1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1VP5S2-0001tA-D3
for bitcoin-development@lists.sourceforge.net;
Thu, 26 Sep 2013 06:53:26 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.93 as permitted sender)
client-ip=62.13.148.93; envelope-from=pete@petertodd.org;
helo=outmail148093.authsmtp.net;
Received: from outmail148093.authsmtp.net ([62.13.148.93])
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1VP5Rz-0008VM-B9 for bitcoin-development@lists.sourceforge.net;
Thu, 26 Sep 2013 06:53:26 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id r8Q6bWOJ071346;
Thu, 26 Sep 2013 07:37:32 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r8Q6bKHb027635
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Thu, 26 Sep 2013 07:37:23 +0100 (BST)
Date: Thu, 26 Sep 2013 02:37:19 -0400
From: Peter Todd <pete@petertodd.org>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Message-ID: <20130926063719.GA13640@savin>
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com>
<521298F0.20108@petersson.at>
<CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com>
<CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com>
<CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com>
<CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com>
<CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com>
<l1udst$uos$1@ger.gmane.org>
<CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com>
<CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
In-Reply-To: <CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 1a44548d-2676-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
bgdMdAQUC1AEAgsB AmUbW1NeU1p7W2A7 bAxPbAVDY01GQQRq
WVdMSlVNFUsqCX0H VGVmABlwcANFfTBx Y09rXj5aDUB+cEJ1
FlNWE2oAeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA4zFy85 ShYeVQ01GlECTCI3
fVQMC2ZUQx5Vehpr dRN+AzoA
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1VP5Rz-0008VM-B9
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 06:53:26 -0000
--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Sep 25, 2013 at 01:35:48PM +0200, Melvin Carvalho wrote:
> On 25 September 2013 13:15, Mike Hearn <mike@plan99.net> wrote:
>=20
> > It won't fit. But I don't see the logic. A URI contains instructions for
> > making a payment. If that instruction is "pay to this address" or "down=
load
> > this file and do what you find there", it's no different unless there's
> > potential for a MITM attack. If the request URL is HTTPS or a secured
> > Bluetooth connection then there's no such possibility.
> >
>=20
> It depends on the attacker. I think a large entity such as a govt or big
> to medium size corporation *may* be able to MITM https, of course the
> incentive to do so is probably not there ...
=2E..until the Bitcoin payment protocol showed up and let anyone with the
ability to MITM https turn that ability into untraceable cash.
I won't be at all surprised if one of the most valuable things to come
out of the payment protocol using the SSL PKI infrastructure is to give
us a good understanding of exactly how it's broken, and to give everyone
involved good reasons to fix it.
Even if the flaws of SSL PKI were exploited as a way to harm bitcoin by
governments and other large players - and SSL PKI remained unfixed - I'd
much rather have that solid evidence that it was broken than not.
--=20
'peter'[:-1]@petertodd.org
--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJSQ9YfAAoJECSBQD2l8JH7VPsH/0eZf2UuCEPfwkFaLUGyIMba
YHLfr/ToXHv2y1Q9BpXIPuKWWzmj9CpwB5gI1hpp5vOoRBjPggV07eHqe9w5d1Ut
O7GOLxMP430LNYd57FlaOE1jaTs+dA/S3Wh6zv7+nq+4yZFQNagQE1Z+L+1UTMtc
0B3S90ueqn22K59QyYpTwzrMGHBibojVt87lWgYTrfJS3qU6d7s/cORM0yTnszdc
EefL4xjvmqY+RziMCL0Ve0eL1qTwnpjoLf8iZWNjM8AFgWqtwt20/m+ghQSo4Myz
OpiFmbaKFEqwWYnpR5G2hgQzIAdBGx4HL/2rYl4Wo9KuWJdtn8gh5OZl3QdbiiM=
=2nYF
-----END PGP SIGNATURE-----
--RnlQjJ0d97Da+TV1--
|
