What is Nostr?
Brian Erdelyi [ARCHIVE] /
npub1tat…25sq
2023-06-07 15:29:15
in reply to nevent1q…ht9s

Brian Erdelyi [ARCHIVE] on Nostr: πŸ“… Original date posted:2015-02-01 πŸ“ Original message:> BIP70 is quite safe ...

πŸ“… Original date posted:2015-02-01
πŸ“ Original message:> BIP70 is quite safe agains MitB. If user copies URL belonging to other
> merchant, he would see the fact after entering it into his wallet
> application. The only problem is, attacker can buy from the same
> merchant with user's money. (sending him different URL) This can be
> mitigated by merchant setting "memo" to the description of the basket
> and some user info (e.g. address to which goods are sent).

I think BIP 70 does a good job at verifying where the payment request came from. I’m not convinced this is the same as verifying the transaction (ideally OOB).

> But if whole computer is compromised, you're already screwed. Trezor
> should help, but I'm not sure if it supports BIP70.

The reason for OOB verification is if the entire computer is compromised. Again, this may only be possible with a trusted intermediary or a web wallet.

Brian Erdelyi
Author Public Key
npub1tatcq4sq4leywpxwgqd90eut5933h62lrrnzu28mx95w80s75hzspj25sq