Fix terminology issues in 102-PubkeyCreation

[luke-jr]

102-WalletCreation used incorrect terminology (eg, referring to pubkeys as "wallets") for much of the document, which makes it hard to read.

[Abstrct]

I'm completely open to a change here but I think it warrants some additional discussion.

I agree that Wallet isn't always the best term but I don't know if PubKey is much better. The use of PubKey in this sense would limit a digital asset to a one key address, excluding cases of multi-sig/P2SH (which the standard heavily encourages).

Ultimately, this is why we chose Wallet. It isn't a perfect term, but it is at least more inclusive/general. Perhaps something else, like "Digital Asset", is better?

[luke-jr]

At least for Bitcoin, the term pubkey refers to the entire script, whether it be p2pkh, p2sh multisig, or even bare multisig. Perhaps there are better terms available, but Wallet is just incorrect and confusing since it refers to the entire collection of keys. "Digital asset" would usually refer to the coin itself, not usually the key controlling it.

[mperklin]

The term we’re trying to identify here is the “address” that is generated from the public key or script that is used to receive funds.

Most call this the ‘wallet’ or the ‘address’ or even the “wallet address”. See https://www.bitaddress.org/bitaddress.org-v2.9.8-SHA256-2c5d16dbcde600147162172090d940fd9646981b7d751d9bddfc5ef383f89308.html https://www.bitaddress.org/bitaddress.org-v2.9.8-SHA256-2c5d16dbcde600147162172090d940fd9646981b7d751d9bddfc5ef383f89308.html and https://en.bitcoin.it/wiki/Paper_wallet https://en.bitcoin.it/wiki/Paper_wallet

Some call it a public key, but this is a misnomer because as you know it’s actually the RIPEMD160 hash of the public key OR the script that must validate in order for the funds to be spent.

Perhaps “address” works best here (even though it, too, is inaccurate) since it’s the identifier created for receiving funds.

On Mar 5, 2015, at 6:27 PM, Luke-Jr notifications@github.com wrote:

At least for Bitcoin, the term pubkey refers to the entire script, whether it be p2pkh, p2sh multisig, or even bare multisig. Perhaps there are better terms available, but Wallet is just incorrect and confusing since it refers to the entire collection of keys. "Digital asset" would usually refer to the coin itself, not usually the key controlling it.

— Reply to this email directly or view it on GitHub https://github.com/CryptoConsortium/CCSS/pull/6#issuecomment-77475125.

[luke-jr]

No, a [Bitcoin] public key refers to the entire script associated with the output. Whether that script works with ECDSA public keys, hashes thereof, or anything else is irrelevant. Addresses are only related when receiving, which isn't the use here as you note.

[mbelshe]

From a low-level bitcoin perspective, @luke-jr 's description is more accurate. Bitcoin itself doesn't really know about wallets, all it knows about is scripts, and its a human layer atop those scripts which we mortals attribute to 'wallets'. If the sole target audience of this document were developers, I'd agree with his change.

However, for the non-developer readers of the document, I think this change will make CCSS more complicated to read for two reasons: a) 'pubkey' is an overloaded term with different meanings in different contexts b) the difference between outputs that are unlockable via a script and outputs that "go to an address" or "go to a wallet" is one that only developers understand.

I wonder if a better approach is to simply define "wallet" (or choose another term) and how it was used in this context. We could describe this translation, so that developers would understand what is meant, but it would leave the document to those that need to understand security requirements from an organizational perspective without having to know the implementation specifics.

[luke-jr]

Better to define a new term. "Wallet" is already well-defined, and best practices dictate that all users should share a common wallet-group (at least 1 cold wallet and 1 hot wallet). Maybe "latch" or "padlock"?

[Abstrct]

I think this is actually two separate, albeit related, issues.

The first issue is the aspect name. Wallet Creation still seems accurate here as it includes the definition of how addresses within the wallet are to be created. I would expect these details to be settings/configuration points of within wallet software, so to me the aspect name Wallet Creation is still accurate in this sense.

Now, regardless of the aspect name, many of the corrections made within the YML file are improvements to the wording. I think the easiest example of this is the change of:

uncertified: Wallets/addresses are reused

to

uncertified: Pubkeys/addresses are reused

Having a user uninstall their favourite client to create a new wallet for each transaction doesn't make any sense and wasn't our intention - but that is what the current wording implies.

I don't think these changes alter the overall subject matter of the aspect in a way that warrants a change to the name but I do definitely see them as improvements.

[Abstrct]

The fixes agreed on within this thread have been included in a separate PR. Closing this without a merge.

Regardless of the PR that ended up merged, thanks for taking the time to outline your suggestions. We do appreciate the contribution and look forward to more discussion.