William Swanson [ARCHIVE] on Nostr: 📅 Original date posted:2015-02-05 📝 Original message:On Thu, Feb 5, 2015 at ...
📅 Original date posted:2015-02-05
📝 Original message:On Thu, Feb 5, 2015 at 2:10 PM, Eric Voskuil <eric at voskuil.org> wrote:
> A MITM can receive the initial broadcast and then spoof it by jamming the
> original. You then only see one.
You are right, of course. There is no way to make Bluetooth 100%
secure, since it is an over-the-air technology. You could try securing
it using a CA or other identity server, but now you've excluded ad-hoc
person-to-person payments. Plus, you need an active internet
connection to reach the CA.
You can try using proximity as a substitute for identity, like
requiring NFC to kick-start the connection, but at that point you
might as well use QR codes.
This BIP is not trying to provide absolute bullet-proof security,
since that's impossible given the physical limitations of the
Bluetooth technology. Instead, it's trying to provide the
best-possible security given those constraints. In exchange for this,
we get greatly enhanced usability in common scenarios.
There are plenty of usable, real-world technologies with big security
holes. Anybody with lock-picking experience will tell you this, but
nobody is welding their front door shut. The ability to go in and out
is worth the security risk.
Bluetooth payments add a whole new dimension to real-world Bitcoin
usability. Do we shut that down because it can't be made perfect, or
do we do the best we can and move forward?
-William
📝 Original message:On Thu, Feb 5, 2015 at 2:10 PM, Eric Voskuil <eric at voskuil.org> wrote:
> A MITM can receive the initial broadcast and then spoof it by jamming the
> original. You then only see one.
You are right, of course. There is no way to make Bluetooth 100%
secure, since it is an over-the-air technology. You could try securing
it using a CA or other identity server, but now you've excluded ad-hoc
person-to-person payments. Plus, you need an active internet
connection to reach the CA.
You can try using proximity as a substitute for identity, like
requiring NFC to kick-start the connection, but at that point you
might as well use QR codes.
This BIP is not trying to provide absolute bullet-proof security,
since that's impossible given the physical limitations of the
Bluetooth technology. Instead, it's trying to provide the
best-possible security given those constraints. In exchange for this,
we get greatly enhanced usability in common scenarios.
There are plenty of usable, real-world technologies with big security
holes. Anybody with lock-picking experience will tell you this, but
nobody is welding their front door shut. The ability to go in and out
is worth the security risk.
Bluetooth payments add a whole new dimension to real-world Bitcoin
usability. Do we shut that down because it can't be made perfect, or
do we do the best we can and move forward?
-William