- From: David Nicol <davidnicol@gmail.com>
- Date: Fri, 6 Apr 2012 01:38:38 -0500
- To: opentransact@googlegroups.com, Web Payments <public-webpayments@w3.org>
- Message-ID: <CAFwScO97vXupgec2Nz_+SyAofkjav9kFW3SS=UdV4+tfWv6=mw@mail.gmail.com>
Here is my report on reading http://developer.mintchipchallenge.com/devguide/developing/common/mintchip-messages.html and neighbor pages. MintChip uses centrally assigned secure keys and 64-bit identities. There are two types of messages in the protocol, "request" and "value". Contrary to reports that Mintchip is either a new currency or a general purpose wallet framework, the version 1 protocol allows 8 bits for specifying currency but currently only 0x01 is defined as CAD. MintChip is therefore not conformant with the OpenTransact / TipJar lightweight alternative currency visions, which require arbitrary URLs for specifying currency. A "request" message can contain up to 256 bytes of "annotation" and up to 256 bytes of URL which specifies where to send a value message, as well as a 32-bit nonce. A value message can represent 24 bits of Canadian cents, up to CAD 167,772.15, and is issued in response to a speciific request, and signed, Apparently the MintChip approach to mitigating double-spending risk is to rely on an impossibility of duplicating the MintChip device, which appears to be a simple SD storage card, must have something more happening inside it. In the event that an attacker develops a method for duplicating a MintChip device including its balance, or perhaps simply prising the secret key out of it somehow, that attacker would be able to double-spend or otherwise forge improperly backed value messages: http://developer.mintchipchallenge.com/devguide/developing/common/message-validation.htmlmakes no mention of audit trails, central or otherwise.
Received on Friday, 6 April 2012 06:39:16 UTC