Hmm, is there any other way to do it? Can we provide a signed payment request and verify the sign on receiving side and this way protect from bluetooth MitM attack? Quick googling showed that SSL over bluetooth isn't a very well developed area, and my own skills are not enough to quickly implement a reliable secure solution here. 2014-03-20 10:36 GMT+00:00 Mike Hearn : > Encoding entire payment requests into qrcodes is definitely not the way to > go. They can already be large when signed and we're just at the start of > adding features. > > Finishing off and standardising the bluetooth support is the way to go > (r=bt:mac). Andreas' app already has some support for this I believe, so > Alex you could prototype with that, but we need to: > > 1) Add an encryption/auth layer on top, because it runs over RFCOMM > sockets. The authentication would require proof of owning the Bitcoin key > that's in the address part of the URI (which is needed for backwards compat > anyway). > > 2) Write a BIP for it and make sure it's interoperable > > For the auth layer we could either use SSL and then just ignore the server > certificate and require signing of the session public key with the Bitcoin > key, which should be easy to code up but is rather heavy on the air, or > roll a custom lightweight thing where we just do a basic ECDH, with the > servers key being the same as the address key. But rolling such protocols > is subtle and I guess it'd need to be reviewed by people familiar with such > things. > > This feels like a good opportunity to grow the community - perhaps we can > find a volunteer in the forums who enjoys crypto. > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >