Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VOnlP-0006CO-5u for bitcoin-development@lists.sourceforge.net; Wed, 25 Sep 2013 12:00:15 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of m.gmane.org designates 80.91.229.3 as permitted sender) client-ip=80.91.229.3; envelope-from=gcbd-bitcoin-development@m.gmane.org; helo=plane.gmane.org; Received: from plane.gmane.org ([80.91.229.3]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1VOnlN-0004KP-BJ for bitcoin-development@lists.sourceforge.net; Wed, 25 Sep 2013 12:00:15 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VOnlE-0000Ib-Ib for bitcoin-development@lists.sourceforge.net; Wed, 25 Sep 2013 14:00:04 +0200 Received: from e179079149.adsl.alicedsl.de ([85.179.79.149]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 25 Sep 2013 14:00:04 +0200 Received: from andreas by e179079149.adsl.alicedsl.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 25 Sep 2013 14:00:04 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: bitcoin-development@lists.sourceforge.net From: Andreas Schildbach Date: Wed, 25 Sep 2013 13:59:52 +0200 Message-ID: References: <521298F0.20108@petersson.at> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: e179079149.adsl.alicedsl.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: X-Spam-Score: -2.4 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [80.91.229.3 listed in list.dnswl.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.1 DKIM_ADSP_ALL No valid author signature, domain signs all mail -0.0 SPF_PASS SPF: sender matches SPF record -2.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1VOnlN-0004KP-BJ Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Sep 2013 12:00:15 -0000 On 09/25/2013 01:45 PM, Mike Hearn wrote: > OK, it might fit if you don't use any of the features the protocol > provides :) Now you're dver-dramaticing (-: I'm just skipping one feature which I think is useless for QR codes scanned in person. > You can try it here: Thanks. A typical request would be around 60 bytes, which should produce an URL with around 100 chars. That should be fine for scanning, but I will experiment. > If you're thinking about governments and so on subverting CA's, then > there is a plan for handling that (outside the Bitcoin world) called > certificate transparency which is being implemented now. Good to hear. Let's see if it gets momentum. > Now when you are getting a QR code from the web, it's already being > served over HTTPS. So if you're up against an attacker who can break a > CA in order to steal your money, then you already lose, the QRcode > itself as MITMd. Sure. I was talking about QR codes scanned in person. > In the Bluetooth case we might have to keep the address around and use > it to do ECDHE or something like that. Yeah, will look at that as soon as we're implementing the payment protocol fully.