Return-Path: <dp@simplexum.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id BF3E7499
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 08:18:16 +0000 (UTC)
X-Greylist: delayed 00:06:37 by SQLgrey-1.7.6
Received: from mail.ruggedbytes.com (mail.ruggedbytes.com [88.99.30.248])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3CF6E76F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 08:18:16 +0000 (UTC)
Received: from mail.ruggedbytes.com (localhost [127.0.0.1])
	by mail.ruggedbytes.com (Postfix) with ESMTPS id D55102600548;
	Thu,  8 Nov 2018 08:11:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=simplexum.com;
	s=mail; t=1541664696;
	bh=L2ArbstCcgZXaUKFi9I5GH6zjYxvcfw3S6pUQZ8eblE=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References;
	b=YBsHey5S8tDManuyKxpxujtZHGwMw6pdPIdWJ2izjBnEqK6lGma0cN6zoQSRMC4A7
	SDLd7f670Lurhpb2qAxfjMcInjNlL8/+LhAhNcTxaAKoMdQVe7j8m1+ZafEsnmQzs7
	UmRJvToGj8Tnw+fsIRJ2f/ck+tNzeZ8AtZgmbjMs=
Date: Thu, 8 Nov 2018 13:11:30 +0500
From: Dmitry Petukhov <dp@simplexum.com>
To: bitcoin-dev@lists.linuxfoundation.org
Message-ID: <20181108131130.134b2d43@simplexum.com>
In-Reply-To: <prvlaj$8er$1@blaine.gmane.org>
References: <CAEPKjgeJX7-LaJNkVk0GKbC5KhOE0aT+otpa-N1EVtwC35m9LQ@mail.gmail.com>
	<prvlaj$8er$1@blaine.gmane.org>
Organization: simplexum.com
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 08 Nov 2018 09:40:22 +0000
Cc: Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 08:18:16 -0000


> Copying addresses to the clipboard should be discouraged, rather than
> supported.

Do you know any reasonably convenient mechanism for end user to
transfer an address from, say, a web page to the wallet address
input field ?

The clipboard is just a low-hanging fruit for malware, anyway. It just
the most easy point to replace an address. If the computer is
compromized, malware can edit the web page in the memory of the browser
process, for example. If it shown as QR code, malware can decode,
detect that it is an address, and replace the image of QR code.

I think that the only way to protect from this is to add some form of
authentication for an address - 2fa (transfer checksum via second
channel), visual fingerprints for addresses, that will are hard to
detect (and hence, replace) for malware, signing the destination address
with the key of an address that is already known and checking the
signature, etc.

The problem will be to come up with an address authentication procedure
that will be convenient for users and widely supported, as a result.