Date post: | 29-Jan-2015 |
Category: |
Technology |
Upload: | mids106 |
View: | 103 times |
Download: | 0 times |
Customer hand-off between Bitcoin partners
Joris Bontje @mids106
Use Case
Making the connection
Copy / paste bitcoin address
Not very user friendly “Scary address”
First time user are anxious about their payments
Can’t detect referring partner
Poor customer support
Link via URL
User no longer has to enter the address himself
Can detect wallet type / partner (referrer)
Better customer support
Not secure: All kind of scams possible
Using API
Not “peer to peer”; unequal partners
How do you hand over user sessions?
Everybody has their own API
Signed links
Uses OAuth 1.0a signing scheme (used by Twitter)
Requests signed with shared secret (HMAC-SHA1)
Communication goes via the browser; no internal API or callbacks required
Existing scheme; “don’t invent your own crypto”
Implementation
Request
Security
Request signed with shared secret (HMAC-SHA1)
Limited time validity (5 minutes by default)
Prevent replay attacks with nonce
Shared secret exchanged out-of-band (PGP)
Demo
Buy Bitcoin
Sell Bitcoin
? @mids106
Image by: casascius
BIPS 0070
BIP 0070: Payment Protocol
Not yet in production *)
Uses SSL / Certificate Authorities
Relies on accessing a third party web page
Might only work in 1 direction (selling bitcoins)