Author: Eric Voskuil 2015-02-23 09:40:00
Published on: 2015-02-23T09:40:00+00:00
The email conversation between Andy Schroder and Andreas Schildbach discusses the issue of privacy loss with the existing proposal using NFC as a trust anchor for payment transactions. They consider various scenarios, including sending session keys or public keys over NFC and Bluetooth connections. The discussion highlights the potential for eavesdropping and modification by an interloper, compromising the privacy of the transaction. The use of PKI (public key infrastructure) is suggested to establish private communication, but this creates additional privacy problems. The RedPhone model is also mentioned, which requires out-of-band secure communication of a common derived value by the parties. Ultimately, both endpoints must be secured, and the discussion makes people wary of any terminal system that doesn't use signed payment requests.
Updated on: 2023-06-09T17:49:46.232075+00:00