mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-01-19 05:45:07 +01:00
Code Issues Projects Releases Wiki Activity

Discourage unsecured endpoint

Browse Source
This commit is contained in:
nicolas.dorier 2020-05-20 06:11:58 +09:00
parent 3659671a22
commit 1251d29854
No known key found for this signature in database
GPG Key ID: 6618763EF09186FE
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bip-xxxx.mediawiki
View File

@ -98,8 +98,6 @@ To ensure compatibility with web-wallets and browser-based-tools, all responses
The sender must ensure that the url refers to a scheme or protocol using authenticated encryption, for example TLS with certificate validation, or a .onion link to a hidden service whose public key identifier has already been communicated via a TLS connection. Senders SHOULD NOT accept a url representing an unencrypted or unauthenticated connection.
Unauthenticated transport is authorized, but [[#output-substitution|Output substitution]] should be disallowed in this case.
===Receiver's well known errors===
If for some reason the receiver is unable to create a payjoin proposal, it will reply with a HTTP code different than 200.
@ -282,8 +280,6 @@ On top of this the receiver can poison analysis by randomly faking a round amoun
The receiver is free to change the output paying to himself.
For example, if the sender's scriptPubKey type is P2WPKH while the receiver's payment output in the original PSBT is P2SH, then the receiver can substitute the payment output to be P2WPKH to match the sender's scriptPubKey type.
Note that this MUST NOT be authorized over an unauthenticated payjoin endpoint such as http on clearnet, as a man-in-the-middle attacker could substitute with his own address.
===Impacted heuristics===
Our proposal of payjoin is breaking the following blockchain heuristics: