1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pieter.wuille@gmail.com>) id 1V7BPb-0002az-2z
for bitcoin-development@lists.sourceforge.net;
Wed, 07 Aug 2013 21:36:55 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.223.182 as permitted sender)
client-ip=209.85.223.182; envelope-from=pieter.wuille@gmail.com;
helo=mail-ie0-f182.google.com;
Received: from mail-ie0-f182.google.com ([209.85.223.182])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1V7BPa-0005LD-DZ
for bitcoin-development@lists.sourceforge.net;
Wed, 07 Aug 2013 21:36:55 +0000
Received: by mail-ie0-f182.google.com with SMTP id tp5so469361ieb.41
for <bitcoin-development@lists.sourceforge.net>;
Wed, 07 Aug 2013 14:36:49 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.42.66.200 with SMTP id q8mr698369ici.25.1375911409103; Wed,
07 Aug 2013 14:36:49 -0700 (PDT)
Received: by 10.50.73.74 with HTTP; Wed, 7 Aug 2013 14:36:48 -0700 (PDT)
In-Reply-To: <CANEZrP2+D4xu0t2efRPfg0t5gD8RRBk=KQEJH+0FF5J=vBmwiA@mail.gmail.com>
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com>
<CAPg+sBhb3WOYnWRc020QbGwE0W4XeWWmXXTqYyAqrtB7h0+b8A@mail.gmail.com>
<CABsx9T0o2BN+UyZt-TYcEXX_U0ztP3Rq3+arr_2C1MPEtU_dUg@mail.gmail.com>
<CANEZrP2+D4xu0t2efRPfg0t5gD8RRBk=KQEJH+0FF5J=vBmwiA@mail.gmail.com>
Date: Wed, 7 Aug 2013 23:36:48 +0200
Message-ID: <CAPg+sBheF45bsx5it-0v1QjDW--t5UkZZjNjf9wt3d7XgUXLgw@mail.gmail.com>
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Mike Hearn <mike@plan99.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(pieter.wuille[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1V7BPa-0005LD-DZ
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 21:36:55 -0000
On Wed, Aug 7, 2013 at 11:17 PM, Mike Hearn <mike@plan99.net> wrote:
>
>> I'd like to hear from other wallet implementors. Do you have a notion
>> of 'locked inputs' ? The tricky bit in constructing a transaction but
>> not broadcasting it right away is the inputs must be locked, so
>> they're not accidentally double-spent.
>
>> bitcoinj separates the concept of committing a tx to the wallet from
> broadcasting it. However by default transactions that weren't seen in the
> chain yet will be announced when a new peer is connected to. It'd take extra
> code to suppress that, and it's unclear to me why that's useful. I agree
> with Pieter that it should be the merchants responsibility to get the tx out
> there, but having the client do the broadcast as well can't really hurt
> (except perhaps some privacy impact).
My concerns here are:
* Making sure wallet applications can function without supporting the
P2P protocol (which drops a huge implementation overhead for simple -
perhaps hardware-based - wallets).
* Making sure the responsibility of confirming transactions is with
the receiver (while the responsibility of creating a confirmable
transaction is with the sender), which again simplifies wallet
implementation.
* Making receiving of metadata reliable, by minimizing cases where a
transaction is accidentally broadcast without the receiver being told
about it. This is perhaps not possible entirely, but it should be
possible to reduce it to a point where the remaining cases can be
dealt with manually. This also means indeed being able to give a
bitcoin URI (or why not just a URL to a payment descriptor?) that does
not contain a static Bitcoin address. I understand the compatibility
concern here, but IMHO we should do all effort to get rid of static
addresses were possible - the public key should be negotiated be
sender and receiver.
I worry about the scenario where some evil hotspot owner observes a
payment request, and later sees a bitcoin P2P transaction crediting
that key, but without payment being sent to the payment_uri (because
he blocked it), thus allowing him to construct a payment message
himself with the request + transaction, and adding his own refund
address or delivery location, or ... To fix problems related to this
completely, we'd need transactions that commit to the payment message,
instead of the other way around. I believe the pay-to-contract scheme
presented by Timo Hanke at the San Jose conference solved this.
--
Pieter
|