Author: Mike Hearn 2012-11-26 23:27:19
Published on: 2012-11-26T23:27:19+00:00
The use of signed invoices as virus protection is not to change what the user sees on the infected host, but rather to relay the invoice to a second device that isn't compromised. The invoice has an identifier, like bitmit.net instead of an address, which can be independently rendered on the second device for payment confirmation. This prevents viruses from swapping out the Bitcoin address with the wrong one, which could happen if the Bitcoin address was displayed directly to the user. However, for this to work, the seller needs to predict the certificates in all the buyer's devices. Cert management UI is essential, and browsers have it, but it is among the least used parts of a browser. Users rarely go into those screens unless it's necessary to manage installation/removal of self-signed certs used by organizations. Additionally, users never manually revoke a root authority - when necessary due to breaches, browser makers revoke them automatically.
Updated on: 2023-06-06T08:42:47.541159+00:00