ZmnSCPxj <[email protected]> writes: > Good morning Rusty and aj and list, > >> >> > > In the payer-supplied data case, I think 'm' should include a signature >> > > for a key only the payer knows: this lets them prove they made the >> > > payment. >> > >> > I don't object to that, but I think it's unnecessary; as long as there >> > was a payment for delivery of the widget to "aj" in "Australia" does it >> > matter if the payment was technically made by "aj" by "Visa on behalf >> > of aj" or by "Bank of America on behalf of Mastercard on behalf of aj's >> > friend who owed him some money" ? >> >> You often don't want the vendor to know anything about you, and there's >> often no reason why they should. >> >> And it just doesn't work unless you give over uniquely identifying >> information. AJ posts to r/bitcoin demonstrating payment, demanding his >> goods. Sock puppet says "No, I'm the AJ in Australia" and cut & pastes >> the same proof. >> > > Technically speaking, all that AJ in Australia needs to show is that he or > she knows, the private key behind the public key that is indicated on the > invoice. > > Before payment, only the payee knows this private key. > > After payment, both AJ in Australia and the payee know this private key > (since the payment is conditional on AJ in Australia learning this key).
But the merchant (payee) knows it too. So the lizard masters[1] at Blockstream can produce this proof as well? Cheers, Rusty. [1] https://twitter.com/rusty_twit/status/1057794540122206208 _______________________________________________ Lightning-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
