Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <drwho@virtadpt.net>) id 1VOsBj-0000q8-A8
	for bitcoin-development@lists.sourceforge.net;
	Wed, 25 Sep 2013 16:43:43 +0000
X-ACL-Warn: 
Received: from mail-ye0-f171.google.com ([209.85.213.171])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1VOsBf-0007j0-UL
	for bitcoin-development@lists.sourceforge.net;
	Wed, 25 Sep 2013 16:43:43 +0000
Received: by mail-ye0-f171.google.com with SMTP id q3so2302761yen.16
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 25 Sep 2013 09:43:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:date:from:reply-to:organization
	:user-agent:mime-version:to:subject:references:in-reply-to:openpgp
	:content-type:content-transfer-encoding;
	bh=V2n+sW7WkhvX08LzzWg78Sm7ZeyDwUpaPJ59c+Ju2FY=;
	b=BdUoFxbtKVTcBqnZRV+WPZeQr5MjaVf8xmKpcCy4qmvjp4fKWsxcWBML3YAOcAZlw5
	j1f1dqwrTJXDBFr3x5rDmxAh6Ep868yd4EpYFdDqwOKiExNNap8rgTsLttatHtGC3Ueb
	e7FsVixFjgnfU560HvJsM3YiEflV9/gtyU/9pzlWboh1wfNgoLioT06MaF8oToEasy+3
	0Oxb5QO2b4aCbG9GEWEx/gb7UqBy4y+OtXkEIWmrzLuv+sx47Cd5KsKT4mJv0clhArgn
	e+mi8eiRHSj1V46AckMA4m+PVHNOg3fAMlR+Il1n2HvL02FJ2PixW1q61t8bAApg/d+e
	dVjQ==
X-Gm-Message-State: ALoCoQk63LjgwNgvoaUqy6039ujQ0fqsVnlwmfyOoGNZPelGQQvV0fXzw0K6F3vpzVqNustBvlvO
X-Received: by 10.236.100.144 with SMTP id z16mr7083233yhf.9.1380125566530;
	Wed, 25 Sep 2013 09:12:46 -0700 (PDT)
Received: from windbringer.virtadpt.net
	(static-108-18-135-163.washdc.fios.verizon.net. [108.18.135.163])
	by mx.google.com with ESMTPSA id
	y46sm21615429yhy.18.1969.12.31.16.00.00
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Wed, 25 Sep 2013 09:12:46 -0700 (PDT)
Message-ID: <52430B7D.70900@virtadpt.net>
Date: Wed, 25 Sep 2013 12:12:45 -0400
From: The Doctor <drwho@virtadpt.net>
Organization: Virtual Adept Networks, Unlimited
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130514 Thunderbird/17.0.6
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com>
	<521298F0.20108@petersson.at>
	<CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com>
	<CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com>
	<CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com>
	<CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com>
	<CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com>
	<l1udst$uos$1@ger.gmane.org>
	<CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com>
	<CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com>
In-Reply-To: <CAKaEYhJDBqvynXpLHg6dumgtKVkLNkFPtWoS4ybHgm=p9Vvzhw@mail.gmail.com>
X-Enigmail-Version: 1.5.1
OpenPGP: id=807B17C1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1VOsBf-0007j0-UL
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: drwho@virtadpt.net
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 16:43:43 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/25/2013 07:35 AM, Melvin Carvalho wrote:

> It depends on the attacker.  I think a large entity such as a govt
> or big to medium size corporation *may* be able to MITM https, of
> course the incentive to do so is probably not there ...

DLP (data loss prevention) products usually have MITM capability, to
make sure that proprietary information isn't being exfiltrated.  Also,
some companies have full packet capture policies.  The technology is
out there and people buy and use it.  Whether or not they're going to
care about Bitcoin URIs in the short term, I don't know.

Some of the companies documented here have such products:

http://bluecabinet.info/wiki/Blue_cabinet#List_of_companies

You are correct in that the incentive to carry out MITM attacks in
this use case may not be there.  However, detecting transactions may
be more useful to an attacker than meddling with them.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Shiloh?  Is your name Shiloh?  Can I talk to you?"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJDC30ACgkQO9j/K4B7F8FungCgyQtkyiQIekhlv1/Nqdd/JAIV
3EgAoKW8wTOI11lEq0ieOsRiQmnkM9w6
=W50W
-----END PGP SIGNATURE-----