Published on: 2014-07-02T08:49:10+00:00
In a discussion on the Bitcoin-development mailing list, the issue of verifying the identity of the recipient during Bitcoin payments is explored. The writer suggests that in most cases, verifying the name on the company register and certificate would be sufficient to prevent fraud. They propose the idea of a "cheesy" Certificate Authority (CA) that issues certificates with addresses included in them. However, this solution may not work for vending machines.Another challenge discussed is Germany's naming convention for businesses, which often leads to them being referred to by their type of establishment rather than their official name. This poses a challenge when conducting face-to-face transactions as the legal name of the entity running the establishment is often unknown. Creating a new infrastructure to address this issue is suggested but may not be feasible.The discussion also explores the suitability of BIP70 for bitcoin transactions in locations with limited or no internet access. One participant argues that such locations are unsuitable for bitcoin transactions as the receiver cannot verify double-spending or other transaction details. However, another participant suggests using a telephonic-based system connected to a centralized double-spend database to make these transactions possible.The conversation delves into the use of HTTP-over-Bluetooth and the challenges of implementing it. There is also a conversation about inventing a URI for Bluetooth and the considerations involved. ECC certificates are discussed, with concerns expressed about their risks and others arguing for their implementation despite the challenges.Throughout the conversation, there were invitations for volunteers from the Bitcoin community who enjoy cryptography to contribute and help develop the proposed security measures. The importance of growing the community and involving experts in the forums was highlighted.In conclusion, the discussion revolved around finding practical solutions for face-to-face Bitcoin transactions, including the use of QR codes, Bluetooth, and encryption/authentication layers. The goal was to ensure convenience, security, and interoperability while addressing the limitations and challenges associated with existing technologies and protocols.Another aspect of the discussion revolves around the idea of using Bluetooth to enable scan-to-pay transactions. Including a Bluetooth MAC address in the payment_url inside the PaymentDetails message is suggested to allow for the smartphone to send back the payment response and receive a PaymentAck. This approach is seen as a way to improve the process and enhance connectivity.The current approach for Bitcoin transactions involves using a BTMAC parameter in the Bitcoin URI, which works universally across NFC tags and QR codes. These signed payment requests are considered "large" because they can be verified offline. The signing process is still useful for face-to-face payments, as it blurs the distinction between the "merchant" and the "user," making it more secure.There is potential for using payment protocol URLs for links published on web pages as well. This could serve as a replacement for the BIP72 specification once the payment protocol becomes widely deployed. To implement this approach, the author has created a prototype on a branch of Bitcoin Wallet.Overall, this proposed approach aims to improve the efficiency and security of Bitcoin transactions, both in face-to-face scenarios and online. By leveraging the payment protocol and utilizing different technologies like NFC and QR codes, the author's implementation offers a promising solution for seamless and secure payments.
Updated on: 2023-08-01T07:23:18.614614+00:00