Author: Andy Schroder 2015-02-24 19:49:14
Published on: 2015-02-24T19:49:14+00:00
The author of the text discusses various aspects of payment systems, including the need for payees to identify payers in certain situations. They propose setting up a micro payment channel for most purchases and discuss potential privacy implications. The author also addresses the issue of providing public keys via NFC or QR codes and notes the importance of authentication of the payer by the payee. Reusing public keys poses security risks, and self-signed certificates do not provide benefits. The payment request is considered private and can contain sensitive information.In another section of the text, participants are discussing options to prevent abuse and denial of service attacks on point-of-sale (POS) systems. One suggestion is to require a manual tap or button press or switch turn for each transaction. However, there is a debate about whether to send a new public key or a new "resource" with each tap and whether to get rid of the h= parameter. It is suggested that sending a unique public key over NFC is better than a unique session key because it adds an extra layer of security without adding another step to the protocol.Additionally, it is recommended to get rid of the h= parameter and use base58 encoding instead of base64url encoding, which is more standardized, compact, and better-looking. Finally, the use of a public certificate is discussed, and its impact on privacy and security is evaluated. The text notes that using a unique public key per tap makes the attack require an active vs. passive attack on the NFC terminal. There is also a comparison between the symmetric key approach and the public key approach, with the latter requiring an additional 23 encoded characters for the BT/LE URL. Overall, the participants agree that sending a unique public key over NFC is the better option to prevent abuse and ensure security.
Updated on: 2023-06-09T17:46:29.136105+00:00