Return-Path: <jp@eeqj.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0C3B3ACA
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 17:12:21 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com
	[209.85.215.173])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8DF07862
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu,  8 Nov 2018 17:12:20 +0000 (UTC)
Received: by mail-pg1-f173.google.com with SMTP id 80so1169356pge.4
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 08 Nov 2018 09:12:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=eeqj-com.20150623.gappssmtp.com; s=20150623;
	h=from:content-transfer-encoding:mime-version:subject:date:references
	:to:in-reply-to:message-id;
	bh=1TfiWh1andrF8CY4DW0uP2qZAB9L4Xhl2+99wQZF5UY=;
	b=hL8qP/IEuVEdjeZ1xA2lDZu6utyCHh+EPp6axFS6lRUbjyECbGMsY1X4RrukARqzpw
	DZqL19VV+x2Ch6yu04OV1F5TtdAjjjQddftiMG+UsIVnOhVGSDyTcwQyRiyG0D4cyyXP
	K4HxoABJCDmWTJgxRIU0e0XlFupxg6dLh7x83pZ3ms7vDTTUTliyCWpnELyZj26z7nL0
	Tmxgfq6ASRn2qjQK3Gmh5eieGyAJ49lfAIBqCsLXj33dVdGt+fqzMPg07QYMIxZbOQYb
	crf+gEyWsCtWIHiP/QXB1k7lvKQSWnEdWXf2smTmZeb+0QOFu9aZOMnwDIuzWBkNJxnU
	TBCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:content-transfer-encoding:mime-version
	:subject:date:references:to:in-reply-to:message-id;
	bh=1TfiWh1andrF8CY4DW0uP2qZAB9L4Xhl2+99wQZF5UY=;
	b=Lemj2LEuvT1zu6elJHUKIAxhWpWvLegZjoBpCG5hB3owK5t/4PcasKs5fo1bS6cJHq
	VP1jrcxdbvTzPTV82cDd/CMgS729kThIkXi+aQnqq2jn2F1FkPU6smKGjskPpx4DXmTg
	rC+aKB9LMJILCyVASFEeIf1tUxKIcwMDJz4nPHOmras7Qpk0HT7vdP/vydxICk17tC0C
	nve66+DKIx+N2Zo3ZAVr50zTRQloRTuqaFzOVlHQgKsdY3AbyEdWGWs8SbTyUmBIlwBh
	4oeJQhpxSR1oVkeQTJ+Rrhcm42sJV9LOVILx8M4dl7VdSr50Wb70TQZFRHh9DBI+vuMD
	tNGw==
X-Gm-Message-State: AGRZ1gL/3063ViKD82odLxXUlyRGh8xnapab/IMoYL0peTFya3cCk6ID
	5RCvjuwnLpIC8TsCWugAwD9bdA==
X-Google-Smtp-Source: AJdET5fQI03fJuHLhd9tHIPAA8Ehrj1i5yAtSd+dDqYzsBTKdWCEJv0211T+WQcxJ+kVbzSFUeKF1w==
X-Received: by 2002:a62:ea10:: with SMTP id
	t16-v6mr5618671pfh.228.1541697139818; 
	Thu, 08 Nov 2018 09:12:19 -0800 (PST)
Received: from [10.100.202.252] (71-222-39-217.lsv2.qwest.net. [71.222.39.217])
	by smtp.gmail.com with ESMTPSA id m3sm321723pgl.69.2018.11.08.09.12.18
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 08 Nov 2018 09:12:18 -0800 (PST)
From: Jeffrey Paul <jp@eeqj.com>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Date: Thu, 8 Nov 2018 09:12:17 -0800
References: <CAEPKjgeJX7-LaJNkVk0GKbC5KhOE0aT+otpa-N1EVtwC35m9LQ@mail.gmail.com>
	<prvlaj$8er$1@blaine.gmane.org>
To: Andreas Schildbach <andreas@schildbach.de>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
In-Reply-To: <prvlaj$8er$1@blaine.gmane.org>
Message-Id: <87B5B4C0-380C-4DFC-85D0-D40D941F212C@eeqj.com>
X-Mailer: Apple Mail (2.3445.101.1)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 08 Nov 2018 17:16:40 +0000
Subject: Re: [bitcoin-dev] BIP Proposal - Address Paste Improvement
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 17:12:21 -0000



> On Nov 7, 2018, at 13:28, Andreas Schildbach via bitcoin-dev =
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>=20
> Copying addresses to the clipboard should be discouraged, rather than
> supported.
>=20
> It is an inherently insecure mechanism. Regardless of the OS used, any
> application can monitor the clipboard for Bitcoin addresses and =
replace
> any address with their own, usually without any specific permission or
> confirmation by the user. Effectively this steals Bitcoins if the user
> doesn't compare addresses manually.
>=20
> This is a real risk, as this kind of malware has already been seen.

One can also make the argument that if the user's clipboard is able to =
be read/modified, then their working environment is already compromised =
and that the responsibility is already not upon specific application =
software, but the user or OS.

Down here in the real world, an application that does not support =
copying and pasting of addresses is not an application that is very =
useful (to say the least) to many people who want to manage their own =
wallet, though I understand your desire to avoid such.  Perhaps offering =
alternatives such as supporting signed BIP70 payment requests is what =
you mean to do.

That said, I still think working around specific malware threats and =
vectors isn't the application's job, especially when doing so for a =
tiny, tiny fraction of users that have malware outweighs the needs of =
the 95%+ that need to support the "I have an address on my clipboard I =
need to pay" case.

Best,
-jp

--=20
Jeffrey Paul
+1 312 361 0355
+49 176 8058 2122 (signal)=