From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UX6gS-0001xX-AV for bitcoin-development@lists.sourceforge.net; Tue, 30 Apr 2013 09:17:12 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.179 as permitted sender) client-ip=209.85.214.179; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f179.google.com; Received: from mail-ob0-f179.google.com ([209.85.214.179]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UX6gR-00038H-Cq for bitcoin-development@lists.sourceforge.net; Tue, 30 Apr 2013 09:17:12 +0000 Received: by mail-ob0-f179.google.com with SMTP id oi10so245694obb.38 for ; Tue, 30 Apr 2013 02:17:06 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.40.129 with SMTP id x1mr1961844obk.15.1367313426048; Tue, 30 Apr 2013 02:17:06 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.167.169 with HTTP; Tue, 30 Apr 2013 02:17:05 -0700 (PDT) In-Reply-To: References: <20130428180304.GA30115@crunch> Date: Tue, 30 Apr 2013 11:17:05 +0200 X-Google-Sender-Auth: Q_juHMc56UfZZNd47o2unzYBaOo Message-ID: From: Mike Hearn To: Jeremy Spilman Content-Type: multipart/alternative; boundary=001a11c30ac20e710104db90770b X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UX6gR-00038H-Cq Cc: Bitcoin Dev , "timo.hanke@web.de" Subject: Re: [Bitcoin-development] Cold Signing Payment Requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2013 09:17:12 -0000 --001a11c30ac20e710104db90770b Content-Type: text/plain; charset=UTF-8 > Backing up a step, I'm not sure what the threat model is for signing the > refund address? The same process that's signing the transaction is doing an > HTTPS POST with the refund address. > It's a real threat, albeit an exotic one. The threat model is a malware compromised host, with a wallet (possibly a low power hardware wallet like a Trezor) that can understand the payment protocol and sign transactions, but maybe not do a whole lot more than that. For instance, probably it cannot do HTTPS connections itself. So a virus on the host could swap the refund address for one that is owned by the attacker, and then try to make the merchant issue an automatic refund, thus bouncing the funds back off the merchant to the them. If there are merchants that offer large, automatic refunds, it could be an issue. I'm not sure how common that might be in reality. Steven or Tony would know. Timo's protocol is an interesting solution, but again, at this point the feature set for v1 is pretty much locked down. --001a11c30ac20e710104db90770b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

=
Backing up a step, I'm not sure what the threat model is for signi= ng the=20 refund address? The same process that's signing the transaction is doin= g an=20 HTTPS POST with the refund address.

=
It's a real threat, albeit an exotic one. The threat model i= s a malware compromised host, with a wallet (possibly a low power hardware = wallet like a Trezor) that can understand the payment protocol and sign tra= nsactions, but maybe not do a whole lot more than that. For instance, proba= bly it cannot do HTTPS connections itself. So a virus on the host could swa= p the refund address for one that is owned by the attacker, and then try to= make the merchant issue an automatic refund, thus bouncing the funds back = off the merchant to the them.

If there are merchants that offer large, au= tomatic refunds, it could be an issue. I'm not sure how common that mig= ht be in reality. Steven or Tony would know. Timo's protocol is an inte= resting solution, but again, at this point the feature set for v1 is pretty= much locked down.
--001a11c30ac20e710104db90770b--