Mike Hearn [ARCHIVE] on Nostr: 📅 Original date posted:2014-03-02 📝 Original message:I'm just repeating the ...
📅 Original date posted:2014-03-02
📝 Original message:I'm just repeating the rationale Gavin gave me for adding this to the spec
last year when he was implementing it. Perhaps it only applied to some
versions of PHP or something like that.
Jeremy, good comments. A pull request to fix those would be good.
One issue I seem looming on the horizon is that we'll need a version of the
payment protocol document that's living. Trying to reverse engineer the
current spec by manually reading all the BIPs and layering them in your
head is a non starter.
On Sun, Mar 2, 2014 at 9:52 AM, Drak <drak at zikula.org> wrote:
> Not true, PHP does support sha2
>
> http://php.net/manual/en/mhash.constants.php
>
> http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples
> On 2 Mar 2014 08:44, "Mike Hearn" <mike at plan99.net> wrote:
>
>> SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
>> On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy at taplink.co> wrote:
>>
>>> From BIP70:
>>>
>>> If pki_type is "x509+sha256", then the Payment message is hashed using
>>> the
>>> SHA256 algorithm to produce the message digest that is signed. If
>>> pki_type
>>> is "x509+sha1", then the SHA1 algorithm is used.
>>>
>>> A couple minor comments;
>>>
>>> - I think it meant to say the field to be hashed is 'PaymentRequest'
>>> not
>>> 'Payment' message -- probably got renamed at some point and this is an
>>> old
>>> reference calling it by its original name.
>>>
>>> - Could be a bit more explicit about the hashing, e.g. 'copy the
>>> PaymentRequest, set the signature field to the empty string, serialize to
>>> a byte[] and hash.
>>>
>>> - SHA1 is retiring, any particular reason to even have it in there at
>>> all?
>>>
>>> - Should there any way for the end-user to see details like the
>>> pki_type
>>> and the certificate chain, like browser do?
>>>
>>>
>>> Thanks,
>>> Jeremy
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Flow-based real-time traffic analytics software. Cisco certified tool.
>>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>>> Customize your own dashboards, set traffic alerts and generate reports.
>>> Network behavioral analysis & security monitoring. All-in-one tool.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140302/6ec02843/attachment.html>;
📝 Original message:I'm just repeating the rationale Gavin gave me for adding this to the spec
last year when he was implementing it. Perhaps it only applied to some
versions of PHP or something like that.
Jeremy, good comments. A pull request to fix those would be good.
One issue I seem looming on the horizon is that we'll need a version of the
payment protocol document that's living. Trying to reverse engineer the
current spec by manually reading all the BIPs and layering them in your
head is a non starter.
On Sun, Mar 2, 2014 at 9:52 AM, Drak <drak at zikula.org> wrote:
> Not true, PHP does support sha2
>
> http://php.net/manual/en/mhash.constants.php
>
> http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples
> On 2 Mar 2014 08:44, "Mike Hearn" <mike at plan99.net> wrote:
>
>> SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
>> On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy at taplink.co> wrote:
>>
>>> From BIP70:
>>>
>>> If pki_type is "x509+sha256", then the Payment message is hashed using
>>> the
>>> SHA256 algorithm to produce the message digest that is signed. If
>>> pki_type
>>> is "x509+sha1", then the SHA1 algorithm is used.
>>>
>>> A couple minor comments;
>>>
>>> - I think it meant to say the field to be hashed is 'PaymentRequest'
>>> not
>>> 'Payment' message -- probably got renamed at some point and this is an
>>> old
>>> reference calling it by its original name.
>>>
>>> - Could be a bit more explicit about the hashing, e.g. 'copy the
>>> PaymentRequest, set the signature field to the empty string, serialize to
>>> a byte[] and hash.
>>>
>>> - SHA1 is retiring, any particular reason to even have it in there at
>>> all?
>>>
>>> - Should there any way for the end-user to see details like the
>>> pki_type
>>> and the certificate chain, like browser do?
>>>
>>>
>>> Thanks,
>>> Jeremy
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Flow-based real-time traffic analytics software. Cisco certified tool.
>>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>>> Customize your own dashboards, set traffic alerts and generate reports.
>>> Network behavioral analysis & security monitoring. All-in-one tool.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140302/6ec02843/attachment.html>;