Open xbtdev opened 8 years ago
+1 Sounds like a great feature. The only problem would be how to deal with locking funds.
I would suggest maybe generating a certain specific path of your xprv (maybe this could be added as a BIP?) and send the amount to that address and "hide" it from copay (while still managing it with BWS)
The only downside would be that, in order to send the BTC to the newly created Copay wallet, the original sender would need to log back in to Copay in order to sign the transaction...
This would mean the user who received the email would get a notice upon wallet creation: "Great, welcome to Copay. Now tell your friend to open their Copay app and enter their password (if they have one) when prompted. Your BTC will arrive shortly thereafter." and wait for the original sender.
I know Coinbase and Circle control your private keys, so it makes sense... but I have always wondered how blockchain.info works. Since the user constantly has control of the private keys.
+1 Sounds like a great feature. The only problem would be how to deal with locking funds.
I think sending funds to an address controlled by BWS until funds are claimed by the recipient is an acceptable solution. But moneypacket.org and blockchain.info are examples of non-server-trusted solutions. MoneyPacket.org tries to create a concept of bitcoin as a file that can be attached to emails. Both moneypacket and blockchain.info keep the original sender in control of the private keys until the funds are claimed.
I would suggest maybe generating a certain specific path of your xprv (maybe this could be added as a BIP?) and send the amount to that address and "hide" it from copay (while still managing it with BWS)
Leaking a child private key can compromise the entire HD wallet (bip 32 is not leak tolerant.) We would need to generate and store these keys separately from the user's personal HD wallet.
Unfortunately, in all existing HD wallets—including BIP32 wallets—an attacker can easily recover the master private key given the master public key and any child private key. (source: https://eprint.iacr.org/2014/998.pdf )
Leaking a child private key can compromise the entire HD wallet (bip 32 is not leak tolerant.)
You are talking of non-hardened keys. Hardened keys are leak tolerant, but do not allow for public only derivation.
Either way, I was not talking about sending the private key to them, I was talking about waiting til the user creates a wallet with Copay, then once they do, the NEXT TIME THE SENDER OPENS COPAY they get a pop up saying "hey, remember that money you sent to xyz@xyz.com, they created a copay wallet, so do you still want to send?" and when you click yes, your local device signs the transaction and transfers the bitcoin to an address controlled by your friend.
Having the money promised in the E-mail as soon as you boot up the app would be nice, but the whole idea of splitting BWS from insight and moving wallet storage to local was to remove private key responsibility from the server.
Either way, I was not talking about sending the private key to them, I was talking about waiting til the user creates a wallet with Copay, then once they do, the NEXT TIME THE SENDER OPENS COPAY they get a pop up saying "hey, remember that money you sent to xyz@xyz.com, they created a copay wallet, so do you still want to send?" and when you click yes, your local device signs the transaction and transfers the bitcoin to an address controlled by your friend.
Ok. That makes sense. This is a 100x improvement from no option to send by email or text. I still think I'd prefer a slightly less-secure more-user-friendly method without the back-and-forth steps.
Having the money promised in the E-mail as soon as you boot up the app would be nice, but the whole idea of splitting BWS from insight and moving wallet storage to local was to remove private key responsibility from the server.
Another option would be to email directly from the user's device (not throught the BWS server).
The whole thing is reminiscent of the "Export wallet" feature in copay, with a different UX designed around sending a specific amount of bitcoin by email.
Coinbase, Circle, and Blockchain.info wallets allow sending bitcoin to email addresses or by text message. BWS already supports notification emails. Why not also support server-assisted bitcoin transactions by text or email? The funds must be 'claimed' by the recipient within a certain timeframe or they are returned to the sender.
I know you've just introduced an Address book feature... this is great, but I always hesitate to send bitcoin to someone's previously used bitcoin address because of the chance that they might have switched wallets or otherwise deleted their private key. So usually sending bitcoins requires waiting for my recipient to reply back with a bitcoin address.
Allowing users to email or text bitcoin greatly increases the ease of bringing new people into the bitcoin world. Receiving bitcoins by email or text would be a great onboarding opportunity for people who have never used bitcoin.