Author: Kalle Rosenbaum 2015-03-13 21:47:12
Published on: 2015-03-13T21:47:12+00:00
In this email exchange, Kalle disagrees with Mike Hearn's analysis regarding the security of storing PaymentRequest. Kalle believes that PaymentRequest can be stored securely just like private keys. However, he acknowledges that once the PaymentRequest leaves the wallet and is on its way to the hotel server, it becomes vulnerable to theft. As a result, it is not appropriate for use as proof of payment except for resolving disputes.Mike Hearn, on the other hand, is skeptical about the added value of the protocol. He suggests that the signed payment request should be stored in the wallet and encrypted under the wallet key. He argues that if someone can steal a payment request, they can also steal the wallet signing keys, so signing a challenge with the wallet keys does not add much security. Although it means the wallet does not have to store the PaymentRequest encrypted, Mike sees no additional benefit from this approach.
Updated on: 2023-06-09T18:28:40.892247+00:00