> BIP70 is quite safe agains MitB. If user copies URL belonging to other > merchant, he would see the fact after entering it into his wallet > application. The only problem is, attacker can buy from the same > merchant with user's money. (sending him different URL) This can be > mitigated by merchant setting "memo" to the description of the basket > and some user info (e.g. address to which goods are sent).
I think BIP 70 does a good job at verifying where the payment request came from. I’m not convinced this is the same as verifying the transaction (ideally OOB). > But if whole computer is compromised, you're already screwed. Trezor > should help, but I'm not sure if it supports BIP70. The reason for OOB verification is if the entire computer is compromised. Again, this may only be possible with a trusted intermediary or a web wallet. Brian Erdelyi ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
