[Bitcoin-development] Cold Signing Payment Requests

Gavin Andresen gavinandresen at gmail.com
Tue Apr 30 13:14:53 UTC 2013


RE: Timo's proposal for protecting the refund address:

Seems to me there are two risks:

1) The risk that the merchant's web server will be compromised and the
attacker will redirect refunds
2) The risk that the merchant will miss payments because they miss a POST
to the payment_url (maybe the customer's machine crashes during the HTTPS
handshake)

If payments are a lot more common than refunds, then (2) will outweigh (1).

I also think an attacker who compromises the front-end web server would
probably just have it start generating plain-old pay-to-bitcoin-address
payment requests, and hope that lots of customers pay them directly before
the attack is discovered.

-- 
--
Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130430/2fda78ff/attachment.html>


More information about the bitcoin-dev mailing list