From: Mike Hearn <mike@plan99•net>
To: Paul Puey <paul@airbitz•co>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal for P2P Wireless (Bluetooth LE) transfer of Payment URI
Date: Thu, 5 Feb 2015 21:43:03 +0100 [thread overview]
Message-ID: <CANEZrP1RxX0V0qegOfrs+MdVYWeeJz0cecUii=rQ09kHzzgtXA@mail.gmail.com> (raw)
In-Reply-To: <CABdy8DL0x6_02HCxKMrQWyCDcBXsGr7+0iBt2Ez2a_kGRwjffQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1305 bytes --]
>
> Even if a user could get the BIP70 URL in the URI, they would still need
> internet to access the URL.
>
The way Bitcoin Wallet does it, the bitcoin URI includes a MAC address
where you can download the request from. BIP70 does not depend on internet
access or HTTP, plus, you don't have to sign them.
The name field might work but requires the merchant to set it, e.g. by
asking the payer what their name is, then typing it in, then the payer has
to wait for it to show up. By this point it's probably faster to have
scanned a QR code.
Re: security. I'll repeat what I wrote up-thread in case you didn't see it:
it's not clear to me at all that this partial address scheme is actually
> secure. The assumption appears to be that the MITM must match the address
> prefix generated by the genuine merchant. But if they can do a wireless
> MITM they can just substitute their own address prefix/partial address, no?
>
> To avoid MITM attacks the sender must know who they are sending money to,
> and that means they must see a human understandable name that's
> cryptographically bound to the right public key. Displaying partial
> addresses to the user is not going to solve this unless users manually
> compare key prefixes across the screens.... which is even less convenient
> than a QR code.
>
[-- Attachment #2: Type: text/html, Size: 2113 bytes --]
next prev parent reply other threads:[~2015-02-05 20:43 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-05 20:06 Paul Puey
2015-02-05 20:28 ` Mike Hearn
2015-02-05 20:37 ` Paul Puey
2015-02-05 20:43 ` Mike Hearn [this message]
2015-02-05 20:44 ` Eric Voskuil
2015-02-05 20:50 ` Mike Hearn
2015-02-05 20:59 ` Eric Voskuil
2015-02-05 21:19 ` Brian Hoffman
2015-02-05 21:23 ` Eric Voskuil
2015-02-05 21:36 ` Mike Hearn
2015-02-05 21:46 ` Eric Voskuil
2015-02-05 22:07 ` Paul Puey
2015-02-05 22:10 ` Eric Voskuil
2015-02-05 22:49 ` Roy Badami
2015-02-05 23:22 ` MⒶrtin HⒶboⓋštiak
2015-02-05 23:02 ` William Swanson
2015-02-05 23:34 ` Roy Badami
2015-02-05 23:59 ` Eric Voskuil
2015-02-06 8:59 ` Roy Badami
2015-02-06 9:13 ` Eric Voskuil
2015-02-06 0:58 ` Paul Puey
2015-02-05 23:22 ` Eric Voskuil
2015-02-05 23:36 ` MⒶrtin HⒶboⓋštiak
2015-02-05 23:46 ` Eric Voskuil
2015-02-06 0:04 ` MⒶrtin HⒶboⓋštiak
2015-02-06 0:22 ` Eric Voskuil
2015-02-06 0:36 ` Martin Habovštiak
2015-02-06 1:29 ` Eric Voskuil
2015-02-06 9:07 ` MⒶrtin HⒶboⓋštiak
2015-02-10 16:55 ` Eric Voskuil
2015-02-10 17:16 ` MⒶrtin HⒶboⓋštiak
2015-02-10 17:56 ` Eric Voskuil
2015-02-06 0:49 ` Paul Puey
2015-02-06 0:50 ` Martin Habovštiak
2015-02-06 1:05 ` Eric Voskuil
2015-02-06 2:09 ` Paul Puey
2015-02-05 22:02 ` Paul Puey
2015-02-05 22:01 ` Paul Puey
2015-02-05 22:05 ` Eric Voskuil
2015-02-05 22:08 ` Paul Puey
-- strict thread matches above, loose matches on Subject: below --
2015-02-05 8:01 Paul Puey
2015-02-05 13:46 ` Andreas Schildbach
2015-02-05 13:57 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANEZrP1RxX0V0qegOfrs+MdVYWeeJz0cecUii=rQ09kHzzgtXA@mail.gmail.com' \
--to=mike@plan99$(echo .)net \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=paul@airbitz$(echo .)co \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox