- From: Kumar McMillan <kmcmillan@mozilla.com>
- Date: Thu, 8 Aug 2013 21:13:37 -0500
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: public-webpayments@w3.org
On Aug 8, 2013, at 6:17 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 8/8/13 7:03 PM, Kumar McMillan wrote: >>> We are not accepting payment orders via SMS. We only authenticate users via incoming SMS. There is no need to trust SMS messages received from them. >> >> ok, thanks, I understand it better. The bitcoin wallet is not *on* the phone, it's stored on a web server like other online wallets. > Storage on the Web is not implicitly safe. Today, you have a third party (aka. Bank) holding on to you coins, look at what's happened there. > > The safest best is storage on a device you control. The allure of perceived convenience re. online solutions is the shortest route to compromise. I think that's an interesting model but I have yet to see a secure way to do that. I think M-Pesa requires you to use a SIM kit that has a keystore chip in it (something like that) but there aren't many standard ways to do it that I know of. If anyone knows of ways to do it I'm curious to learn about them. The challenge is how to keep private keys on a device without *any* other part of the system being able to access that. Anyway, there are lots of complications, like, what happens when you lose your phone? It's like losing a wallet with all your cash (all of it), not good. Centralized web services have their advantages. > > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca handle: @kidehen > Google+ Profile: https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > >
Received on Friday, 9 August 2013 02:14:04 UTC