1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <alexy.kot.all@gmail.com>) id 1WmNyO-0000fX-Pc
for bitcoin-development@lists.sourceforge.net;
Mon, 19 May 2014 13:51:24 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.128.174 as permitted sender)
client-ip=209.85.128.174; envelope-from=alexy.kot.all@gmail.com;
helo=mail-ve0-f174.google.com;
Received: from mail-ve0-f174.google.com ([209.85.128.174])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WmNyM-0005BH-RJ
for bitcoin-development@lists.sourceforge.net;
Mon, 19 May 2014 13:51:24 +0000
Received: by mail-ve0-f174.google.com with SMTP id jw12so6363272veb.5
for <bitcoin-development@lists.sourceforge.net>;
Mon, 19 May 2014 06:51:17 -0700 (PDT)
X-Received: by 10.58.89.242 with SMTP id br18mr257150veb.66.1400507477141;
Mon, 19 May 2014 06:51:17 -0700 (PDT)
MIME-Version: 1.0
Sender: alexy.kot.all@gmail.com
Received: by 10.58.211.135 with HTTP; Mon, 19 May 2014 06:50:34 -0700 (PDT)
In-Reply-To: <CANg-TZAFdmPBj_+U=jbhP_t9Gb-yZ-8LMtGzj+6ub=qWcLP0UQ@mail.gmail.com>
References: <BAY173-W1475F72C70BC089A82C20FCC300@phx.gbl>
<5377892C.8080402@gmail.com>
<CAAS2fgS-Ewj3T0-d=h7ET9dCz3+NPPYVOLDWd7T7oYY95x-sUA@mail.gmail.com>
<CALDj+Bbsb6JiLabTBx21k02dDvnmZZDCXmJ2mnh7DngBon202w@mail.gmail.com>
<lla87r$l7j$1@ger.gmane.org>
<CALDj+BaQ5sn9_=KAmNUUbmDva2g3mabm_wmcL_gibLyci5zFUQ@mail.gmail.com>
<CANg-TZAFdmPBj_+U=jbhP_t9Gb-yZ-8LMtGzj+6ub=qWcLP0UQ@mail.gmail.com>
From: Alex Kotenko <alexykot@gmail.com>
Date: Mon, 19 May 2014 14:50:34 +0100
X-Google-Sender-Auth: jIZt-8z96Bcnd9tgl7U06aQAS-o
Message-ID: <CALDj+BYoP9=13b4=jLCBjEwectY-+pp3Y1wMAP4z=ydEoTM5Nw@mail.gmail.com>
To: Brooks Boyd <boydb@midnightdesign.ws>
Content-Type: multipart/alternative; boundary=047d7b471fb0ae2e5704f9c10eea
X-Spam-Score: -0.3 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(alexy.kot.all[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WmNyM-0005BH-RJ
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Paper Currency
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 13:51:25 -0000
--047d7b471fb0ae2e5704f9c10eea
Content-Type: text/plain; charset=UTF-8
Asking random ignorant stranger to care to protect themselves never works.
We need solution that requires strictly zero effort.
Best regards,
Alex Kotenko
2014-05-19 14:06 GMT+01:00 Brooks Boyd <boydb@midnightdesign.ws>:
> >> 2014-05-18 13:14 GMT+01:00 Andreas Schildbach <andreas@schildbach.de>:
> >> One problem we couldn't figure out here though - how to protect the
> >> notes from unauthorized redeem. Like if someone else tries to reach your
> >> wallet with his own NFC - how can we distinguish between deliberate
> >> redeem by owner and fraudulent redeem by anybody else with custom built
> >> long range NFC antenna? Any ideas?
> >>
> >> I think you'd need multiple factors to protect against that attack. Like
> >> encrypting with a key that is printed on the note as an QR code.
> >
> >On Sun, May 18, 2014 at 7:51 AM, Alex Kotenko <alexykot@gmail.com> wrote:
> >
> > Yes, but it must not sacrifice usability. It's paper money, people are
> used to it and they have rather high standard of expectations in this area.
> Any usbility sacrifices in this area result into failure of the whole thing.
> >
> > Best regards,
> > Alex Kotenko
>
> One thought I had reading through this exchange: I think the general
> public is becoming more aware of the "hacker with a long range
> antenna" sort of attack, since credit cards are getting microchips
> that can be scanned. There's a few videos I've seen of white hat
> hackers demonstrating how a suitcase-sized apparatus carried by
> someone walking down the street can scan and make charges on cards in
> people's pockets as the attacker brushes past. Hence RFID-blocking
> sleeves/wallets are on the market, such that your smart credit card
> can't make a purchase while its in your wallet. Is a RFID-blocking
> wallet also NFC-blocking? Irregardless of whatever "future cash" you
> choose to carry (be it credit card or bitcoin card/coin/cash), perhaps
> its the wallet/purse that needs an upgrade, to ensure your money
> doesn't spend itself while its in your pocket, but you can easily
> remove it and spend it conveniently?
>
> Brooks
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--047d7b471fb0ae2e5704f9c10eea
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:courier =
new,monospace;color:#003300">Asking random ignorant stranger to care to pro=
tect themselves never works. We need solution that requires strictly zero e=
ffort.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br clear=
=3D"all"><div><div dir=3D"ltr"><span style=3D"color:rgb(0,51,0);font-family=
:'courier new',monospace">Best regards,=C2=A0</span><div><div><div =
style=3D"text-align:left">
<font color=3D"#003300" face=3D"'courier new', monospace" style=3D"=
text-align:-webkit-auto">Alex Kotenko</font></div></div></div></div></div>
<br><br><div class=3D"gmail_quote">2014-05-19 14:06 GMT+01:00 Brooks Boyd <=
span dir=3D"ltr"><<a href=3D"mailto:boydb@midnightdesign.ws" target=3D"_=
blank">boydb@midnightdesign.ws</a>></span>:<br><blockquote class=3D"gmai=
l_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left=
:1ex">
<div class=3D"">>> 2014-05-18 13:14 GMT+01:00 Andreas Schildbach <=
<a href=3D"mailto:andreas@schildbach.de">andreas@schildbach.de</a>>:<br>
>> One problem we couldn't figure out here though - how to protec=
t the<br>
>> notes from unauthorized redeem. Like if someone else tries to reac=
h your<br>
>> wallet with his own NFC - how can we distinguish between deliberat=
e<br>
>> redeem by owner and fraudulent redeem by anybody else with custom =
built<br>
>> long range NFC antenna? Any ideas?<br>
>><br>
>> I think you'd need multiple factors to protect against that at=
tack. Like<br>
>> encrypting with a key that is printed on the note as an QR code.<b=
r>
><br>
</div><div class=3D"">>On Sun, May 18, 2014 at 7:51 AM, Alex Kotenko <=
;<a href=3D"mailto:alexykot@gmail.com">alexykot@gmail.com</a>> wrote:<br=
>
><br>
> Yes, but it must not sacrifice usability. It's paper money, people=
are used to it and they have rather high standard of expectations in this =
area. Any usbility sacrifices in this area result into failure of the whole=
thing.<br>
><br>
> Best regards,<br>
> Alex Kotenko<br>
<br>
</div>One thought I had reading through this exchange: I think the general<=
br>
public is becoming more aware of the "hacker with a long range<br>
antenna" sort of attack, since credit cards are getting microchips<br>
that can be scanned. There's a few videos I've seen of white hat<br=
>
hackers demonstrating how a suitcase-sized apparatus carried by<br>
someone walking down the street can scan and make charges on cards in<br>
people's pockets as the attacker brushes past. Hence RFID-blocking<br>
sleeves/wallets are on the market, such that your smart credit card<br>
can't make a purchase while its in your wallet. Is a RFID-blocking<br>
wallet also NFC-blocking? Irregardless of whatever "future cash" =
you<br>
choose to carry (be it credit card or bitcoin card/coin/cash), perhaps<br>
its the wallet/purse that needs an upgrade, to ensure your money<br>
doesn't spend itself while its in your pocket, but you can easily<br>
remove it and spend it conveniently?<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Brooks<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
---------------------------------------------------------------------------=
---<br>
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE=
<br>
Instantly run your Selenium tests across 300+ browser/OS combos.<br>
Get unparalleled scalability from the best Selenium testing platform availa=
ble<br>
Simple to use. Nothing to install. Get started now for free."<br>
<a href=3D"http://p.sf.net/sfu/SauceLabs" target=3D"_blank">http://p.sf.net=
/sfu/SauceLabs</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div></div>
--047d7b471fb0ae2e5704f9c10eea--
|