What is Nostr?
Paul Puey [ARCHIVE] /
npub1rju…0ac2
2023-06-07 15:29:51
in reply to nevent1q…5hqs

Paul Puey [ARCHIVE] on Nostr: 📅 Original date posted:2015-02-05 📝 Original message:The trust can be ...

📅 Original date posted:2015-02-05
📝 Original message:The trust can be considered bootstrapped by visual verification of the address prefix. If we are really concerned about someone jamming a Bluetooth signal in a coffeeshop then the UI can encourage verification of the prefix. Much like how regular Bluetooth requires 'pairing' via entering a 4-6 digit code.



Paul Puey CEO / Co-Founder, Airbitz Inc
619.850.8624 | http://airbitz.co | San Diego




On Feb 5, 2015, at 3:46 PM, Eric Voskuil <eric at voskuil.org> wrote:

On 02/05/2015 03:36 PM, MⒶrtin HⒶboⓋštiak wrote:
>> A BIP-70 signed payment request in the initial broadcast can resolve the
>> integrity issues, but because of the public nature of the broadcast
>> coupled with strong public identity, the privacy compromise is much
>> worse. Now transactions are cryptographically tainted.
>>
>> This is also the problem with BIP-70 over the web. TLS and other
>> security precautions aside, an interloper on the communication, desktop,
>> datacenter, etc., can capture payment requests and strongly correlate
>> transactions to identities in an automated manner. The payment request
>> must be kept private between the parties, and that's hard to do.
>
> What about using encryption with forward secrecy? Merchant would
> generate signed request containing public ECDH part, buyer would send
> back transaction encrypted with ECDH and his public ECDH part. If
> receiving address/amount is meant to be private, use commit protocol
> (see ZRTP/RedPhone) and short authentication phrase (which is hard to
> spoof thanks to commit protocol - see RedPhone)?

Hi Martin,

The problem is that you need to verify the ownership of the public key.
A MITM can substitute the key. If you don't have verifiable identity
associated with the public key (PKI/WoT), you need a shared secret (such
as a secret phrase). But the problem is then establishing that secret
over a public channel.

You can bootstrap a private session over the untrusted network using a
trusted public key (PKI/WoT). But the presumption is that you are
already doing this over the web (using TLS). That process is subject to
attack at the CA. WoT is not subject to a CA attack, because it's
decentralized. But it's also not sufficiently deployed for some scenarios.

e

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150205/6bf6a7d3/attachment.html>;
Author Public Key
npub1rjuxg0r8xsxh36myahl6qvzrz2l8ku88cf2ghxej3a2g5wsdlmjq880ac2