1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gcbd-bitcoin-development@m.gmane.org>)
id 1VOnlP-0006CO-5u for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 12:00:15 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of m.gmane.org
designates 80.91.229.3 as permitted sender)
client-ip=80.91.229.3;
envelope-from=gcbd-bitcoin-development@m.gmane.org;
helo=plane.gmane.org;
Received: from plane.gmane.org ([80.91.229.3])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1VOnlN-0004KP-BJ
for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 12:00:15 +0000
Received: from list by plane.gmane.org with local (Exim 4.69)
(envelope-from <gcbd-bitcoin-development@m.gmane.org>)
id 1VOnlE-0000Ib-Ib for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 14:00:04 +0200
Received: from e179079149.adsl.alicedsl.de ([85.179.79.149])
by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
id 1AlnuQ-0007hv-00 for <bitcoin-development@lists.sourceforge.net>;
Wed, 25 Sep 2013 14:00:04 +0200
Received: from andreas by e179079149.adsl.alicedsl.de with local (Gmexim 0.1
(Debian)) id 1AlnuQ-0007hv-00
for <bitcoin-development@lists.sourceforge.net>;
Wed, 25 Sep 2013 14:00:04 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: bitcoin-development@lists.sourceforge.net
From: Andreas Schildbach <andreas@schildbach.de>
Date: Wed, 25 Sep 2013 13:59:52 +0200
Message-ID: <l1uj7g$vds$1@ger.gmane.org>
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com> <521298F0.20108@petersson.at> <CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com> <CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com> <CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com> <CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com> <CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com> <l1udst$uos$1@ger.gmane.org> <CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com> <l1uhld$d68$1@ger.gmane.org>
<CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: e179079149.adsl.alicedsl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:24.0) Gecko/20100101 Thunderbird/24.0
In-Reply-To: <CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com>
X-Spam-Score: -2.4 (--)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [80.91.229.3 listed in list.dnswl.org]
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.1 DKIM_ADSP_ALL No valid author signature,
domain signs all mail
-0.0 SPF_PASS SPF: sender matches SPF record
-2.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
X-Headers-End: 1VOnlN-0004KP-BJ
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 12:00:15 -0000
On 09/25/2013 01:45 PM, Mike Hearn wrote:
> OK, it might fit if you don't use any of the features the protocol
> provides :)
Now you're dver-dramaticing (-:
I'm just skipping one feature which I think is useless for QR codes
scanned in person.
> You can try it here:
Thanks. A typical request would be around 60 bytes, which should produce
an URL with around 100 chars. That should be fine for scanning, but I
will experiment.
> If you're thinking about governments and so on subverting CA's, then
> there is a plan for handling that (outside the Bitcoin world) called
> certificate transparency which is being implemented now.
Good to hear. Let's see if it gets momentum.
> Now when you are getting a QR code from the web, it's already being
> served over HTTPS. So if you're up against an attacker who can break a
> CA in order to steal your money, then you already lose, the QRcode
> itself as MITMd.
Sure. I was talking about QR codes scanned in person.
> In the Bluetooth case we might have to keep the address around and use
> it to do ECDHE or something like that.
Yeah, will look at that as soon as we're implementing the payment
protocol fully.
|
