Re: [Bitcoin-development] BIP72 amendment proposal

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Aaron Voisine <voisine@gmail•com>
To: Mike Hearn <mike@plan99•net>
Cc: "bitcoin-development@lists•sourceforge.net"
	<bitcoin-development@lists•sourceforge.net>,
	Andreas Schildbach <andreas@schildbach•de>
Subject: Re: [Bitcoin-development] BIP72 amendment proposal
Date: Fri, 12 Sep 2014 11:43:32 -0700	[thread overview]
Message-ID: <CACq0ZD6ocZ62rvRQaxQZ3moH3kC-uK_US3+p67Y+8bMJB_-b5A@mail.gmail.com> (raw)
In-Reply-To: <CANEZrP2D9RbMVHS12PnEjXiz7TjjGFDvybOs6+kCb-aZKwXy-A@mail.gmail.com>

Are there any circumstances where the payment request object might be
served over a different domain than the CNAME of the object's signer?

BIP72 states "Bitcoin wallets must support fetching PaymentRequests
via http and https protocols;". If the request object is signed by the
owner of the domain, then the worst an attacker who doesn't have the
signing key can do is replace the request with another validly signed
request intended for someone else, but that could be the attacker's
own product order, tricking someone else into paying for it.

Should BIP72 require that signed payment requests be from the same
domain, and also require https?

Aaron

Aaron Voisine
breadwallet.com


On Fri, Sep 12, 2014 at 9:31 AM, Mike Hearn <mike@plan99•net> wrote:
> Putting aside the question of necessity for a moment, a more efficient
> approach to this would be;
>
> Add another marker param like &s to the end of the URL
> Add another field to PaymentRequest that contains an ECC signature
> calculated using the public key that hashes to the address in the URI
> Upgraded wallets look for the additional param and if it's there, expect to
> find the PaymentDetails signed with the address key. PKI signing of course
> is still useful to provide an actual identity for receipts, display on
> hardware wallets, dispute mediation etc.
>
> This adds only a few characters to a normal backwards-compatible QR code,
> and is not hard to implement.
>
>
> On Fri, Sep 12, 2014 at 5:37 PM, Mike Hearn <mike@plan99•net> wrote:
>>>
>>> That way we leave up to implementers to experiment with different
>>> lengths and figure out what the optimum is
>>
>>
>> Ah, that's a good suggestion if we do go this way.
>
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

next prev parent reply	other threads:[~2014-09-12 18:43 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.341412.1410515709.2178.bitcoin-development@lists.sourceforge.net>
2014-09-12 10:11 ` Mark van Cuijk
2014-09-12 11:07   ` Andreas Schildbach
2014-09-12 13:49     ` Mike Hearn
2014-09-12 14:15       ` Jeff Garzik
2014-09-12 14:36       ` Andreas Schildbach
2014-09-12 15:25         ` Christophe Biocca
2014-09-12 15:33           ` Christophe Biocca
2014-09-12 15:37             ` Mike Hearn
2014-09-12 16:31               ` Mike Hearn
2014-09-12 18:43                 ` Aaron Voisine [this message]
2014-09-15  7:43                   ` Andreas Schildbach
2014-09-15  7:12                 ` Andreas Schildbach
2014-09-12 15:36         ` Mike Hearn
     [not found] <mailman.342174.1410547421.2163.bitcoin-development@lists.sourceforge.net>
2014-09-12 20:59 ` Mark van Cuijk
2014-09-13  8:53   ` Wladimir
2014-09-12  9:29 Andreas Schildbach
2014-09-12  9:55 ` Wladimir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACq0ZD6ocZ62rvRQaxQZ3moH3kC-uK_US3+p67Y+8bMJB_-b5A@mail.gmail.com \
    --to=voisine@gmail$(echo .)com \
    --cc=andreas@schildbach$(echo .)de \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=mike@plan99$(echo .)net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox