Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Mike Hearn <mike@plan99.net>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
Date: Wed, 25 Sep 2013 13:35:48 +0200	[thread overview]
Message-ID: <CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com> (raw)
In-Reply-To: <CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 4186 bytes --]

On 25 September 2013 13:15, Mike Hearn <mike@plan99.net> wrote:

> It won't fit. But I don't see the logic. A URI contains instructions for
> making a payment. If that instruction is "pay to this address" or "download
> this file and do what you find there", it's no different unless there's
> potential for a MITM attack. If the request URL is HTTPS or a secured
> Bluetooth connection then there's no such possibility.
>

It depends on the attacker.  I think a large entity such as a govt or big
to medium size corporation *may* be able to MITM https, of course the
incentive to do so is probably not there ...


>
>
>
>
> On Wed, Sep 25, 2013 at 12:28 PM, Andreas Schildbach <
> andreas@schildbach.de> wrote:
>
>> While it's good to save space, I'm at the moment not convinced that
>> taking a de-route via an URL is a good idea to begin with.
>>
>> The main problem is trust. If you scan a QR code from a foreign phone,
>> you trust that that phone is owned by the one you want to send money to.
>> By adding the HTTP request that trust is voided.
>>
>> As soon as there is a BIP70 implementation, I will begin playing with
>> putting the payment request directly into the QR code.
>>
>>
>> On 09/25/2013 11:27 AM, Mike Hearn wrote:
>> > We could also say that if protocol part (https://) is missing, it's
>> > implied automatically. So just:
>> >
>> > bitcoin:1abc........?r=bob.com/r/aZgR <http://bob.com/r/aZgR>
>> >
>> > I think that's about as small as possible without re-using the pubkey as
>> > a token in the url.
>> >
>> >
>> > On Wed, Sep 25, 2013 at 1:35 AM, Gavin Andresen <
>> gavinandresen@gmail.com
>> > <mailto:gavinandresen@gmail.com>> wrote:
>> >
>> >     On Tue, Sep 24, 2013 at 11:52 PM, Mike Hearn <mike@plan99.net
>> >     <mailto:mike@plan99.net>> wrote:
>> >
>> >         BTW, on the "make qrcodes more scannable" front -- is it too
>> >         late to change BIP 72 so the new param is just "r" instead of
>> >         "request"? Every byte helps when it comes to qrcodes ...
>> >
>> >
>> >     Not too late, assuming there are no objections. Smaller QR codes is
>> >     a very good reason to change it.
>> >
>> >     --
>> >     --
>> >     Gavin Andresen
>> >
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > October Webinars: Code for Performance
>> > Free Intel webinars can help you accelerate application performance.
>> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the
>> most from
>> > the latest Intel processors and coprocessors. See abstracts and
>> register >
>> >
>> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
>> >
>> >
>> >
>> > _______________________________________________
>> > Bitcoin-development mailing list
>> > Bitcoin-development@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>> >
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 6682 bytes --]

next prev parent reply	other threads:[~2013-09-25 11:35 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-31  6:28 [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 Gavin Andresen
2013-07-31  8:45 ` Roy Badami
     [not found]   ` <CABsx9T3Xvnw2H6awgnT7mr-HzJOqCp_nOVM57BD-B9mY4R43aQ@mail.gmail.com>
2013-07-31 11:33     ` Gavin Andresen
2013-07-31 11:45       ` Melvin Carvalho
2013-07-31 23:30       ` E willbefull
2013-07-31 23:38         ` Gavin Andresen
2013-07-31 23:52           ` E willbefull
2013-08-07 20:12         ` Roy Badami
2013-07-31  8:59 ` Mike Hearn
2013-07-31 11:19   ` Gavin Andresen
2013-08-07 20:31 ` Pieter Wuille
2013-08-07 21:10   ` Gavin Andresen
2013-08-07 21:17     ` Mike Hearn
2013-08-07 21:36       ` Pieter Wuille
2013-08-07 21:44         ` Mike Hearn
2013-08-07 21:49           ` Pieter Wuille
2013-08-07 21:28     ` Roy Badami
2013-08-07 21:47     ` Alan Reiner
2013-08-14 10:56     ` Jouke Hofman
2013-08-07 21:47 ` Roy Badami
2013-08-07 21:54   ` Pieter Wuille
2013-08-07 22:03     ` Roy Badami
2013-08-08  0:48       ` Gavin Andresen
2013-08-08  9:13         ` Mike Hearn
2013-08-08 14:13         ` Pieter Wuille
2013-08-19 22:15 ` Andreas Petersson
2013-08-19 23:19   ` Gavin Andresen
2013-08-20 10:05     ` Mike Hearn
2013-09-24 13:52       ` Mike Hearn
2013-09-24 23:35         ` Gavin Andresen
2013-09-25  9:27           ` Mike Hearn
2013-09-25 10:28             ` Andreas Schildbach
2013-09-25 11:15               ` Mike Hearn
2013-09-25 11:33                 ` Andreas Schildbach
2013-09-25 11:45                   ` Mike Hearn
2013-09-25 11:59                     ` Andreas Schildbach
2013-09-25 14:31                       ` Jeff Garzik
2013-09-25 14:38                         ` Mike Hearn
2013-09-25 11:35                 ` Melvin Carvalho [this message]
2013-09-25 16:12                   ` The Doctor
2013-09-26  6:37                   ` Peter Todd
2013-09-25 14:26               ` Jeff Garzik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com' \
    --to=melvincarvalho@gmail.com \
    --cc=andreas@schildbach.de \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox