📅 Original date posted:2014-03-01
📝 Original message:We currently have subtle positive feedback of a signed payment request in
the form of the green background. Unsigned requests simply show up without
the green background, as well as requests which provide a certificate but
have a missing or invalid signature.
There's a open bug (#3628) and pull request (#3684) to provide negative
feedback (yellow background) for a missing or invalid signature, but it
seems like there's some debate on whether bitcoind should do that...
If an attacker can avoid the negative feedback by just stripping the
signature and setting pki_type to none, then arguably there's no security
benefit by singling out badly signed payment requests from unsigned
payment requests.
So perhaps the root problem is that the positive feedback (green
background) is not strong enough to make its absence highly conspicuous to
the end user.
As an aside, how could we go about implementing the equivalent of HTTP
Strict Transport Security for payment protocol to prevent this trivial
signature stripping attack? Is this a possible extension field merchants
are interested in?
Jeremy Spilman [ARCHIVE] /
npub10e…jc727
2023-06-07 15:14:06
in reply to nevent1q…gn5x
Author Public Key
npub10etkvm8l0jr0jsgdx02dxnhnu5g989dnca90guj5rklwkaplnh3sgjc727Published at
2023-06-07 15:14:06Event JSON
{
"id": "df0d64e5bc361ba0c52ec0e003b8b634061274e7b4ed4e81d160f5de910a3226",
"pubkey": "7e57666cff7c86f9410d33d4d34ef3e5105395b3c74af472541dbeeb743f9de3",
"created_at": 1686150846,
"kind": 1,
"tags": [
[
"e",
"9e5166865ea533e5be06a6a9b8186c1848240f9dd657628bef4a313ebd83313b",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2014-03-01\n📝 Original message:We currently have subtle positive feedback of a signed payment request in \nthe form of the green background. Unsigned requests simply show up without \nthe green background, as well as requests which provide a certificate but \nhave a missing or invalid signature.\n\nThere's a open bug (#3628) and pull request (#3684) to provide negative \nfeedback (yellow background) for a missing or invalid signature, but it \nseems like there's some debate on whether bitcoind should do that...\n\nIf an attacker can avoid the negative feedback by just stripping the \nsignature and setting pki_type to none, then arguably there's no security \nbenefit by singling out badly signed payment requests from unsigned \npayment requests.\n\nSo perhaps the root problem is that the positive feedback (green \nbackground) is not strong enough to make its absence highly conspicuous to \nthe end user.\n\nAs an aside, how could we go about implementing the equivalent of HTTP \nStrict Transport Security for payment protocol to prevent this trivial \nsignature stripping attack? Is this a possible extension field merchants \nare interested in?",
"sig": "a446ffe8cd39f3386c62821b15629a62e56df11454d83ba52cd0ed6bd0a611fb3db6f2b1633a1824dc75760b7bc86cd37570689c18120eb7dee10c268c5a6fe4"
}