From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VOq7j-0001SE-AT for bitcoin-development@lists.sourceforge.net; Wed, 25 Sep 2013 14:31:27 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bitpay.com designates 74.125.82.174 as permitted sender) client-ip=74.125.82.174; envelope-from=jgarzik@bitpay.com; helo=mail-we0-f174.google.com; Received: from mail-we0-f174.google.com ([74.125.82.174]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VOq7i-0007by-8E for bitcoin-development@lists.sourceforge.net; Wed, 25 Sep 2013 14:31:27 +0000 Received: by mail-we0-f174.google.com with SMTP id q58so6065349wes.5 for ; Wed, 25 Sep 2013 07:31:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=LeoC6VLuBmKHoRP6FbBWqFiGm14y8CrOEZfRWBMef2w=; b=fsUGr4xCAWKvBM8ZGtwEvDaNoGE9uZMPbYx5n+kiP4RhnXUiN9s66eJiRolMOGDrv9 QsTTI09HeXviPohYITAtMmMkugyOUYfDuohTYInnzsYFjLlJ98VUn3mlSdz43weFq/aT 5kYqX36/WVDKL4xGnCtHXVBzWYwqe0U9zPdX5PMUR6Dqok1m+5HcqRpIPUlgDqZAuIBO ov3scHr5BJdLvjgRnP9BRDMr/61cZG45N++W2atENFbD5QndxZYb0y9uzTXT919v8VKi 2pWypsIc0HFaZvSSZ2FPaNopM8/AAB/0V/uX8kGhSRdnRIsENbGyJzSrSVwLHX2udGkv 4LKw== X-Gm-Message-State: ALoCoQkgmigH6Rbpi80N1/SsTHTPrj1Q5hpVk1JZADfAUJRx54WAS2D97sCwC7bOWBT+vqEbwHFH MIME-Version: 1.0 X-Received: by 10.194.158.67 with SMTP id ws3mr27475516wjb.5.1380119480055; Wed, 25 Sep 2013 07:31:20 -0700 (PDT) Received: by 10.194.236.69 with HTTP; Wed, 25 Sep 2013 07:31:19 -0700 (PDT) In-Reply-To: References: <521298F0.20108@petersson.at> Date: Wed, 25 Sep 2013 10:31:19 -0400 Message-ID: From: Jeff Garzik To: Andreas Schildbach Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VOq7i-0007by-8E Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Sep 2013 14:31:27 -0000 BitPay experimented with QR codes in low light, restaurant and other conditions. QR codes become difficult to use even at 100 chars. On the merchant side, we prefer a short URL that speaks payment protocol if visited via bitcoin client, but will gracefully work if scanned by a phone with zero bitcoin support -- you will simply be redirected to a BitPay invoice page for a normal browser. On Wed, Sep 25, 2013 at 7:59 AM, Andreas Schildbach wrote: > On 09/25/2013 01:45 PM, Mike Hearn wrote: > >> OK, it might fit if you don't use any of the features the protocol >> provides :) > > Now you're dver-dramaticing (-: > > I'm just skipping one feature which I think is useless for QR codes > scanned in person. > >> You can try it here: > > Thanks. A typical request would be around 60 bytes, which should produce > an URL with around 100 chars. That should be fine for scanning, but I > will experiment. > >> If you're thinking about governments and so on subverting CA's, then >> there is a plan for handling that (outside the Bitcoin world) called >> certificate transparency which is being implemented now. > > Good to hear. Let's see if it gets momentum. > >> Now when you are getting a QR code from the web, it's already being >> served over HTTPS. So if you're up against an attacker who can break a >> CA in order to steal your money, then you already lose, the QRcode >> itself as MITMd. > > Sure. I was talking about QR codes scanned in person. > >> In the Bluetooth case we might have to keep the address around and use >> it to do ECDHE or something like that. > > Yeah, will look at that as soon as we're implementing the payment > protocol fully. > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Jeff Garzik Senior Software Engineer and open source evangelist BitPay, Inc. https://bitpay.com/