1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <eric@voskuil.org>) id 1YJUdZ-0007UF-1T
for bitcoin-development@lists.sourceforge.net;
Thu, 05 Feb 2015 22:11:01 +0000
X-ACL-Warn:
Received: from mail-pa0-f49.google.com ([209.85.220.49])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YJUdX-0007pU-Is
for bitcoin-development@lists.sourceforge.net;
Thu, 05 Feb 2015 22:11:01 +0000
Received: by mail-pa0-f49.google.com with SMTP id fa1so12685658pad.8
for <bitcoin-development@lists.sourceforge.net>;
Thu, 05 Feb 2015 14:10:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:references:mime-version:in-reply-to:content-type
:content-transfer-encoding:message-id:cc:from:subject:date:to;
bh=osK2HTpUMJ0eeitHMOGygI8wzsZjJMI8X8eIp6CFJHs=;
b=Vt2ZiOnQLIb6nh+5gi4/VqpEIU5c+J7rJgp1LxhEVw3pZd/wN0yfQblVYOA1KN5rt2
TIIB0FNxUzSGC0Fkj6UBerlhyLnELB8o//xG6A8ZNF8Z9rbyskeoN6O5d6ukqYKcWE/W
TBiN3KVOG1+27DqzimJco2I19xp6uhwGorZyTjAbeJBu2Hs+6mv8OXfHvre8zCNdsDUP
B2FKHGBT7dZ5alBoqKv9F2VXHjJ67E7LQNxAXNWIt08ugsUaznmHSL8HyG3rCuJpeDLi
bL+hRoacs0S+5R+gHjOyj7bqnhFaw+DQ7/BPyAYK1Z/jZ9sIyXgaaCNdmSAI1Q1s7chN
cJIw==
X-Gm-Message-State: ALoCoQkShBcgzAWBwOHozI92lPBbb7Tq5AM/07UWIpZLdB/RRZXKACjIY3KvotlKHL11iqThXqZ2
X-Received: by 10.70.91.201 with SMTP id cg9mr531784pdb.57.1423174253946;
Thu, 05 Feb 2015 14:10:53 -0800 (PST)
Received: from [10.195.38.15] ([166.170.37.215])
by mx.google.com with ESMTPSA id dz2sm4460749pbc.55.2015.02.05.14.10.53
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Thu, 05 Feb 2015 14:10:53 -0800 (PST)
References: <CABdy8DKS4arkkCLGC=66SUJm5Ugib1EWP7B6MkQRX1k-yd3WBw@mail.gmail.com>
<CANEZrP3v=ySS4gragaWuBMWi_swocRRRq_kw2edo6+9kifgrFQ@mail.gmail.com>
<54D3D636.1030308@voskuil.org>
<CANEZrP3ekWQWeV=Yw_E=n0grORBLHaXLUh3w0EFQdz=HsjWvZw@mail.gmail.com>
<279489A5-1E46-48A2-8F58-1A25821D4D96@gmail.com>
<CANEZrP3VAWajxE=mNxb6sLSQbhaQHD=2TgRKvYrEax2PAzCi2A@mail.gmail.com>
<6AEDF3C4-DEE0-4E31-83D0-4FD92B125452@voskuil.org>
<CABdy8DLRGyy5dvmVb_B3vao7Qwz-zdAC3-+2nJkg9rSsU6FLbw@mail.gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CABdy8DLRGyy5dvmVb_B3vao7Qwz-zdAC3-+2nJkg9rSsU6FLbw@mail.gmail.com>
Content-Type: multipart/alternative;
boundary=Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Transfer-Encoding: 7bit
Message-Id: <C28CD881-DAB8-4EDB-B239-7D45A825EAF0@voskuil.org>
X-Mailer: iPhone Mail (12B440)
From: Eric Voskuil <eric@voskuil.org>
Date: Thu, 5 Feb 2015 14:10:51 -0800
To: Paul Puey <paul@airbitz.co>
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
-0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1YJUdX-0007pU-Is
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal for P2P Wireless (Bluetooth LE)
transfer of Payment URI
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 05 Feb 2015 22:11:01 -0000
--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
A MITM can receive the initial broadcast and then spoof it by jamming the or=
iginal. You then only see one.
e
> On Feb 5, 2015, at 2:07 PM, Paul Puey <paul@airbitz.co> wrote:
>=20
> So if you picked up the BLE broadcast request. All you know is that *someo=
ne* within 100m is requesting bitcoin at a certain address. Not necessarily w=
ho. The *name* is both optional, and possibly just a *handle* of the user. I=
f I'm sitting 5 ft away from someone at dinner and wanted to pay them via BL=
E, I might see "Monkey Dude" on my list and simply ask him "is that you?" If=
so, I send it. If there are two "Monkey Dude's" Then I have to bother with t=
he address prefix, but not otherwise.
>=20
>> On Thu, Feb 5, 2015 at 1:46 PM, Eric Voskuil <eric@voskuil.org> wrote:
>> BLE has an advertised range of over 100m.=20
>>=20
>> http://www.bluetooth.com/Pages/low-energy-tech-info.aspx
>>=20
>> In the case of mass surveillance that range could most likely be extended=
dramatically by the reviewer. I've seen WiFi ranges of over a mile with a s=
trong (not FCC approved) receiver.
>>=20
>> WiFi hotspots don't have strong identity or a guaranteed position, so the=
y can't be trusted for location.
>>=20
>> e
>>=20
>> On Feb 5, 2015, at 1:36 PM, Mike Hearn <mike@plan99.net> wrote:
>>=20
>>>> This sounds horrible. You could basically monitor anyone with a wallet i=
n a highly populated area and track them super easily by doing facial recogn=
ition.
>>>=20
>>> We're talking about BLE, still? The radio tech that runs in the so calle=
d "junk bands" because propagation is so poor?
>>>=20
>>> My watch loses its connection to my phone if I just put it down and walk=
around my apartment. I'm all for reasonable paranoia, but Bluetooth isn't g=
oing to be enabling mass surveillance any time soon. It barely goes through a=
ir, let alone walls.
>>>=20
>>> Anyway, whatever. I'm just bouncing around ideas for faster user interfa=
ces. You could always switch it off or set it to be triggered by the presenc=
e of particular wifi hotspots, if you don't mind an initial bit of setup.
>>>=20
>>> Back on topic - the debate is interesting, but I think to get this to th=
e stage of being a BIP we'd need at least another wallet to implement it? Th=
en I guess a BIP would be useful regardless of the design issues. The prefix=
matching still feels flaky to me but it's hard to know if you could really s=
wipe payments out of the air in practice, without actually trying it.
>=20
--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>A MITM can receive the initial broadca=
st and then spoof it by jamming the original. You then only see one.</div><d=
iv><br></div><div>e<br></div><div><br>On Feb 5, 2015, at 2:07 PM, Paul Puey &=
lt;<a href=3D"mailto:paul@airbitz.co">paul@airbitz.co</a>> wrote:<br><br>=
</div><blockquote type=3D"cite"><div><div dir=3D"ltr">So if you picked up th=
e BLE broadcast request. All you know is that *someone* within 100m is reque=
sting bitcoin at a certain address. Not necessarily who. The *name* is both o=
ptional, and possibly just a *handle* of the user. If I'm sitting 5 ft away f=
rom someone at dinner and wanted to pay them via BLE, I might see "Monkey Du=
de" on my list and simply ask him "is that you?" If so, I send it. If there a=
re two "Monkey Dude's" Then I have to bother with the address prefix, but no=
t otherwise.</div><div class=3D"gmail_extra">
<br><div class=3D"gmail_quote">On Thu, Feb 5, 2015 at 1:46 PM, Eric Voskuil <=
span dir=3D"ltr"><<a href=3D"mailto:eric@voskuil.org" target=3D"_blank">e=
ric@voskuil.org</a>></span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div d=
ir=3D"auto"><div>BLE has an advertised range of over 100m. </div><div><=
br></div><div><a href=3D"http://www.bluetooth.com/Pages/low-energy-tech-info=
.aspx" target=3D"_blank">http://www.bluetooth.com/Pages/low-energy-tech-info=
.aspx</a><br><br><span style=3D"background-color:rgba(255,255,255,0)">In the=
case of mass surveillance that range could most likely be extended dramatic=
ally by the reviewer. I've seen WiFi ranges of over a mile with a stro=
ng (not FCC approved) receiver.</span></div><div><span style=3D"background-c=
olor:rgba(255,255,255,0)"><br></span></div><div>WiFi hotspots don't have str=
ong identity or a guaranteed position, so they can't be trusted for location=
.</div><div><span style=3D"background-color:rgba(255,255,255,0)"><br></span>=
</div><div><span style=3D"background-color:rgba(255,255,255,0)">e</span></di=
v><div><br>On Feb 5, 2015, at 1:36 PM, Mike Hearn <<a href=3D"mailto:mike=
@plan99.net" target=3D"_blank">mike@plan99.net</a>> wrote:<br><br></div><=
blockquote type=3D"cite"><div><div dir=3D"ltr"><div class=3D"gmail_extra"><d=
iv class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><di=
v>This sounds horrible. You could basically monitor anyone with a wallet in a=
highly populated area and track them super easily by doing facial recogniti=
on.</div></div></blockquote><div><br></div><div>We're talking about BLE, sti=
ll? The radio tech that runs in the so called "junk bands" because propagati=
on is so poor?</div><div><br></div><div>My watch loses its connection to my p=
hone if I just put it down and walk around my apartment. I'm all for reasona=
ble paranoia, but Bluetooth isn't going to be enabling mass surveillance any=
time soon. It barely goes through air, let alone walls.</div><div><br></div=
><div>Anyway, whatever. I'm just bouncing around ideas for faster user inter=
faces. You could always switch it off or set it to be triggered by the prese=
nce of particular wifi hotspots, if you don't mind an initial bit of setup.<=
/div><div><br></div><div>Back on topic - the debate is interesting, but I th=
ink to get this to the stage of being a BIP we'd need at least another walle=
t to implement it? Then I guess a BIP would be useful regardless of the desi=
gn issues. The prefix matching still feels flaky to me but it's hard to know=
if you could really swipe payments out of the air in practice, without actu=
ally trying it.</div><div><br></div><div><br></div></div></div></div>
</div></blockquote></div></blockquote></div><br></div>
</div></blockquote></body></html>=
--Apple-Mail-E29AADEE-165D-43DB-AF5B-B3EFDD9AD2D4--
|
