Hmm, is there any other way to do it? Can we provide a signed payment
request and verify the sign on receiving side and this way protect from
bluetooth MitM attack? Quick googling showed that SSL over bluetooth isn't
a very well developed area, and my own skills are not enough to quickly
implement a reliable secure solution here.
2014-03-20 10:36 GMT+00:00 Mike Hearn <m...@plan99.net>:
> Encoding entire payment requests into qrcodes is definitely not the way to
> go. They can already be large when signed and we're just at the start of
> adding features.
>
> Finishing off and standardising the bluetooth support is the way to go
> (r=bt:mac). Andreas' app already has some support for this I believe, so
> Alex you could prototype with that, but we need to:
>
> 1) Add an encryption/auth layer on top, because it runs over RFCOMM
> sockets. The authentication would require proof of owning the Bitcoin key
> that's in the address part of the URI (which is needed for backwards compat
> anyway).
>
> 2) Write a BIP for it and make sure it's interoperable
>
> For the auth layer we could either use SSL and then just ignore the server
> certificate and require signing of the session public key with the Bitcoin
> key, which should be easy to code up but is rather heavy on the air, or
> roll a custom lightweight thing where we just do a basic ECDH, with the
> servers key being the same as the address key. But rolling such protocols
> is subtle and I guess it'd need to be reviewed by people familiar with such
> things.
>
> This feels like a good opportunity to grow the community - perhaps we can
> find a volunteer in the forums who enjoys crypto.
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
