Author: Christophe Biocca 2014-01-29 14:57:38
Published on: 2014-01-29T14:57:38+00:00
The discussion in the email thread is about the use of QR codes for payment requests and the security implications of using SSL's PKI. The suggestion is to specify the payment protocol URL and the public key used for signing directly in the QR code, allowing the wallet to fetch the payment request and verify the signature without relying on SSL security. This approach has advantages such as serving variable payment requests from the same QR code, maintaining recipient privacy, and eliminating the need for a backward-incompatible bitcoin scheme. However, it also introduces downsides, such as requiring the payee to host/serve requests somewhere online and the payer needing an internet connection to fetch the request. Optional use of CAs allows the wallet to attach an identity to who you're paying by QR code, which addresses the problem of the waiter overwriting the QR code. The email suggests that PaymentRequest-over-QR-code has one attractive advantage over other methods; the authentication model is orders of magnitude simpler and more intuitive for face-to-face transactions, making it easier for users to pay by scanning a QR code displayed by the seller.
Updated on: 2023-06-08T01:03:00.966179+00:00