š
Original date posted:2014-03-20
š Original message:Hmm, is there any other way to do it? Can we provide a signed payment
request and verify the sign on receiving side and this way protect from
bluetooth MitM attack? Quick googling showed that SSL over bluetooth isn't
a very well developed area, and my own skills are not enough to quickly
implement a reliable secure solution here.
2014-03-20 10:36 GMT+00:00 Mike Hearn <mike at plan99.net>:
> Encoding entire payment requests into qrcodes is definitely not the way to
> go. They can already be large when signed and we're just at the start of
> adding features.
>
> Finishing off and standardising the bluetooth support is the way to go
> (r=bt:mac). Andreas' app already has some support for this I believe, so
> Alex you could prototype with that, but we need to:
>
> 1) Add an encryption/auth layer on top, because it runs over RFCOMM
> sockets. The authentication would require proof of owning the Bitcoin key
> that's in the address part of the URI (which is needed for backwards compat
> anyway).
>
> 2) Write a BIP for it and make sure it's interoperable
>
> For the auth layer we could either use SSL and then just ignore the server
> certificate and require signing of the session public key with the Bitcoin
> key, which should be easy to code up but is rather heavy on the air, or
> roll a custom lightweight thing where we just do a basic ECDH, with the
> servers key being the same as the address key. But rolling such protocols
> is subtle and I guess it'd need to be reviewed by people familiar with such
> things.
>
> This feels like a good opportunity to grow the community - perhaps we can
> find a volunteer in the forums who enjoys crypto.
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140320/83e79cbf/attachment.html>;
Alex Kotenko [ARCHIVE] /
npub14jā¦h00t4
2023-06-07 15:14:24
in reply to nevent1qā¦84dy
Author Public Key
npub14jv7tj33yt72yk8mljmvkck3p4xm5s3mxfpj289up38qqsn9dhkqeh00t4Seen on
wss://relay.nostr.bandPublished at
2023-06-07 15:14:24Event JSON
{
"id": "4557ef5ed02648cd97def67eabd9ca4861e26ff16ab86eef6e5a8f109e703a41",
"pubkey": "ac99e5ca3122fca258fbfcb6cb62d10d4dba423b3243251cbc0c4e0042656dec",
"created_at": 1686150864,
"kind": 1,
"tags": [
[
"e",
"d70d8d12a406cb1c9a067111bb9c717b35fd85b951e12f89e562fccc2fad4277",
"",
"root"
],
[
"e",
"a729cd47ba2df6b35bcbb24cd3c66096cf4cd47290ff7838e6cd42bb1bacfcca",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "š
Original date posted:2014-03-20\nš Original message:Hmm, is there any other way to do it? Can we provide a signed payment\nrequest and verify the sign on receiving side and this way protect from\nbluetooth MitM attack? Quick googling showed that SSL over bluetooth isn't\na very well developed area, and my own skills are not enough to quickly\nimplement a reliable secure solution here.\n\n\n2014-03-20 10:36 GMT+00:00 Mike Hearn \u003cmike at plan99.net\u003e:\n\n\u003e Encoding entire payment requests into qrcodes is definitely not the way to\n\u003e go. They can already be large when signed and we're just at the start of\n\u003e adding features.\n\u003e\n\u003e Finishing off and standardising the bluetooth support is the way to go\n\u003e (r=bt:mac). Andreas' app already has some support for this I believe, so\n\u003e Alex you could prototype with that, but we need to:\n\u003e\n\u003e 1) Add an encryption/auth layer on top, because it runs over RFCOMM\n\u003e sockets. The authentication would require proof of owning the Bitcoin key\n\u003e that's in the address part of the URI (which is needed for backwards compat\n\u003e anyway).\n\u003e\n\u003e 2) Write a BIP for it and make sure it's interoperable\n\u003e\n\u003e For the auth layer we could either use SSL and then just ignore the server\n\u003e certificate and require signing of the session public key with the Bitcoin\n\u003e key, which should be easy to code up but is rather heavy on the air, or\n\u003e roll a custom lightweight thing where we just do a basic ECDH, with the\n\u003e servers key being the same as the address key. But rolling such protocols\n\u003e is subtle and I guess it'd need to be reviewed by people familiar with such\n\u003e things.\n\u003e\n\u003e This feels like a good opportunity to grow the community - perhaps we can\n\u003e find a volunteer in the forums who enjoys crypto.\n\u003e\n\u003e\n\u003e ------------------------------------------------------------------------------\n\u003e Learn Graph Databases - Download FREE O'Reilly Book\n\u003e \"Graph Databases\" is the definitive new guide to graph databases and their\n\u003e applications. Written by three acclaimed leaders in the field,\n\u003e this first edition is now available. Download your free book today!\n\u003e http://p.sf.net/sfu/13534_NeoTech\n\u003e _______________________________________________\n\u003e Bitcoin-development mailing list\n\u003e Bitcoin-development at lists.sourceforge.net\n\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development\n\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140320/83e79cbf/attachment.html\u003e",
"sig": "1c11e7a41a76a94b547574caf04e30c0a870c375450898cbeb54cf3bd487c791a43b8492446b914d80b7dc3a1bac1dab846151fe88e16763dcedc377d5d56686"
}