Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WBueP-0005OF-Tx for bitcoin-development@lists.sourceforge.net; Fri, 07 Feb 2014 23:16:01 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of m.gmane.org designates 80.91.229.3 as permitted sender) client-ip=80.91.229.3; envelope-from=gcbd-bitcoin-development@m.gmane.org; helo=plane.gmane.org; Received: from plane.gmane.org ([80.91.229.3]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1WBueO-0008GJ-D1 for bitcoin-development@lists.sourceforge.net; Fri, 07 Feb 2014 23:16:01 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WBueH-0004z7-O7 for bitcoin-development@lists.sourceforge.net; Sat, 08 Feb 2014 00:15:53 +0100 Received: from e179075056.adsl.alicedsl.de ([85.179.75.56]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 00:15:53 +0100 Received: from andreas by e179075056.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 00:15:53 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: bitcoin-development@lists.sourceforge.net From: Andreas Schildbach Date: Sat, 08 Feb 2014 00:15:43 +0100 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: e179075056.adsl.alicedsl.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 In-Reply-To: X-Spam-Score: -1.0 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [80.91.229.3 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.1 DKIM_ADSP_ALL No valid author signature, domain signs all mail -0.0 SPF_PASS SPF: sender matches SPF record -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1WBueO-0008GJ-D1 Subject: Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 23:16:02 -0000 I have refreshed the Bitcoin Wallet preview version with beta version 3.32. It now implements BIP72 aka "URI extension for payment protocol". There is one important deviation from the standard though: Bitcoin URI address and amount fields need to correspond to the data from the payment request. The makes sure the signature really signs the URI (which you've gotten directly from the payee) and not a malicious payment request introduced by a MITM. Note the memo isn't protected like that, so it can still be MITM'ed. I know this means that for the time being Bitcoin URIs must be "backwards compatible". That should not be an issue since we will be in transition phase for many months anyway. Until then, I hope we will have agreed on a more sophisticated approach, e.g. a separate hash in the URI. Source: https://github.com/schildbach/bitcoin-wallet/commits/v3.32 Binaries: https://github.com/schildbach/bitcoin-wallet/releases/tag/v3.32 (also published to the corresponding channels on Google Play) On 01/30/2014 11:46 AM, Andreas Schildbach wrote: > Just a small update. I merged the code to my bitcoinj-0.11 branch and > put up binary .apk files for experimentation. Just make sure to tick > "BIP70 for tap-to-pay/scan-to-pay" in the labs settings. > > Source: > https://github.com/schildbach/bitcoin-wallet/commits/bitcoinj-0.11 > > Binaries: > https://github.com/schildbach/bitcoin-wallet/releases/tag/v3.30-bitcoinj0.11 > > > On 01/27/2014 12:59 PM, Andreas Schildbach wrote: >> As promised I'd like to present my work done on leveraging the payment >> protocol for face-to-face payments. The general assumption is that >> individuals don't own X.509 certificates. Their devices may be only >> badly connected to the internet or in some cases not at all. I've >> implemented a prototype on a branch of Bitcoin Wallet. It is using >> bitcoinj 0.11 (not released). >> >> https://github.com/schildbach/bitcoin-wallet/commits/payment-protocol > > > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk >