Published on: 2017-09-30T15:33:01+00:00
The BIP-70 payment protocol used through BIP-72 URI's has been a topic of debate due to security concerns. Payment QR codes do not cryptographically commit to the identity of the merchant, allowing hijackers to redirect payments if they acquire an SSL certificate that a wallet accepts. However, HTTPS assumes secure certificates. Instead of using the payment protocol, some prefer to email or print bitcoin addresses on invoices.There is a need for a new BIP to replace BIP-72, which is considered dangerous in its current form. The current https principles are seen as outdated, particularly the concept of certificates tied to a domain. The author suggests evolving it into certificates tied to an entityID managed by a blockchain system. The author also argues against specifying things for Bitcoin like the web, as browsers can do better.Using the payment protocol means paying to a secure endpoint rather than an address. It offers benefits such as preventing address reuse, eliminating the need for mempool synchronization among non-miners, and improving privacy by enabling light clients to know when a transaction is coming in. Implementing the payment protocol widely is key to scaling.The BIP-70 payment protocol has overhead and requires back and forth communication, making it less preferable compared to emailing or printing bitcoin addresses. The BIP-72 URI's used by the payment protocol are insecure, as payment QR codes do not commit to the merchant's identity. This allows a man-in-the-middle attacker to redirect payments. Deprecating BIP-72 and introducing a new BIP is necessary.Wallets should use the bitcoin address for integrity checks to mitigate risk. The BIP could be enhanced by deriving the bitcoin address from the merchant pub key and hash, enabling independent generation of addresses by both customers and merchants. Wallets may discard important information when using the payment protocol, giving MITM attackers another chance to redirect payments. Off-the-shelf SSL libraries with infrequently updated root certificates are commonly used by wallets.In conclusion, the BIP-70 payment protocol has security concerns and requires improvement. BIP-72 should be deprecated and replaced with a new BIP. Android Wallet for Bitcoin includes a parameter that adds a hash commitment to the payment request, but it is not part of the standard itself. The discussion on the Bitcoin development mailing list highlights the need for addressing these issues.
Updated on: 2023-08-01T21:58:36.470807+00:00