1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jgarzik@bitpay.com>) id 1VOq7j-0001SE-AT
for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 14:31:27 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of bitpay.com
designates 74.125.82.174 as permitted sender)
client-ip=74.125.82.174; envelope-from=jgarzik@bitpay.com;
helo=mail-we0-f174.google.com;
Received: from mail-we0-f174.google.com ([74.125.82.174])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VOq7i-0007by-8E
for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 14:31:27 +0000
Received: by mail-we0-f174.google.com with SMTP id q58so6065349wes.5
for <bitcoin-development@lists.sourceforge.net>;
Wed, 25 Sep 2013 07:31:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=LeoC6VLuBmKHoRP6FbBWqFiGm14y8CrOEZfRWBMef2w=;
b=fsUGr4xCAWKvBM8ZGtwEvDaNoGE9uZMPbYx5n+kiP4RhnXUiN9s66eJiRolMOGDrv9
QsTTI09HeXviPohYITAtMmMkugyOUYfDuohTYInnzsYFjLlJ98VUn3mlSdz43weFq/aT
5kYqX36/WVDKL4xGnCtHXVBzWYwqe0U9zPdX5PMUR6Dqok1m+5HcqRpIPUlgDqZAuIBO
ov3scHr5BJdLvjgRnP9BRDMr/61cZG45N++W2atENFbD5QndxZYb0y9uzTXT919v8VKi
2pWypsIc0HFaZvSSZ2FPaNopM8/AAB/0V/uX8kGhSRdnRIsENbGyJzSrSVwLHX2udGkv
4LKw==
X-Gm-Message-State: ALoCoQkgmigH6Rbpi80N1/SsTHTPrj1Q5hpVk1JZADfAUJRx54WAS2D97sCwC7bOWBT+vqEbwHFH
MIME-Version: 1.0
X-Received: by 10.194.158.67 with SMTP id ws3mr27475516wjb.5.1380119480055;
Wed, 25 Sep 2013 07:31:20 -0700 (PDT)
Received: by 10.194.236.69 with HTTP; Wed, 25 Sep 2013 07:31:19 -0700 (PDT)
In-Reply-To: <l1uj7g$vds$1@ger.gmane.org>
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com>
<521298F0.20108@petersson.at>
<CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com>
<CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com>
<CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com>
<CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com>
<CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com>
<l1udst$uos$1@ger.gmane.org>
<CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com>
<l1uhld$d68$1@ger.gmane.org>
<CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com>
<l1uj7g$vds$1@ger.gmane.org>
Date: Wed, 25 Sep 2013 10:31:19 -0400
Message-ID: <CAJHLa0NbEjnQ2V8HPjVfC_mZ33ojMBMQP2i90KvmEsZik7h3kA@mail.gmail.com>
From: Jeff Garzik <jgarzik@bitpay.com>
To: Andreas Schildbach <andreas@schildbach.de>
Content-Type: text/plain; charset=ISO-8859-1
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VOq7i-0007by-8E
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 14:31:27 -0000
BitPay experimented with QR codes in low light, restaurant and other
conditions. QR codes become difficult to use even at 100 chars.
On the merchant side, we prefer a short URL that speaks payment
protocol if visited via bitcoin client, but will gracefully work if
scanned by a phone with zero bitcoin support -- you will simply be
redirected to a BitPay invoice page for a normal browser.
On Wed, Sep 25, 2013 at 7:59 AM, Andreas Schildbach
<andreas@schildbach.de> wrote:
> On 09/25/2013 01:45 PM, Mike Hearn wrote:
>
>> OK, it might fit if you don't use any of the features the protocol
>> provides :)
>
> Now you're dver-dramaticing (-:
>
> I'm just skipping one feature which I think is useless for QR codes
> scanned in person.
>
>> You can try it here:
>
> Thanks. A typical request would be around 60 bytes, which should produce
> an URL with around 100 chars. That should be fine for scanning, but I
> will experiment.
>
>> If you're thinking about governments and so on subverting CA's, then
>> there is a plan for handling that (outside the Bitcoin world) called
>> certificate transparency which is being implemented now.
>
> Good to hear. Let's see if it gets momentum.
>
>> Now when you are getting a QR code from the web, it's already being
>> served over HTTPS. So if you're up against an attacker who can break a
>> CA in order to steal your money, then you already lose, the QRcode
>> itself as MITMd.
>
> Sure. I was talking about QR codes scanned in person.
>
>> In the Bluetooth case we might have to keep the address around and use
>> it to do ECDHE or something like that.
>
> Yeah, will look at that as soon as we're implementing the payment
> protocol fully.
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
--
Jeff Garzik
Senior Software Engineer and open source evangelist
BitPay, Inc. https://bitpay.com/
|