Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Why not BitID? #9
@apetersson here's my interpretation: BitID is specifically bound to bitcoin addresses, whereas bitauth generates its own public+private key combos via their own protocol (the SIN). I'm not 100% sure of the advantage of this since bitcoin addresses can also be generated on the fly. So I'm not sure what the new encoding accomplishes (but I'm sure there is a good reason for it). Another major difference is in the steps involved to pass, and finally verify ownership of the public address. Bitauth is super straight forward this way - you just send a signed nonce including your public key which can be verified on the server. This makes it awesome and clean for authenticating api requests. With Bitid, you sign a challenge and nonce. The challenge is also a callback url, which is the target you send your signed package to, out of band. This makes it especially suitable for out of band human oriented auth like using your phone camera to verify your identity by scanning a QR code, but much more cumbersome as a tool for authenticating api requests.
There should be compatibility between BitID and BitAuth, especially since it's using the same crypto. I think the only difference is that BitID uses a bitcoin address as the identifier and BitAuth uses a different version byte when encoding an "address" and thus isn't necessarily used to receive bitcoin.