From: Mike Hearn <mike@plan99.net>
To: Andreas Schildbach <andreas@schildbach.de>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP72 amendment proposal
Date: Fri, 12 Sep 2014 15:49:19 +0200 [thread overview]
Message-ID: <CANEZrP1iTfZxY915hzoAEApz1+wd_S9j5RCwVJCNFqQ_+DNTSQ@mail.gmail.com> (raw)
In-Reply-To: <luuk5f$i8o$1@ger.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1237 bytes --]
A few thoughts on this:
(1) Base64 of SHA256 seems overkill. 256 bits of hash is a lot. The risk
here is that a MITM intercepts the payment request, which will be typically
requested just seconds after the QR code is vended. 80 bits of entropy
would still be a lot and take a long time to brute force, whilst keeping QR
codes more compact, which impacts scannability.
(2) This should *not* be necessary in the common HTTPS context. The QR code
itself is going to be fetched from some service, over HTTPS. I see no
reasonable attacker that can MITM the request for the BIP70 message but not
the request to get the QR code. Adding a hash makes QR codes more bloated
and harder to scan, all on the assumption that HTTPS is broken in some odd
way that we haven't actually ever seen in practice.
(3) This can be useful in the Bluetooth context, but then again, we could
also do things a different way by signing with the key in the first part of
the URI, thus avoiding the need for a hash.
I know I've been around the loop on this one with Andreas many times. But
this BIP doesn't fix any actually existing problem in the previous spec. It
exists because Andreas thinks SSL is useless. If SSL is useless we all have
much bigger problems.
[-- Attachment #2: Type: text/html, Size: 1373 bytes --]
next prev parent reply other threads:[~2014-09-12 13:49 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.341412.1410515709.2178.bitcoin-development@lists.sourceforge.net>
2014-09-12 10:11 ` [Bitcoin-development] BIP72 amendment proposal Mark van Cuijk
2014-09-12 11:07 ` Andreas Schildbach
2014-09-12 13:49 ` Mike Hearn [this message]
2014-09-12 14:15 ` Jeff Garzik
2014-09-12 14:36 ` Andreas Schildbach
2014-09-12 15:25 ` Christophe Biocca
2014-09-12 15:33 ` Christophe Biocca
2014-09-12 15:37 ` Mike Hearn
2014-09-12 16:31 ` Mike Hearn
2014-09-12 18:43 ` Aaron Voisine
2014-09-15 7:43 ` Andreas Schildbach
2014-09-15 7:12 ` Andreas Schildbach
2014-09-12 15:36 ` Mike Hearn
[not found] <mailman.342174.1410547421.2163.bitcoin-development@lists.sourceforge.net>
2014-09-12 20:59 ` Mark van Cuijk
2014-09-13 8:53 ` Wladimir
2014-09-12 9:29 Andreas Schildbach
2014-09-12 9:55 ` Wladimir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANEZrP1iTfZxY915hzoAEApz1+wd_S9j5RCwVJCNFqQ_+DNTSQ@mail.gmail.com \
--to=mike@plan99.net \
--cc=andreas@schildbach.de \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox