pull down to refresh

0 sats \ 4 replies \ @k00b 13 Nov \ on: Branta's Approach To Bitcoin Payment Address Verification: Triangulated Security AGORA
For a receiver, having a verified address means associating the address (with some kind of zk stuff) and metadata through Branta, and for the sender, verifying an address means asking Branta if such metadata exists, right?
How are you vetting the receivers when they register? ie what's stopping someone from pretending to be Satoshi Coffee Co by registering metadata and addresses with Branta?
write
preview
50 sats \ 2 replies \ @keith_gardner 13 Nov
Hi k00b! Good seeing you at tab
Keith, founder here.
  1. yep! metadata optional. address can be blinded (so branta never sees them, we recommend this). All addresses are purged after a TTL (usually 1 hour, sometimes 1 day - receiver decides.)
  2. Funniest outcome would be for North Korea to signup as Coinbase. Welcome folks to try. Few things I'll share:
  • Onboarding is high touch.
  • Email verification
  • DNS / Domain ownership. We manually approve businesses, its not full self serve to register.
reply
50 sats \ 0 replies \ @Scroogey 13 Nov
It seems easy to prevent for Coinbase.
But what if you get a sign-up from a small local business in Uruguay, from domain xcoffee.com.uy for string "XCoffee" with logo "XCoffee"? You check DNS ownership automatically, email, external SSO, etc. Great.
You even have an employee check their web site and check the string and logo. Fine.
But what you don't know is that there is a real local business called XCoffee with that logo operating, but on domain x-cafe.com.uy, and the request is coming from someone targeting their customers.
How will you prevent that, without hiring hundreds of human investigators as you scale?
DNS registrars have the same problem (if they even try), it's not easily solved.
reply
0 sats \ 0 replies \ @k00b 13 Nov
Thanks for clarifying!
reply
0 sats \ 0 replies \ @keith_gardner 13 Nov
test response w Github SSO
reply