people to your thread.
261 2015-02-21 22:12:55 <rgenito_> ooooh bitcoin-development on bitcoin talk?
262 2015-02-21 22:13:21 <ThomasV> rgenito: https://lists.sourceforge.net/lists/listinfo/bitcoin-development
263 2015-02-21 22:13:50 <gmaxwell> Seemingly we need to make this more clear. :) oops.
264 2015-02-21 22:14:02 <rgenito_> gmaxwell: ya :D
265 2015-02-21 22:14:40 <rgenito_> it's just not a very pleasant experience when (due to something not being clear) you end up being criticized for it
266 2015-02-21 22:14:56 <rgenito_> so in cases like this i really appreciate gmaxwell, Luke-Jr, and ThomasV patience and kindness
267 2015-02-21 22:15:22 <rgenito_> really everyone here. communication is just hard about these things @.@
268 2015-02-21 22:15:38 <rgenito_> gmaxwell: can i freely send PR requests for clarity on the BIPs?
269 2015-02-21 22:15:44 <ThomasV> gmaxwell: how could you force a response? I don't understand that part
270 2015-02-21 22:16:14 <rgenito_> i often find typos or things that should really be cleared up (or items that are potentially ambiguous) that i really want to edit....
271 2015-02-21 22:16:27 <gmaxwell> rgenito_: yes, you can open PRs.
272 2015-02-21 22:16:39 <rgenito_> i figured, just haven't done it yet. i finally cloned the bips today
273 2015-02-21 22:16:44 <gmaxwell> ThomasV: If nothing else, you can specify it and refuse to accept payment otherwise.
274 2015-02-21 22:17:26 <ThomasV> gmaxwell: why was this idea rejected?
275 2015-02-21 22:20:35 <gmaxwell> I don't know / recall.
276 2015-02-21 22:22:31 <ThomasV> it would be difficult to refuse a payment once you have sent a PR.. I guess you should request the refund address before you send the PR
277 2015-02-21 22:23:28 <Luke-Jr> ThomasV: not difficult at all. you just never look for transactions with that key until it's been completed.
278 2015-02-21 22:23:39 <Luke-Jr> if the other party throws their money away, that's not your problem
279 2015-02-21 22:25:19 <phantomcircuit> huh i never noticed that before
280 2015-02-21 22:25:27 <phantomcircuit> the getbalance rpc call ignore minconf
281 2015-02-21 22:25:51 <phantomcircuit> guessing that's not right