From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YHusx-0002LQ-0p for bitcoin-development@lists.sourceforge.net; Sun, 01 Feb 2015 13:48:23 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.176 as permitted sender) client-ip=209.85.212.176; envelope-from=mh.in.england@gmail.com; helo=mail-wi0-f176.google.com; Received: from mail-wi0-f176.google.com ([209.85.212.176]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YHusv-0007w8-95 for bitcoin-development@lists.sourceforge.net; Sun, 01 Feb 2015 13:48:22 +0000 Received: by mail-wi0-f176.google.com with SMTP id bs8so11647341wib.3 for ; Sun, 01 Feb 2015 05:48:15 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.7.103 with SMTP id i7mr32511483wja.53.1422798495238; Sun, 01 Feb 2015 05:48:15 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.194.188.11 with HTTP; Sun, 1 Feb 2015 05:48:15 -0800 (PST) In-Reply-To: <88211D58-DE9D-4B4A-B3A5-2EEFDFC5E02B@gmail.com> References: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com> <1348028F-26F8-42CB-9859-C9CB751BF0C9@gmail.com> <88211D58-DE9D-4B4A-B3A5-2EEFDFC5E02B@gmail.com> Date: Sun, 1 Feb 2015 14:48:15 +0100 X-Google-Sender-Auth: DR4XzFYhbUJM6460XAHGznLaXTY Message-ID: From: Mike Hearn To: Brian Erdelyi Content-Type: multipart/alternative; boundary=047d7b5d43f4e55392050e07167e X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YHusv-0007w8-95 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2015 13:48:23 -0000 --047d7b5d43f4e55392050e07167e Content-Type: text/plain; charset=UTF-8 > > I see how BIP 70 verifies the payment request, however, is there any way > to verify that the transaction signed by the wallet matches the request > before it is sent to the blockchain (and how can this support out of band > verification)? > No. It cannot be done in the Bitcoin context. Your wallet MUST be secure. Otherwise BIP70 is irrelevant - if the attacker can make your wallet sign some other transaction than what you expect, they can also just steal your private keys and use them directly. BIP70 is based on the assumption of a secure signing core that cannot be compromised, with devices like the TREZOR and 2-factor pairings of desktops and mobiles being an obvious use case. --047d7b5d43f4e55392050e07167e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I see h= ow BIP 70 verifies the payment request, however, is there any way to verify= that the transaction signed by the wallet matches the request before it is= sent to the blockchain (and how can this support out of band verification)= ?

No. It cannot be done in the = Bitcoin context. Your wallet MUST be secure. Otherwise BIP70 is irrelevant = - if the attacker can make your wallet sign some other transaction than wha= t you expect, they can also just steal your private keys and use them direc= tly. BIP70 is based on the assumption of a secure signing core that cannot = =C2=A0be compromised, with devices like the TREZOR and 2-factor pairings of= desktops and mobiles being an obvious use case.
--047d7b5d43f4e55392050e07167e--