On 02/23/2015 12:32 AM, Andy Schroder wrote: > I guess we need to decide whether we want to consider NFC communication > private or not. I don't know that I think it can be. An eavesdropper can > place a tiny snooping device near and read the communication. If it is > just passive, then the merchant/operator won't realize it's there. So, I > don't know if I like your idea (mentioned in your other reply) of > putting the session key in the URL is a good idea?
I think the "trust by proximity" is the best we've got. If we don't trust the NFC link (or the QR code scan), what other options have we got? Speaking the session key by voice? Bad UX, and can be eavesdropped as well of course. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
