diff options
| author | Melvin Carvalho <melvincarvalho@gmail.com> | 2013-09-25 13:35:48 +0200 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2013-09-25 11:35:58 +0000 |
| commit | 343ce2f037cae2cbde6817d111af6c336fee4c70 (patch) | |
| tree | bc634ea921857cf25b9069ef65e620154b4e5961 | |
| parent | 2e5d110d9318b9aa69929d4c84cc04067c8ec5e7 (diff) | |
| download | pi-bitcoindev-343ce2f037cae2cbde6817d111af6c336fee4c70.tar.gz pi-bitcoindev-343ce2f037cae2cbde6817d111af6c336fee4c70.zip | |
Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
| -rw-r--r-- | 43/723eb760cb23ad508cad4f86e8eb8a142b2fd5 | 341 |
1 files changed, 341 insertions, 0 deletions
diff --git a/43/723eb760cb23ad508cad4f86e8eb8a142b2fd5 b/43/723eb760cb23ad508cad4f86e8eb8a142b2fd5 new file mode 100644 index 000000000..89d9e053b --- /dev/null +++ b/43/723eb760cb23ad508cad4f86e8eb8a142b2fd5 @@ -0,0 +1,341 @@ +Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] + helo=mx.sourceforge.net) + by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <melvincarvalho@gmail.com>) id 1VOnNu-0000Z4-S2 + for bitcoin-development@lists.sourceforge.net; + Wed, 25 Sep 2013 11:35:58 +0000 +Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com + designates 209.85.215.54 as permitted sender) + client-ip=209.85.215.54; envelope-from=melvincarvalho@gmail.com; + helo=mail-la0-f54.google.com; +Received: from mail-la0-f54.google.com ([209.85.215.54]) + by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) + (Exim 4.76) id 1VOnNr-0004sL-C1 + for bitcoin-development@lists.sourceforge.net; + Wed, 25 Sep 2013 11:35:58 +0000 +Received: by mail-la0-f54.google.com with SMTP id ea20so4800560lab.13 + for <bitcoin-development@lists.sourceforge.net>; + Wed, 25 Sep 2013 04:35:48 -0700 (PDT) +MIME-Version: 1.0 +X-Received: by 10.112.72.229 with SMTP id g5mr29032606lbv.10.1380108948542; + Wed, 25 Sep 2013 04:35:48 -0700 (PDT) +Received: by 10.112.159.233 with HTTP; Wed, 25 Sep 2013 04:35:48 -0700 (PDT) +In-Reply-To: <CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com> +References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com> + <521298F0.20108@petersson.at> + <CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com> + <CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com> + <CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com> + <CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com> + <CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com> + <l1udst$uos$1@ger.gmane.org> + <CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com> +Date: Wed, 25 Sep 2013 13:35:48 +0200 +Message-ID: <CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com> +From: Melvin Carvalho <melvincarvalho@gmail.com> +To: Mike Hearn <mike@plan99.net> +Content-Type: multipart/alternative; boundary=001a11c238e8a11d7204e733a7c4 +X-Spam-Score: 0.4 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (melvincarvalho[at]gmail.com) + -0.0 SPF_PASS SPF: sender matches SPF record + 1.0 HTML_MESSAGE BODY: HTML included in message + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from + author's domain + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature + 1.0 FREEMAIL_REPLY From and body contain different freemails +X-Headers-End: 1VOnNr-0004sL-C1 +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>, + Andreas Schildbach <andreas@schildbach.de> +Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Wed, 25 Sep 2013 11:35:59 -0000 + +--001a11c238e8a11d7204e733a7c4 +Content-Type: text/plain; charset=ISO-8859-1 + +On 25 September 2013 13:15, Mike Hearn <mike@plan99.net> wrote: + +> It won't fit. But I don't see the logic. A URI contains instructions for +> making a payment. If that instruction is "pay to this address" or "download +> this file and do what you find there", it's no different unless there's +> potential for a MITM attack. If the request URL is HTTPS or a secured +> Bluetooth connection then there's no such possibility. +> + +It depends on the attacker. I think a large entity such as a govt or big +to medium size corporation *may* be able to MITM https, of course the +incentive to do so is probably not there ... + + +> +> +> +> +> On Wed, Sep 25, 2013 at 12:28 PM, Andreas Schildbach < +> andreas@schildbach.de> wrote: +> +>> While it's good to save space, I'm at the moment not convinced that +>> taking a de-route via an URL is a good idea to begin with. +>> +>> The main problem is trust. If you scan a QR code from a foreign phone, +>> you trust that that phone is owned by the one you want to send money to. +>> By adding the HTTP request that trust is voided. +>> +>> As soon as there is a BIP70 implementation, I will begin playing with +>> putting the payment request directly into the QR code. +>> +>> +>> On 09/25/2013 11:27 AM, Mike Hearn wrote: +>> > We could also say that if protocol part (https://) is missing, it's +>> > implied automatically. So just: +>> > +>> > bitcoin:1abc........?r=bob.com/r/aZgR <http://bob.com/r/aZgR> +>> > +>> > I think that's about as small as possible without re-using the pubkey as +>> > a token in the url. +>> > +>> > +>> > On Wed, Sep 25, 2013 at 1:35 AM, Gavin Andresen < +>> gavinandresen@gmail.com +>> > <mailto:gavinandresen@gmail.com>> wrote: +>> > +>> > On Tue, Sep 24, 2013 at 11:52 PM, Mike Hearn <mike@plan99.net +>> > <mailto:mike@plan99.net>> wrote: +>> > +>> > BTW, on the "make qrcodes more scannable" front -- is it too +>> > late to change BIP 72 so the new param is just "r" instead of +>> > "request"? Every byte helps when it comes to qrcodes ... +>> > +>> > +>> > Not too late, assuming there are no objections. Smaller QR codes is +>> > a very good reason to change it. +>> > +>> > -- +>> > -- +>> > Gavin Andresen +>> > +>> > +>> > +>> > +>> > +>> ------------------------------------------------------------------------------ +>> > October Webinars: Code for Performance +>> > Free Intel webinars can help you accelerate application performance. +>> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the +>> most from +>> > the latest Intel processors and coprocessors. See abstracts and +>> register > +>> > +>> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk +>> > +>> > +>> > +>> > _______________________________________________ +>> > Bitcoin-development mailing list +>> > Bitcoin-development@lists.sourceforge.net +>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> > +>> +>> +>> +>> +>> ------------------------------------------------------------------------------ +>> October Webinars: Code for Performance +>> Free Intel webinars can help you accelerate application performance. +>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most +>> from +>> the latest Intel processors and coprocessors. See abstracts and register > +>> +>> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk +>> _______________________________________________ +>> Bitcoin-development mailing list +>> Bitcoin-development@lists.sourceforge.net +>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +>> +> +> +> +> ------------------------------------------------------------------------------ +> October Webinars: Code for Performance +> Free Intel webinars can help you accelerate application performance. +> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most +> from +> the latest Intel processors and coprocessors. See abstracts and register > +> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk +> _______________________________________________ +> Bitcoin-development mailing list +> Bitcoin-development@lists.sourceforge.net +> https://lists.sourceforge.net/lists/listinfo/bitcoin-development +> +> + +--001a11c238e8a11d7204e733a7c4 +Content-Type: text/html; charset=ISO-8859-1 +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail= +_quote">On 25 September 2013 13:15, Mike Hearn <span dir=3D"ltr"><<a hre= +f=3D"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></spa= +n> wrote:<br> +<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= +x #ccc solid;padding-left:1ex"><div dir=3D"ltr">It won't fit. But I don= +'t see the logic. A URI contains instructions for making a payment. If = +that instruction is "pay to this address" or "download this = +file and do what you find there", it's no different unless there&#= +39;s potential for a MITM attack. If the request URL is HTTPS or a secured = +Bluetooth connection then there's no such possibility.</div> +</blockquote><div><br></div><div>It depends on the attacker.=A0 I think a l= +arge entity such as a govt or big to medium size corporation *may* be able = +to MITM https, of course the incentive to do so is probably not there ...<b= +r> +</div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0= + .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div> +<br></div><div><br></div></div><div class=3D"HOEnZb"><div class=3D"h5"><div= + class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Wed, Sep 25, 2= +013 at 12:28 PM, Andreas Schildbach <span dir=3D"ltr"><<a href=3D"mailto= +:andreas@schildbach.de" target=3D"_blank">andreas@schildbach.de</a>></sp= +an> wrote:<br> + +<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= +x #ccc solid;padding-left:1ex">While it's good to save space, I'm a= +t the moment not convinced that<br> +taking a de-route via an URL is a good idea to begin with.<br> +<br> +The main problem is trust. If you scan a QR code from a foreign phone,<br> +you trust that that phone is owned by the one you want to send money to.<br= +> +By adding the HTTP request that trust is voided.<br> +<br> +As soon as there is a BIP70 implementation, I will begin playing with<br> +putting the payment request directly into the QR code.<br> +<div><br> +<br> +On 09/25/2013 11:27 AM, Mike Hearn wrote:<br> +> We could also say that if protocol part (https://) is missing, it'= +s<br> +> implied automatically. So just:<br> +><br> +</div>> bitcoin:1abc........?r=3D<a href=3D"http://bob.com/r/aZgR" targe= +t=3D"_blank">bob.com/r/aZgR</a> <<a href=3D"http://bob.com/r/aZgR" targe= +t=3D"_blank">http://bob.com/r/aZgR</a>><br> +<div>><br> +> I think that's about as small as possible without re-using the pub= +key as<br> +> a token in the url.<br> +><br> +><br> +> On Wed, Sep 25, 2013 at 1:35 AM, Gavin Andresen <<a href=3D"mailto:= +gavinandresen@gmail.com" target=3D"_blank">gavinandresen@gmail.com</a><br> +</div><div>> <mailto:<a href=3D"mailto:gavinandresen@gmail.com" targe= +t=3D"_blank">gavinandresen@gmail.com</a>>> wrote:<br> +><br> +> =A0 =A0 On Tue, Sep 24, 2013 at 11:52 PM, Mike Hearn <<a href=3D"ma= +ilto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a><br> +</div><div>> =A0 =A0 <mailto:<a href=3D"mailto:mike@plan99.net" targe= +t=3D"_blank">mike@plan99.net</a>>> wrote:<br> +><br> +> =A0 =A0 =A0 =A0 BTW, on the "make qrcodes more scannable" fr= +ont -- is it too<br> +> =A0 =A0 =A0 =A0 late to change BIP 72 so the new param is just "r= +" instead of<br> +> =A0 =A0 =A0 =A0 "request"? Every byte helps when it comes to= + qrcodes ...<br> +><br> +><br> +> =A0 =A0 Not too late, assuming there are no objections. Smaller QR cod= +es is<br> +> =A0 =A0 a very good reason to change it.<br> +><br> +> =A0 =A0 --<br> +> =A0 =A0 --<br> +> =A0 =A0 Gavin Andresen<br> +><br> +><br> +><br> +><br> +</div>> ----------------------------------------------------------------= +--------------<br> +> October Webinars: Code for Performance<br> +> Free Intel webinars can help you accelerate application performance.<b= +r> +> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the mo= +st from<br> +> the latest Intel processors and coprocessors. See abstracts and regist= +er ><br> +> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D60133471&am= +p;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net= +/gampad/clk?id=3D60133471&iu=3D/4140/ostg.clktrk</a><br> +<div>><br> +><br> +><br> +> _______________________________________________<br> +> Bitcoin-development mailing list<br> +> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D= +"_blank">Bitcoin-development@lists.sourceforge.net</a><br> +> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo= +pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco= +in-development</a><br> +><br> +<br> +<br> +<br> +</div>---------------------------------------------------------------------= +---------<br> +October Webinars: Code for Performance<br> +Free Intel webinars can help you accelerate application performance.<br> +Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most fr= +om<br> +the latest Intel processors and coprocessors. See abstracts and register &g= +t;<br> +<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D60133471&iu= +=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam= +pad/clk?id=3D60133471&iu=3D/4140/ostg.clktrk</a><br> +<div><div>_______________________________________________<br> +Bitcoin-development mailing list<br> +<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla= +nk">Bitcoin-development@lists.sourceforge.net</a><br> +<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= +" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= +velopment</a><br> +</div></div></blockquote></div><br></div> +</div></div><br>-----------------------------------------------------------= +-------------------<br> +October Webinars: Code for Performance<br> +Free Intel webinars can help you accelerate application performance.<br> +Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most fr= +om<br> +the latest Intel processors and coprocessors. See abstracts and register &g= +t;<br> +<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D60133471&iu= +=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam= +pad/clk?id=3D60133471&iu=3D/4140/ostg.clktrk</a><br>___________________= +____________________________<br> + +Bitcoin-development mailing list<br> +<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo= +pment@lists.sourceforge.net</a><br> +<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development= +" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de= +velopment</a><br> +<br></blockquote></div><br></div></div> + +--001a11c238e8a11d7204e733a7c4-- + + |