Author: Nicolas DORIER 2015-01-28 16:34:26
Published on: 2015-01-28T16:34:26+00:00
The burden of certificate verification is placed on developers with BIP70, which can create difficulties for cross-platform development. While it is possible to use a snapshot of the Mozilla/Apple/MSFT stores, doing so requires the use of BouncyCastle. Additionally, converting from BC X509 Certificate to other platforms is not straightforward and can be problematic. By relying on the HTTPS support of the platform, these issues could be avoided. However, dealing with X509 certificates is prone to error, and Java does not deal with certificate revocations. The only advantage of embedded certificates is that they allow the owner of the website to be different from the merchant, but this could have been achieved with a protocol without reinventing X509. It is suggested that cross-platform abstraction libraries could be used to solve the problem of loading trusted root certificates. Java and Qt provide key store libraries that can load from either the OS root store or a custom one. Alternatively, a snapshot of the Mozilla/Apple/MSFT stores can be taken and loaded into the app. Using a third-party service to convert things to JSON is considered a strange solution to the problem and is not a limitation of BIP70.
Updated on: 2023-06-09T15:31:54.730352+00:00