From: Alex Kotenko <alexykot@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments
Date: Mon, 30 Jun 2014 20:26:36 +0100 [thread overview]
Message-ID: <CALDj+BYkOyNuEiiuTgjd7L-ZeHN4Mb4034W+OeCFob1RwJn=Vg@mail.gmail.com> (raw)
In-Reply-To: <A1269E16-63BC-44D5-B460-D793D45587AD@riseup.net>
[-- Attachment #1: Type: text/plain, Size: 4710 bytes --]
It took some time but we have finally implemented bluetooth integration
offered by Andreas in our bitcoin payment terminals.
However it's not ideal at the moment. Basically the main problem is that
in the BIP72 there is no way to provide a fallback alternative URI for
payment request fetch if client wallet supports BIP70 but doesn't not
support fetching over bluetooth or bluetooth connection fails for any
reason.
There is a way to define alternative URIs inside payment request itself,
but that doesn't really work as client first needs to get payment request
message itself somehow and this is exactly the problem.
As far as I see there is three ways to solve that:
1. add new URI parameter for bluetooth address
(e.g. r=http://<web_address>&rbt=bt:<BT_MAC_addres>).
2. allow multiple "r" parameters
(e.g. r=http://<web_address>&r=bt:<BT_MAC_addres>).
3. allow "r" to be an array
(e.g. r%5B0%5D=http://<web_address>&r%5B1%5D=bt:<BT_MAC_addres>).
Option #1 isn't great at all, as it solves existing problem, but not
provides any way to solve same problem appearing again for another possible
protocol.
Options #2 & #3 may be working and seem to be nearly equal, and both are
not great in the way that URI parser behavior in these cases is not clearly
defined. I've checked through relevant RFCs and found nothing specific
about this. According to my limited web experience the array scheme is
working better than multiple repeating parameters.
So I'm looking for some advice on which route of three proposed may be
better here, or if there are any other ways I'm missing.
2014-03-27 13:31 GMT+00:00 vv01f <vv01f@riseup.net>:
> Companies can have a Cert with their name via CAcert. It requires some
> work though to get assured as an organisation.
> Did you already think about what CA is to be trusted or do users need to
> do that. The least good decision in my POV would be to accept OS/browser
> built in CAs only.
>
> Am 27.03.2014 um 11:08 schrieb Mike Hearn <mike@plan99.net>:
>
> But these cases are the norm, rather than the exception.
>>
>
> Well, you're lucky, you live in Berlin. Most of the payments I make with
> Bitcoin are online, to websites. So this will differ between people.
>
> I wonder how critical it is. Let's say you are paying for a meal. In your
> head the place you're at is just "the little Indian restaurant on the
> corner". In the companies register and therefore certificate it's something
> like "Singh Food GmbH". That's probably good enough to prevent shenanigans.
> Even if there's a virus on your phone, it can't really replace the cert
> with a random stolen one, otherwise your meal could show up like "IronCore
> Steel Inc" or something that's obviously bogus. It'd have to be an
> incredibly smart virus that knew how to substitute one name for a different
> one, from a large library of stolen identities, such that the swap seemed
> plausible. That sounds very hard, certainly too hard to bother with for
> stealing restaurant fees.
>
> And if a waiter at the restaurant is corrupt and they replace the cert
> with one that's for their own 1-man business "BP-Gupta" or something, OK,
> you might pay the wrong person by mistake. But eventually the corrupt
> waiter will be discovered and then someone will have proof of what they
> did. It's FAR more likely they'd just strip the signature entirely and try
> to convince you the restaurant doesn't use BIP70 at all.
>
> Still, if we want to fix this, one approach I was thinking about is to
> have a super-cheesy CA just for us that issues certs with addresses in
> them, for any name you ask for. That is, if you say you want a cert for
> "Shamrock Irish Pub, Wollishofen, Zurich, CH" then it either sends a
> postcard to that address with a code to check ownership of the address, or
> it checks ownership of the place on Google Maps (which does the same
> postcard trick but for free!).
>
> That doesn't work for vending machines, but perhaps we just don't care
> about those. If a MITM steals your lunch money, boo hoo.
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 8553 bytes --]
next prev parent reply other threads:[~2014-06-30 19:27 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-27 11:59 [Bitcoin-development] Payment Protocol for Face-to-face Payments Andreas Schildbach
2014-01-27 13:11 ` Mike Hearn
2014-01-27 18:18 ` Andreas Schildbach
2014-01-27 18:34 ` Mike Hearn
2014-01-27 20:53 ` [Bitcoin-development] Experiment with linking payment requests via href Andreas Schildbach
2014-01-27 21:47 ` Mike Hearn
2014-01-27 17:11 ` [Bitcoin-development] Payment Protocol for Face-to-face Payments Jeremy Spilman
2014-01-27 17:39 ` Andreas Schildbach
2014-01-27 18:18 ` Jeremy Spilman
2014-01-27 20:34 ` Roy Badami
2014-01-29 14:57 ` Christophe Biocca
2014-01-30 10:46 ` Andreas Schildbach
2014-01-30 10:50 ` Mike Hearn
2014-02-07 23:15 ` Andreas Schildbach
2014-03-02 9:47 ` Andreas Schildbach
2014-03-02 11:50 ` Mike Hearn
2014-03-20 2:22 ` Alex Kotenko
2014-03-20 3:31 ` Jeff Garzik
2014-03-20 8:09 ` Andreas Schildbach
2014-03-20 10:36 ` Mike Hearn
2014-03-20 12:12 ` Adam Back
2014-03-20 12:20 ` Mike Hearn
2014-03-20 17:31 ` Jeff Garzik
2014-03-20 17:42 ` Alex Kotenko
2014-03-20 18:01 ` Jeff Garzik
2014-03-21 10:28 ` Andreas Schildbach
2014-03-21 13:59 ` Alex Kotenko
2014-03-22 16:35 ` Jeff Garzik
2014-03-22 16:45 ` Mike Hearn
2014-03-22 16:55 ` Mark Friedenbach
2014-03-22 17:24 ` Jeff Garzik
2014-03-22 17:30 ` Mike Hearn
2014-03-23 3:47 ` Alex Kotenko
2014-03-21 10:25 ` Andreas Schildbach
2014-03-21 10:59 ` Adam Back
2014-03-21 11:08 ` Mike Hearn
2014-03-21 11:33 ` Mike Hearn
2014-03-21 12:25 ` Adam Back
2014-03-21 13:07 ` Mike Hearn
2014-03-20 18:20 ` Alex Kotenko
2014-03-20 18:31 ` Mike Hearn
2014-03-20 18:50 ` Alex Kotenko
2014-03-20 21:52 ` Roy Badami
2014-03-20 23:02 ` Mike Hearn
2014-03-26 22:48 ` Roy Badami
2014-03-26 22:56 ` Mike Hearn
2014-03-26 23:20 ` Andreas Schildbach
2014-03-27 10:08 ` Mike Hearn
2014-03-27 13:31 ` vv01f
2014-06-30 19:26 ` Alex Kotenko [this message]
2014-07-01 8:18 ` Mike Hearn
2014-07-01 9:48 ` Andreas Schildbach
2014-07-01 10:42 ` Michael Wozniak
2014-07-01 13:03 ` Alex Kotenko
2014-07-01 14:59 ` Andreas Schildbach
2014-07-01 15:07 ` Michael Wozniak
2014-07-01 15:39 ` Andreas Schildbach
2014-07-01 17:18 ` Alex Kotenko
2014-07-01 17:59 ` Mike Hearn
2014-07-02 8:49 ` Alex Kotenko
2014-03-21 10:43 ` Andreas Schildbach
2014-03-20 8:08 ` Andreas Schildbach
2014-03-20 16:14 ` Alex Kotenko
2014-03-21 9:47 ` Andreas Schildbach
2014-03-21 13:54 ` Alex Kotenko
2014-03-21 14:51 ` Andreas Schildbach
2014-03-21 15:38 ` Alex Kotenko
2014-03-21 15:20 ` Andreas Schildbach
2014-03-21 15:24 ` Mike Hearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALDj+BYkOyNuEiiuTgjd7L-ZeHN4Mb4034W+OeCFob1RwJn=Vg@mail.gmail.com' \
--to=alexykot@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox