./bitcoind send genjix@foo.org 0.1 #169

pull genjix wants to merge 2 commits into bitcoin:master from genjix:bitnom-rebase changing 9 files +476 −2
  1. genjix commented at 3:19 PM on April 19, 2011: none

    OK, lets try this in smaller more informative commits.

    Here's the first of a sequence of pull requests. This one only adds the ability to send to a named@server

    It expects back from the server a JSON with an address key or one with "error"/"errcode" in which case it throws an error in RPC. There is an example implementation of the server code in contrib/ns/ which can be installed.

  2. Added namelookup PHP service which does getaddress from nickname. 44d4f633bf
  3. Added send rpc command which does a lookup from hostname.foo/getaddress/?nickname=genjix
    Format:

  ./bitcoind send genjix@hostname.foo 0.1
    e6fd5ad338
  4. genjix commented at 11:21 AM on April 21, 2011: none

    12:14 < sipa> genjix: i mean even further, it should be clear that you're able to have a name-lookup service without any ability to log in on a server, fiddle with public keys, know that it uses rsa signatures, ...

    FYI there are several parts to my branch:

    • It's a simple name lookup from a webserver.*
    • An example PHP implementation that returns the addresses.
    • An RSA keypair class which supports displaying a public key in PEM format.
    • An example PHP implementation for a service which allows you to update your public key using an OpenID login (supports Facebook, Google, Yahoo, Wordpress, Launchpad .etc)
    • A name lookup update which takes your nickname+address+a timestamp in the POST request and signs it so the server can verify it's you.
    • An example PHP name lookup which allows you to set your address.
    • This latest pull request is only for this first part.
  5. jaromil commented at 11:28 AM on April 21, 2011: contributor

    more info here: http://www.bitcoin.org/smf/index.php?topic=5938.msg91331

    this patch also adds libcurl as a required library (good IMHO, and useful for more things)

  6. jgarzik commented at 12:01 PM on May 6, 2011: contributor

    I do not have any specific technical objection, but I just don't think this belongs in bitcoind. It does not seem like a feature that would be used by more than a few people, especially when considering #174 may get merged (I think it will, anyway).

  7. genjix commented at 5:16 PM on May 6, 2011: none

    Why? My branch has much more technical depth than that other one. It's also written cleaner and much easier to extend. The other branch is simply looking up an address, whereas I have signing the requests and an example server for setting your address written in PHP.

  8. cdhowie commented at 5:38 PM on May 6, 2011: contributor

    IMO there is not enough security in something like this. It suffers from the same problem that IP-based transactions do, namely that it is subject to MITM attacks. This approach is further subject to DNS poisoning attacks.

    If this is going to work securely, the request must be made over HTTPS, and the server's certificate must be verified somehow.

  9. genjix commented at 1:08 AM on May 13, 2011: none

    It's already using HTTPS.

  10. cdhowie commented at 5:36 PM on June 29, 2011: contributor

    It's already using HTTPS.

    Are you sure about that? I see this:

    string strRequestUrl = strDomain + "/getaddress/?nickname=" + pszEncodedNick;

    And strDomain does not start with https://. I don't see any curl option forcing HTTPS either.

  11. sneak commented at 12:04 AM on August 23, 2011: none

    I agree that this sort of endpoint-to-address discovery should not be in bitcoind. There are several big problems:

    1. Lack of widely-deployed DNSSEC means this is hard to secure
    2. It doesn't use SSL, and probably shouldn't use HTTP(S) at all. DNS SRV or TXT records would be better for such a scheme.
    3. The URL scheme is half-baked. "getaddress" says nothing about bitcoin and could easily conflict with other uses of a website. Again, I don't think that HTTP is the best transport for this sort of discovery.
  12. gavinandresen commented at 1:42 AM on December 1, 2011: contributor

    No consensus that this is the right way to to; I'm going to close.

  13. gavinandresen closed this on Dec 1, 2011
  14. sipa referenced this in commit 855f50ab33 on Dec 23, 2014
  15. sipa referenced this in commit 7873633b57 on Jan 5, 2015
  16. glv2 referenced this in commit d0cbc8374e on Apr 22, 2015
  17. TheBlueMatt referenced this in commit 582b2934e6 on Oct 20, 2015
  18. deadalnix referenced this in commit c5ee66a473 on Sep 18, 2016
  19. rebroad referenced this in commit 418b573acf on Dec 7, 2016
  20. deadalnix referenced this in commit cf0c48bea5 on Jan 19, 2017
  21. lateminer referenced this in commit 2e09c5ef92 on Dec 9, 2017
  22. classesjack referenced this in commit 8db551f736 on Jan 2, 2018
  23. attilaaf referenced this in commit eae46222c9 on Jan 13, 2020
  24. Losangelosgenetics referenced this in commit 032314d24c on Mar 12, 2020
  25. cryptapus referenced this in commit dce72cd2db on May 3, 2021
  26. DrahtBot locked this on Sep 8, 2021
Contributors
genjixjaromiljgarzikcdhowiesneakgavinandresen
Labels
Feature
Linked (view graph)
#25323 miniscript fuzzer failing after qa-assets update
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me