Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UXEBG-0001uo-Mi for bitcoin-development@lists.sourceforge.net; Tue, 30 Apr 2013 17:17:30 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.53 as permitted sender) client-ip=209.85.212.53; envelope-from=jeremy.spilman@gmail.com; helo=mail-vb0-f53.google.com; Received: from mail-vb0-f53.google.com ([209.85.212.53]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UXEBF-00064y-NJ for bitcoin-development@lists.sourceforge.net; Tue, 30 Apr 2013 17:17:30 +0000 Received: by mail-vb0-f53.google.com with SMTP id i3so603030vbh.26 for ; Tue, 30 Apr 2013 10:17:24 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.58.232.98 with SMTP id tn2mr34570949vec.57.1367342244166; Tue, 30 Apr 2013 10:17:24 -0700 (PDT) Received: by 10.58.137.197 with HTTP; Tue, 30 Apr 2013 10:17:23 -0700 (PDT) In-Reply-To: References: <20130428180304.GA30115@crunch> <517FABE6.8020205@bitonic.nl> Date: Tue, 30 Apr 2013 10:17:23 -0700 Message-ID: From: Jeremy Spilman To: Bitcoin Dev Content-Type: multipart/alternative; boundary=047d7b414c2ec008c704db972c6c X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (jeremy.spilman[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UXEBF-00064y-NJ Subject: Re: [Bitcoin-development] Cold Signing Payment Requests X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2013 17:17:30 -0000 --047d7b414c2ec008c704db972c6c Content-Type: text/plain; charset=ISO-8859-1 > 1) The risk that the merchant's web server will be compromised and the attacker will redirect refunds > 2) The risk that the merchant will miss payments because they miss a POST to the payment_url (maybe the customer's machine crashes during the HTTPS handshake) > If payments are a lot more common than refunds, then (2) will outweigh (1). I think that's oversimplifying. (1) is theft, (2) is payment processing. Reliable payment processing with refund handling is not simple nor free, but it should be secure. The cost of (2) depends primarily on the failure rate, which we can only guess at this point, and secondarily on how much manual intervention is required to recover. (2) is perhaps more of a problem if wallets broadcast before POST. It's trading one failure mode (funds sent but not claimed) for another (coins marked as spent but not). Either way, you fix it by just retrying the POST. But only with Transmit-After-ACK can the payer's wallet detect the failure automatically, and even recover automatically (simply unlock the outputs, or to be sure, spend them back to self). Since merchants get to choose whether to have a POST url, they get to decide if the cost of keeping their server up is worth it. I think eventually there are enough benefits to Transmit-After-ACK that it will become a supported use case. Thanks Mike for explaining the threat. [Aside] I was reading Peter's fidelitybond writeup for his idea on contract value accounting, and he points to Stephan's post from last September on payer-encoded metadata ( https://bitcointalk.org/index.php?topic=108423.msg1178438#msg1178438) which Timo applies here. As a relative newcomer, this is what I am loving most about Bitcoin. --047d7b414c2ec008c704db972c6c Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
> 1) The risk that the merchant's web server will be compromised an= d the attacker will redirect refunds
> 2) The risk that the merchant will miss payments because they miss a P= OST to the payment_url (maybe the customer's machine crashes during the= HTTPS handshake)
> If payments are a lot more common than refunds, then (2) will outweigh= (1).

<= /div>
I think tha= t's oversimplifying. =A0(1) is theft, (2) is payment processing. Reliab= le payment processing with refund handling is not simple nor free, but it s= hould be secure. The cost of (2) depends primarily on the failure rate, whi= ch we can only guess at this point, and secondarily on how much manual inte= rvention is required to recover.

=
(2) is perhaps m= ore of a problem if wallets broadcast before POST. It's trading one fai= lure mode (funds sent but not claimed) for another (coins marked as spent b= ut not). Either way, you fix it by just retrying the POST. But only with Tr= ansmit-After-ACK can the payer's wallet detect the failure automaticall= y, and even recover automatically (simply unlock the outputs, or to be sure= , spend them back to self).

Since merchants get to= choose whether to have a POST url, they get to decide if the cost of keepi= ng their server up is worth it. I think eventually there are enough benefit= s to Transmit-After-ACK that it will become a supported use case.

Thanks Mike for explai= ning the threat.

[Aside= ] I was reading Peter's fidelitybond writeup=A0for his idea on contract= value accounting, and he points to Stephan's post from last September = on payer-encoded metadata (https://bitcointalk.org/index.php?topic=3D108423.msg1178438#msg1178438<= /a>) which Timo applies here. As a relative newcomer, this is what I am lov= ing most about Bitcoin.
--047d7b414c2ec008c704db972c6c--