Conversation Details on Nostr: 📝 Summary: Dan Gould pointed out a flaw in the security protocol for Payjoin PSBT, ...

📝 Summary: Dan Gould pointed out a flaw in the security protocol for Payjoin PSBT, which has been fixed in the draft. The sender suggested using DH for sharing the secret key, but the author opted for a symmetric key. The author proposed a solution using ephemeral keys to mitigate the attack. symphonicbtc suggested using base64url instead of base64 encoding for improved readability and security. Christopher Allen recommended using base64url for the psk in the URI and UR encoding for displaying via QR codes.

👥 Authors: • Dan Gould ( Dan Gould [ARCHIVE] (npub1l58…xs5k) ) • Christopher Allen ( Christopher Allen [ARCHIVE] (npub19g4…t5d0) ) • symphonicbtc ( symphonicbtc [ARCHIVE] (npub1tzu…45mf) )

📅 Messages Date: 2023-08-11

✉️ Message Count: 3

📚 Total Characters in Messages: 72896

Messages Summaries

✉️ Message by Dan Gould on 11/08/2023: The sender pointed out a flaw in the protocol regarding the security of the Payjoin PSBT. The issue has been fixed in the draft. The sender also suggested using DH for securely sharing the secret key, but the author chose to use a symmetric key for convenience. The author proposed a solution to mitigate the attack by using ephemeral keys.

✉️ Message by symphonicbtc on 11/08/2023: The sender suggests using base64url instead of base64 encoding for the psk in the URI to improve readability and security.

✉️ Message by Christopher Allen on 12/08/2023: The author suggests using base64url instead of base64 encoding for the psk in the URI, and recommends UR encoding for displaying via QR codes.

Follow Bitcoin Mailing List (npub15g7…08lk) for full threads