Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XSRE6-00012P-B7 for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 13:49:26 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.218.41 as permitted sender) client-ip=209.85.218.41; envelope-from=mh.in.england@gmail.com; helo=mail-oi0-f41.google.com; Received: from mail-oi0-f41.google.com ([209.85.218.41]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XSRE5-0000Zp-7q for bitcoin-development@lists.sourceforge.net; Fri, 12 Sep 2014 13:49:26 +0000 Received: by mail-oi0-f41.google.com with SMTP id u20so506131oif.14 for ; Fri, 12 Sep 2014 06:49:19 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.52.197 with SMTP id v5mr2356198obo.85.1410529759701; Fri, 12 Sep 2014 06:49:19 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.22.108 with HTTP; Fri, 12 Sep 2014 06:49:19 -0700 (PDT) In-Reply-To: References: Date: Fri, 12 Sep 2014 15:49:19 +0200 X-Google-Sender-Auth: -E9rDjVVscKWemmVCoGWnll3i1U Message-ID: From: Mike Hearn To: Andreas Schildbach Content-Type: multipart/alternative; boundary=089e0158b0d845b2f30502de8d29 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XSRE5-0000Zp-7q Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] BIP72 amendment proposal X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Sep 2014 13:49:26 -0000 --089e0158b0d845b2f30502de8d29 Content-Type: text/plain; charset=UTF-8 A few thoughts on this: (1) Base64 of SHA256 seems overkill. 256 bits of hash is a lot. The risk here is that a MITM intercepts the payment request, which will be typically requested just seconds after the QR code is vended. 80 bits of entropy would still be a lot and take a long time to brute force, whilst keeping QR codes more compact, which impacts scannability. (2) This should *not* be necessary in the common HTTPS context. The QR code itself is going to be fetched from some service, over HTTPS. I see no reasonable attacker that can MITM the request for the BIP70 message but not the request to get the QR code. Adding a hash makes QR codes more bloated and harder to scan, all on the assumption that HTTPS is broken in some odd way that we haven't actually ever seen in practice. (3) This can be useful in the Bluetooth context, but then again, we could also do things a different way by signing with the key in the first part of the URI, thus avoiding the need for a hash. I know I've been around the loop on this one with Andreas many times. But this BIP doesn't fix any actually existing problem in the previous spec. It exists because Andreas thinks SSL is useless. If SSL is useless we all have much bigger problems. --089e0158b0d845b2f30502de8d29 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
A few thoughts on this:

(1) Base64 of S= HA256 seems overkill. 256 bits of hash is a lot. The risk here is that a MI= TM intercepts the payment request, which will be typically requested just s= econds after the QR code is vended. 80 bits of entropy would still be a lot= and take a long time to brute force, whilst keeping QR codes more compact,= which impacts scannability.

(2) This should no= t=C2=A0be necessary in the common HTTPS context. The QR code itself is = going to be fetched from some service, over HTTPS. I see no reasonable atta= cker that can MITM the request for the BIP70 message but not the request to= get the QR code. Adding a hash makes QR codes more bloated and harder to s= can, all on the assumption that HTTPS is broken in some odd way that we hav= en't actually ever seen in practice.

(3) This = can be useful in the Bluetooth context, but then again, we could also do th= ings a different way by signing with the key in the first part of the URI, = thus avoiding the need for a hash.

I know I've= been around the loop on this one with Andreas many times. But this BIP doe= sn't fix any actually existing problem in the previous spec. It exists = because Andreas thinks SSL is useless. If SSL is useless we all have much b= igger problems.
--089e0158b0d845b2f30502de8d29--