{"id":22774,"date":"2018-01-05T22:34:59","date_gmt":"2018-01-05T22:34:59","guid":{"rendered":"http:\/\/ci027cfe6fa0112697"},"modified":"2018-01-05T22:34:59","modified_gmt":"2018-01-05T22:34:59","slug":"wallet-developers-express-security-concerns-over-bitpays-payment-protocol-policy","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/technical\/wallet-developers-express-security-concerns-over-bitpays-payment-protocol-policy","title":{"rendered":"Wallet Developers Express Security Concerns Over BitPay\u2019s Payment Protocol Policy"},"content":{"rendered":"
<\/div>
<\/figure>\n

On December 14, 2017, BitPay announced<\/a> a first step toward enforcing the payment protocol: All orders of the BitPay Card<\/a> will require payments from Payment Protocol-compatible wallets, such as BitPay\u2019s own wallet and a few others. This announcement came after an initial notice in November 2017, when BitPay first announced<\/a> that BitPay invoices would soon require payments from wallets compatible with the Bitcoin Payment Protocol<\/a>.<\/p>\n

BitPay\u2019s move has since been met with resistance by some wallet developers that don\u2019t support the Bitcoin Payment Protocol; some are suggesting that BitPay is abusing its leading position in the payment processing space and putting user security at risk.<\/p>\n

\u201cWe absolutely do not support BitPay in aggressively using their dominant position of market share to bully wallet providers into supporting their business plans or bully users into a system that degrades their privacy and the fungibility of bitcoin as a whole,\u201d stated bitcoin wallet Samourai<\/a> in its blog post<\/a> of January 2, 2018.<\/p>\n

The Bitcoin Payment Protocol<\/a> (BIP70), proposed by Gavin Andresen and Mike Hearn in 2013, describes a protocol for communication between a merchant and their customer, \u201cenabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.\u201d A detailed explanation<\/a> of the details of the payment protocol, written by Mike Hearn in Q\/A format, is available on the Bitcoin forum.<\/p>\n

According to BitPay, the Payment Protocol will reduce user error in bitcoin payments, such as payments sent to a wrong address or with a transaction fee that is too low for fast processing by the Bitcoin network. <\/p>\n

\u201cWe answer thousands of customer support requests every month, and we see first-hand how these problems affect BitPay merchants and their customers,\u201d notes BitPay, adding that if two wallets both “speak” Payment Protocol, the correct receiving bitcoin address and the correct sending amount are locked in automatically by creating an SSL-secured connection to the true owner of the receiving bitcoin address. Instead of cryptic Bitcoin addresses, the protocol uses human readable identifiers, which are then mapped to Bitcoin addresses.<\/p>\n

\u201cOur next step will be requiring Payment Protocol payments for all BitPay Card loads,\u201d stated BitPay. \u201cFrom there, we will move to require Payment Protocol for all BitPay invoices … We continue to work with other wallet providers in the Bitcoin ecosystem to advance adoption of the Bitcoin Payment Protocol. We’re encouraged by the response we have received. Widespread adoption of Payment Protocol will immediately improve the bitcoin payment experience.\u201d<\/p>\n

According to a list provided<\/a> on the BitPay website, Copay, Mycelium and Electrum wallets, along with Bitcoin Core, support Payment Protocol payments. \u201cThese true bitcoin wallets<\/a> all already \u2018speak\u2019 Payment Protocol,\u201d stated BitPay. \u201cIf you are using a non-Payment Protocol wallet or service to pay BitPay invoices, you will need to move your spending bitcoin to a wallet or service which can support Payment Protocol. We strongly recommend that you use a true bitcoin wallet for spending to avoid delayed transactions<\/a>, but you will be able to use any service compatible with Payment Protocol.\u201d<\/p>\n

This list, however, is out-of-date. Bitcoin Magazine<\/em> reached out to several other wallets to verify their status. <\/p>\n

\u201cOur currently released app Airbitz does support BIP70 and has since 2015,\u201d Paul Puey, Co-Founder and CEO of AirBitz<\/a> (recently rebranded as Edge<\/a>), told Bitcoin Magazine<\/em>. \u201cEdge Wallet (currently in beta) will support BIP70 in a future production version.\u201d BitPay currently lists Airbitz as not supporting BIP70.<\/p>\n

Bread<\/a> also has supported BIP70 since 2015, contrary to information supplied on BitPay\u2019s list.<\/p>\n

Security Concerns<\/h3>\n

One of the most outspoken opponents of this policy shift has been Samourai Wallet.<\/p>\n

\u201cWe have to be very clear here,\u201d Samourai stated bluntly in its recent blog post. \u201cSamourai Wallet will not support BIP70 in our products, therefore, our wallet users will NOT be able to send bitcoin to QR codes generated by BitPay invoices, as they do not provide a valid Bitcoin address.\u201d<\/p>\n

According to Samourai, BIP70 \u201cremains largely unadopted by the majority of wallet and service providers\u201d due to many security and privacy concerns, including the required support of legacy public-key infrastructure features with known vulnerabilities, such as OpenSSL<\/a> and Heartbleed<\/a>.<\/p>\n

Indeed, the recent revelations about Meltdown and Spectre have created additional security concerns among some critics.<\/p>\n

\u201cMeltdown\/Spectre<\/a> greatly increase the risk of keys being stolen from memory,\u201d James Hilliard, developer and MyRig engineer, told Bitcoin Magazine<\/em>, \u201csince they are side-channel attacks that allow processes to spy on the memory other processes (wallet private keys generally have to go into memory at some point in order to sign the transaction).\u201d<\/p>\n

\u201cWe do share some of the concerns but do not feel as strongly as Samourai Wallet,\u201d said Puey. \u201cIn the case of the acquisition of a payment QR code from a website, one is already trusting SSL public key infrastructure to know that a public address is from the owner. Adding BIP70 to that makes it no worse. However, if one is doing a peer-to-peer transaction between two wallets that are physically next to each other, there is no need to rely on an https server query to obtain a public address, and that process absolutely introduces more risk than necessary.\u201d<\/p>\n

Many bitcoin wallets, including Coinbase and Jaxx, don\u2019t support BIP70 at the moment. Others, like Airbitz and its upcoming Edge, support BIP70 but less enthusiastically than BitPay.<\/p>\n

Addison Cameron-Huff is President of Decentral<\/a>, the company that develops the Jaxx<\/a> wallet. Referring to BitPay\u2019s statement that BIP70 does for Bitcoin what secured web-browsing (HTTPS) did for the internet, he told Bitcoin Magazine<\/em>, \u201cI think BitPay is overstating the case for BIP70. It\u2019s also a bit misleading to refer to BIPs as \u2018standards,\u2019\u201d adding that the \u201cBIP\u201d acronym stands for \u201cBitcoin Improvement Proposal,\u201d not \u201cBitcoin Improvement Standard.\u201d<\/p>\n

\u201cNot showing addresses is a big change in how people use Bitcoin, and, as of January 2018, I think it\u2019s premature to force this change ecosystem-wide, but BitPay is only insisting upon this for people who want to use BitPay,\u201d continued Cameron-Huff. \u201cWe\u2019ll see over the coming months how this change affects their user base and whether alternative payment processing firms win marketshare (or don’t). Ultimately, the cryptocurrency world is one in which the best products and proposals tend to win out in the market, and only time will tell whether this was a good decision for BitPay and more importantly: a good decision for the Bitcoin community.\u201d<\/p>\n

\u201cWe have had multiple conversations with BitPay and have expressed our concerns with the BIP70 protocol including unnecessary complications that do not truly solve the problems presented,\u201d said Puey. \u201cWe feel that extensions to the BIP21 spec could have been implemented that would have achieved the same goals that BitPay desired without the added complications, centralization or SSL security implications.\u201d<\/p>\n

\u201cWhile we intend to continue supporting BIP70 we do NOT recommend that providers use it or require it to receive payment and instead pursue extensions to BIP21 instead,\u201d concluded Puey. \u201cWe have experienced a multitude of issues with BitPay’s support of BIP70 including their own servers being unable to provide payment information through the provided payment URL causing wallets to fallback to BIP21-style payments if capable.\u201d<\/p>\n

Future Adoption<\/h3>\n

Bread wallet CMO Aaron Lasher told Bitcoin Magazine<\/em> that while Bread already supports BIP70, the company has plans to \u201cmake it work with BitPay in an upcoming release.\u201d He emphasized that it will be important to maintain the wallet\u2019s core functionality and ensure that its high level of privacy remains.<\/p>\n

\u201cBread is a consumer-focused wallet, so we support anything at face value that improves or simplifies the user experience, provided we are able to maintain sufficient privacy and financial control on behalf of our users.\u201d<\/p>\n

Similarly, Cameron-Huff explained that while Jaxx doesn\u2019t currently support BIP70, if BIP70 becomes an actual widely adopted standard, then Jaxx will enable it for users.<\/p>\n

\u201cWe will be keeping an eye on this change with BitPay and other large blockchain ecosystem organizations,\u201d concluded Cameron-Huff. \u201cWe are always looking to improve Jaxx but also have to balance this with not forcing changes upon our users or implementing hasty changes that might cause a negative experience for our 600,000 users.\u201d<\/p>\n

A representative from the hardware wallet Ledger<\/a> told Bitcoin Magazine<\/em>, \u201cWe do not plan yet to support BIP70 directly in our wallet as it’d only make sense if we could offer an end-to-end support to the hardware wallet which is not doable yet, considering the complexity of this protocol.\u201d <\/p>\n

Ledger added that it might support it through a translating gateway later in the future while keeping users aware of the extra risks. Like Airbitz\/Edge, the company expressed a preference for BIP21.<\/p>\n

\u201cSecurity wise, we also believe that BIP70 is not in a great state today (not supporting ECDSA certificates, duplicating standard PKI issues where users have to authenticate possible rogue certificates, possibly forcing public authentication cookies on users through specific outputs) and would appreciate if all payment providers could keep offering regular BIP21 URLs for interoperability.\u201d<\/p>\n

Update (January 6, 2016):<\/em> GreenAddress wallet did not respond to our request for comment in time for inclusion in Friday’s post. A representative has since emailed us this information:<\/p>\n

“We have supported BIP70 for several years now. We share many of the same concerns that other wallet developers (including hardware wallets) have expressed.”<\/p>\n","protected":false},"excerpt":{"rendered":"

On December 14, 2017, BitPay announced a first step toward enforcing the payment protocol: All orders of the BitPay Card will require payments from Payment Protocol-compatible wallets, such as BitPay\u2019s own wallet and a few others. This announcement came after an initial notice in November 2017, when BitPay first announced that BitPay invoices would soon […]<\/p>\n","protected":false},"author":3509,"featured_media":22775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[],"class_list":{"0":"post-22774","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technical"},"author_data":{"id":3509,"name":"Giulio Prisco","nicename":"giulio-prisco","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/2d091b908741b627d89036dd43748bb5c5edcfe9f805501703e2c3af34dadfca?s=96&d=robohash&r=g"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/wallet-developers-express-security-concerns-over-bitpays-payment-protocol-policy.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/22774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/3509"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=22774"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/22774\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/22775"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=22774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=22774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=22774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}