On Thu, Aug 22, 2013 at 11:26 PM, Maciej Trebacz <maciej@...> wrote:
> So if you have multiple addresses you can't
> sign them with a single private key and include that signature in the
> transaction so other party can verify it against your public key. This could
> become very handy though - a reputable wallet service could issue
> transactions that require zero confirmations from the other party, because
> with the added signature they know that the transaction is from this
> reputable service and they trust that this service won't try to double
> spend. I'm thinking of something like Mt.Gox's "green address", but baked
> into protocol (Mt.Gox does this by sending your funds to some known by the
> others Bitcoin address and then relaying them to the final destination).
> Do you think it's possible/feasible to add a feature like this to the
It's feasible to do such things but I believe highly undesirable.
You're taking data which is inherently only of short term interest to
a single party in the whole world (the receiver) and enlarging the
transaction and increasing the effective transaction fees while
forcing (say) a hundred thousand other parties to spend effort
transmitting it, processing it, and storing it for all time.
While doing so you also leak to the whole world— who would have
previously had no way or reason to know— who the identity of one of
the parties in the transaction is in a strong cryptographically
non-reputable way... which then lowers the privacy of everyone in the
transaction graph region of that transaction since some coercive force
could send some ninjas out to bust some kneecaps of the identified
party until they tell them where those coins came from and where they
went. If you observe section 10 of Bitcoin.pdf you can see that
privacy in Bitcoin is based _exclusively_ on using pseudonymous
identities on every transaction. If you break that, you remove privacy
from Bitcoin, leaving it at a competitive disadvantage to centeralized
payment systems, which all provide pretty good basic privacy (against
most criminals and nosy neighbors) as a core feature.
Instead: You can simply perform this transaction using the payment
protocol, which could provide along all sorts of additional metadata
including signatures from the relevant parties. By doing this, only
the parties that need to learn something learn something: privacy is
preserved and bloat is avoided.
If the payment protocol is too heavy handed for you, simply giving the
user a signmessaged txid can show a promise to pay for a transaction
without highly public communication.