Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts
> yeah... I had similar thoughts on what to do if some Outputs specify an > amount and others don't. I'm still waffling on whether or not I like > allowing repeated Outputs; a single Output would make the spec a fair bit > simpler Yes, but at the cost of privacy. Generators of payment requests always have the option of just adding a single output and being done with it. But in future they'll probably want to keep their income in unlinkable chunks of a size that's up to them, and multi-outputs are needed for this (the idea being, the users wallet tries to keep a close-as-possible match between the requested outputs and their own). OK, let's punt on tipping for now. > If a bitcoin client accepts unsigned payment requests (a couple of people > have asked if that would be possible so I think that is desired), then it > doesn't have the payer's identity-- all it has is the Outputs that will be > paid. I see. If I were to implement a wallet I'd just display nothing (except the size of the request). Showing an address doesn't really help the user in any way. > I still like the idea of only including the root CAs who have jumped through > the hoops needed to get the "allowed to issue EV certs" blessing. The hoops only actually apply for EV certs though, they aren't required to do that verification for DV certs. The main reason to use the browser root CAs is that merchants are guaranteed to be able to re-use their existing certs. Otherwise they might have to buy new ones, which would be annoying. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts
On Fri, Dec 7, 2012 at 6:01 AM, Mike Hearn wrote: > Yet more comments (I guess at some point we need to stick a fork in it > - or at least move on to implementing a prototype version). > Yes, my next step is prototyping. Note that this is not a BIP yet: I want to have a working implementation before making this an Official BIP. > Maybe don't require the payment URI to be HTTPS. Changed: receipt_url: Secure (usually https) location where... Though it's not strictly necessary, it'd be nice to have defined > behavior for if you want to pay more than the requested amount, for a > tip. yeah... I had similar thoughts on what to do if some Outputs specify an amount and others don't. I'm still waffling on whether or not I like allowing repeated Outputs; a single Output would make the spec a fair bit simpler, and if a merchant wants to split up a payment for some reason they could just generate another transaction. I want to move on to actually implementing this before creating complicated rules. Maybe the best way to tip a waitress is to get two separate PaymentRequests, one for the restaurant and one that goes directly to the waitress (depends on whether or not the restaurant needs or wants to know how much their employees are getting tipped, I suppose). Maybe it would be best to have a separate "gratuity" Output in the PaymentRequest. That's the kind of detail I think doesn't need to be worked out right now, I'd rather restaurants tell us what they need/want. > "Display the proposed Outputs in as human-friendly a form as possible" > ??? Surely you'd just display the total amount requested? I don't > think it ever makes sense to try and display outputs to the user > directly. > This is the case of getting an UNSIGNED payment request; I've changed the wording a little to make that more clear. If a bitcoin client accepts unsigned payment requests (a couple of people have asked if that would be possible so I think that is desired), then it doesn't have the payer's identity-- all it has is the Outputs that will be paid. > Re: the UI TODO - agreed but let's take it out of the BIP... Not a BIP yet serialized_paymentrequest -> serialized_payment_request? Done. > The question of root CAs still needs resolution. I stick with > my recommendation to support all CAs that browsers support. I still like the idea of only including the root CAs who have jumped through the hoops needed to get the "allowed to issue EV certs" blessing. I'm not suggesting that all bitcoin merchants must get EV certs, but I am suggesting that they must get a certificate from one of the most reputable certificate authorities, and the ability to issue EV certificates is, I think, a good proxy for that. But, again: Not a BIP yet. Lets get something implemented and then hammer out details (implementing always turns up edge cases you forgot when spec'ing). -- -- Gavin Andresen -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts
Yet more comments (I guess at some point we need to stick a fork in it - or at least move on to implementing a prototype version). Maybe don't require the payment URI to be HTTPS. If you want to pay a Tor hidden service then HTTPS just adds unnecessary complexity. Just recommend to merchants that they use an encrypted connection and leave it at that. Though it's not strictly necessary, it'd be nice to have defined behavior for if you want to pay more than the requested amount, for a tip. Perhaps rather than "zero value outputs will be ignored" say, "if some outputs have value and others don't, the user will be given the option of overpaying and the extra money will be split evenly between the zero valued outputs". That way a waitress can have the phone add a zero-valued output to her own wallet and that would prompt the wallet software to display some convenient UI for adding on 10% or whatever. receiptURI -> receipt_url ? technically it has to be resolvable so "uri" isn't quite right. "Display the proposed Outputs in as human-friendly a form as possible" ??? Surely you'd just display the total amount requested? I don't think it ever makes sense to try and display outputs to the user directly. Re: the UI TODO - agreed but let's take it out of the BIP and maybe make it an alternative document. Or just replace it with a recommendation that "the user interface should be designed to ensure users understand the difference between an unsigned and signed payment request, for best practices see " serialized_paymentrequest -> serialized_payment_request? Otherwise languages that use CamelCase will look odd setSerializedPaymentrequest() The question of root CAs still needs resolution. I stick with my recommendation to support all CAs that browsers support. Obviously, it's better for a merchant to obtain an EV cert than a domain verification cert - the UI can reflect the higher level of verification. I doubt there's a need to specify a max number of certs in a chain. But if you want to, go for something high, like 256. There's no point in trying to put DoS mitigations into something like this, for the same reason HTML doesn't impose a maximum page size. It's in the message builders interest to ensure it gets read by all users. Crashing their clients doesn't achieve anything as long as the crash isn't exploitable. On Fri, Dec 7, 2012 at 11:45 AM, Mike Hearn wrote: >> OK. I want to keep the signature field required, though, so how about: >> >> signature: digital signature over a protocol buffer serialized variation of >> the SignedPaymentRequest message where signature is a zero-byte array and >> fields are serialized in numerical order (all current protocol buffer >> implementations serialize fields in numerical order), using the public key >> in pki_data. > > Looks good to me. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts
> OK. I want to keep the signature field required, though, so how about: > > signature: digital signature over a protocol buffer serialized variation of > the SignedPaymentRequest message where signature is a zero-byte array and > fields are serialized in numerical order (all current protocol buffer > implementations serialize fields in numerical order), using the public key > in pki_data. Looks good to me. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development