Howdy,
I have been asked many times on how does the buyer/vendor know when a transaction is really Multi-Sig. As a result, I have added a feature to BlackBank that allows members to verify the transaction with a simple copy and paste command:
http://u5z75duioy7kpwun.onion/wiki/index.php/Verifying_Multi-Sig_Escrow
Buyers/Vendors can now verify that the Multi-Sig was created with their keys as well as see the funds in Blockchain.info.
If there are any questions or feedback, please always feel free to contact me or share them here.
Cheers,
MDParity
I don't see how knowing the redeemscript proves that the the reemscript is legitimate? All it proves is that the redeemscript was funded by some person. You still have no way to know that the redeemscript did not consist of two keys controlled by one individual along with your key.
I still think it's a fundamentally bad practice to ever ask the a user for their private key. I can't fathom a reasonable reason to ask for this. In the worst case, if somebody was using a BIP0032 wallet and gained knowledge of the extended public key of that account, the entire account would be compromised entirely if they gained even one private key.
End users have problems remembering their private keys. It's the #1 problem I see. Asking them to produce a private key is no harder that supplying a tool that allows them to sign a partially signed transaction and asking them to use it. This makes the 'easy of use' argument fall flat on it's face.