Naphex: :))
Naphex: and most likely use adobe with x509 to sign/encrypt send pdf documents
Naphex: so thats what your gov id will be
Naphex: you gotta have that certificate imported and loaded to log in
Naphex: but it will most likely use x509 certificates, and "ssl authentication"
Naphex: well it will have specs attached
Naphex: and ofcourse all platforms are shitty, expensive, horrible
Naphex: thats how they do all gov eauctions everywhere
Naphex: probably
Naphex: <+mircea_popescu> Naphex so they're going to pay anoither 50 bn or w/e obamacare.com cost, to have someone make them a https site ?
Naphex: they are going for x509 certificates
Naphex: hehe prolly
Naphex: http://www.zerohedge.com/news/2014-05-03/obama-administration-launches-plan-make-internet-id-reality
Naphex: just rebooting servers trolol
Naphex: what is it with people not securing their bootloader and datacenters
Naphex: so localbitcoins got bit?;o
Naphex: morning
Naphex: and show that?:p
Naphex: to have I love MP:)
Naphex: can't he just pay cam girls
Naphex: Q:
Naphex: then they can draw up a contract, or use simple preset drafts
Naphex: where a buyer specifies specs, providers can start a relation and do proposal and try too reach agreement
Naphex: well you could do some hippy stuff, and stack it in a form of relationship.
Naphex: or just any way for users to aggree on contracts w/ dispute reso after
Naphex: would users bid on projects to win them, or project lists?
Naphex: but for example, for software development
Naphex: better rating to rapidly asses performance
Naphex: then you can host whatever services
Naphex: escrow and some sort of mediation / dispute resolution
Naphex: to do it in mp's style i'd have gpg contracts, and wot-like rating
Naphex: mircea_popescu:i want to have a services market, as integral part of bitcoin. <<< one would be very nice
Naphex: damn server splits
Naphex: i just got ident'd :p
Naphex: ;;ident
Naphex: /last mpif
Naphex: whom?
Naphex: hehe
Naphex: not drunk enough, drink
Naphex: you thirsty, drink
Naphex: just drink
Naphex: i never understood drinking games
Naphex: eevening
Naphex: gn o/
Naphex: thats the joke ;]
Naphex: strlen for hashing functions
Naphex: lol
Naphex: well, better sleep then stay all night optimizing dumdum raid arrays with ssd's
Naphex: daybyter: try intelij maybe, or not an ide :]
Naphex: plus i'd also wager that java profiling/analyzing/debugging tools are some of the best around
Naphex: boost c++ == java runtime for C++ :)
Naphex: so do bitcoin devs
Naphex: so yeah
Naphex: i wouldn't do GUI/servlets/ or webdev in java
Naphex: nah - i'm full
Naphex: you have static code, very good nio stack, and nice threading
Naphex: boost c++ / python(or the realtime variants) / whatever
Naphex: i'd rather do scalable server backends, with nio in java then anything other
Naphex: standalone java, ftw, and backends and such
Naphex: and servlets and ee sucks ass
Naphex: i wouldn't do webapp dev in java tough
Naphex: is a blessing
Naphex: at that point having IDE's with autocomplete, context lookup and refactoring
Naphex: like public transportation dispatches
Naphex: it's huge.
Naphex: you guys should see enterprise software
Naphex: oh man
Naphex: don't trash, and you won't have gc problems
Naphex: you're suposed to do quality code
Naphex: thestringpuller: not that many problems with gc if you don't trash like an asshole
Naphex: its just a jar
Naphex: you can have that api layer as clean as you want
Naphex: great if you know how to use it, when and where
Naphex: java is a good tool
Naphex: evening
Naphex: makes coding look like abstract art
Naphex: so easy to understand, and see what's going on ;]
Naphex: the syntax in lisp is just brilliant
Naphex: morning, fluff`, did you check out my working example for addresses? complete with dnssec, and server pubkey?
Naphex: morning
Naphex: morning
Naphex: like never before
Naphex: https://www.youtube.com/watch?v=wqDaZsgR5zg 200$ and you get to crack the egg
Naphex: now i know where all the bad looks come from, ever since i bought a new car
Naphex: total bullshit
Naphex: Owner? - sounds like SS did a bad job;]
Naphex: lol
Naphex: but if you get a shitty response, or at mitm'd something should be displayed
Naphex: lol not at all
Naphex: type the name instead of the address, color that input bar on the security of the answer
Naphex: color codes - for clients that maybe want to implement name2address resolve
Naphex: yellow for whatever, and other color codes
Naphex: green - for full check, approved key
Naphex: and the datavalidates, it can easily show green on a client
Naphex: and you keep your own dns, your own zonefile
Naphex: i.e if you an send to deposits.mpex.co
Naphex: just meant to be viable
Naphex: and now they can just get it from bitcoin-assets log
Naphex: addresses.btcxchange.ro has DNSKEY record 257 3 13 hTj/xt+OErAHwCrCY7LKmkO9HhS4RG9c4yW2gowo8I2dwCGRkpbLE1b6 BJrA+4TGJcbdKfFWoT7dpK/zJPzgIg==
Naphex: 1 way, # host -t dnskey addresses.btcxchange.ro
Naphex: pub key directory, from service site, or from dns
Naphex: by whichever dns resolves it
Naphex: if you don't resign the zone, it's invalid
Naphex: DNS
Naphex: if you want to verify if the certian address was authenticated, you can
Naphex: mircea_popescu: so the zonefile is signed, pub key published. addresses sign domain alias and domain pub key. alias gets published
Naphex: http://pastebin.com/nGVC7rNz dig output, with dnssec
Naphex: creating a dns alias would go like this 1.get your server's pub ksk, 2. sign message of domain dnssec-ksk, 3. add record containing issuer
Naphex: and trust it
Naphex: ideally you could just save the KSK
Naphex: you should be validating requests before, so if you mitm the serv requests would fail
Naphex: and all records are signed
Naphex: DNSKEY record 257 3 13 hTj/xt+OErAHwCrCY7LKmkO9HhS4RG9c4yW2gowo8I2dwCGRkpbLE1b6 BJrA+4TGJcbdKfFWoT7dpK/zJPzgIg==
Naphex: # host -t dnskey addresses.btcxchange.ro 127.0.0.1
Naphex: signature includes DNSSEC KSK key
Naphex: naphex.addresses.btcxchange.ro descriptive text "v:btc1 addr:12mVDqdWqFY6zrCqNqgHbxhDPB4ZVUuaTu signature:IGnKD8UQ5/AaWadgGc3aIQ5q9EmgxuF+Vw+F4SSYkB9R+TAVzvnDq+fTZql08JEWrRLlTCReF3lTQAtea66zv5A="
Naphex: # host -t txt naphex.addresses.btcxchange.ro 127.0.0.1
Naphex: so here is a working version of what i talked about earlier
Naphex: ok..
Naphex: mircea will like it cause you can use GPG directories/certs http://tools.ietf.org/html/draft-ietf-dnssec-certs-04#section-3.2
Naphex: so atleast you're setting up trust in all ways, and can be verified
Naphex: or another record field, where you can reverse associate the address to the specific dns signature
Naphex: i'll build up a service and see if we can poke holes in it, dnssec sign each zone, and reverse/point fowards for the addresses
Naphex: vacation time in romania, might as well have some fun
Naphex: i might set up a play service this weekend
Naphex: and dnssec setup if he wants to authenticate that data
Naphex: yep
Naphex: you can go dynamic on it using bip32 pub keys, or have custom dns software deliver unique addresses
Naphex: aye, or anyone just a lookup function
Naphex: you can use whatever as long as it rezolves and validates
Naphex: nah, and you lookup specific txt records
Naphex: bip70 you will have to validate the pki
Naphex: but with dnssec you can move validation up
Naphex: or use gpg
Naphex: you could still stick to the dns and use x509/pki in the same way
Naphex: yeah i know bip70
Naphex: so you can make sure to query 8.8.8.8 / 8.8.4.4
Naphex: you could just use google pub dns servers, and place some trust on them, they support dnssec
Naphex: too authenticate the data
Naphex: well you can do dnssec and stuff
Naphex: i meant someone hopping on your dns server and just setting all addresses to his:p
Naphex: in which sense?
Naphex: to prevent dns spoofing
Naphex: is just a quick tought, idealy there would be some other mechanisms
Naphex: add another record like that for the reverse
Naphex: domain + address,
Naphex: naphex.addresses.btcxchange.ro descriptive text "v:btc1 addr:12mVDqdWqFY6zrCqNqgHbxhDPB4ZVUuaTu signature:IDAbYX4Pyv2SogoQghe9k8XhKyJI+hedb0uvryrNXhkD197beYw+g4XP7xsXdkcpWe3lH1BJMynqCIBX+/vUY8M="
Naphex: $ host -t txt naphex.addresses.btcxchange.ro
Naphex: so... why not support something like this
Naphex: those extensions might as well steal identity info, banking info, company secrets whatever else
Naphex: or something bad is going to happen at some point
Naphex: but a better principle would be having a clean not infected with every crapware/spyware software possible
Naphex: as a precaution
Naphex: what about just keeping your PC clean, and maybe running chrome in incognito without extensions
Naphex: :)))
Naphex: be safe if you're about to sign transactions client-side
Naphex: so they can totally overpass anything with targeted attacks
Naphex: chrome extensions run in ring0 from clientJS PoV
Naphex: well don't run bitcoin transactions on browsers with untrusted or crap extensions
Naphex: if you want
Naphex: https://github.com/bip32/bip32.github.io download it and save it and run it locally
Naphex: or just use bip32
Naphex: BIP32?
Naphex: site looks like poop
Naphex: for example, like 1.5 years ago best bussiness contract was something like 120$ for 100Mb/s (generic contracts)
Naphex: while some bussines or office buildings are still stuck to whatever worse
Naphex: most ISP's focus were apartment buildings so thats what got cabled with fiber optics first
Naphex: then residential consumers
Naphex: some bussiness actually have worse
Naphex: gonna change it to a 12$ usd 1gb/s connection
Naphex: https://i.imgur.com/I3Dp3ZC.png my ~8usd home connection
Naphex: i think romania is a bit higher now:P
Naphex: getting ready to leave for the office
Naphex: :D
Naphex: morning fluff, chillin drking coffee
Naphex: morning
Naphex: gn
Naphex: sounds in tune with youtube russia :)
Naphex: rly
Naphex: nah, the rest look like bull
Naphex: BTCTrip is nice and works well
Naphex: https://www.btcxchange.ro/order - its meant to have some easyability in it, remember it's an exchange and we will be having a transaction fee at some point
Naphex: so there's that
Naphex: and doing some tutorial video for setting up, for noobs
Naphex: but we will be adding some nice UX for GPG authentication
Naphex: not just the crypto community
Naphex: we are planning on reaching regular folks as well
Naphex: thestringpuller: i am, i will be adding GPG auth. but thats it
Naphex: you can set some really abstract question
Naphex: and only one right answer, if you put in wrong answer we helicopter and save you
Naphex: maybe i can ask an emergency question?
Naphex: :P
Naphex: sure. if you get all 4 the only thing that can save you is hope you don't hit any short-circuits or be enough in the hot wallet
Naphex: attacker needs username, password, otp(yubi,gpg), email for approving a withdrawal
Naphex: for me its still about risk reduction
Naphex: ah, i doubt it. unless their personalization tool phones home, but doubt that
Naphex: ah sorry, i missread
Naphex: artifexd: you touch the button, it types the OTP
Naphex: so..
Naphex: said signer can still leak his keyphrase and key
Naphex: of course
Naphex: and gox had the keys
Naphex: but that attack needs to be targeted
Naphex: you can just realtime phish or sniff/block otp
Naphex: you don't have to go that deep
Naphex: it still needs that stuff to do damage
Naphex: at least some 0 day or insider, or whatever breaches deep enough to issue withdrawal messages
Naphex: some risk reduction is worth it, even if not bulletproof in all theoretical/practical/NSA cases
Naphex: true, but my risk is still reduced, that an attacker/breacher would have to have private keys leaked, have user secrets, and have user email, and penetrate hard within infrastructure without detection, to nab some satoshi from the hot wallet
Naphex: i validate OTP against yubiservers
Naphex: so user gives me yubi pub key, and then shoots OTP
Naphex: asciilifeform: i'm talking from a server end point, i don't have to keep user secret. just public key
Naphex: and OTP just removes the risk of insider/intrusion that can just spam hotwallet servers or trade messages with withdrawals
Naphex: for me it promises a OTP, from the user. which i can validate without holding a secret
Naphex: noob me, forgeting syntax
Naphex: ;;rate asciilifeform 1 NSA Should make a open OTP Token
Naphex: psh
Naphex: ;;rate 1 asciilifeform NSA Should make a open OTP Token
Naphex: ;;rate 1 asciilifeform NSA Should make a open OTP Token ;]
Naphex: i'd buy one
Naphex: well - a completly open OTP token, with hardware for sale would make a killin'
Naphex unplugs yubikey out :)
Naphex: i'd just stop ther eand request gpg auth:P
Naphex: to just have it on the phone / or cached or who knows what
Naphex: if i have to deliver DH/GPG secret to the client for GAuth
Naphex: asciilifeform: still protecting Gauth secret ruins the whole point
Naphex: you only need client's pubkey
Naphex: you're not handling the private keys since you can just check yubico servers
Naphex: for GAuth you gotta transport the secret to the user
Naphex: well, i just use it as a solution for OTP without handling private keys
Naphex: i'm not trumpeting yubikey, but i don't know of a better OTP atm
Naphex: so a backdoor /trojan wouldn't get it without a huge sample size
Naphex: or taped
Naphex: guess so, still.. you'd still need the button pressed
Naphex: something about NEO and STANDARD were unaffected because OATH
Naphex: there is a response bit more down
Naphex: so yeah they had to tape the button
Naphex: (version 2.4) and found that our attacks do not apply to this improved version.
Naphex: taken measures to mitigate the security issues. We examined an updated firmware
Naphex: vendor Yubico as mentioned before. Yubico acknowledged our results and has
Naphex: Having discovered the security problem, before publication, we contacted the
Naphex: asciilifeform: https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2014/02/04/paper_yubikey_sca.pdf apperantly it got sca'd some time ago