On Wed, Sep 25, 2013 at 01:35:48PM +0200, Melvin Carvalho wrote: > On 25 September 2013 13:15, Mike Hearn <m...@plan99.net> wrote: > > > It won't fit. But I don't see the logic. A URI contains instructions for > > making a payment. If that instruction is "pay to this address" or "download > > this file and do what you find there", it's no different unless there's > > potential for a MITM attack. If the request URL is HTTPS or a secured > > Bluetooth connection then there's no such possibility. > > > > It depends on the attacker. I think a large entity such as a govt or big > to medium size corporation *may* be able to MITM https, of course the > incentive to do so is probably not there ...
...until the Bitcoin payment protocol showed up and let anyone with the ability to MITM https turn that ability into untraceable cash. I won't be at all surprised if one of the most valuable things to come out of the payment protocol using the SSL PKI infrastructure is to give us a good understanding of exactly how it's broken, and to give everyone involved good reasons to fix it. Even if the flaws of SSL PKI were exploited as a way to harm bitcoin by governments and other large players - and SSL PKI remained unfixed - I'd much rather have that solid evidence that it was broken than not. -- 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
