On 25 September 2013 13:15, Mike Hearn wrote: > It won't fit. But I don't see the logic. A URI contains instructions for > making a payment. If that instruction is "pay to this address" or "download > this file and do what you find there", it's no different unless there's > potential for a MITM attack. If the request URL is HTTPS or a secured > Bluetooth connection then there's no such possibility. > It depends on the attacker. I think a large entity such as a govt or big to medium size corporation *may* be able to MITM https, of course the incentive to do so is probably not there ... > > > > > On Wed, Sep 25, 2013 at 12:28 PM, Andreas Schildbach < > andreas@schildbach.de> wrote: > >> While it's good to save space, I'm at the moment not convinced that >> taking a de-route via an URL is a good idea to begin with. >> >> The main problem is trust. If you scan a QR code from a foreign phone, >> you trust that that phone is owned by the one you want to send money to. >> By adding the HTTP request that trust is voided. >> >> As soon as there is a BIP70 implementation, I will begin playing with >> putting the payment request directly into the QR code. >> >> >> On 09/25/2013 11:27 AM, Mike Hearn wrote: >> > We could also say that if protocol part (https://) is missing, it's >> > implied automatically. So just: >> > >> > bitcoin:1abc........?r=bob.com/r/aZgR >> > >> > I think that's about as small as possible without re-using the pubkey as >> > a token in the url. >> > >> > >> > On Wed, Sep 25, 2013 at 1:35 AM, Gavin Andresen < >> gavinandresen@gmail.com >> > > wrote: >> > >> > On Tue, Sep 24, 2013 at 11:52 PM, Mike Hearn > > > wrote: >> > >> > BTW, on the "make qrcodes more scannable" front -- is it too >> > late to change BIP 72 so the new param is just "r" instead of >> > "request"? Every byte helps when it comes to qrcodes ... >> > >> > >> > Not too late, assuming there are no objections. Smaller QR codes is >> > a very good reason to change it. >> > >> > -- >> > -- >> > Gavin Andresen >> > >> > >> > >> > >> > >> ------------------------------------------------------------------------------ >> > October Webinars: Code for Performance >> > Free Intel webinars can help you accelerate application performance. >> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the >> most from >> > the latest Intel processors and coprocessors. See abstracts and >> register > >> > >> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk >> > >> > >> > >> > _______________________________________________ >> > Bitcoin-development mailing list >> > Bitcoin-development@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > >> >> >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >