- From: 김원범 <shepelt@blocko.io>
- Date: Sun, 08 May 2016 08:25:01 +0000
- To: Mountie Lee <mountie@paygate.net>
- Cc: public-blockchain-workshop@w3.org, public-blockchain@w3.org
- Message-ID: <CA+fJqsSJ_RaRtWWthDmFCJ4h33Y2XcaVfwSJ5r6doxxgdtvyXg@mail.gmail.com>
Which means that wallet apps should not be created as domain-specific web apps. Instead, they should be seperate mobile or desktop apps, preferably native apps. Web services incorporating with blockchain that require user signed transaction should employ out-of-band communication with wallet apps instead. I think FIDO's approach utilizing app intents on android and custom url on iOS is pretty much canonical for solving these kinds of problems. I think KakaoPay works in a similar manner as well. 2016년 5월 8일 (일) 오후 5:17, Mountie Lee <mountie@paygate.net>님이 작성: > in bip-0070 > > wallet app make transaction to Bitcoin P2P Network. > if we think wallet app (maybe full client or lightweight client) is > implemented into User Agent (browser) > SOP will cause problem communicating with Bitcoin P2P network. > > regards > mountie > > On Sun, May 8, 2016 at 5:00 PM, 김원범 <shepelt@blocko.io> wrote: > >> I don't think SOP is going to affect web experience leveraging PKI >> technologies such as blockchain - just as FIDO experience can co-exist with >> security provided with SOP. >> Instead of storing private keys locally to each origin, a more general >> way to manage private keys on user devices will be required. >> "Wallet apps" functioning like FIDO authenticators on user-owned mobile >> devices and ways to sign transactions out-of-band will be required to deal >> with SOP. >> >> Traditionally, this has been always the familiar user experience in the >> bitcoin world. >> Web sites and services can generate invoices and require users to make >> transactions, but user private keys are always stored in user-controlled >> "wallet." >> >> However, such an experience has been limited to payment processes only. >> Since more general blockchain-enhanced web experiences require generating >> and signing not only payments, but arbitrary data as well, a more general >> work flow will be required. >> >> Bitcoin provides a protocol for enabling out-of-band payment processing. >> This could be extended to support more general applications. >> >> https://github.com/bitcoin/bips/blob/master/bip-0070.mediawiki >> >> 2016년 5월 8일 (일) 오후 4:47, Mountie Lee <mountie@paygate.net>님이 작성: >> >>> hi. >>> >>> let me raise issue for SOP and blockchain private key. >>> >>> when we expand usage of blockchain private to Web, >>> Web SOP will cause some difficult issues. >>> >>> private key can be generated/stored in secure element of client side. >>> user will have ownership of private key and related assets. >>> when the usage of key is restricted to specific origin, >>> that is different from normal user expectations. >>> >>> many user will think, "my money can be used on any site when I want" >>> but with SOP, "your money can be used on this site only" >>> >>> SOP is important security policy of Web. >>> because the previous thinking are "some resources are from some origins" >>> but now we have more requirements letting user have full control of >>> assets which user has ownership. >>> >>> I need opinion for it. >>> >>> -- >>> Mountie Lee >>> >>> PayGate >>> CTO, CISSP >>> Tel : +82 2 2140 2700 >>> E-Mail : mountie@paygate.net >>> >>> > > > -- > Mountie Lee > > PayGate > CTO, CISSP > Tel : +82 2 2140 2700 > E-Mail : mountie@paygate.net > >
Received on Sunday, 8 May 2016 08:25:39 UTC