CIP - Digitally signed address as an NFT

If you pay for something using Ada, it would be nice if the process was more similar to what you get from your bank when you use a clearing agent. Also, if you sell things, accept Cardano and have a substantial cash flow, you want your customers to feel ease of mind when they transfer tokens.

The idea is that it should be possible to use a certificate from thawte, digicert or similar. The input for the certificate should be the Cardano address. Essentially, create a new address from your wallet so that you control it, then create an nft that you send to that address.

For this idea to work, this nft has to be recogniced as such by wallets like daedalus so that when a user enters the adress, the wallet would say who it belongs to. Obviously, this nft should not be allowed to be transferred to a different address even if that should invalidate the signature.

I imagine that such nft’s could be offered by banks in developing countries if you trust the bank to check your identity. The bank would use their certificate so that you don’t have to buy them which can be expensive. As long as you trust the certificate vendor or the bank, this would make actual transactions easier for most people.

I want to point out that the Daedalus wallet is signed. If you try to run it as administrator, you will see the uac window. If the upper part is blue and signed by iohk, then you’re safe. Your wallet has not been tampered with. If, on the other hand it is yellow, then it has been altered.

You could create a .txt file with a Cardano address which has a known length. The signature would be a blob at the end. Very easy.

And there’s your nft. What’s needed is that it is recognized as a special nft that must be interpreted. It should be sent to the address in the text file.

So, when you enter an address, the wallet should check if it has this special nft and make sure the address is the same as where it resides. If yes, then show the signature. ”This address belongs to Acme Corp” or similar. Easy to implement and adds tons of value.

This raises a lot of questions:

You seem to want to reuse the existing certificate authority infrastructure for websites. There, we should keep in mind:

• The trend clearly goes away from Extended Validation certificates, where the legal entity is validated by some process. “Of the ten most popular websites online, none use EV certificates and the trend is away from their usage.” Extended Validation Certificate - Wikipedia
• A lot of people now use Let’s Encrypt certificates. They are free, but only valid for three months. So, whatever we invent should be prepared for frequent certificate changes and not require minting new NFTs for every such change. Let's Encrypt - Wikipedia
• None of the certificates says anything about if we trust the certified entity to certify the identity of third parties. There is no infrastructure for that except for the certificate authorities themselves.
• Banks have not started to offer certificates for ordinary people up to now for use cases such as e-mail, which are much more widespread than cryptocurrencies. Why should they start now? And it’s very much non-trivial for them. Their certificates (which do not even allow to issue certificates for third parties) are not available at every office, but should never leave their central data centers.

What do we want to certify?

• If it should be arbitrary persons, there are a lot of problems to be solved. What to do with John Smith? Some nations might have solutions to uniquely identify people even if they have common names. But we would need something that works internationally.
• If it should only be websites – shops, organisations, …, the problem is much smaller, because domains are already unique by definition.

Already now, a web shop can just give its address to copy and paste into your wallet app. It’s not that insecure if people know what they are doing. … Okay, maybe we should help them a bit.

There is https://github.com/cardano-foundation/CIPs/tree/master/CIP-0013 for Cardano URIs, which could take people directly from a workflow in a shop or a donation system or something like that to their wallet app with address and amount pre-filled, but it is sadly not widely adopted.

Yes, a human-readable identification for the address that I am going to send to will give some nice additional security. There already are adahandle.com and adadomains.io, which aim to do something similar, but more secure (and more open) would definitely be better.

The most simple solution would be that a token at the address just points back to the domain it claims to belong to and, vice versa, there is some kind of document at that domain that lists all addresses that belong to that domain. No additional certificates and signatures needed, because the connection to the web server is (hopefully, in 90+% of the cases) already secured by HTTPS.

This token does not need to be non-fungible and we do not need (and by protocol are not able) to prohibit it to be transferred to other addresses. Shops might want to use a lot of distinguished addresses per customer. They all point back to the domain and there is a medium-sized list of currently valid addresses.

An additional layer of security could be done by also serving the valid addresses for a domain via DNS, so that adversaries would not only have to hack the website, but also the DNS zone to modify the list of valid addresses. (Something similar is done for e-mail validation, cf. SPF, DKIM, and DMARC.)

If a wallet app finds such a token (with a special name of “Handle” or something like that), it finds the domain verycoolshop.com in there and then queries _cardano.verycoolshop.com via DNS and https://verycoolshop.com/.well-known/cardano via HTTPS for a list of valid addresses and if both deliver the address, the wallet app annotates that it is quite sure that the transaction will go to verycoolshop.com.

Thank you for your reply, it is very good and I sense you think the idea is good enough so that the idea can be improved.

I now think the idea works really well for companies and also for charitable organisations. But not for ”John Smith” since the cost may be too steep and also becuse it would have to include something like the Social Security Number which makes it pretty useless anyway.

For those that the idea works for, it may help cash flow since people would feel safe from scammers. I think the authors of the CIP would agree. So, it doesn’t make it easier to donate to the red cross but it’s safer and could be very useful if you want to make a tax deduction. In Sweden, charitable organisations all have a so called ”post or bankgironummer” that starts with 90. Donations ar tax deductible for these numbers only. I don’t know what you call it in America, it’s just a clearing house account number. So when I pay my electricity bill, I get such a number and I can see who the recipient is. For sure, it doesn’t start with 90.

What I want to reuse would be more like the certificate used to sign an executable. An SSL certificate doesn’t really sign anything, does it? It just sits there and verifies the owner and makes https possible. I’m not sure whether the certificate authority can be completely trusted but if they can, your idea would work well. You have to match the address found on verycoolcompany.com with the address where the nft resides. No disgruntled employee should successfully be able to replace them . If there’s no match, then the check would fail.

The idea of perhaps being able to do tax deductions occured to me today and I think it is a good argument. I think average people, not very tech savvy, would find it useful or even stellar.

It would be really neat if the Daedalus wallet could create these nft’s with, essentially, a single click. The certificate goes to the certificate store, you would just have to select it and then press ”Sign this address” or similar. Very useful if you want separate addresses for different customers and less messy than having to add it to your website.

Germany doesn’t have such numbers, just the standard IBANs, but you can’t see if it is a tax-privileged donation from them. Up to 300 EUR, the tax authorities just take any bank statement and don’t ask much. For more than 300 EUR, you need a donation certificate from the recipient.

There is still so much chaos in the questions how they want to tax cryptocurrencies at all that I doubt that they can process cryptocurrency donations, now.

These are exactly the same technology: X.509 certificates given out by certificate authorities (at least for the thing Windows uses, Linux distributions mostly go with GPG signing).

During the TLS handshake some messages are signed/encrypted using the keys belonging to these certificates. If nothing like that would happen, it would be quite worthless to use cryptography, there.

I still don’t understand, why you want to mess around with certificates in NFTs. It’s more complicated, not less complicated, than just putting a list of addresses on your server to verify that they belong together.

Cryptodonations are a bit problematic especially the possibility of tax deduction. I suppose the Red Cross could go to the government and say this is our official donation address and then, as a donor, you add some information to your payment. As a donator, you don’t want your coins to pay for a lamborghini.

In Sweden, if it’s an IBAN number, it means it’s for a foreign bank.

If would be nice if you could use the ssl certificate to sign things like windows executables and other files. But you can’t. Signing messages and encrypting is nice but not what What’s called for. Ssl certificates can be replaced. Network traffic can be redirected. I may trust the initial certicate authority but not the replacement. Too many attack vectors and too many ways things can go wrong.
I don’t want to mail my cardano address to the admin. And so on.

So, the last point is why I prefer a self contained nft. First of all, that makes the nft immutable. That’s what blockchains are all about. Furthermore, I may not have a server or I may find out that whoever runs my website also does business with the russian mafia. The process of creating this nft would be different for every user and that’s not good

And think about ntft’s in general. Would you pay top $$$ for an nft that is stored on nftrepository.com? What if it was stored on your local drive and all there was on the blockchain was an url or something loke your unique hard drive number? It would prove ownership im some form, but would you be happy? I think not?

This reminds me of someone who found stellar windows utility source from Winternals. So this guy bookmarked the url rather than downloading the zip file. When he found out he could use that code, he used his url and found, to his amazement, that the sourcecode had been removed.

The nft I propose would be standardised. Signing is straightforward, an easy thing to implement. The only network traffic required is to see if the certificate has expired or has been revoked. Just check the integrity of the nft and make sure that the first x bytes match that of the address where it resides. There’s not mich that can go wrong, is it? Creating the nft involves one computer only and you can check that Daedalus is signed.

I missed this statement, maybe you misunderstood. The certificate, once received from Thawte or similar goed directly to the certificate store where it stays put. Really put. In order to use it, you need an admin password and, possibly a yubikey.

The nft consista of two parts only. First the Cardano address and then the digital signature. Certainly not the certificate.

This minimises the chain of trust and maximises reliability. No email or phone conversations. No dishonest insiders to worry about. No mishaps of any kind. You don’t have to worry about things like if you forget to pay the fee for your url. What if Amazon forgot, would it not ne tempting to register amazon.com in your name?

Already told you that the certificates for code signing are the exact same technology and infrastructure as SSL certificates. If you don’t believe it, I can’t do anything.

Since certificates are rotated quite frequently, that is exactly, why it is not good to have something depending on them in an NFT. I don’t want to go through the hassle (and fees) of minting and distributing them every three months.

You should definitely own the domain and can move it to another server anytime. If there is no source of truth outside of the blockchain (like a website saying “This is our address.”), then what is this all about, anyway?

But I need the certificate to check the signature. What you want secured is the private key for the certificate, not the certificate itself.

You seem to want the source of truth to be the certificate authorities checking that you are you and then use that instead of the company website as the thing that is checked.

Certificate authorities tend to be prohibitively expensive for these kinds of certificates (something in the range of several hundred Dollar per year).

And it’s not really, what I’m interested in. What I’m interested in is if the address belongs to the shop that I’m currently looking at. A shop with a domain and a website. So, I can just use that technology to validate the address.

Perhaps, you find someone interested in this proposal, anyway. Good luck!

No, you are wrong . There are two major kinds of certificates, code signing certificates and ssl certificates. You can’t use the code signing certificate as an ssl certificate, nor can you sign an executable with an ssl certificate. They are based on the same technolgy, though. Here is a good explanation.

Not for an executable. You can’t extract the certificate of the Daedalus wallet. If you could, scammers would use it to make fake Daedalus wallets. There is only the digital signature in Daedalus that protects it.

And yes, these certificates are expensive. But they last longer for executables. It would be horrible if the Daedalus wallet signature expired every three months.

And it does exactly what you and I want. Try to run Daedalus as admin. The upper part of the dialog will be blue and it will tell you the name of the entity that signed it which should be iohk. The nft would do exactly the same. The name of the company or organisation would appear and also the name of the certificate authority.

I’m only familiar with code signing signatures. For a pet project of mine, I would have loved to use an easy to get ssl signature but it can’t be done. I think you are familiar with ssl certificates only. You haven’t actually signed an executable. It is an elaborate process.

Here is a detailed description.

That’s just because they have forbidden it administratively. Technically it is no problem at all. And since we/you are inventing a totally new use case here, we can, of course, use simple and omnipresent SSL certificates for it.

Precisely.

For what it’s worth:

• I have put an example, minimal JSON file with my currently used main addresses at https://heptasean.de/.well-known/cardano/addresses.json.
• I could sign it on the server without problem with the command sudo openssl dgst -sha512 -sign /etc/letsencrypt/live/heptasean.de/privkey.pem -out addresses.json.sha512 addresses.json, leading to the signature file https://heptasean.de/.well-known/cardano/addresses.json.sha512.
• From anywhere, I can now verify this by:

$ wget https://heptasean.de/.well-known/cardano/addresses.json
$ wget https://heptasean.de/.well-known/cardano/addresses.json.sha512
$ echo "Q" | openssl s_client -showcerts -servername heptasean.de -connect heptasean.de:443 | openssl x509 -pubkey -noout > heptasean.pub
$ openssl dgst -sha512 -verify heptasean.pub -signature addresses.json.sha512 addresses.json
Verified OK

You are confusing certificates and private keys, here. The certificate is the file signed by the certificate authority that contains the information about the certified entity. Without it, a signature (of code or of a file with Cardano addresses) is worthless. Anybody could sign it. The signature is only worth something if the certificate tells me who signed it.

No, they bought a three-year certificate expiring in July 2022 for 664 USD/year from DigiCert.

I don’t have a Windows. But running as admin just to check a digital signature seems ill-advised. Can’t you just right-click and look in the “Digital Signatures” tab of the properties?

Found a tool that checks the signature on Linux, though:

$ osslsigncode verify /tmp/daedalus-4.8.0-mainnet-20689.exe
Current PE checksum   : 13CA11F6
Calculated PE checksum: 13CA11F6

Signature Index: 0  (Primary Signature)
Message digest algorithm  : SHA256
Current message digest    : 58CDF18F562342CB1B39250A062D28109B28EE2E0B2C9495D69E16EC45302E3D
Calculated message digest : 58CDF18F562342CB1B39250A062D28109B28EE2E0B2C9495D69E16EC45302E3D

Signer's certificate:
	Signer #0:
		Subject: /jurisdictionC=HK/businessCategory=Private Organization/serialNumber=2209898/C=HK/L=Hong Kong/O=Input Output HK Limited/CN=Input Output HK Limited
		Issuer : /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)
		Serial : 0CC7B8B8E15F0B939456A20BFD5132CD
		Certificate expiration date:
			notBefore : Jul 11 00:00:00 2019 GMT
			notAfter : Jul  6 12:00:00 2022 GMT
[…]

As you can see, the certificate is contained, and it is a three-year certificate by DigiCert.

Point still stands:

• EV certificates are much too expensive for this use case. For TLS, nobody uses them, anymore. For code signing, they are used in the Windows world.
• We could use standard SSL certificates.
• But I would think putting the list of addresses on website and DNS is enough and signing is not necessary.
• Putting signatures or certificates in an NFT is just wrong. If they are used, they should reside at a website.

Ahhh, there is definitely a misunderstanding. You say that you need the certificate (public) in order to validate the signature. Thet’s how PGP works. So, if you have an email conversations with someone and you suspect that some third party would send you a false email, PGP comes to the rescue. You download that persons public certificate and the other party download yours. You can now verify the sender and the sender can verify. Problem solved. No third party, Eve, can successfully send a message to either one without being detected.

That is a brilliant way of solving this particular problem but it is also completely different from what I propose.

I want to stress that all it does is verifying the recipient. That’s it.

I should also mention that I made a technocal request at Thawte. Let’s see what they have to say. I want an expert to comment on my odea. Now, I didn’t mention your idea since I wanted to keep the message short. I hope I can have a good discussion. If I can, I will surely mention your idea since we can absolutely agree that it would be nice of we can be 100% sure that the address belongs to the expected recipient.

I say, we’re making progress

It is also, how X.509, how TLS, how your beloved effing Wincrap code signatures work. You want to know that the other party is, who they say they are in all of these cases! And you definitely want it in your address verification use case!

Think about pdf files. They can be signed. You can even try out for yourself here

Documents from SCOTUS are likely to be signed. Surely, you can find such documents online, i.e. Signed pdf files

But you don’t need to download any kind of certificate to verify the author. It’s all self contained, nothing like a pgp protected conversation. I think you simply right click, select properties and look at the security tab.

So, I could protect an address by creating a signed pdf file and submit as ntf. In it, there’s the address. The signature itself contains the owner of the certificate, like verycoolstuff.com which will appear when you validate it.

Oh, you don’t have windows. That explains a few things. And yes, actually running Daedalus as an admin is definitely ill advised. Bit you don’t have nor should you. You get a dialog and you can decline to run it as admin.

So, hmm, I need to come up with a better explanation, one that is os independent. Maybe what I mentioned about pdf files is a good starter. It works for almost everyone except ios and android since I think you can’t get document properties.

I need to do some rethinkimg and I also need to wait for the thawte response. It seems I wrote something without realising you had written a previous response.

Anyway, we can agree for sure that it is a good idea, stellar even, to be able to verify the ownership of a Cardano address, right? What remains is to work out the best way to implement it. I think cost is the least of our problem. It’s late, I will come back on a few days.

Of course, you can include the certificate in a complex file. It is also contained in signed Windows executables.

That does not change the fact that the certificate has to be available to verify who signed something, because it is in nearly all cases absolutely worthless to just know that someone signed something. Even bad guys can do signatures.

And you can also attach the PGP key to an e-mail, so that it is does not have to be downloaded. It’s just not a difference.

And this seems to be your misunderstanding: It is the certificate that contains the owner, not the signature!

But why even do it that way? The information about the signature is in the properties, where it belongs. Running as admin to see them is a totally weird work-around for something that is readily available.

You are right and I’m wrong. I wasn’t thinking clearly. I thank you for your time and patience. Things that I learned are comong back back to me. And, yes, my beloved wincrap stuff is flawed. It works better in some circumstances than other and really well if you are knowledgeable and somewhat paranoid. There is an attack vector for wallets, at least on my OS. It may be dofferent on security oriented linux distributions.

I have a pet project for which it would be nice if the executable could be signed the only way to do this without having to pay was to become my own certificate authority. Self signing. And I did get two certificates. One for signing and the other to indicate that I trust myself as a certificate authority.

So my executable should not be trusted by other people since they don’t have that certificate.

I need to spend some quality time in front of a real screen and a real keyboard. I need to change some things and clarify the problem witht the CA.