

Instawallet introduces instant bitcoin payments (zero confirmations) - gasull
http://forum.bitcoin.org/index.php?topic=32818.0

======
stuhood
This is actually a special case of a general concept: specifying how much you
trust particular addresses. Instawallet has just coined 'green address' as a
nickname for an address that you will accept payments from instantly (0
confirmation), but what do you call an address for which you would prefer to
see 1 or 2 confirmations (~10 or 20 minutes, respectively)?

If Bitcoin UIs allowed you to specify how much you trusted particular sending
addresses (in terms of confirmation numbers), things like green addresses
would fall out naturally. Also, providing these trust numbers is a great
usecase for a web-of-trust system.

~~~
palish
I'd hope you wouldn't do business on just 1 confirmation. It'd be fairly easy
to spoof.

~~~
stuhood
Not particularly... an attacker with a rack of GPU filled machines will only
find a valid block every 10 days or so, and blocks are valid for around 10
minutes on average: this is a relatively narrow window for double spending,
and not an opportunity to waste on a small transaction.

There are other attacks that rely on the receiver being fenced off from the
wider network, but those are even harder to coordinate.

------
Gullanian
Would people be happy for banks to use the same security for your account?
Because that's what people seem to be arguing when they say it's perfectly
safe/secure. This is in regards to the obscure URL being the entry point to
the account not to do with BC itself.

------
Groxx
Cool to see this finally get implemented. Thanks Instawallet!

------
Gullanian
Yikes, no security except the obscurity of the address... I'm not sure I would
be comfortable using that. I know the search space is huge (~10^28) but there
are so many other implications.

~~~
Groxx
Erm... that's the public part of a public-key pair. It's as secure as any
other modern public-key crypto out there (plus or minus a few digits). Any
transactions are signed.

~~~
eli
No, in the case the problem is that the URL is essentially the private key!

