Send payments to emails, urls and domains in GUI #174

pull khalahan wants to merge 0 commits into bitcoin:master from khalahan:payto changing 0 files +0 −0
  1. khalahan commented at 6:20 PM on April 20, 2011: none

    This patch allows you to send payments to email address, domain names and url from the bitcoin GUI. Valid examples of inputs :

    Technical explanation

    Input url/address is translated to an http request sent to the corresponding domain (ip addresses are not translated for backward compatilibty). A valid response is a text formatted in json, containing a bitcoin address with an optional label : { "error" : "", "label" : "Bitcoin Contact", "address" : "1NMxHnpAE38P9HN9pzRSqAFMCv1WcXZC1N" } GUI will propose you to add the returned address in your address book.

    Discussion on forum : http://bitcointalk.org/index.php?topic=6186.0

  2. Send payments to emails, urls and domains in GUI 0960c077ec
  3. gavinandresen commented at 6:29 PM on April 20, 2011: contributor

    Is there a reason you didn't use the HTTP methods in rpc.cpp? bitcoin already knows how to make http requests.

    Also, fetching bitcoin addresses via http is insecure-- you're vulnerable to a man-in-the-middle attack. Fetching securely means https and (probably) shipping bitcoin with certificate authority certificates, so you can be sure that you actually are talking to xkcd.com to get their address.

  4. khalahan commented at 8:29 PM on April 20, 2011: none

    I guess methods in rcp wasn't available in the GUI (because they are not used by the GUI, right ?), so I inspired myself by the GetMyExternalIP function (in net.cpp) that retreive remote IP with a GET request. I'll have a look at them (I need a GET request with an uri and Host, I may create one so ?).

    Fetching in https would be more secure indeed, but it's not available on every site (and there is a lot of self signed certificates). So, should we check https first and then use http as fallback ? Bitcoin should use the certifcates of the OS instead of shipping them. Is it possible on windows ?

  5. TheBlueMatt commented at 11:19 PM on April 20, 2011: member

    No, falling back on http is a huge security risk (MITM attackers can easily block https).

  6. khalahan commented at 11:35 AM on April 21, 2011: none

    A bitcoin user is vulnerable to a MITM attack because of DNS resolution not using DNSSEC (irc connections, dnsseed and dyndns) and TCP connections to ip not using SSL verifiable certificates. Once he controls all connections... Possibilities for the attacker are :

    • make the user believe he has been paid by sending a transaction from already spent coins on the real nodes
    • generate fake blocks for confirmations and fake transactions So, you can't really trust 100% what is displayed by your bitcoin client ?

    By fetching addresses in http, it adds an additional risk :

    • a user can send coins directly to the attacker I admit it is a big risk, but it should not block the possibility to fetch an address even if the connection is not secured. However, the user should be warn in this case and decide what to do with a manual action (you won't send 500BTC that way do you ?).

    A way to do it securely would be to send the fetch request to connected first level nodes and compare results (or shasum to shorten the message). But, bitcoin network is not ready/designed for trusted nodes.

    Another solution is to have a centralized site for address fetching. If a think a centralized solution was good i would already have linked my patch with my domain :p. Maybe, I could fetch both from a direct request to the website and make a second request to one of the trusted ip (declared like bitseed ips) ?

  7. Use HTTPS only for fetching addresses 7f811500bf
  8. khalahan commented at 9:53 PM on April 21, 2011: none
    • Use of rpc methods the read the request
    • use of HTTPS only to fetch address
    • using .json instead of .txt
  9. khalahan commented at 8:48 PM on April 22, 2011: none

    Do you have any additional comment on this pull request ?

  10. gavinandresen commented at 8:54 PM on April 22, 2011: contributor

    Did you figure out how to get SSL to verify the identity of the server? Just using SSL isn't sufficient to prevent MITM attacks, SSL has to actually verify that the server you're talking to presents a valid certificate.

  11. Check certificate against local certs 73521116a1
  12. khalahan commented at 12:06 PM on April 23, 2011: none

    TheBlueMatt > the port here was not used, but i've cleaned it up, thanks.

    gavinandresen > this new patch checks certificate against locales certificates. It is currently configured only for linux by searching in '/etc/ssl/certs'. I don't know if other OS have a common path for certificates or if we should embed them with bitcoin ?

    If you want to test : khal@bitcoin-contact.org : valid CaCert certificate (now :p) => sould return a messageBox with infos in the GUI khal@sky-animes.com : self signed (and with another domain name) => invalid address

  13. jgarzik commented at 11:59 AM on May 6, 2011: contributor

    The only remaining issue with this change, IMO, is privacy.

    This change enables easier external observation of the precise moment when a bitcoin user is making a transaction.

    As such, these lookups should be disabled by default, and proactively enabled by the user via command line switch or GUI option checkbox.

  14. TheBlueMatt commented at 12:36 PM on May 6, 2011: member

    I don't know what kind of work would be needed, but it would be really nice to get this to work on OSX and/or Win32

  15. khalahan commented at 12:57 PM on May 6, 2011: none

    Include a list of root certificates with bitcoin i guess. Is-it an acceptable situation ?

  16. TheBlueMatt commented at 1:09 PM on May 6, 2011: member

    That is what many browsers do, but I don't think we want to support that, do we? eg, Mozilla had to ship an update to firefox to blacklist certificates when one CA was compromised recently.

  17. ByteCoin commented at 3:06 AM on October 13, 2011: none

    There's no secure way of doing this. If someone wants to send bitcoins they have to have an address to send to. It's their problem how to verify that the address is correct. The bitcoin client shouldn't try to do this because it's too hard and when it is compromised, it will be blamed. I'm reminded of the old saying "Every application grows until it can send email". How about we concentrate on our core function?

  18. gavinandresen closed this on Jan 13, 2012
  19. dexX7 referenced this in commit b82cfdcd64 on Aug 20, 2015
  20. glv2 referenced this in commit d5a6d3bd32 on Mar 21, 2016
  21. deadalnix referenced this in commit ad209dbb24 on Dec 13, 2016
  22. lateminer referenced this in commit 730242a26c on Dec 9, 2017
  23. classesjack referenced this in commit dc730047f6 on Jan 2, 2018
  24. attilaaf referenced this in commit d77504253e on Jan 13, 2020
  25. cryptapus referenced this in commit 5e52e3205d on Feb 17, 2020
  26. Losangelosgenetics referenced this in commit c5724755a7 on Mar 12, 2020
  27. rajarshimaitra referenced this in commit d1ae621bb4 on Aug 5, 2021
  28. rajarshimaitra referenced this in commit cbbf9594ae on Aug 5, 2021
  29. DrahtBot locked this on Sep 8, 2021
Contributors
khalahangavinandresenTheBlueMattjgarzikByteCoin
Labels
Feature
Linked (view graph)
#25323 miniscript fuzzer failing after qa-assets update
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me