Author: Martin Habovštiak 2015-02-06 00:50:57
Published on: 2015-02-06T00:50:57+00:00
On February 6, 2015, Paul Puey, the CEO and co-founder of Airbitz Inc. wrote about using visual verification of the address prefix as a way to bootstrap trust in a commit protocol. Eric Voskuil responded to Martin Habovstiak’s suggestion of using encryption with forward secrecy by stating that a MITM can substitute the public key requiring the need for a shared secret. However, establishing the secret over a public channel is difficult. The process of using TLS is subject to attack at the CA, while WoT is decentralized but not sufficiently deployed for some scenarios. The problem with BIP-70 over the web is the public nature of the broadcast coupled with strong public identity, which makes privacy compromise much worse. A BIP-70 signed payment request could resolve integrity issues, but transactions would still be cryptographically tainted.
Updated on: 2023-06-09T16:35:22.184424+00:00