Andreas Schildbach [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-21 📝 Original message:+1 I couldn't do a better ...
📅 Original date posted:2014-03-21
📝 Original message:+1
I couldn't do a better job at describing my motivation behind trying to
stuff payment requests into QR codes.
On 03/20/2014 10:52 PM, Roy Badami wrote:
> On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:
>
>> Yes, this overlaps somewhat with the PKI signing in BIP70, but not
>> entirely - you might want to serve unsigned payment requests, but
>> still have confidentiality and authenticity for a local face to face
>> transaction. The signing and encryption does different things
>
> I'm not sure if this what you're getting at, but in a common
> face-to-face scenario, it really doesn't overlap so much (in that the
> PKI in BIP70 isn't really helpful).
>
> It's not unusual, in a face-to-face transaction at a bricks-and-mortar
> establishment, that you know neither the legal name of the entity
> running the establishment, nor any electronic identifier (domain name,
> email address) that might be presented to you in an X.509 certificate,
> even if such a certificate is presented in the PaymentRequest.
>
> In many cases I want/need to simply be assured that I am paying "the
> person/organisation which operates that machine behind the counter,
> right there".
>
> In many ways I'll miss the simplicity of BIP21 QR codes for
> face-to-face transactions - because in this use case the payment
> protocol complicates (and in many cases weakens) the assurance that
> you really are paying the entity that prepared the QR code.
>
> roy
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
>
📝 Original message:+1
I couldn't do a better job at describing my motivation behind trying to
stuff payment requests into QR codes.
On 03/20/2014 10:52 PM, Roy Badami wrote:
> On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:
>
>> Yes, this overlaps somewhat with the PKI signing in BIP70, but not
>> entirely - you might want to serve unsigned payment requests, but
>> still have confidentiality and authenticity for a local face to face
>> transaction. The signing and encryption does different things
>
> I'm not sure if this what you're getting at, but in a common
> face-to-face scenario, it really doesn't overlap so much (in that the
> PKI in BIP70 isn't really helpful).
>
> It's not unusual, in a face-to-face transaction at a bricks-and-mortar
> establishment, that you know neither the legal name of the entity
> running the establishment, nor any electronic identifier (domain name,
> email address) that might be presented to you in an X.509 certificate,
> even if such a certificate is presented in the PaymentRequest.
>
> In many cases I want/need to simply be assured that I am paying "the
> person/organisation which operates that machine behind the counter,
> right there".
>
> In many ways I'll miss the simplicity of BIP21 QR codes for
> face-to-face transactions - because in this use case the payment
> protocol complicates (and in many cases weakens) the assurance that
> you really are paying the entity that prepared the QR code.
>
> roy
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
>