Author: Andy Schroder 2015-02-24 22:50:46
Published on: 2015-02-24T22:50:46+00:00
The conversation discusses the URL scheme for Bitcoin transactions. The suggestion is to change "resource" to "Session ID" and use bitcoin:[address]?r=bt:&s=. The client indicates the SessionID in the header when connecting to the Mac. By losing the h= parameter, there is a loss of benefit for https-based connections if the customer doesn't want to use Bluetooth. The concern is raised about the compromise of the public key on the first tap and whether the payment request is already compromised. It is suggested to change the message header format to something more consistent for security purposes. There is also discussion about using a unique public key for each session and getting rid of the resource. A new public key is suggested for each tap to distinguish between customers in some scenarios. Unused sessions can be discarded based on any number of criteria, including discarding all but the most recent.
Updated on: 2023-06-09T17:51:08.659341+00:00