Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72

[The Doctor <drwho@virtadpt.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/25/2013 07:35 AM, Melvin Carvalho wrote:

> It depends on the attacker.  I think a large entity such as a govt
> or big to medium size corporation *may* be able to MITM https, of
> course the incentive to do so is probably not there ...

DLP (data loss prevention) products usually have MITM capability, to
make sure that proprietary information isn't being exfiltrated.  Also,
some companies have full packet capture policies.  The technology is
out there and people buy and use it.  Whether or not they're going to
care about Bitcoin URIs in the short term, I don't know.

Some of the companies documented here have such products:

http://bluecabinet.info/wiki/Blue_cabinet#List_of_companies

You are correct in that the incentive to carry out MITM attacks in
this use case may not be there.  However, detecting transactions may
be more useful to an attacker than meddling with them.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Shiloh?  Is your name Shiloh?  Can I talk to you?"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJDC30ACgkQO9j/K4B7F8FungCgyQtkyiQIekhlv1/Nqdd/JAIV
3EgAoKW8wTOI11lEq0ieOsRiQmnkM9w6
=W50W
-----END PGP SIGNATURE-----