Author: Roy Badami 2015-02-05 23:34:22
Published on: 2015-02-05T23:34:22+00:00
The discussion is about the common nature of peer-to-peer payments and whether they are ad hoc or to a known contact. If the payment is between friends, colleagues, etc., it may be straightforward to have a watertight mechanism where the payer knows who they are paying by having their public keys in their contact list. A relatively secure key exchange over SMS could also be possible if contacts already have each other in their phonebooks. However, consumer-to-merchant transactions where the merchant is a physical store require the trust model of "pay that terminal over there." This trust model is the only one that works for this type of transaction as customers and businesses are aware of the risks of fraud. There are cases, however, that don't fall into either category, and these are the ones that are going to be harder to authenticate and more susceptible to attempted fraud. The discussion also touches on the security of Bluetooth technology for making payments. It's impossible to make Bluetooth 100% secure since it is an over-the-air technology. You could try securing it using a CA or other identity server, but now you've excluded ad-hoc person-to-person payments. There are ways to use proximity as a substitute for identity, like requiring NFC to kick-start the connection, but at that point, it might be easier to use QR codes. The aim of the BIP is not to provide absolute bullet-proof security, given the physical limitations of Bluetooth technology; instead, it aims to provide the best-possible security given those constraints. Bluetooth payments add a new dimension to real-world Bitcoin usability, and the discussion ends with the question of whether we should shut down Bluetooth payments because they can't be made perfect or do the best we can and move forward?
Updated on: 2023-06-09T16:30:16.724389+00:00