Erik Aronesty [ARCHIVE] on Nostr: π Original date posted:2016-06-22 π Original message:> Only large merchants are ...
π
Original date posted:2016-06-22
π Original message:> Only large merchants are able to maintain such an infrastructure; (even
> Coinbase recently failed at it, they forgot to update their
> certificate). For end users that is completely unpractical.
>
Payment protocol is for when you buy stuff from purse.io, not really needed
for face-to face transfers, end users, IMO.
> The same benefit can be achieved without the complexity of BIP70, by
> extending the Bitcoin URI scheme. The requestor is authenticated using
> DNSSEC, and the payment request is signed using an EC private key. A
> domain name and an EC signature are short enough to fit in a Bitcoin URI
> and to be shared by QR code or SMS text.
>
> bitcoin:address?amount=xx&message=yyy&name=john.example.com&sig=zzz
>
I agree. A TXT record at that name could contain the pubkey.
> That extension is sufficient to provide authenticated requests, without
> requiring a https server. The signed data can be serialized from the
> URI, and DNSSEC verification succeeds without requesting extra data from
> the requestor. The only assumption is that the verifier is able to make
> DNS requests.
>
The problem is that there's no way for a merchant to *refuse *a payment
without a direct communication with the merchant's server. Verify first
/ clear later is the rule. Check stock, ensure you can deliver, and clear
the payment on the way out the door.
Also, as a merchant processing monthly subscriptions, you don't want the
first time you hear about a user's payment to be *after *it hits the
blockchain. You could add a refund address to deal with it after the
fact... stuff a refund address int OP_RETURN somehow?
bitcoin:address?amount=xx¤cy=ccc&message=yyy&name=john.example.com
&offset=3d&interval=1m&sig=zzz
... But what if the merchant simply goes out of business. No OP_RETURN
will help you here. You'll be posting transactions into a dead wallet.
You could have some way of posting a "ping" transaction, and then
monitoring for a valid response. But this is "spamming the blockchain for
communications".
No, I think BIP075 is fine. You just need to extend the *PaymentAck *with
a single field, instead of just having a memo.
next_payment_days : integer
The wallet, when it sees this field, re-initiates an invoice request after
the selected number of days, after presenting the user with the content of
the memo field which will presumably explain the subscription. Wallet
vendors can let users "auto approve" vendors as needed.
This is, I think, the absolute minimum needed to update BIP0070/0075 for
subscriptions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160622/69c8ccf9/attachment.html>;
π Original message:> Only large merchants are able to maintain such an infrastructure; (even
> Coinbase recently failed at it, they forgot to update their
> certificate). For end users that is completely unpractical.
>
Payment protocol is for when you buy stuff from purse.io, not really needed
for face-to face transfers, end users, IMO.
> The same benefit can be achieved without the complexity of BIP70, by
> extending the Bitcoin URI scheme. The requestor is authenticated using
> DNSSEC, and the payment request is signed using an EC private key. A
> domain name and an EC signature are short enough to fit in a Bitcoin URI
> and to be shared by QR code or SMS text.
>
> bitcoin:address?amount=xx&message=yyy&name=john.example.com&sig=zzz
>
I agree. A TXT record at that name could contain the pubkey.
> That extension is sufficient to provide authenticated requests, without
> requiring a https server. The signed data can be serialized from the
> URI, and DNSSEC verification succeeds without requesting extra data from
> the requestor. The only assumption is that the verifier is able to make
> DNS requests.
>
The problem is that there's no way for a merchant to *refuse *a payment
without a direct communication with the merchant's server. Verify first
/ clear later is the rule. Check stock, ensure you can deliver, and clear
the payment on the way out the door.
Also, as a merchant processing monthly subscriptions, you don't want the
first time you hear about a user's payment to be *after *it hits the
blockchain. You could add a refund address to deal with it after the
fact... stuff a refund address int OP_RETURN somehow?
bitcoin:address?amount=xx¤cy=ccc&message=yyy&name=john.example.com
&offset=3d&interval=1m&sig=zzz
... But what if the merchant simply goes out of business. No OP_RETURN
will help you here. You'll be posting transactions into a dead wallet.
You could have some way of posting a "ping" transaction, and then
monitoring for a valid response. But this is "spamming the blockchain for
communications".
No, I think BIP075 is fine. You just need to extend the *PaymentAck *with
a single field, instead of just having a memo.
next_payment_days : integer
The wallet, when it sees this field, re-initiates an invoice request after
the selected number of days, after presenting the user with the content of
the memo field which will presumably explain the subscription. Wallet
vendors can let users "auto approve" vendors as needed.
This is, I think, the absolute minimum needed to update BIP0070/0075 for
subscriptions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160622/69c8ccf9/attachment.html>;