Re: [Bitcoin-development] Proposed BIP 70 extension

2014-06-24 Thread Andy Alness
://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Andy Alness Software Engineer Coinbase San Francisco, CA -- Open source business process management suite built on Java and Eclipse Turn processes into business

Re: [Bitcoin-development] Why are we bleeding nodes?

2014-05-20 Thread Andy Alness
. Get started now for free. http://p.sf.net/sfu/SauceLabs ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Andy Alness Software Engineer Coinbase San

Re: [Bitcoin-development] Why are we bleeding nodes?

2014-05-20 Thread Andy Alness
of the P2P protocol. It seems reasonable especially for inv messages. On Tue, May 20, 2014 at 2:46 PM, Andy Alness a...@coinbase.com wrote: Has there ever been serious discussion on extending the protocol to support UDP transport? That would allow for NAT traversal and for many more people to run

Re: [Bitcoin-development] Allow cross-site requests of payment requests

2014-05-12 Thread Andy Alness
It sounds OK to me, although we should all sleep on it for a bit. The reason this header exists is exactly because mobile code fetching random web resources can result in surprising security holes. That's fair. From the server perspective, I'd argue that payment requests / payments already

[Bitcoin-development] Allow cross-site requests of payment requests

2014-05-11 Thread Andy Alness
Would it be a terrible idea to amend BIP 70 to suggest implementors include a Access-Control-Allow-Origin: * response header for their payment request responses? I don't think this opens up any useful attack vectors. I ask because this would make it practical for pure HTML5 web wallets to use the