<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>The trust can be considered bootstrapped by visual verification of the address prefix. If we are really concerned about someone jamming a Bluetooth signal in a coffeeshop then the UI can encourage verification of the prefix. Much like how regular Bluetooth requires 'pairing' via entering a 4-6 digit code.<br><br><span style="background-color: rgba(255, 255, 255, 0);"><br></span><table border="0" style="-webkit-text-size-adjust: auto; font-size: medium; font-family: Helvetica, Arial, sans-serif;"><tbody><tr valign="top"><td style="width: auto; vertical-align: top;"><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><img src="https://s3.amazonaws.com/webapp.wisestamp.com/v7Zg7GfIQ9mF5xlHZrZA_airbitzlogo.png" alt="logo" style="border: none; border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px;">&nbsp;&nbsp;&nbsp;<br></span></font></td><td><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><b>Paul Puey</b>&nbsp;CEO / Co-Founder, Airbitz Inc<br></span></font><div style="margin-top: 0px; margin-bottom: 0px;"><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><a style="outline: none;"></a><a href="tel:619.850.8624" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">6</a><a href="tel:619.850.8624" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">19.850.8624</a>&nbsp;|&nbsp;<a href="http://airbitz.co/" target="_blank" style="outline: none;">http://airbitz.co</a>&nbsp;|&nbsp;San Diego</span></font></div><div style="margin-top: 5px;"><font color="#000000" face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><a href="http://facebook.com/airbitz" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/facebook.png" width="16" style="border: none;"></a>&nbsp;<a href="http://twitter.com/airbitz" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/twitter.png" width="16" alt="" style="border: none;"></a>&nbsp;<a href="https://plus.google.com/118173667510609425617" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/googleplus.png" width="16" style="border: none;"></a>&nbsp;<a href="https://go.airbitz.co/comments/feed/" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/blogRSS.png" width="16" style="border: none;"></a>&nbsp;<a href="http://linkedin.com/in/paulpuey" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/linkedin.png" width="16" alt="" style="border: none;"></a>&nbsp;<a href="https://angel.co/paul-puey" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/angelList.png" width="16" alt="" style="border: none;"></a></span></font></div></td></tr></tbody></table><table border="0" style="-webkit-text-size-adjust: auto; font-size: medium; font-family: Helvetica, Arial, sans-serif;"><tbody><tr valign="top"><td style="width: auto; vertical-align: top;"><br></td><td><br></td></tr></tbody></table></div><div><br>On Feb 5, 2015, at 3:46 PM, Eric Voskuil &lt;<a href="mailto:eric@voskuil.org">eric@voskuil.org</a>&gt; wrote:<br><br></div><div><span>On 02/05/2015 03:36 PM, MⒶrtin HⒶboⓋštiak wrote:</span><br><blockquote type="cite"><blockquote type="cite"><span>A BIP-70 signed payment request in the initial broadcast can resolve the</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>integrity issues, but because of the public nature of the broadcast</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>coupled with strong public identity, the privacy compromise is much</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>worse. Now transactions are cryptographically tainted.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>This is also the problem with BIP-70 over the web. TLS and other</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>security precautions aside, an interloper on the communication, desktop,</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>datacenter, etc., can capture payment requests and strongly correlate</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>transactions to identities in an automated manner. The payment request</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>must be kept private between the parties, and that's hard to do.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>What about using encryption with forward secrecy? Merchant would</span><br></blockquote><blockquote type="cite"><span>generate signed request containing public ECDH part, buyer would send</span><br></blockquote><blockquote type="cite"><span>back transaction encrypted with ECDH and his public ECDH part. If</span><br></blockquote><blockquote type="cite"><span>receiving address/amount is meant to be private, use commit protocol</span><br></blockquote><blockquote type="cite"><span>(see ZRTP/RedPhone) and short authentication phrase (which is hard to</span><br></blockquote><blockquote type="cite"><span>spoof thanks to commit protocol - see RedPhone)?</span><br></blockquote><span></span><br><span>Hi Martin,</span><br><span></span><br><span>The problem is that you need to verify the ownership of the public key.</span><br><span>A MITM can substitute the key. If you don't have verifiable identity</span><br><span>associated with the public key (PKI/WoT), you need a shared secret (such</span><br><span>as a secret phrase). But the problem is then establishing that secret</span><br><span>over a public channel.</span><br><span></span><br><span>You can bootstrap a private session over the untrusted network using a</span><br><span>trusted public key (PKI/WoT). But the presumption is that you are</span><br><span>already doing this over the web (using TLS). That process is subject to</span><br><span>attack at the CA. WoT is not subject to a CA attack, because it's</span><br><span>decentralized. But it's also not sufficiently deployed for some scenarios.</span><br><span></span><br><span>e</span><br><span></span><br></div></body></html>