Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1TdOjp-0002v5-N2 for bitcoin-development@lists.sourceforge.net; Tue, 27 Nov 2012 17:14:25 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.47 as permitted sender) client-ip=209.85.219.47; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f47.google.com; Received: from mail-oa0-f47.google.com ([209.85.219.47]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1TdOjp-00079p-11 for bitcoin-development@lists.sourceforge.net; Tue, 27 Nov 2012 17:14:25 +0000 Received: by mail-oa0-f47.google.com with SMTP id h1so13397051oag.34 for ; Tue, 27 Nov 2012 09:14:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.60.171.141 with SMTP id au13mr13249518oec.124.1354036459688; Tue, 27 Nov 2012 09:14:19 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.128.139 with HTTP; Tue, 27 Nov 2012 09:14:19 -0800 (PST) In-Reply-To: <201211271703.39282.andyparkins@gmail.com> References: <201211271703.39282.andyparkins@gmail.com> Date: Tue, 27 Nov 2012 18:14:19 +0100 X-Google-Sender-Auth: OeCPL460Kg9WePDJ2Rb0oDtf6R8 Message-ID: From: Mike Hearn To: Andy Parkins Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.4 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 AWL AWL: From: address is in the auto white-list X-Headers-End: 1TdOjp-00079p-11 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2012 17:14:25 -0000 > Personally, I'd like to see fewer implicit ties to X509. With X509 as one > option. That's pretty much what we have today - in future other schemes can be proposed as extensions. Protocol buffers are easily extended, they ignore unknown fields. Then you'd wait and see what the invoice request looked like and produce an invoice with the right security bits. > In particular two additional identification types: > > - GnuPG (obviously) It's not obvious to me, incidentally. The web of trust has been dead-on-arrival since it was first proposed, and for good reasons. SSL/X.509, for better or worse, has significant usage. Your case of a small business is a perfect example of people who won't be using GPG. If they don't want to buy an SSL cert, they can just as well put a reference number in the memo field or a "Hey Bob, here is the bill we discussed". The payer does not get the multi-factor auth protection so if their computer has a virus, they may be hosed. But that's good incentive for sellers to get verified. Some CA authorities do it for free these days.