summaryrefslogtreecommitdiff
path: root/21/dfd2f4c7afa4fd7dfaf2f6dda0846688a62b6b
blob: 7ae5d91a30d1cf51297b6a10fe4f56d1ea727b5c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <vv01f@riseup.net>) id 1WTAPj-00071m-5A
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Mar 2014 13:32:11 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of riseup.net
	designates 198.252.153.129 as permitted sender)
	client-ip=198.252.153.129; envelope-from=vv01f@riseup.net;
	helo=mx1.riseup.net; 
Received: from mx1.riseup.net ([198.252.153.129])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76) id 1WTAPh-00010o-Oz
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Mar 2014 13:32:11 +0000
Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net",
	Issuer "Gandi Standard SSL CA" (not verified))
	by mx1.riseup.net (Postfix) with ESMTPS id 94D8350594
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 27 Mar 2014 06:32:03 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(Authenticated sender: vv01f@fulvetta.riseup.net)
	with ESMTPSA id 3E249F8
References: <leuunm$tjk$1@ger.gmane.org>
	<CANEZrP3nQfvDArKTRgje0Cus4G2JD_zpxSjA3fXfxM2TNAP80Q@mail.gmail.com>
	<CALDj+BafD+6KTNcYDBEu5gNPzYozSkiC-JCxrY-PzXL2DYBRsw@mail.gmail.com>
	<CAJHLa0N4J_Z907+D0ENSNKfNAW2N=7Jf4JzSCO=SU558GtGTzA@mail.gmail.com>
	<lge7nk$3mf$2@ger.gmane.org>
	<CANEZrP0J849oDvMWjf8LWi0xj44Q8DaUwDip5_smVBMNgeQ3mw@mail.gmail.com>
	<CALDj+BZJ0rSKuDHdbL7ANN0Vtaa3-KGYgusqMDzzB-CUxjMz7g@mail.gmail.com>
	<CANEZrP3szn=oQS+ZuqSzjUoSAjtkyPxPWJFaU1vDW43dRNVeNQ@mail.gmail.com>
	<20140320215208.GC88006@giles.gnomon.org.uk>
	<CANEZrP3kHRJ6U-O_Jgei4U6s9GyQGvB_p5ChtcHJEkYR0wWPvQ@mail.gmail.com>
	<20140326224826.GE62995@giles.gnomon.org.uk>
	<CANEZrP2HtJsOf5zOsPz32U=Jot7U9k80yEu=hj5uMPkRC+WGsQ@mail.gmail.com>
	<lgvnc2$eu4$1@ger.gmane.org>
	<CANEZrP1==hL1mW6SWV0qXUMVVx7U_HUXtorpb7qVK2R4mOfzbg@mail.gmail.com>
From: vv01f <vv01f@riseup.net>
Content-Type: multipart/alternative;
	boundary=Apple-Mail-608A1CFC-6675-430C-83AA-91A81EF67E38
X-Mailer: iPhone Mail (11B651)
In-Reply-To: <CANEZrP1==hL1mW6SWV0qXUMVVx7U_HUXtorpb7qVK2R4mOfzbg@mail.gmail.com>
Message-Id: <A1269E16-63BC-44D5-B460-D793D45587AD@riseup.net>
Date: Thu, 27 Mar 2014 14:31:53 +0100
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [198.252.153.129 listed in list.dnswl.org]
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain 1.0 HTML_MESSAGE           BODY: HTML included in message
	0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
	lines
X-Headers-End: 1WTAPh-00010o-Oz
Subject: Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 13:32:11 -0000


--Apple-Mail-608A1CFC-6675-430C-83AA-91A81EF67E38
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Companies can have a Cert with their name via CAcert. It requires some work t=
hough to get assured as an organisation.
Did you already think about what CA is to be trusted or do users need to do t=
hat. The least good decision in my POV would be to accept OS/browser built i=
n CAs only.

Am 27.03.2014 um 11:08 schrieb Mike Hearn <mike@plan99.net>:

>> But these cases are the norm, rather than the exception.
>=20
> Well, you're lucky, you live in Berlin. Most of the payments I make with B=
itcoin are online, to websites. So this will differ between people.
>=20
> I wonder how critical it is. Let's say you are paying for a meal. In your h=
ead the place you're at is just "the little Indian restaurant on the corner"=
. In the companies register and therefore certificate it's something like "S=
ingh Food GmbH". That's probably good enough to prevent shenanigans. Even if=
 there's a virus on your phone, it can't really replace the cert with a rand=
om stolen one, otherwise your meal could show up like "IronCore Steel Inc" o=
r something that's obviously bogus. It'd have to be an incredibly smart viru=
s that knew how to substitute one name for a different one, from a large lib=
rary of stolen identities, such that the swap seemed plausible. That sounds v=
ery hard, certainly too hard to bother with for stealing restaurant fees.
>=20
> And if a waiter at the restaurant is corrupt and they replace the cert wit=
h one that's for their own 1-man business "BP-Gupta" or something, OK, you m=
ight pay the wrong person by mistake. But eventually the corrupt waiter will=
 be discovered and then someone will have proof of what they did. It's FAR m=
ore likely they'd just strip the signature entirely and try to convince you t=
he restaurant doesn't use BIP70 at all.
>=20
> Still, if we want to fix this, one approach I was thinking about is to hav=
e a super-cheesy CA just for us that issues certs with addresses in them, fo=
r any name you ask for. That is, if you say you want a cert for "Shamrock Ir=
ish Pub, Wollishofen, Zurich, CH" then it either sends a postcard to that ad=
dress with a code to check ownership of the address, or it checks ownership o=
f the place on Google Maps (which does the same postcard trick but for free!=
).
>=20
> That doesn't work for vending machines, but perhaps we just don't care abo=
ut those. If a MITM steals your lunch money, boo hoo.
>=20
> --------------------------------------------------------------------------=
----
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development

--Apple-Mail-608A1CFC-6675-430C-83AA-91A81EF67E38
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Companies can have a Cert with their name via CAcert. It requires some work though to get assured as an organisation.</div><div>Did you already think about what CA is to be trusted or do users need to do that. The least good decision in my POV would be to accept OS/browser built in CAs only.</div><div><br>Am 27.03.2014 um 11:08 schrieb Mike Hearn &lt;<a href="mailto:mike@plan99.net">mike@plan99.net</a>&gt;:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
But these cases are the norm, rather than the exception.<br></blockquote><div><br></div><div>Well, you're lucky, you live in Berlin. Most of the payments I make with Bitcoin are online, to websites. So this will differ between people.</div>
<div></div></div></div><div class="gmail_extra"><br></div><div class="gmail_extra">I wonder how critical it is. Let's say you are paying for a meal. In your head the place you're at is just "the little Indian restaurant on the corner". In the companies register and therefore certificate it's something like "Singh Food GmbH". That's probably good enough to prevent shenanigans. Even if there's a virus on your phone, it can't really replace the cert with a random stolen one, otherwise your meal could show up like "IronCore Steel Inc" or something that's obviously bogus. It'd have to be an incredibly smart virus that knew how to substitute one name for a different one, from a large library of stolen identities, such that the swap seemed plausible. That sounds very hard, certainly too hard to bother with for stealing restaurant fees.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">And if a waiter at the restaurant is corrupt and they replace the cert with one that's for their own 1-man business "BP-Gupta" or something, OK, you might pay the wrong person by mistake. But eventually the corrupt waiter will be discovered and then someone will have proof of what they did. It's FAR more likely they'd just strip the signature entirely and try to convince you the restaurant doesn't use BIP70 at all.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">Still, if we want to fix this, one approach I was thinking about is to have a super-cheesy CA just for us that issues certs with addresses in them, for any name you ask for. That is, if you say you want a cert for "Shamrock Irish Pub, Wollishofen, Zurich, CH" then it either sends a postcard to that address with a code to check ownership of the address, or it checks ownership of the place on Google Maps (which does the same postcard trick but for free!).</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">That doesn't work for vending machines, but perhaps we just don't care about those. If a MITM steals your lunch money, boo hoo.</div><div class="gmail_extra">
<br></div></div>
</div></blockquote><blockquote type="cite"><div><span>------------------------------------------------------------------------------</span><br></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Bitcoin-development mailing list</span><br><span><a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a></span><br><span><a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a></span><br></div></blockquote></body></html>
--Apple-Mail-608A1CFC-6675-430C-83AA-91A81EF67E38--