Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YJVy5-0002bY-Qb for bitcoin-development@lists.sourceforge.net; Thu, 05 Feb 2015 23:36:17 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.192.41 as permitted sender) client-ip=209.85.192.41; envelope-from=martin.habovstiak@gmail.com; helo=mail-qg0-f41.google.com; Received: from mail-qg0-f41.google.com ([209.85.192.41]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YJVy5-0002UO-2U for bitcoin-development@lists.sourceforge.net; Thu, 05 Feb 2015 23:36:17 +0000 Received: by mail-qg0-f41.google.com with SMTP id i50so8051658qgf.0 for ; Thu, 05 Feb 2015 15:36:11 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.140.34.67 with SMTP id k61mr1488941qgk.95.1423179371616; Thu, 05 Feb 2015 15:36:11 -0800 (PST) Received: by 10.140.19.18 with HTTP; Thu, 5 Feb 2015 15:36:11 -0800 (PST) In-Reply-To: <54D3FB4A.9010105@voskuil.org> References: <54D3D636.1030308@voskuil.org> <279489A5-1E46-48A2-8F58-1A25821D4D96@gmail.com> <6AEDF3C4-DEE0-4E31-83D0-4FD92B125452@voskuil.org> <54D3FB4A.9010105@voskuil.org> Date: Fri, 6 Feb 2015 00:36:11 +0100 Message-ID: From: =?UTF-8?B?TeKStnJ0aW4gSOKStmJv4pOLxaF0aWFr?= To: Eric Voskuil Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (martin.habovstiak[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YJVy5-0002UO-2U Cc: Bitcoin Dev , Paul Puey Subject: Re: [Bitcoin-development] Proposal for P2P Wireless (Bluetooth LE) transfer of Payment URI X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2015 23:36:17 -0000 > A BIP-70 signed payment request in the initial broadcast can resolve the > integrity issues, but because of the public nature of the broadcast > coupled with strong public identity, the privacy compromise is much > worse. Now transactions are cryptographically tainted. > > This is also the problem with BIP-70 over the web. TLS and other > security precautions aside, an interloper on the communication, desktop, > datacenter, etc., can capture payment requests and strongly correlate > transactions to identities in an automated manner. The payment request > must be kept private between the parties, and that's hard to do. What about using encryption with forward secrecy? Merchant would generate signed request containing public ECDH part, buyer would send back transaction encrypted with ECDH and his public ECDH part. If receiving address/amount is meant to be private, use commit protocol (see ZRTP/RedPhone) and short authentication phrase (which is hard to spoof thanks to commit protocol - see RedPhone)?