From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Td85H-0004Gz-4f for bitcoin-development@lists.sourceforge.net; Mon, 26 Nov 2012 23:27:27 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.47 as permitted sender) client-ip=209.85.219.47; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f47.google.com; Received: from mail-oa0-f47.google.com ([209.85.219.47]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Td85E-0004yd-W7 for bitcoin-development@lists.sourceforge.net; Mon, 26 Nov 2012 23:27:27 +0000 Received: by mail-oa0-f47.google.com with SMTP id h1so12475273oag.34 for ; Mon, 26 Nov 2012 15:27:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.60.171.164 with SMTP id av4mr10608243oec.59.1353972439584; Mon, 26 Nov 2012 15:27:19 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.128.139 with HTTP; Mon, 26 Nov 2012 15:27:19 -0800 (PST) In-Reply-To: <201211262319.37533.luke@dashjr.org> References: <201211262313.44463.luke@dashjr.org> <201211262319.37533.luke@dashjr.org> Date: Tue, 27 Nov 2012 00:27:19 +0100 X-Google-Sender-Auth: UcKi9HFeoVH7oau_QmwKCvdVCss Message-ID: From: Mike Hearn To: Luke-Jr Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.2 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.3 AWL AWL: From: address is in the auto white-list X-Headers-End: 1Td85E-0004yd-W7 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 23:27:27 -0000 > That's expected behaviour - except it's mainly be manipulated by *users*, not > viruses (which can just as easily manipulate whatever custom cert store we > use). The point of using signed invoices as virus protection isn't to change what the user sees on the infected host. The point is the invoice can be relayed to a second device that isn't also compromised which then independently renders a payment confirmation screen (like your mobile phone), and it has an identifier in it that's useful to people, like bitmit.net instead of an address. If it was just showing you a Bitcoin address, that doesn't mean anything to you so a virus on your PC could wait until you want to make a large payment somewhere and swap out the address in use. You'd never know it was the wrong address and you'd happily confirm on your second device. For this to work, the seller has to be able to predict what certs you have in all your devices. If it's up to the OS vendors then it's hard to know and in practice all that'll happen is somebody will compile a list of CAs that are "known good" (ie, present in all deployed mobile and desktop OS') and that'll be the minimal cert list. No different to if it was hard-coded in the spec. > If I don't trust Joe's certs, I don't want Bitcoin overriding that no > matter who Joe is or what connections he has. Nothing says your wallet software can't provide cert management UI like browsers do. In practice I have a feeling that cert management UI is one of the least used parts of a browser. I've used browsers for years and the only time I've ever had to go into those screens was to manage installation/removal of self signed certs used by various organizations. I never manually revoked a root authority. When it was necessary due to breaches (Comodo/DigiNotar) the browser makers revoked them for me.