Author: Eric Voskuil 2015-02-23 00:05:06
Published on: 2015-02-23T00:05:06+00:00
The conversation between Andy Schroder and Eric Voskuil revolved around the security of the Bluetooth connection used in Bitcoin point-of-sale terminals. Andy raised concerns about the possibility of eavesdropping on data transferred through Bluetooth. Eric suggested that SSL/TLS is not necessary for private communication as it defeats the purpose of establishing privacy over a public channel. They also discussed NFC communication, which may not be private because an eavesdropper could place a snooping device nearby and read communication.The discussion then moved to implementing NFC and offline payments. Jan Vornberger proposed a Bitcoin point-of-sale terminal based on a Raspberry Pi that displays QR codes but also provides payment requests via NFC. The terminal can receive the sender's transaction via Bluetooth, allowing the sender to be completely offline. The scenarios discussed included scanning a QR code or touching the NFC pad to transmit transactions via the Bitcoin network or fetch BIP70 details via HTTP or Bluetooth.The email thread discusses proposed changes to the BIP70 payment protocol that would improve its security. Specifically, the proposal TBIP75 suggests including a hash of the payment request in an additional 'h' parameter to prevent MITM attacks on the Bluetooth channel. The author of the email asks for feedback from the community on several questions related to the proposed changes.These include preferences for changing the 'optional string payment_url' field, implementation of the r, r1, r2 mechanism in Bitcoin Wallet, comments regarding the 'h' parameter in TBIP75, and general advice or feedback. Links to the original proposal and related projects are provided.
Updated on: 2023-06-09T17:48:24.931924+00:00