Roy Badami [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-20 📝 Original message:On Thu, Mar 20, 2014 at ...
📅 Original date posted:2014-03-20
📝 Original message:On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:
> Yes, this overlaps somewhat with the PKI signing in BIP70, but not
> entirely - you might want to serve unsigned payment requests, but
> still have confidentiality and authenticity for a local face to face
> transaction. The signing and encryption does different things
I'm not sure if this what you're getting at, but in a common
face-to-face scenario, it really doesn't overlap so much (in that the
PKI in BIP70 isn't really helpful).
It's not unusual, in a face-to-face transaction at a bricks-and-mortar
establishment, that you know neither the legal name of the entity
running the establishment, nor any electronic identifier (domain name,
email address) that might be presented to you in an X.509 certificate,
even if such a certificate is presented in the PaymentRequest.
In many cases I want/need to simply be assured that I am paying "the
person/organisation which operates that machine behind the counter,
right there".
In many ways I'll miss the simplicity of BIP21 QR codes for
face-to-face transactions - because in this use case the payment
protocol complicates (and in many cases weakens) the assurance that
you really are paying the entity that prepared the QR code.
roy
📝 Original message:On Thu, Mar 20, 2014 at 07:31:27PM +0100, Mike Hearn wrote:
> Yes, this overlaps somewhat with the PKI signing in BIP70, but not
> entirely - you might want to serve unsigned payment requests, but
> still have confidentiality and authenticity for a local face to face
> transaction. The signing and encryption does different things
I'm not sure if this what you're getting at, but in a common
face-to-face scenario, it really doesn't overlap so much (in that the
PKI in BIP70 isn't really helpful).
It's not unusual, in a face-to-face transaction at a bricks-and-mortar
establishment, that you know neither the legal name of the entity
running the establishment, nor any electronic identifier (domain name,
email address) that might be presented to you in an X.509 certificate,
even if such a certificate is presented in the PaymentRequest.
In many cases I want/need to simply be assured that I am paying "the
person/organisation which operates that machine behind the counter,
right there".
In many ways I'll miss the simplicity of BIP21 QR codes for
face-to-face transactions - because in this use case the payment
protocol complicates (and in many cases weakens) the assurance that
you really are paying the entity that prepared the QR code.
roy