From: Mike Hearn <mike@plan99•net>
To: Andreas Schildbach <andreas@schildbach•de>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
Date: Wed, 25 Sep 2013 13:45:02 +0200 [thread overview]
Message-ID: <CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com> (raw)
In-Reply-To: <l1uhld$d68$1@ger.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1416 bytes --]
On Wed, Sep 25, 2013 at 1:33 PM, Andreas Schildbach
<andreas@schildbach•de>wrote:
> Why do you think that? Of course, I would skip the certificate, as its
> unnecessary if you see your partner in person.
>
OK, it might fit if you don't use any of the features the protocol provides
:) You can try it here:
https://bitcoincore.org/~gavin/createpaymentrequest.php
> HTTPS trust is utterly broken unless you fix it by adding the
>
certificate or a fingerprint to the QR code.
>
It's not "utterly broken", that's over-dramatic. It's just the best that
can be done with todays technology. I wrote about the SSL PKI and how it's
being upgraded here:
https://bitcointalk.org/index.php?topic=300809.0
If you're thinking about governments and so on subverting CA's, then there
is a plan for handling that (outside the Bitcoin world) called certificate
transparency which is being implemented now.
Now when you are getting a QR code from the web, it's already being served
over HTTPS. So if you're up against an attacker who can break a CA in order
to steal your money, then you already lose, the QRcode itself as MITMd.
In the Bluetooth case we might have to keep the address around and use it
to do ECDHE or something like that. The current BT support doesn't need
that because it's just blasting out a tx, the entire protocol is write
only. Once it's reading data as well then it'll need a custom security
layer.
[-- Attachment #2: Type: text/html, Size: 2657 bytes --]
next prev parent reply other threads:[~2013-09-25 11:45 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-31 6:28 Gavin Andresen
2013-07-31 8:45 ` Roy Badami
[not found] ` <CABsx9T3Xvnw2H6awgnT7mr-HzJOqCp_nOVM57BD-B9mY4R43aQ@mail.gmail.com>
2013-07-31 11:33 ` Gavin Andresen
2013-07-31 11:45 ` Melvin Carvalho
2013-07-31 23:30 ` E willbefull
2013-07-31 23:38 ` Gavin Andresen
2013-07-31 23:52 ` E willbefull
2013-08-07 20:12 ` Roy Badami
2013-07-31 8:59 ` Mike Hearn
2013-07-31 11:19 ` Gavin Andresen
2013-08-07 20:31 ` Pieter Wuille
2013-08-07 21:10 ` Gavin Andresen
2013-08-07 21:17 ` Mike Hearn
2013-08-07 21:36 ` Pieter Wuille
2013-08-07 21:44 ` Mike Hearn
2013-08-07 21:49 ` Pieter Wuille
2013-08-07 21:28 ` Roy Badami
2013-08-07 21:47 ` Alan Reiner
2013-08-14 10:56 ` Jouke Hofman
2013-08-07 21:47 ` Roy Badami
2013-08-07 21:54 ` Pieter Wuille
2013-08-07 22:03 ` Roy Badami
2013-08-08 0:48 ` Gavin Andresen
2013-08-08 9:13 ` Mike Hearn
2013-08-08 14:13 ` Pieter Wuille
2013-08-19 22:15 ` Andreas Petersson
2013-08-19 23:19 ` Gavin Andresen
2013-08-20 10:05 ` Mike Hearn
2013-09-24 13:52 ` Mike Hearn
2013-09-24 23:35 ` Gavin Andresen
2013-09-25 9:27 ` Mike Hearn
2013-09-25 10:28 ` Andreas Schildbach
2013-09-25 11:15 ` Mike Hearn
2013-09-25 11:33 ` Andreas Schildbach
2013-09-25 11:45 ` Mike Hearn [this message]
2013-09-25 11:59 ` Andreas Schildbach
2013-09-25 14:31 ` Jeff Garzik
2013-09-25 14:38 ` Mike Hearn
2013-09-25 11:35 ` Melvin Carvalho
2013-09-25 16:12 ` The Doctor
2013-09-26 6:37 ` Peter Todd
2013-09-25 14:26 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com \
--to=mike@plan99$(echo .)net \
--cc=andreas@schildbach$(echo .)de \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox