- From: Dave Raggett <dsr@w3.org>
- Date: Fri, 20 Sep 2013 14:22:13 +0100
- To: public-webpayments@w3.org
I read on [1] that MintChip uses a random number generated by the receiver to detect duplicates and prevent double spending. Can anyone explain the details of this? Is there a history of these numbers to prevent replay attacks? I presume that the history can be bounded by only allowing transactions within a limited time after the initial payment request. Is a MintChip restricted to a single transaction at any given time? What happens when a valid transaction message isn't received in time? The sender would have debited its balance, but the received wouldn't have credited its balance. Is there any discussion on revoking the private key used to sign transactions? Whilst it is probably impractical to extract the key from the secure chip, it might be stolen from the Royal Canadian Mint. [1] http://developer.mintchipchallenge.com/devguide/transactions.html -- Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
Received on Friday, 20 September 2013 13:22:42 UTC