We currently have subtle positive feedback of a signed payment request in the form of the green background. Unsigned requests simply show up without the green background, as well as requests which provide a certificate but have a missing or invalid signature.
There's a open bug (#3628) and pull request (#3684) to provide negative feedback (yellow background) for a missing or invalid signature, but it seems like there's some debate on whether bitcoind should do that... If an attacker can avoid the negative feedback by just stripping the signature and setting pki_type to none, then arguably there's no security benefit by singling out badly signed payment requests from unsigned payment requests. So perhaps the root problem is that the positive feedback (green background) is not strong enough to make its absence highly conspicuous to the end user. As an aside, how could we go about implementing the equivalent of HTTP Strict Transport Security for payment protocol to prevent this trivial signature stripping attack? Is this a possible extension field merchants are interested in? ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
