* [bitcoin-dev] BIP Proposal - Address Paste Improvement
@ 2018-11-07 14:09 Adam Ficsor
2018-11-07 21:28 ` Andreas Schildbach
0 siblings, 1 reply; 10+ messages in thread
From: Adam Ficsor @ 2018-11-07 14:09 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 849 bytes --]
BIP: ?
Layer: Applications
Title: Address Paste Improvement
Author: nopara73 <adam.ficsor73@gmail•com>, David Molnar <
molnardavid84@gmail•com>
Type: Standard Track
Created: 2018-11-07
Abstract. End-users often copy-paste addresses. This BIP aims to facilitate
the user experience regarding this process.
Motivation. Some services already implemented autopaste functions, which is
done as follows: the user clicks to the address box and a Bitcoin address
automatically gets pasted from the clipboard. Depending on the
implementation, this could be either annoying or not permissive enough if
it completely replaces the possibility of manually entering a Bitcoin
address.
The BIP Proposal can be found here:
https://gist.github.com/nopara73/322dbd263a5c45267da87cffc36de6f6
An implementation will soon follow in Wasabi Wallet.
Regards,
nopara73
[-- Attachment #2: Type: text/html, Size: 1247 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-07 14:09 [bitcoin-dev] BIP Proposal - Address Paste Improvement Adam Ficsor
@ 2018-11-07 21:28 ` Andreas Schildbach
2018-11-08 8:11 ` Dmitry Petukhov
2018-11-08 17:12 ` Jeffrey Paul
0 siblings, 2 replies; 10+ messages in thread
From: Andreas Schildbach @ 2018-11-07 21:28 UTC (permalink / raw)
To: bitcoin-dev
Copying addresses to the clipboard should be discouraged, rather than
supported.
It is an inherently insecure mechanism. Regardless of the OS used, any
application can monitor the clipboard for Bitcoin addresses and replace
any address with their own, usually without any specific permission or
confirmation by the user. Effectively this steals Bitcoins if the user
doesn't compare addresses manually.
This is a real risk, as this kind of malware has already been seen.
Never copy & paste Bitcoin addresses!
On 07/11/2018 15.09, Adam Ficsor via bitcoin-dev wrote:
> BIP: ?
> Layer: Applications
> Title: Address Paste Improvement
> Author: nopara73 <adam.ficsor73@gmail•com
> <mailto:adam.ficsor73@gmail•com>>, David Molnar <molnardavid84@gmail•com
> <mailto:molnardavid84@gmail•com>>
> Type: Standard Track
> Created: 2018-11-07
>
> Abstract. End-users often copy-paste addresses. This BIP aims to
> facilitate the user experience regarding this process.
>
> Motivation. Some services already implemented autopaste functions, which
> is done as follows: the user clicks to the address box and a Bitcoin
> address automatically gets pasted from the clipboard. Depending on the
> implementation, this could be either annoying or not permissive enough
> if it completely replaces the possibility of manually entering a Bitcoin
> address.
>
> The BIP Proposal can be found
> here: https://gist.github.com/nopara73/322dbd263a5c45267da87cffc36de6f6
>
> An implementation will soon follow in Wasabi Wallet.
>
> Regards,
> nopara73
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-07 21:28 ` Andreas Schildbach
@ 2018-11-08 8:11 ` Dmitry Petukhov
2018-11-08 15:28 ` Andreas Schildbach
2018-11-08 17:43 ` Moral Agent
2018-11-08 17:12 ` Jeffrey Paul
1 sibling, 2 replies; 10+ messages in thread
From: Dmitry Petukhov @ 2018-11-08 8:11 UTC (permalink / raw)
To: bitcoin-dev; +Cc: Andreas Schildbach
> Copying addresses to the clipboard should be discouraged, rather than
> supported.
Do you know any reasonably convenient mechanism for end user to
transfer an address from, say, a web page to the wallet address
input field ?
The clipboard is just a low-hanging fruit for malware, anyway. It just
the most easy point to replace an address. If the computer is
compromized, malware can edit the web page in the memory of the browser
process, for example. If it shown as QR code, malware can decode,
detect that it is an address, and replace the image of QR code.
I think that the only way to protect from this is to add some form of
authentication for an address - 2fa (transfer checksum via second
channel), visual fingerprints for addresses, that will are hard to
detect (and hence, replace) for malware, signing the destination address
with the key of an address that is already known and checking the
signature, etc.
The problem will be to come up with an address authentication procedure
that will be convenient for users and widely supported, as a result.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-08 8:11 ` Dmitry Petukhov
@ 2018-11-08 15:28 ` Andreas Schildbach
2018-11-08 18:00 ` Dmitry Petukhov
2018-11-08 17:43 ` Moral Agent
1 sibling, 1 reply; 10+ messages in thread
From: Andreas Schildbach @ 2018-11-08 15:28 UTC (permalink / raw)
To: bitcoin-dev
On 08/11/2018 09.11, Dmitry Petukhov via bitcoin-dev wrote:
>> Copying addresses to the clipboard should be discouraged, rather than
>> supported.
>
> Do you know any reasonably convenient mechanism for end user to
> transfer an address from, say, a web page to the wallet address
> input field ?
- QR code scanning of a Bitcoin URI
- On Android: A "bitcoin:" URI intent or a BIP70 payment message intent
- On desktop OSes there are similar mechanisms to launch Apps from the
browser (e.g. for mailto: links)
> The clipboard is just a low-hanging fruit for malware, anyway. It just
> the most easy point to replace an address. If the computer is
> compromized, malware can edit the web page in the memory of the browser
> process, for example. If it shown as QR code, malware can decode,
> detect that it is an address, and replace the image of QR code.
For editing the clipboard your computer doesn't need to be compromised!
*Any* app can do it, without special permission.
> I think that the only way to protect from this is to add some form of
> authentication for an address - 2fa (transfer checksum via second
> channel), visual fingerprints for addresses, that will are hard to
> detect (and hence, replace) for malware, signing the destination address
> with the key of an address that is already known and checking the
> signature, etc.
For cases where the payee is a well-known entity the BIP70 payment
protocol has authentication via certificates. That doesn't work for the
"the person in front of you is the only trust anchor you have" usecase
though.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-07 21:28 ` Andreas Schildbach
2018-11-08 8:11 ` Dmitry Petukhov
@ 2018-11-08 17:12 ` Jeffrey Paul
1 sibling, 0 replies; 10+ messages in thread
From: Jeffrey Paul @ 2018-11-08 17:12 UTC (permalink / raw)
To: Andreas Schildbach, Bitcoin Protocol Discussion
> On Nov 7, 2018, at 13:28, Andreas Schildbach via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> Copying addresses to the clipboard should be discouraged, rather than
> supported.
>
> It is an inherently insecure mechanism. Regardless of the OS used, any
> application can monitor the clipboard for Bitcoin addresses and replace
> any address with their own, usually without any specific permission or
> confirmation by the user. Effectively this steals Bitcoins if the user
> doesn't compare addresses manually.
>
> This is a real risk, as this kind of malware has already been seen.
One can also make the argument that if the user's clipboard is able to be read/modified, then their working environment is already compromised and that the responsibility is already not upon specific application software, but the user or OS.
Down here in the real world, an application that does not support copying and pasting of addresses is not an application that is very useful (to say the least) to many people who want to manage their own wallet, though I understand your desire to avoid such. Perhaps offering alternatives such as supporting signed BIP70 payment requests is what you mean to do.
That said, I still think working around specific malware threats and vectors isn't the application's job, especially when doing so for a tiny, tiny fraction of users that have malware outweighs the needs of the 95%+ that need to support the "I have an address on my clipboard I need to pay" case.
Best,
-jp
--
Jeffrey Paul
+1 312 361 0355
+49 176 8058 2122 (signal)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-08 8:11 ` Dmitry Petukhov
2018-11-08 15:28 ` Andreas Schildbach
@ 2018-11-08 17:43 ` Moral Agent
1 sibling, 0 replies; 10+ messages in thread
From: Moral Agent @ 2018-11-08 17:43 UTC (permalink / raw)
To: dp, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 1848 bytes --]
>The problem will be to come up with an address authentication
procedure that will be convenient for users and widely supported, as a
result.
You could locally hash the destination address and from the hash derive a
BIP39 style list of 12 words for visual comparison. I would advise against
using color or graphics -- the brain is too good at "snapping" to an
expected perception when it is running in graphics mode instead of symbolic
mode.
On Thu, Nov 8, 2018 at 4:41 AM Dmitry Petukhov via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> > Copying addresses to the clipboard should be discouraged, rather than
> > supported.
>
> Do you know any reasonably convenient mechanism for end user to
> transfer an address from, say, a web page to the wallet address
> input field ?
>
> The clipboard is just a low-hanging fruit for malware, anyway. It just
> the most easy point to replace an address. If the computer is
> compromized, malware can edit the web page in the memory of the browser
> process, for example. If it shown as QR code, malware can decode,
> detect that it is an address, and replace the image of QR code.
>
> I think that the only way to protect from this is to add some form of
> authentication for an address - 2fa (transfer checksum via second
> channel), visual fingerprints for addresses, that will are hard to
> detect (and hence, replace) for malware, signing the destination address
> with the key of an address that is already known and checking the
> signature, etc.
>
> The problem will be to come up with an address authentication procedure
> that will be convenient for users and widely supported, as a result.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 2437 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-08 15:28 ` Andreas Schildbach
@ 2018-11-08 18:00 ` Dmitry Petukhov
2018-11-12 3:23 ` Adam Ficsor
0 siblings, 1 reply; 10+ messages in thread
From: Dmitry Petukhov @ 2018-11-08 18:00 UTC (permalink / raw)
To: bitcoin-dev; +Cc: Andreas Schildbach
> > Do you know any reasonably convenient mechanism for end user to
> > transfer an address from, say, a web page to the wallet address
> > input field ?
>
> - QR code scanning of a Bitcoin URI
> - On Android: A "bitcoin:" URI intent or a BIP70 payment message
> intent
> - On desktop OSes there are similar mechanisms to launch Apps from the
> browser (e.g. for mailto: links)
This works if the author of the web page thought about this, and
created appropriate liks/qr codes. In many cases, addresses are
just presented for users as text, to copy.
People also send addresses in message apps and emails. Maybe if
applications start to autodetect bitcoin addresses and convert them to
bitcoin: links, there will be less need to copy-paste. But I suspect
that this feature will not be quickly adopted by applications.
> For cases where the payee is a well-known entity the BIP70 payment
> protocol has authentication via certificates. That doesn't work for
> the "the person in front of you is the only trust anchor you have"
> usecase though.
There are also BIP75 and BIP47 that may help, but the number of wallets
that support these protocols is small (I think in part because of
relative complexity of these protocols).
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-08 18:00 ` Dmitry Petukhov
@ 2018-11-12 3:23 ` Adam Ficsor
2018-12-01 4:57 ` James MacWhyte
0 siblings, 1 reply; 10+ messages in thread
From: Adam Ficsor @ 2018-11-12 3:23 UTC (permalink / raw)
To: dp, bitcoin-dev; +Cc: andreas
[-- Attachment #1: Type: text/plain, Size: 2379 bytes --]
Thank you for all your comments. To sum up:
- There were no comments related to the implementation details.
- There are concerns about this may incentivize users to use copypaste
functionality extensively.
- A counter argument was made that crypto hijackers use the clipboard,
because that is the most convenient thing to hijack, not because they can
only hijack that and, if Bitcoin users would move to other ways of
specifying destinations, that may end up being just as an issue, too.
- The rest of the conversation was about crypto hijackers, which I think is
off topic in this thread.
Finally I'd like to note, there's already a work in progress implementation
in Wasabi: https://github.com/zkSNACKs/WalletWasabi/pull/825
On Fri, Nov 9, 2018 at 1:14 AM Dmitry Petukhov via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> > > Do you know any reasonably convenient mechanism for end user to
> > > transfer an address from, say, a web page to the wallet address
> > > input field ?
> >
> > - QR code scanning of a Bitcoin URI
> > - On Android: A "bitcoin:" URI intent or a BIP70 payment message
> > intent
> > - On desktop OSes there are similar mechanisms to launch Apps from the
> > browser (e.g. for mailto: links)
>
> This works if the author of the web page thought about this, and
> created appropriate liks/qr codes. In many cases, addresses are
> just presented for users as text, to copy.
>
> People also send addresses in message apps and emails. Maybe if
> applications start to autodetect bitcoin addresses and convert them to
> bitcoin: links, there will be less need to copy-paste. But I suspect
> that this feature will not be quickly adopted by applications.
>
> > For cases where the payee is a well-known entity the BIP70 payment
> > protocol has authentication via certificates. That doesn't work for
> > the "the person in front of you is the only trust anchor you have"
> > usecase though.
>
> There are also BIP75 and BIP47 that may help, but the number of wallets
> that support these protocols is small (I think in part because of
> relative complexity of these protocols).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--
Best,
Ádám
[-- Attachment #2: Type: text/html, Size: 3344 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-11-12 3:23 ` Adam Ficsor
@ 2018-12-01 4:57 ` James MacWhyte
2018-12-01 12:07 ` Adam Ficsor
0 siblings, 1 reply; 10+ messages in thread
From: James MacWhyte @ 2018-12-01 4:57 UTC (permalink / raw)
To: adam.ficsor73, Bitcoin Protocol Discussion; +Cc: Andreas Schildbach
[-- Attachment #1: Type: text/plain, Size: 3172 bytes --]
I liked the cheekiness of your summary, Adam ;)
I'm not sure why this needs to be a BIP. It is a UX detail--not really
related to bitcoin protocol or procedures. I wouldn't even call it a
description of best practices, since every product's use case is going to
be different.
If you think there is a compelling reason for why this needs to be a
documented standard, please elaborate!
Thanks,
James
On Sun, Nov 11, 2018 at 7:41 PM Adam Ficsor via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> Thank you for all your comments. To sum up:
>
> - There were no comments related to the implementation details.
> - There are concerns about this may incentivize users to use copypaste
> functionality extensively.
> - A counter argument was made that crypto hijackers use the clipboard,
> because that is the most convenient thing to hijack, not because they can
> only hijack that and, if Bitcoin users would move to other ways of
> specifying destinations, that may end up being just as an issue, too.
> - The rest of the conversation was about crypto hijackers, which I think
> is off topic in this thread.
>
> Finally I'd like to note, there's already a work in progress
> implementation in Wasabi:
> https://github.com/zkSNACKs/WalletWasabi/pull/825
>
> On Fri, Nov 9, 2018 at 1:14 AM Dmitry Petukhov via bitcoin-dev <
> bitcoin-dev@lists•linuxfoundation.org> wrote:
>
>>
>> > > Do you know any reasonably convenient mechanism for end user to
>> > > transfer an address from, say, a web page to the wallet address
>> > > input field ?
>> >
>> > - QR code scanning of a Bitcoin URI
>> > - On Android: A "bitcoin:" URI intent or a BIP70 payment message
>> > intent
>> > - On desktop OSes there are similar mechanisms to launch Apps from the
>> > browser (e.g. for mailto: links)
>>
>> This works if the author of the web page thought about this, and
>> created appropriate liks/qr codes. In many cases, addresses are
>> just presented for users as text, to copy.
>>
>> People also send addresses in message apps and emails. Maybe if
>> applications start to autodetect bitcoin addresses and convert them to
>> bitcoin: links, there will be less need to copy-paste. But I suspect
>> that this feature will not be quickly adopted by applications.
>>
>> > For cases where the payee is a well-known entity the BIP70 payment
>> > protocol has authentication via certificates. That doesn't work for
>> > the "the person in front of you is the only trust anchor you have"
>> > usecase though.
>>
>> There are also BIP75 and BIP47 that may help, but the number of wallets
>> that support these protocols is small (I think in part because of
>> relative complexity of these protocols).
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
>
> --
> Best,
> Ádám
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 4769 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
2018-12-01 4:57 ` James MacWhyte
@ 2018-12-01 12:07 ` Adam Ficsor
0 siblings, 0 replies; 10+ messages in thread
From: Adam Ficsor @ 2018-12-01 12:07 UTC (permalink / raw)
To: macwhyte; +Cc: bitcoin-dev, andreas
[-- Attachment #1: Type: text/plain, Size: 3816 bytes --]
If this needs to be a BIP or not, that is up to this list to decide, I will
not be pushy abut it. We simply encountered a well defined and common issue
and we took the time to work out and specify our solution, so it may come
in handy for other developers encountering this same issue. We can argue
about the significance of it, but I suspect all arguments will come down to
how much an individual developer values UX or how much he does not.
On Sat, Dec 1, 2018 at 11:57 AM James MacWhyte <macwhyte@gmail•com> wrote:
> I liked the cheekiness of your summary, Adam ;)
>
> I'm not sure why this needs to be a BIP. It is a UX detail--not really
> related to bitcoin protocol or procedures. I wouldn't even call it a
> description of best practices, since every product's use case is going to
> be different.
>
> If you think there is a compelling reason for why this needs to be a
> documented standard, please elaborate!
>
> Thanks,
> James
>
>
> On Sun, Nov 11, 2018 at 7:41 PM Adam Ficsor via bitcoin-dev <
> bitcoin-dev@lists•linuxfoundation.org> wrote:
>
>> Thank you for all your comments. To sum up:
>>
>> - There were no comments related to the implementation details.
>> - There are concerns about this may incentivize users to use copypaste
>> functionality extensively.
>> - A counter argument was made that crypto hijackers use the clipboard,
>> because that is the most convenient thing to hijack, not because they can
>> only hijack that and, if Bitcoin users would move to other ways of
>> specifying destinations, that may end up being just as an issue, too.
>> - The rest of the conversation was about crypto hijackers, which I think
>> is off topic in this thread.
>>
>> Finally I'd like to note, there's already a work in progress
>> implementation in Wasabi:
>> https://github.com/zkSNACKs/WalletWasabi/pull/825
>>
>> On Fri, Nov 9, 2018 at 1:14 AM Dmitry Petukhov via bitcoin-dev <
>> bitcoin-dev@lists•linuxfoundation.org> wrote:
>>
>>>
>>> > > Do you know any reasonably convenient mechanism for end user to
>>> > > transfer an address from, say, a web page to the wallet address
>>> > > input field ?
>>> >
>>> > - QR code scanning of a Bitcoin URI
>>> > - On Android: A "bitcoin:" URI intent or a BIP70 payment message
>>> > intent
>>> > - On desktop OSes there are similar mechanisms to launch Apps from the
>>> > browser (e.g. for mailto: links)
>>>
>>> This works if the author of the web page thought about this, and
>>> created appropriate liks/qr codes. In many cases, addresses are
>>> just presented for users as text, to copy.
>>>
>>> People also send addresses in message apps and emails. Maybe if
>>> applications start to autodetect bitcoin addresses and convert them to
>>> bitcoin: links, there will be less need to copy-paste. But I suspect
>>> that this feature will not be quickly adopted by applications.
>>>
>>> > For cases where the payee is a well-known entity the BIP70 payment
>>> > protocol has authentication via certificates. That doesn't work for
>>> > the "the person in front of you is the only trust anchor you have"
>>> > usecase though.
>>>
>>> There are also BIP75 and BIP47 that may help, but the number of wallets
>>> that support these protocols is small (I think in part because of
>>> relative complexity of these protocols).
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitcoin-dev@lists•linuxfoundation.org
>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>
>>
>>
>> --
>> Best,
>> Ádám
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
--
Best,
Ádám
[-- Attachment #2: Type: text/html, Size: 5875 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-12-01 12:07 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-07 14:09 [bitcoin-dev] BIP Proposal - Address Paste Improvement Adam Ficsor
2018-11-07 21:28 ` Andreas Schildbach
2018-11-08 8:11 ` Dmitry Petukhov
2018-11-08 15:28 ` Andreas Schildbach
2018-11-08 18:00 ` Dmitry Petukhov
2018-11-12 3:23 ` Adam Ficsor
2018-12-01 4:57 ` James MacWhyte
2018-12-01 12:07 ` Adam Ficsor
2018-11-08 17:43 ` Moral Agent
2018-11-08 17:12 ` Jeffrey Paul
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox