Author: Wladimir 2014-03-01 07:26:57
Published on: 2014-03-01T07:26:57+00:00
In an email exchange between Bitcoin developers, discussion centered around a bug (#3628) and pull request (#3684) regarding negative feedback for missing or invalid signatures. The consensus was to treat invalid and unsigned payment requests the same, as the cost to the attacker to remove the signature or corrupt it is exactly the same. The recommendation was made to test the pull request to see if it improves payment request reporting. There was also discussion about making the difference between invalid and unsigned requests more conspicuous to the end user. Additionally, there was talk of implementing the equivalent of HTTP Strict Transport Security for payment protocol to prevent trivial signature stripping attacks in the future. However, one problem identified was that for an unsigned payment request, there isn't really an "origin" and adding a field to the Bitcoin URI would not work. Instead, the server serving the payment requests could serve an HSTS-like header to only accept signed payment requests from them from now on, which the client would need to remember.
Updated on: 2023-06-08T03:38:32.215766+00:00