Author: Eoin McQuinn 2021-02-20 15:53:57
Published on: 2021-02-20T15:53:57+00:00
In a discussion on the bitcoin-dev mailing list, Andrew Kozlik announced that he is working on an experimental implementation of a new payment request format in Trezor T. The new format is similar to BIP-70 in some respects but with a few key differences. Firstly, it does not rely on X.509 and instead makes the signature mandatory for protection against man-in-the-middle attacks, making it more similar to BOLT11. Secondly, it can be used for coin exchange where users want to ensure that they have the right cryptocurrency address before sending BTC to an exchange service. Finally, it uses an optional nonce for replay protection. Kozlik has posted the relevant code on Github.Another contributor to the discussion, Charles Hill, detailed a URL signing scheme that he developed for use with LNURL as a method for authorizing payments on behalf of offline devices or applications. Although not specifically off-chain or on-chain related, Hill believes that the scheme could be repurposed. The scheme generates an API key (ID/reference, secret, encoding) shared between a server and an offline device or application. To generate a signature, a random nonce is generated, followed by building a query string with the `id`, `nonce`, `tag` and any custom parameters. The query parameters are then sorted alphabetically to form a "payload" which is signed using HMAC-SHA256 with the API key secret. The signature is then appended to the payload. Hill suggests that this scheme could be modified to fit better with Thomas Voegtlin's use case.Voegtlin posted to the list expressing his dislike of BIP70 except for the fact that payment requests were signed. He suggested that a standard for signed requests should be adopted, allowing users to receive a signed request from an exchange, providing proof that the exchange asked them to send coins to a particular address. He argues that such a feature would guide users' decisions on which exchange to use. Voegtlin would be happy to remove BIP70 support from Electrum if a new standard for signed requests was adopted.
Updated on: 2023-06-14T18:18:01.390194+00:00