summaryrefslogtreecommitdiff
path: root/2f/f7dce2569fb9bf03807a0c228993437fd8f00e
blob: 814edf3b5d05e9b7ea681b99cbe96179364ad86e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1WT7Ef-0006oh-62
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Mar 2014 10:08:33 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.182 as permitted sender)
	client-ip=209.85.214.182; envelope-from=mh.in.england@gmail.com;
	helo=mail-ob0-f182.google.com; 
Received: from mail-ob0-f182.google.com ([209.85.214.182])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WT7EZ-0006VZ-Mq
	for bitcoin-development@lists.sourceforge.net;
	Thu, 27 Mar 2014 10:08:33 +0000
Received: by mail-ob0-f182.google.com with SMTP id uz6so4018393obc.27
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 27 Mar 2014 03:08:22 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.60.44.8 with SMTP id a8mr688633oem.19.1395914902356; Thu, 27
	Mar 2014 03:08:22 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.71.231 with HTTP; Thu, 27 Mar 2014 03:08:22 -0700 (PDT)
In-Reply-To: <lgvnc2$eu4$1@ger.gmane.org>
References: <leuunm$tjk$1@ger.gmane.org>
	<CANEZrP3nQfvDArKTRgje0Cus4G2JD_zpxSjA3fXfxM2TNAP80Q@mail.gmail.com>
	<CALDj+BafD+6KTNcYDBEu5gNPzYozSkiC-JCxrY-PzXL2DYBRsw@mail.gmail.com>
	<CAJHLa0N4J_Z907+D0ENSNKfNAW2N=7Jf4JzSCO=SU558GtGTzA@mail.gmail.com>
	<lge7nk$3mf$2@ger.gmane.org>
	<CANEZrP0J849oDvMWjf8LWi0xj44Q8DaUwDip5_smVBMNgeQ3mw@mail.gmail.com>
	<CALDj+BZJ0rSKuDHdbL7ANN0Vtaa3-KGYgusqMDzzB-CUxjMz7g@mail.gmail.com>
	<CANEZrP3szn=oQS+ZuqSzjUoSAjtkyPxPWJFaU1vDW43dRNVeNQ@mail.gmail.com>
	<20140320215208.GC88006@giles.gnomon.org.uk>
	<CANEZrP3kHRJ6U-O_Jgei4U6s9GyQGvB_p5ChtcHJEkYR0wWPvQ@mail.gmail.com>
	<20140326224826.GE62995@giles.gnomon.org.uk>
	<CANEZrP2HtJsOf5zOsPz32U=Jot7U9k80yEu=hj5uMPkRC+WGsQ@mail.gmail.com>
	<lgvnc2$eu4$1@ger.gmane.org>
Date: Thu, 27 Mar 2014 11:08:22 +0100
X-Google-Sender-Auth: _KsqF5pWmv-gxA5wmz-Z8usP2rY
Message-ID: <CANEZrP1==hL1mW6SWV0qXUMVVx7U_HUXtorpb7qVK2R4mOfzbg@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Andreas Schildbach <andreas@schildbach.de>
Content-Type: multipart/alternative; boundary=001a11c2e458e4487904f593c350
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WT7EZ-0006VZ-Mq
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 10:08:33 -0000

--001a11c2e458e4487904f593c350
Content-Type: text/plain; charset=UTF-8

>
> But these cases are the norm, rather than the exception.
>

Well, you're lucky, you live in Berlin. Most of the payments I make with
Bitcoin are online, to websites. So this will differ between people.

I wonder how critical it is. Let's say you are paying for a meal. In your
head the place you're at is just "the little Indian restaurant on the
corner". In the companies register and therefore certificate it's something
like "Singh Food GmbH". That's probably good enough to prevent shenanigans.
Even if there's a virus on your phone, it can't really replace the cert
with a random stolen one, otherwise your meal could show up like "IronCore
Steel Inc" or something that's obviously bogus. It'd have to be an
incredibly smart virus that knew how to substitute one name for a different
one, from a large library of stolen identities, such that the swap seemed
plausible. That sounds very hard, certainly too hard to bother with for
stealing restaurant fees.

And if a waiter at the restaurant is corrupt and they replace the cert with
one that's for their own 1-man business "BP-Gupta" or something, OK, you
might pay the wrong person by mistake. But eventually the corrupt waiter
will be discovered and then someone will have proof of what they did. It's
FAR more likely they'd just strip the signature entirely and try to
convince you the restaurant doesn't use BIP70 at all.

Still, if we want to fix this, one approach I was thinking about is to have
a super-cheesy CA just for us that issues certs with addresses in them, for
any name you ask for. That is, if you say you want a cert for "Shamrock
Irish Pub, Wollishofen, Zurich, CH" then it either sends a postcard to that
address with a code to check ownership of the address, or it checks
ownership of the place on Google Maps (which does the same postcard trick
but for free!).

That doesn't work for vending machines, but perhaps we just don't care
about those. If a MITM steals your lunch money, boo hoo.

--001a11c2e458e4487904f593c350
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;paddi=
ng-left:1ex">
But these cases are the norm, rather than the exception.<br></blockquote><d=
iv><br></div><div>Well, you&#39;re lucky, you live in Berlin. Most of the p=
ayments I make with Bitcoin are online, to websites. So this will differ be=
tween people.</div>
<div></div></div></div><div class=3D"gmail_extra"><br></div><div class=3D"g=
mail_extra">I wonder how critical it is. Let&#39;s say you are paying for a=
 meal. In your head the place you&#39;re at is just &quot;the little Indian=
 restaurant on the corner&quot;. In the companies register and therefore ce=
rtificate it&#39;s something like &quot;Singh Food GmbH&quot;. That&#39;s p=
robably good enough to prevent shenanigans. Even if there&#39;s a virus on =
your phone, it can&#39;t really replace the cert with a random stolen one, =
otherwise your meal could show up like &quot;IronCore Steel Inc&quot; or so=
mething that&#39;s obviously bogus. It&#39;d have to be an incredibly smart=
 virus that knew how to substitute one name for a different one, from a lar=
ge library of stolen identities, such that the swap seemed plausible. That =
sounds very hard, certainly too hard to bother with for stealing restaurant=
 fees.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">And if a wa=
iter at the restaurant is corrupt and they replace the cert with one that&#=
39;s for their own 1-man business &quot;BP-Gupta&quot; or something, OK, yo=
u might pay the wrong person by mistake. But eventually the corrupt waiter =
will be discovered and then someone will have proof of what they did. It&#3=
9;s FAR more likely they&#39;d just strip the signature entirely and try to=
 convince you the restaurant doesn&#39;t use BIP70 at all.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Still, if w=
e want to fix this, one approach I was thinking about is to have a super-ch=
eesy CA just for us that issues certs with addresses in them, for any name =
you ask for. That is, if you say you want a cert for &quot;Shamrock Irish P=
ub, Wollishofen, Zurich, CH&quot; then it either sends a postcard to that a=
ddress with a code to check ownership of the address, or it checks ownershi=
p of the place on Google Maps (which does the same postcard trick but for f=
ree!).</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">That doesn&=
#39;t work for vending machines, but perhaps we just don&#39;t care about t=
hose. If a MITM steals your lunch money, boo hoo.</div><div class=3D"gmail_=
extra">
<br></div></div>

--001a11c2e458e4487904f593c350--