Author: Eric Voskuil 2015-02-22 22:39:42
Published on: 2015-02-22T22:39:42+00:00
Jan Vornberger has written a document outlining his experience implementing NFC and offline payments using a Bitcoin point of sale terminal based on a Raspberry Pi. The terminal displays QR codes and provides payment requests via NFC, but can also receive transactions via Bluetooth if the sender's wallet supports it. However, this design is problematic from a privacy standpoint, as anyone within range of the Bluetooth terminal can capture payment requests and link them to individuals.To address this issue, the proposed TBIP75 suggests adding an 'h' parameter, which would be a hash of the BIP70 payment request. This would prevent a MITM attack on the Bluetooth channel even if the BIP70 payment request isn't signed. However, the sender raises concerns about the privacy implications of this design and suggests that a session key used for symmetric block cipher over the Bluetooth channel should be transferred instead of the payment request itself.In the email, the sender seeks feedback from the list regarding a payment request at the time of QR code and NFC URI generation. They ask whether to change the 'optional string payment_url' into a 'repeated string payment_url' or to introduce a new field called 'additional_payment_urls'. Additionally, they direct a question towards Andreas regarding the implementation of r, r1, r2 mechanism in Bitcoin Wallet.The sender concludes by requesting general comments, advice, and feedback. They provide links to various sources for reference.
Updated on: 2023-06-09T17:52:39.853421+00:00