New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added GreenAddress wallet #360
Conversation
NACK: non-free webwallet. Comments on the client itself:
|
True, so far, however comparable to bc.i or bitgo.
We are considering open sourcing the server but if that happens is probably going to be at a later stage. Note that with Gentle, users don't need the server even if we disappear.
We agree the original implementation/assumption doesn't really work but we think we can rehabilitate the name with our model (which is to be based on top of the payment protocol, out of band).
We use P2SH, we started without in 2013 but changed to P2SH towards the end of the year. |
Anyway, even Blockchain.info is still on the wallet list :) |
All web wallets are generally working on desktop and mobiles, as stated in the description for this category. Wallets listed under "Desktop" and "Mobile" provide full offline control over private keys for the user, which isn't the case here to my understanding. |
I think that GreenAddress would be a nice addition to the list. You don't have full control of private keys by design since it uses a 2of2 signature to enhance security, and I think it does a really good job at it: much better than the others in that respect since it protects you from compromised systems. Anyway you can gain full control of your keys with pre-signed transactions with nLockTime in case their service disappear. |
The user side of the multisig is fully offline and under the sole control of the user in a fully and solely local desktop app that doesn't trust the server and its data and verifies transaction before signing against two different networks (GreenAddress' and Electrum's). At no time the user keys are sent to the server, not even encrypted. In case the server disappears the user can still spend the funds, albeit after a user selected amount of time (with our feature using nLockTime). The same applies to our Cordova mobile app. Are all Multisig wallet automatically web wallets? Just because a webwallet version is available it doesn't necessarily mean that the desktop and mobile apps are web wallets (both of which are open source local apps with unminified inspectable code) Assuming that even with the above clarified GreenAddress is still considered a web wallet, does this depend on its Multisig (GreenAddress side of the key) and whether the multisig it is used for security purposes, for escrow/fraud purpose, etc ? What if 'multisigness' is optional/user selectable? We don't think lumping together mulitisig local clients and web wallet in the same category is fitting the definition, the implications are certainly quite different in our view. We have been following related discussions and we welcome any clarification about the categories available or if found appropriate enough, new/modified, better fitting, categories. |
@greenaddress : I think we should try avoiding duplicate listing as much as possible, it's confusing. Desktop / Mobile categories currently only list open-source software providing full control to the user, and online services are listed under the "Web" category, along with BitGo. In general, I think changing how wallets are organized should be done consistently and separately. If anything, it probably makes more sense to only list blockchain.info under web wallets than to duplicate web wallets everywhere. "What if 'multisigness' is optional/user selectable?" |
@saivann : The current categories are confusing few orthogonal things: platform, open sourceness, where/how the keys are stored and how many keys are involved in the first place and this is not clear to end users, not even half experienced ones. Maybe a grid with supported features and platforms could work, or perhaps duplicating listing is more consistent and correct after all. It would be great to also show which security and privacy feature each wallet supports, to make the choice easier for inexperienced users. Above all, clarity should prevail. Does this mean we should wait for current duplicate listings to be removed before pushing a newly consistent pull request? I assume this pull request won't be accepted temporarily until all duplicates are removed according to a consistent rule? Is there any room to discus and structure categories in a better fitting way? |
The grid table is at https://en.bitcoin.it/wiki/Clients |
We've updated the pull request to reflect the changes suggested by @saivann - all web wallets, including Blockchain.info, are now in the 'Web wallets' category only. |
@greenaddress Please avoid making changes to your competitors' listing. This pull req should remain focused on one thing; greenaddress. Other topics should be discussed separately. Back to greenaddress, I didn't have time to review the service history yet. |
@saivann OK, re-added as above, sorry about the misunderstanding. |
Hi, in your original message you stated that greenaddress has been in operation for over a year. The transaction you referenced is clearly dated last year, but it also isn't a P2SH address. Was that transaction created with the current greenaddress? In this reddit thread, it seems you just launched the service about 2 weeks ago: http://www.reddit.com/r/Bitcoin/comments/20g9ab/greenaddressit_trustless_2of2_open_source_wallet/ Perhaps you could clarify how long greenaddress has been running in its current form? Disclaimer: I am with BitGo. |
Hi Mike, GreenAddress' multisig wallet was lunched much earlier than 2 weeks ago, see this 8 months old post http://www.reddit.com/r/greenaddress/comments/1it70c/beta_greenaddressit_bitcoin_hybrid_wallet_and/ . The post you reference is about open sourcing the multisig client: the first multisig service with an open source client that explicitly doesn't trust the server by checking transactions/blockchain data before signing them against the electrum network. If you are asking if we supported P2SH from day one, the answer is no, we initially supported just classic multisig and it wasn't yet open source back then. For the foreseeable future we plan to release new features relatively often thus changing the 'incarnation' on a regular basis to improve security, privacy and ease of use: we believe services should evolve according to the best industry standards, just like you are doing working on adding BIP0032 support to BitGo. Hope this clarifies, please let us know if you have any doubt or concern or if you want us to further clarify. |
FWIW, I think this would be a good addition to the wallet selection. I haven't done an in-depth review, but from what I have seen and tried out, it seems to be a very good mix of security and convenience features and probably one of the current front-runners in providing a BIP32 wallet plus two factor authentication using multi-signature addresses. |
@saivann we published some document that can help with GreenAddress http://ghgreenaddress.files.wordpress.com/2014/04/greenaddressp2sh2of2hd-6.pdf for review/feedback purposes |
To clarify: my NACK applies to bc.i and BitGo as well, insofar as they are web wallets. As long as those are on the page, there's no reason to exclude GreenAddress.it specifically. |
I have tested GreenAddress.it and recovered bitcoins from their service using nlocktime transactions sent through email notifications. In general, the service seems to be working correctly and make good use of two-factor authentication. I have been a little wary of adding a service for which I couldn't find a lot of users reviews. This said, I didn't find anything concerning, the team behind GreenAddress is public, reviews seem generally positive and GreenAddress.it seems to be making real effort to create a web wallet with reduced centralized risk. Therefore I agree with @luke-jr that there's probably no good reason to exclude GreenAddress.it specifically. |
Unless someone wants to add additional comments or feedback, this will be merged on April 11th. |
This change adds GreenAddress to the wallet list.
GreenAddress has been in operation in various incarnations since 2013-04-16. GreenAddress operates similarly to BitGo in that the user holds the keys, but GreenAddress is different from Electrum, BitGo and bc.i in that wallets are BIP0032 and BIP0039 P2SH/2-of-2 multisig. Also we don’t use passphrase-encrypted private keys, but Electrum-like random mnemonic for better security. You can read about how it works in our FAQ. We've been helping the Bitcoin community with some Electrum server patches, Gentle, a tool to help deal with transactions with expired nLockTime as well as our own open source clients.
Let us know if you have any questions.