Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why not BitID? #9

Closed
apetersson opened this Issue Jul 3, 2014 · 2 comments

Comments

Projects
None yet
3 participants
@apetersson
Copy link

apetersson commented Jul 3, 2014

There is an existing proposal with working implementations (Darkwallet, Mycelium, mediawiki) . It would be great to give a motivation how BitAuth improves over BitID. This is not clear from the blogpost https://github.com/bitid/bitid

@porkchop

This comment has been minimized.

Copy link

porkchop commented Jul 3, 2014

@apetersson here's my interpretation: BitID is specifically bound to bitcoin addresses, whereas bitauth generates its own public+private key combos via their own protocol (the SIN). I'm not 100% sure of the advantage of this since bitcoin addresses can also be generated on the fly. So I'm not sure what the new encoding accomplishes (but I'm sure there is a good reason for it). Another major difference is in the steps involved to pass, and finally verify ownership of the public address. Bitauth is super straight forward this way - you just send a signed nonce including your public key which can be verified on the server. This makes it awesome and clean for authenticating api requests. With Bitid, you sign a challenge and nonce. The challenge is also a callback url, which is the target you send your signed package to, out of band. This makes it especially suitable for out of band human oriented auth like using your phone camera to verify your identity by scanning a QR code, but much more cumbersome as a tool for authenticating api requests.

@braydonf

This comment has been minimized.

Copy link
Contributor

braydonf commented Jan 7, 2015

There should be compatibility between BitID and BitAuth, especially since it's using the same crypto. I think the only difference is that BitID uses a bitcoin address as the identifier and BitAuth uses a different version byte when encoding an "address" and thus isn't necessarily used to receive bitcoin.

@braydonf braydonf closed this Jan 7, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.