<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Thanks for all the feedback Eric. You know we value all that you have to say. That's what this forum is for. We're looking for great ideas to harden this protocol and we're not closed to better ideas and we'll improve it as suggestions come up.<br><br><br><span style="background-color: rgba(255, 255, 255, 0);"><br></span><table border="0" style="-webkit-text-size-adjust: auto; font-size: medium; font-family: Helvetica, Arial, sans-serif;"><tbody><tr valign="top"><td style="width: auto; vertical-align: top;"><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><img src="https://s3.amazonaws.com/webapp.wisestamp.com/v7Zg7GfIQ9mF5xlHZrZA_airbitzlogo.png" alt="logo" style="border: none; border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px;">&nbsp;&nbsp;&nbsp;<br></span></font></td><td><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><b>Paul Puey</b>&nbsp;CEO / Co-Founder, Airbitz Inc<br></span></font><div style="margin-top: 0px; margin-bottom: 0px;"><font face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><a style="outline: none;"></a><a href="tel:619.850.8624" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">6</a><a href="tel:619.850.8624" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">19.850.8624</a>&nbsp;|&nbsp;<a href="http://airbitz.co/" target="_blank" style="outline: none;">http://airbitz.co</a>&nbsp;|&nbsp;San Diego</span></font></div><div style="margin-top: 5px;"><font color="#000000" face=".HelveticaNeueInterface-M3"><span style="font-size: 17px; -webkit-text-size-adjust: none; background-color: rgba(255, 255, 255, 0);"><a href="http://facebook.com/airbitz" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/facebook.png" width="16" style="border: none;"></a>&nbsp;<a href="http://twitter.com/airbitz" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/twitter.png" width="16" alt="" style="border: none;"></a>&nbsp;<a href="https://plus.google.com/118173667510609425617" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/googleplus.png" width="16" style="border: none;"></a>&nbsp;<a href="https://go.airbitz.co/comments/feed/" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/blogRSS.png" width="16" style="border: none;"></a>&nbsp;<a href="http://linkedin.com/in/paulpuey" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/linkedin.png" width="16" alt="" style="border: none;"></a>&nbsp;<a href="https://angel.co/paul-puey" target="_blank" style="outline: none;"><img src="http://images.wisestamp.com/angelList.png" width="16" alt="" style="border: none;"></a></span></font></div></td></tr></tbody></table><table border="0" style="-webkit-text-size-adjust: auto; font-size: medium; font-family: Helvetica, Arial, sans-serif;"><tbody><tr valign="top"><td style="width: auto; vertical-align: top;"><br></td><td><br></td></tr></tbody></table></div><div><br>On Feb 5, 2015, at 5:05 PM, Eric Voskuil &lt;<a href="mailto:eric@voskuil.org">eric@voskuil.org</a>&gt; wrote:<br><br></div><div><span>On 02/05/2015 04:49 PM, Paul Puey wrote:</span><br><blockquote type="cite"><span>The trust can be considered bootstrapped by visual verification of the</span><br></blockquote><blockquote type="cite"><span>address prefix.</span><br></blockquote><span></span><br><span>Another (unspendable) address can trivially match the prefix. Imagine</span><br><span>someone walking around in a mall with a phone in the pocket with a</span><br><span>malicious app, just disrupting business by causing money to be burned.</span><br><span>Manual verification doesn't fix this attack.</span><br><span></span><br><blockquote type="cite"><span>If we are really concerned about someone jamming a Bluetooth signal</span><br></blockquote><blockquote type="cite"><span>in a coffeeshop then the UI can encourage verification of the prefix.</span><br></blockquote><span></span><br><span>I don't think it would be great to constrain a standard implementation</span><br><span>to low cost purchases or the need for manual verification, but again</span><br><span>manual prefix verification isn't actually a solution.</span><br><span></span><br><blockquote type="cite"><span>Much like how regular Bluetooth requires 'pairing' via entering a 4-6</span><br></blockquote><blockquote type="cite"><span>digit code.</span><br></blockquote><span></span><br><span>An appeal to the security of BT bootstrapping isn't exactly flattering.</span><br><span></span><br><span>You know I love Airbitz, and I know you guys are extremely privacy</span><br><span>conscious. I personally would have no problem using this feature under</span><br><span>certain circumstances. My question is only whether it would be wise to</span><br><span>standardize on the proposal as-is.</span><br><span></span><br><span>e</span><br><span></span><br><blockquote type="cite"><span>On Feb 5, 2015, at 3:46 PM, Eric Voskuil &lt;<a href="mailto:eric@voskuil.org">eric@voskuil.org</a></span><br></blockquote><blockquote type="cite"><span>&lt;<a href="mailto:eric@voskuil.org">mailto:eric@voskuil.org</a>&gt;&gt; wrote:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On 02/05/2015 03:36 PM, MⒶrtin HⒶboⓋštiak wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>A BIP-70 signed payment request in the initial broadcast can resolve the</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>integrity issues, but because of the public nature of the broadcast</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>coupled with strong public identity, the privacy compromise is much</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>worse. Now transactions are cryptographically tainted.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>This is also the problem with BIP-70 over the web. TLS and other</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>security precautions aside, an interloper on the communication, desktop,</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>datacenter, etc., can capture payment requests and strongly correlate</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>transactions to identities in an automated manner. The payment request</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>must be kept private between the parties, and that's hard to do.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>What about using encryption with forward secrecy? Merchant would</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>generate signed request containing public ECDH part, buyer would send</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>back transaction encrypted with ECDH and his public ECDH part. If</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>receiving address/amount is meant to be private, use commit protocol</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>(see ZRTP/RedPhone) and short authentication phrase (which is hard to</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>spoof thanks to commit protocol - see RedPhone)?</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Hi Martin,</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The problem is that you need to verify the ownership of the public key.</span><br></blockquote><blockquote type="cite"><span>A MITM can substitute the key. If you don't have verifiable identity</span><br></blockquote><blockquote type="cite"><span>associated with the public key (PKI/WoT), you need a shared secret (such</span><br></blockquote><blockquote type="cite"><span>as a secret phrase). But the problem is then establishing that secret</span><br></blockquote><blockquote type="cite"><span>over a public channel.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>You can bootstrap a private session over the untrusted network using a</span><br></blockquote><blockquote type="cite"><span>trusted public key (PKI/WoT). But the presumption is that you are</span><br></blockquote><blockquote type="cite"><span>already doing this over the web (using TLS). That process is subject to</span><br></blockquote><blockquote type="cite"><span>attack at the CA. WoT is not subject to a CA attack, because it's</span><br></blockquote><blockquote type="cite"><span>decentralized. But it's also not sufficiently deployed for some scenarios.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>e</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br></div></body></html>