📅 Original date posted:2014-03-20
📝 Original message:On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:
> Yes, this overlaps somewhat with the PKI signing in BIP70, but not
> entirely - you might want to serve unsigned payment requests, but
> still have confidentiality and authenticity for a local face to face
> transaction. The signing and encryption does different things
I'm not sure if this what you're getting at, but in a common
face-to-face scenario, it really doesn't overlap so much (in that the
PKI in BIP70 isn't really helpful).
It's not unusual, in a face-to-face transaction at a bricks-and-mortar
establishment, that you know neither the legal name of the entity
running the establishment, nor any electronic identifier (domain name,
email address) that might be presented to you in an X.509 certificate,
even if such a certificate is presented in the PaymentRequest.
In many cases I want/need to simply be assured that I am paying "the
person/organisation which operates that machine behind the counter,
right there".
In many ways I'll miss the simplicity of BIP21 QR codes for
face-to-face transactions - because in this use case the payment
protocol complicates (and in many cases weakens) the assurance that
you really are paying the entity that prepared the QR code.
roy
Roy Badami [ARCHIVE] /
npub1tr…0f95j
2023-06-07 15:14:25
in reply to nevent1q…pcsm
Author Public Key
npub1trckpcxmceskq4cykxgwxm63n8ugrjrpu5mk83c90e4upsf7d9gqf0f95jPublished at
2023-06-07 15:14:25Event JSON
{
"id": "e994e67a48112962dc6a9149d21e8f0e3e3804f3da2cbd7a49db6e4a9db6dfbe",
"pubkey": "58f160e0dbc661605704b190e36f5199f881c861e53763c7057e6bc0c13e6950",
"created_at": 1686150865,
"kind": 1,
"tags": [
[
"e",
"d70d8d12a406cb1c9a067111bb9c717b35fd85b951e12f89e562fccc2fad4277",
"",
"root"
],
[
"e",
"ba158910d05f59cdd095fb87ac8a9990984596cc61a74e9bc9325f8f10ea2831",
"",
"reply"
],
[
"p",
"ac99e5ca3122fca258fbfcb6cb62d10d4dba423b3243251cbc0c4e0042656dec"
]
],
"content": "📅 Original date posted:2014-03-20\n📝 Original message:On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:\n\n\u003e Yes, this overlaps somewhat with the PKI signing in BIP70, but not\n\u003e entirely - you might want to serve unsigned payment requests, but\n\u003e still have confidentiality and authenticity for a local face to face\n\u003e transaction. The signing and encryption does different things\n\nI'm not sure if this what you're getting at, but in a common\nface-to-face scenario, it really doesn't overlap so much (in that the\nPKI in BIP70 isn't really helpful).\n\nIt's not unusual, in a face-to-face transaction at a bricks-and-mortar\nestablishment, that you know neither the legal name of the entity\nrunning the establishment, nor any electronic identifier (domain name,\nemail address) that might be presented to you in an X.509 certificate,\neven if such a certificate is presented in the PaymentRequest.\n\nIn many cases I want/need to simply be assured that I am paying \"the\nperson/organisation which operates that machine behind the counter,\nright there\".\n\nIn many ways I'll miss the simplicity of BIP21 QR codes for\nface-to-face transactions - because in this use case the payment\nprotocol complicates (and in many cases weakens) the assurance that\nyou really are paying the entity that prepared the QR code.\n\nroy",
"sig": "4a665ae31bacb9cc70784484feaed7cf9b2678e127fea292f7a6a0615441076dbeec7aa7d827f22e693a88f0140d2fe55ffb9f13a57daf8185b57a798600514e"
}