Author: Andy Schroder 2015-02-24 05:53:30
Published on: 2015-02-24T05:53:30+00:00
The discussion between Andy Schroder and Eric Voskuil involves the use of NFC (or QR codes) and Bluetooth to send payment requests. Andy suggests providing a public key via NFC, or a public key fingerprint and then sending the full public key over Bluetooth. However, he wonders if the payee can stop accepting connections from new parties on that "resource" after a session key has been received from the first person, while still allowing the payer's friend or family to pay for them instead and cancel the payment. He also raises concerns about abuse scenarios where an evil person could start making connections to every device, giving a denial of service attack on the hardware, or two people paying at once. Eric believes that privacy is easy to achieve for subsequent communication if the NFC tap is sufficiently private. But if it is not, privacy can be completely compromised, and the interloper no longer needs to invade the space of the NFC terminal and can instead impersonate the payer from a safe distance. He also points out that reliance on a public cert makes the communication less private under the same physical set of constraints. The difference results from the receiver allowing non-proximate payers to impersonate proximate payers from a distance by generating their own session keys and submitting them over BT.After thinking through the abuse scenarios, Andy agrees with Eric and thinks that sending a unique public key over NFC has to be better than a unique session key. He suggests using a new "resource" instead of a static public key to filter abuse scenarios. However, he also proposes that a new public key could be sent instead of a new "resource" with each tap, which would shorten the bitcoin URI, although he doesn't think it's required from a privacy standpoint.
Updated on: 2023-06-09T17:55:18.219476+00:00