From: Brian Erdelyi <brian.erdelyi@gmail•com>
To: "Martin Habovštiak" <martin.habovstiak@gmail•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
Date: Sun, 1 Feb 2015 09:54:08 -0400 [thread overview]
Message-ID: <45C925F1-8872-4441-AEC8-B8AFAAE93D24@gmail.com> (raw)
In-Reply-To: <CALkkCJbiv3o-oGoKY6sQkiLSeaCUfKVKHj1wqZUjfprmf9M5BA@mail.gmail.com>
> BIP70 is quite safe agains MitB. If user copies URL belonging to other
> merchant, he would see the fact after entering it into his wallet
> application. The only problem is, attacker can buy from the same
> merchant with user's money. (sending him different URL) This can be
> mitigated by merchant setting "memo" to the description of the basket
> and some user info (e.g. address to which goods are sent).
I think BIP 70 does a good job at verifying where the payment request came from. I’m not convinced this is the same as verifying the transaction (ideally OOB).
> But if whole computer is compromised, you're already screwed. Trezor
> should help, but I'm not sure if it supports BIP70.
The reason for OOB verification is if the entire computer is compromised. Again, this may only be possible with a trusted intermediary or a web wallet.
Brian Erdelyi
next prev parent reply other threads:[~2015-02-01 13:54 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-31 22:15 Brian Erdelyi
2015-01-31 22:38 ` Natanael
2015-01-31 23:04 ` Brian Erdelyi
2015-01-31 23:37 ` Natanael
2015-01-31 23:41 ` Natanael
2015-02-01 12:49 ` Brian Erdelyi
2015-02-01 13:31 ` Martin Habovštiak
2015-02-01 13:46 ` Mike Hearn
2015-02-01 13:54 ` Brian Erdelyi [this message]
2015-02-01 13:48 ` Mike Hearn
2015-02-01 14:28 ` mbde
2015-02-02 17:40 ` Brian Erdelyi
2015-02-02 17:54 ` Martin Habovštiak
2015-02-02 17:59 ` Mike Hearn
2015-02-02 18:02 ` Martin Habovštiak
2015-02-02 18:25 ` Mike Hearn
2015-02-02 18:35 ` Brian Erdelyi
2015-02-02 18:45 ` Eric Voskuil
2015-02-02 19:58 ` Brian Erdelyi
2015-02-02 20:57 ` Joel Joonatan Kaartinen
2015-02-02 21:03 ` Brian Erdelyi
2015-02-02 21:09 ` Pedro Worcel
2015-02-02 21:30 ` devrandom
2015-02-02 21:49 ` Brian Erdelyi
2015-02-02 21:42 ` Brian Erdelyi
2015-02-02 21:02 ` Pedro Worcel
2015-02-03 7:38 ` Eric Voskuil
2015-02-02 18:10 ` Brian Erdelyi
2015-02-02 18:07 ` Brian Erdelyi
2015-02-02 18:05 ` Eric Voskuil
2015-02-02 18:53 ` Mike Hearn
2015-02-02 22:54 ` Eric Voskuil
2015-02-03 0:41 ` Eric Voskuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45C925F1-8872-4441-AEC8-B8AFAAE93D24@gmail.com \
--to=brian.erdelyi@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=martin.habovstiak@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox