- From: Dave Lampton <dave.lampton@gmail.com>
- Date: Wed, 4 Jun 2014 01:55:28 -0700
- To: Timothy Holborn <timothy.holborn@gmail.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAHbN0ey-Y2U1igk+1r2Q7er10xJxOBk8sEZbFWqsuF2NFgE1_A@mail.gmail.com>
Certainly not going to appear to be a problem on the surface, but I feel it's a vulnerability, yes. Dave Lampton * @dave_lampton <https://twitter.com/dave_lampton>* * DaveLampton <https://www.facebook.com/DaveLampton> +DaveLampton <https://www.google.com/+DaveLampton>* www.linkedin.com/in/davelampton/ On Wed, Jun 4, 2014 at 1:50 AM, Timothy Holborn <timothy.holborn@gmail.com> wrote: > Do you believe this flaw affects bitcoin addresses also?? > > Sent from my iPad > > On 4 Jun 2014, at 6:48 pm, Dave Lampton <dave.lampton@gmail.com> wrote: > > Having already given this question some thought, I'd already decided that > a URI is probably not the best solution. It makes it too easy for one > server to start serving as an account/wallet for lots of people at once, > which may seem harmless enough at first, but it may be enough if those > people simply know each others' specific URIs it may be enough to start > gaming the system or otherwise trying to hack each other. > > Therefore in my opinion, URI specification is inadequate and > accounts/wallets/money bags/whatever you wanna call them should each be > completely specified by a FQDN (host-specific while ignoring path), such > that no two wallets/accounts share the same FQDN. That does also mean that > every possessor of a wallet must first possess a domain and/or a subdomain > that nobody but they control. (These can easily be managed via existing > registrar ownership and transfer regulations and of course, the DNS system.) > > > > Dave Lampton > * @dave_lampton <https://twitter.com/dave_lampton>* > > * DaveLampton <https://www.facebook.com/DaveLampton> +DaveLampton > <https://www.google.com/+DaveLampton>* > www.linkedin.com/in/davelampton/ > > > > > On Tue, Jun 3, 2014 at 11:36 PM, Tim Holborn <timothy.holborn@gmail.com> > wrote: > >> >> I was wondering about how some form of HTTP URI might be provided to a >> bank-account customer. Banking systems currently have an array of >> different identifiers that are provided between parties for the purposes of >> transferring funds (say, from parents to children, etc.) Existing account >> details work within banking systems (SWIFT codes, BSB / Account Numbers, >> etc.); however i couldn’t find the schema available to provide a HTTP URI >> of a bank account at Web-Scale? >> >> I envisage this to be similar to a crypto-currency address, perhaps with >> a relation to an institution? >> >> EXAMPLE (not syntactically accurate for web-payments / payswarm) >> >> whereas; >> >> IdP: bitcoin >> ADDRESS: 12V7BYH4jPTeeWXfEKJ1rrifizgdvkrzsU (example only) >> Amount: 1 >> valueFormat; bitcoin >> >> now therefore; >> >> IdP: Westpac.AU >> Address: 123546799876688232234 (example only - account doesn’t exist to >> my knowledge) >> Amount $1.00 >> valueFomat: AUD >> >> Therein; I have a foaf profile document: >> http://ubiquitous.rww.io/profile/card#me whereby i can list or insert my >> bitcoin addresses. How can an individual create a HTTP identifier / method >> for a traditional banking accounts? Equally, the address could be >> converted into a QRCode or other form, denoting the same details (and >> enabling the same transaction). >> >> Is defining a HTTP URI identifying a bank account; and, To use a HTTP URI >> to make a transaction to a bank-account, between institutional banking >> providers (?) within scope… >> >> does a method already exist (as provided by banking institutions, not via >> intermediary, such as paypal)? >> >> >> >> >
Received on Wednesday, 4 June 2014 08:55:56 UTC