๐
Original date posted:2023-08-13
๐๏ธ Summary of this message: The BIP has been updated to use a DH cryptosystem, ensuring that leaked BIP 21 URIs do not pose a risk of funds loss.
๐ Original message:
Thanks for weighing in Dave,
> On Aug 13, 2023, at 8:00 AM, bitcoin-dev-request at lists.linuxfoundation.org wrote:
>
>
> The way BItcoin users currently use BIP21 URIs and QR-encoded BIP21 URIs, posting them where evesdroppers can see
>
> โฆ
>
> I don't think it would be practical to change that expectation, and I think a protocol where evesdropping didn't create a risk of funds loss would be much better than one where that risk was created.
>
> dave at dtrt.org
The BIP has changed to adopt a DH cryptosystem where the receiver only shares a public key in the BIP 21 as part of the pj= endpoint since Adam posted comments. I agree enabling the simplest asynchronous experience while, as I gather youโre thinking, keeping the UX expectation that leaked BIP 21 URIs pose no risk for loss of funds is the right set of tradeoffs.
Dan
Dan Gould [ARCHIVE] /
npub1l5โฆnxs5k
2023-08-16 00:45:53
in reply to nevent1qโฆ9v3c
Author Public Key
npub1l58t68e4t3wgtva5enuvr4aaxxlut7srnhx88avfyfv25jzhkedq6nxs5kPublished at
2023-08-16 00:45:53Event JSON
{
"id": "a3f23d5f8757d4a272cdfa83285f2eafda80c44560cef4d8f8e99694a335e0cf",
"pubkey": "fd0ebd1f355c5c85b3b4ccf8c1d7bd31bfc5fa039dcc73f5892258aa4857b65a",
"created_at": 1692146753,
"kind": 1,
"tags": [
[
"e",
"571e85bbe337f54205cf5b3b2d7d465fa3d96627ea0c0fbacf74900a7074a361",
"",
"root"
],
[
"e",
"ed0ecf435249cc77a525a856c6d4566d45836c1597911bc9a8dd25cf9f344dcf",
"",
"reply"
],
[
"p",
"2a2be7532ec03e16fa6ff38360d30cc714893870cbd9fafbefeb1df2df858c4d"
]
],
"content": "๐
Original date posted:2023-08-13\n๐๏ธ Summary of this message: The BIP has been updated to use a DH cryptosystem, ensuring that leaked BIP 21 URIs do not pose a risk of funds loss.\n๐ Original message:\nThanks for weighing in Dave,\n\n\u003e On Aug 13, 2023, at 8:00 AM, bitcoin-dev-request at lists.linuxfoundation.org wrote:\n\u003e \n\u003e \n\n\u003e The way BItcoin users currently use BIP21 URIs and QR-encoded BIP21 URIs, posting them where evesdroppers can see\n\u003e \n\u003e โฆ\n\u003e \n\u003e I don't think it would be practical to change that expectation, and I think a protocol where evesdropping didn't create a risk of funds loss would be much better than one where that risk was created.\n\u003e \n\u003e dave at dtrt.org\n\nThe BIP has changed to adopt a DH cryptosystem where the receiver only shares a public key in the BIP 21 as part of the pj= endpoint since Adam posted comments. I agree enabling the simplest asynchronous experience while, as I gather youโre thinking, keeping the UX expectation that leaked BIP 21 URIs pose no risk for loss of funds is the right set of tradeoffs.\n\nDan",
"sig": "02ae17ea37369099b220362539f72e96caa65b466a88b229e4420094985ce1062b394860a3c3b3470ce44ef4ea09a6a929ae4422e7c8950a703f5d58049388b2"
}