bitfinger - bitcoin on webfinger, webfist and fist-bump
DESCRIPTION
proposal for a distributed registry of bitcoin payment information by email address.TRANSCRIPT
the finger protocol is back!by Johann Barbie at bitfinger.org
What is Finger?● RFC 742 (December 1977)● human-oriented status and user information● <<finger [email protected]>>
Login Name: johbaIn real Life: Johann BarbieShell: /bin/bashNo unread mail
What is WebFinger?Personal Web Discovery on Email (RFC 7033):1. Start with an email address: [email protected]. Translate it into a URL:
https://gmail.com/.well-known/webfinger?resource=acct:[email protected]
3. Fetch that URL and get back JSON:{"subject": "acct:[email protected]", "links":[{ "rel": "avatar", "type": "image/jpeg", "href": "http://www.example.com/~myname/profile.jpg"} ]}
4. Problem: domain name participation
What is WebFist?● fallback when providers don't support WebFinger● makes use of DKIM signatures● send email to webfist server:
webfist = http://example.com/path/to/your-profile● restult: { "subject": "[email protected]",
"links": [{ "rel": "http://webfist.org/spec/rel", "href": "http://example.com/my-delegation-here.json", "properties": { "http://webfist.org/spec/proof":"http://webfist.org/webfist/proof/08e01fb3123de74555528daaeb2d33b513f50f88-c255b91b02617c067df89a3809f0e17197b52413?decrypt=pithy.example%40gmail.com"}}]}
What is Webfist?● Start with an email address: [email protected]
● Translate it into a URL: http://gmail.com/.well-known/webfinger?resource=acct:[email protected]
● Fetch that URL and receive a bad response● Formulate a WebFist URL: http://webfist.org/.well-known/webfinger?
resource=acct:[email protected]
● Fetch the WebFist URL and get back JSON● Follow the delegation path and fetch the real service
document
What is Fist Bump?● Receive a verification email, verify its DKIM signature● Use the email address to very slowly generate an AES
encryption key with scrypt; the email address is the password
● AES128 encrypt the email using the generated key● Save the email to storage, identified by "[scrypt(password)]-
[hash(encrypted-email)]"● Publish the list of recently encrypted blobs● Find and share encrypted blobs with peer servers
Using Fist Bump{ "subject": "acct:[email protected]", "links":[{ "rel": "bitcoin", "href": "bitcoin:19xeDDxhahx4f32WtBbPwFMWBq28rrYVoh" }]
● enable CORS headers● saved at: https://bitfinger.org.s3.amazonaws.com/songelee.json
● send email with content:webfist = https://bitfinger.org.s3.amazonaws.com/songelee.json
Demodemo time
Finish
Thank you!
@johba37coins.combitfinger.org
Content for this presentation from Brett Slatkin’s blog: http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-with-webfist.html