public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
Date: Thu, 26 Sep 2013 02:37:19 -0400	[thread overview]
Message-ID: <20130926063719.GA13640@savin> (raw)
In-Reply-To: <CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1360 bytes --]

On Wed, Sep 25, 2013 at 01:35:48PM +0200, Melvin Carvalho wrote:
> On 25 September 2013 13:15, Mike Hearn <mike@plan99.net> wrote:
> 
> > It won't fit. But I don't see the logic. A URI contains instructions for
> > making a payment. If that instruction is "pay to this address" or "download
> > this file and do what you find there", it's no different unless there's
> > potential for a MITM attack. If the request URL is HTTPS or a secured
> > Bluetooth connection then there's no such possibility.
> >
> 
> It depends on the attacker.  I think a large entity such as a govt or big
> to medium size corporation *may* be able to MITM https, of course the
> incentive to do so is probably not there ...

...until the Bitcoin payment protocol showed up and let anyone with the
ability to MITM https turn that ability into untraceable cash.

I won't be at all surprised if one of the most valuable things to come
out of the payment protocol using the SSL PKI infrastructure is to give
us a good understanding of exactly how it's broken, and to give everyone
involved good reasons to fix it.

Even if the flaws of SSL PKI were exploited as a way to harm bitcoin by
governments and other large players - and SSL PKI remained unfixed - I'd
much rather have that solid evidence that it was broken than not.

-- 
'peter'[:-1]@petertodd.org

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

  parent reply	other threads:[~2013-09-26  6:53 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-31  6:28 [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 Gavin Andresen
2013-07-31  8:45 ` Roy Badami
     [not found]   ` <CABsx9T3Xvnw2H6awgnT7mr-HzJOqCp_nOVM57BD-B9mY4R43aQ@mail.gmail.com>
2013-07-31 11:33     ` Gavin Andresen
2013-07-31 11:45       ` Melvin Carvalho
2013-07-31 23:30       ` E willbefull
2013-07-31 23:38         ` Gavin Andresen
2013-07-31 23:52           ` E willbefull
2013-08-07 20:12         ` Roy Badami
2013-07-31  8:59 ` Mike Hearn
2013-07-31 11:19   ` Gavin Andresen
2013-08-07 20:31 ` Pieter Wuille
2013-08-07 21:10   ` Gavin Andresen
2013-08-07 21:17     ` Mike Hearn
2013-08-07 21:36       ` Pieter Wuille
2013-08-07 21:44         ` Mike Hearn
2013-08-07 21:49           ` Pieter Wuille
2013-08-07 21:28     ` Roy Badami
2013-08-07 21:47     ` Alan Reiner
2013-08-14 10:56     ` Jouke Hofman
2013-08-07 21:47 ` Roy Badami
2013-08-07 21:54   ` Pieter Wuille
2013-08-07 22:03     ` Roy Badami
2013-08-08  0:48       ` Gavin Andresen
2013-08-08  9:13         ` Mike Hearn
2013-08-08 14:13         ` Pieter Wuille
2013-08-19 22:15 ` Andreas Petersson
2013-08-19 23:19   ` Gavin Andresen
2013-08-20 10:05     ` Mike Hearn
2013-09-24 13:52       ` Mike Hearn
2013-09-24 23:35         ` Gavin Andresen
2013-09-25  9:27           ` Mike Hearn
2013-09-25 10:28             ` Andreas Schildbach
2013-09-25 11:15               ` Mike Hearn
2013-09-25 11:33                 ` Andreas Schildbach
2013-09-25 11:45                   ` Mike Hearn
2013-09-25 11:59                     ` Andreas Schildbach
2013-09-25 14:31                       ` Jeff Garzik
2013-09-25 14:38                         ` Mike Hearn
2013-09-25 11:35                 ` Melvin Carvalho
2013-09-25 16:12                   ` The Doctor
2013-09-26  6:37                   ` Peter Todd [this message]
2013-09-25 14:26               ` Jeff Garzik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130926063719.GA13640@savin \
    --to=pete@petertodd.org \
    --cc=andreas@schildbach.de \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=melvincarvalho@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox