wumpus





Offline



Activity: 812

Merit: 1000



No Maps for These Territories







Hero MemberActivity: 812Merit: 1000No Maps for These Territories [pull] Remove send to IP address and IP transactions support May 22, 2011, 09:00:52 AM

Last edit: May 22, 2011, 09:25:44 AM by John Smith #1



An IP is a terrible identifier as it does not identify a person or organization. Furthermore, man-in-the-middle attacks are trivial as the internet has no "proof that you have ip XXX" API. In the future address shortening services based on "user@domain" would be useful, but these will likely be based on third party APIs and not on this code.



Removes server logic to accept transfers by IP [checkorder, submitorder] (was already behind a barely-known setting)

Removes UI logic to send transfers by IP (CSendingDialog). Entering an IP in the send box will always result in an error.

Less transaction-handling code to maintain and audit is always better.



I have obviously kept in the code to handle and show old by-IP transactions, as they will remain part of history.



https://github.com/bitcoin/bitcoin/pull/253



Remove send to IP transaction support, as it is insecure and would confuse users when used.An IP is a terrible identifier as it does not identify a person or organization. Furthermore, man-in-the-middle attacks are trivial as the internet has no "proof that you have ip XXX" API. In the future address shortening services based on "user@domain" would be useful, but these will likely be based on third party APIs and not on this code.Less transaction-handling code to maintain and audit is always better.I have obviously kept in the code to handle and show old by-IP transactions, as they will remain part of history. Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. Bitcoin Core developer [PGP] For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet throughto an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.

wumpus





Offline



Activity: 812

Merit: 1000



No Maps for These Territories







Hero MemberActivity: 812Merit: 1000No Maps for These Territories Re: [pull] Remove send to IP address and IP transactions support May 22, 2011, 09:27:26 AM #3 1) I don't believe that secure IP-based transactions are possible. The internet has no API to confirm that you are the real owner of an IP address. This would need to involve your ISP.



2) We already have bitcoin addresses, why would you complicate it by having mulitple kinds of addresses? What inherent advantages do IP transactions have that hash-based transactions don't have?



3) Also if you really want IP based transactions (or other forms of address shortening) they could be implemented as a secondary service apart from the P2P protocol. I see no advantage to having this as part of the main protocol.

Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. Bitcoin Core developer [PGP] For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet throughto an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.

wumpus





Offline



Activity: 812

Merit: 1000



No Maps for These Territories







Hero MemberActivity: 812Merit: 1000No Maps for These Territories Re: [pull] Remove send to IP address and IP transactions support May 22, 2011, 10:04:34 AM #6 Quote from: theymos on May 22, 2011, 09:59:51 AM You publish a public key along with your IP address.

So what is the advantage beyond simply publishing your public key? Which is already an address?



Satoshi's proposal doesn't make that much sense either. If you use <key>.<IP> the entire shortening advantage goes away.



And IPs can change if you move providers, or if your provider moves IP ranges, so they're also not useful as long-term address to publish.

So what is the advantage beyond simply publishing your public key? Whichalready an address?Satoshi's proposal doesn't make that much sense either. If you use . the entire shortening advantage goes away.And IPs can change if you move providers, or if your provider moves IP ranges, so they're also not useful as long-term address to publish. Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. Bitcoin Core developer [PGP] For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet throughto an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.

Mike Hearn





Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 Re: [pull] Remove send to IP address and IP transactions support May 22, 2011, 10:09:34 AM #7 Agree it should be removed for now. The functionality can go back in at some later point with a new protocol if somebody wants to write one.



It's really to our advantage to simplify the clients UI at this point, because lots of new users are coming on board who may not be very tech savvy. Simplicity is the key and deleting effectively dead features is the easiest way to start. There are some other simple UI improvements that could be made later as well.



If direct sends support gets resurrected, it'd be more convenient to have it run over HTTPS. For all its faults HTTP supports things like multi-plexing multiple independent sites onto the same IP addresses and lots of companies already have sophisticated load balancing and traffic routing setups that handle it.

wumpus





Offline



Activity: 812

Merit: 1000



No Maps for These Territories







Hero MemberActivity: 812Merit: 1000No Maps for These Territories Re: [pull] Remove send to IP address and IP transactions support May 22, 2011, 10:14:16 AM #8 Good point about https. Domain-based makes sense, IP-based doesn't. And as added bonus, it would have trust control with certificates. "Transaction messages" could evenso be added as part of this API, and will be encrypted over the line unlike now.



On the modern internet, hardly anyone is basing protocols on static fixed IP addresses anymore, for many reasons; among them, IPv4 is running out of addresses so people have to multiplex. For IPv6 the shortening advantage will be lost. Remembering a IPv6 address is as hard as remembering a bitcoin address.

Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. Bitcoin Core developer [PGP] For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet throughto an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.

theymos

Legendary



Offline



Activity: 3892

Merit: 7919







AdministratorLegendaryActivity: 3892Merit: 7919 Re: [pull] Remove send to IP address and IP transactions support May 22, 2011, 10:25:59 AM #10 Quote from: John Smith on May 22, 2011, 10:04:34 AM So what is the advantage beyond simply publishing your public key? Which is already an address?



Satoshi's proposal doesn't make that much sense either. If you use <key>.<IP> the entire shortening advantage goes away.



And IPs can change if you move providers, or if your provider moves IP ranges, so they're also not useful as long-term address to publish.



Addresses are not public keys. Addresses are public key hashes, which necessitates a larger transaction (24 bytes extra per output).



As I said before, the main benefit is sending messages out-of-band. I never even mentioned shortening as a benefit...



You should be able to use domain names instead of IPs. (I know you can't right now.)



IP transactions is one of those things, like script, that will probably have some interesting uses later. Unlike address transactions, the recipient can refuse a transaction before it's even made (if the input is wrong, for example). This would solve the refund problem that some merchants have had. It's also one way that lightweight clients might receive transactions without checking the block chain.



I'm fine with hiding it from the "send bitcoins" UI for now. Addresses are not public keys. Addresses are public key, which necessitates a larger transaction (24 bytes extra per output).As I said before, the main benefit is sending messages out-of-band. I never even mentioned shortening as a benefit...You should be able to use domain names instead of IPs. (I know you can't right now.)IP transactions is one of those things, like script, that will probably have some interesting uses later. Unlike address transactions, the recipient can refuse a transaction before it's even made (if the input is wrong, for example). This would solve the refund problem that some merchants have had. It's also one way that lightweight clients might receive transactions without checking the block chain.I'm fine with hiding it from the "send bitcoins" UI for now. 1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD