Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2014-01-28 📝 Original message:On Tue, Jan 28, 2014 at ...
📅 Original date posted:2014-01-28
📝 Original message:On Tue, Jan 28, 2014 at 1:53 PM, Gavin Andresen <gavinandresen at gmail.com> wrote:
> On Tue, Jan 28, 2014 at 6:42 AM, Mike Hearn <mike at plan99.net> wrote:
>>
>> Yeah, that's the interpretation I think we should go with for now. There
>> was a reason why this isn't specified and I forgot what it was - some
>> inability to come to agreement on when to broadcast vs when to submit via
>> HTTP, I think.
>
>
> If the wallet software is doing automatic CoinJoin (for example), then
> typically one or several of the other participants will broadcast the
> transaction as soon as it is complete.
>
> If the spec said that wallets must not broadcast until they receive a
> PaymentACK (if a payment_url is specified), then you'd have to violate the
> spec to do CoinJoin.
You cannot prevent transactions from being broadcasted, but an ACK can
still mean "You're now relieved of the responsibility of getting the
transaction confirmed". That's independent from being allowed to
broadcast it.
> And even if you don't care about CoinJoin, not broadcasting the transaction
> as soon as the inputs are signed adds implementation complexity (should you
> retry if payment_url is unavailable? how many times? if you eventually
> unlock the probably-not-quite-spent-yet inputs, should you double-spend them
> to yourself just in case the merchant eventually gets around to broadcasting
> the transaction, or should you just unlock them and squirrel away the failed
> Payment so if the merchant does eventually broadcast you have a record of
> why the coins were spent).
If a payment_url is unavailable, you should imho retry. If you
broadcasted, and the payment_url is unavailable, you should
*certainly* retry. Otherwise the recipient cannot rely on receiving
memo and refund address, which would imho make these fields completely
useless.
I still like suggesting not broadcasting if a payment_uri to minimize
that risk further, but as you say - there are enough cases where you
cannot enforce that anyway.
--
Pieter
📝 Original message:On Tue, Jan 28, 2014 at 1:53 PM, Gavin Andresen <gavinandresen at gmail.com> wrote:
> On Tue, Jan 28, 2014 at 6:42 AM, Mike Hearn <mike at plan99.net> wrote:
>>
>> Yeah, that's the interpretation I think we should go with for now. There
>> was a reason why this isn't specified and I forgot what it was - some
>> inability to come to agreement on when to broadcast vs when to submit via
>> HTTP, I think.
>
>
> If the wallet software is doing automatic CoinJoin (for example), then
> typically one or several of the other participants will broadcast the
> transaction as soon as it is complete.
>
> If the spec said that wallets must not broadcast until they receive a
> PaymentACK (if a payment_url is specified), then you'd have to violate the
> spec to do CoinJoin.
You cannot prevent transactions from being broadcasted, but an ACK can
still mean "You're now relieved of the responsibility of getting the
transaction confirmed". That's independent from being allowed to
broadcast it.
> And even if you don't care about CoinJoin, not broadcasting the transaction
> as soon as the inputs are signed adds implementation complexity (should you
> retry if payment_url is unavailable? how many times? if you eventually
> unlock the probably-not-quite-spent-yet inputs, should you double-spend them
> to yourself just in case the merchant eventually gets around to broadcasting
> the transaction, or should you just unlock them and squirrel away the failed
> Payment so if the merchant does eventually broadcast you have a record of
> why the coins were spent).
If a payment_url is unavailable, you should imho retry. If you
broadcasted, and the payment_url is unavailable, you should
*certainly* retry. Otherwise the recipient cannot rely on receiving
memo and refund address, which would imho make these fields completely
useless.
I still like suggesting not broadcasting if a payment_uri to minimize
that risk further, but as you say - there are enough cases where you
cannot enforce that anyway.
--
Pieter