Rick Wesson [ARCHIVE] on Nostr: š Original date posted:2011-07-30 šļø Summary of this message: The author ...
š
Original date posted:2011-07-30
šļø Summary of this message: The author offers patches for DNS lookup, but suggests a standardized HTTPS protocol for Bitcoin URI containing a domain name for better usability.
š Original message:I'm offering patches for DNS lookup, which seems good enough to locate
the irc server but not good enough for the folks that use copy/paste.
from a usability standpoint, the clipboard isn't a UI element in flow
design. Its also subject to MITM attacks for the most popular OSes.
Finally, think beyond you and your friends to how you can buy coffee
at starbucks easier and faster than with a starbucks card. Thats how
you make successful apps and protocols.
Has anyone offered to write the mythical
https-address-resolver-easy-button for bitcoind?
-rick
On Sat, Jul 30, 2011 at 4:34 AM, Mike Hearn <mike at plan99.net> wrote:
> This was already discussed on the forums, but clear use cases would be helpful.
>
> I originally thought this feature seemed like a no-brainer, but
> randomly emailing money to people out of the blue is not a very common
> operation. You almost always have contact with them first, if only to
> say "hey, I'm going to send you some money", but more commonly to
> figure out how much you're going to pay and what for.
>
> Once you have communication, providing an address in-band isn't very
> hard, and it has the advantage of always working. Doing anything with
> DNS or magic HTTPS endpoints means that 90% of the time, your feature
> *will not work* (eg it won't work for any gmail/yahoo/hotmail account)
> and users will rapidly learn not to bother trying as they have no way
> of knowing if any given address will work or not.
>
> It's not smart UI design to provide users with a feature that will
> normally never work, and for which they can't even guess at whether it
> will.
>
> What would be better to see is a standardized (probably HTTPS based)
> protocol in which a Bitcoin URI could contain a domain name, and then
> your client would challenge the domain to sign a nonce with the key
> corresponding to the address (or raw pubkey). This means in your
> client the payment can be rendered and recorded as a payment to
> "foobar.com", which is much more helpful. That protocol could then be
> extended to support "user at foobar.com" type challenges so when a
> bitcoin: link is provided, the server is challenged to prove ownership
> by that user of that public key. It means the details are hidden and
> when the feature is present, the UI gets silently better, but there's
> never any demand on any users to do anything different. The "copy
> Bitcoin address" button in the UI can provide the clipboard with both
> text/plain and text/html content so the right one is picked depending
> on context.
>
šļø Summary of this message: The author offers patches for DNS lookup, but suggests a standardized HTTPS protocol for Bitcoin URI containing a domain name for better usability.
š Original message:I'm offering patches for DNS lookup, which seems good enough to locate
the irc server but not good enough for the folks that use copy/paste.
from a usability standpoint, the clipboard isn't a UI element in flow
design. Its also subject to MITM attacks for the most popular OSes.
Finally, think beyond you and your friends to how you can buy coffee
at starbucks easier and faster than with a starbucks card. Thats how
you make successful apps and protocols.
Has anyone offered to write the mythical
https-address-resolver-easy-button for bitcoind?
-rick
On Sat, Jul 30, 2011 at 4:34 AM, Mike Hearn <mike at plan99.net> wrote:
> This was already discussed on the forums, but clear use cases would be helpful.
>
> I originally thought this feature seemed like a no-brainer, but
> randomly emailing money to people out of the blue is not a very common
> operation. You almost always have contact with them first, if only to
> say "hey, I'm going to send you some money", but more commonly to
> figure out how much you're going to pay and what for.
>
> Once you have communication, providing an address in-band isn't very
> hard, and it has the advantage of always working. Doing anything with
> DNS or magic HTTPS endpoints means that 90% of the time, your feature
> *will not work* (eg it won't work for any gmail/yahoo/hotmail account)
> and users will rapidly learn not to bother trying as they have no way
> of knowing if any given address will work or not.
>
> It's not smart UI design to provide users with a feature that will
> normally never work, and for which they can't even guess at whether it
> will.
>
> What would be better to see is a standardized (probably HTTPS based)
> protocol in which a Bitcoin URI could contain a domain name, and then
> your client would challenge the domain to sign a nonce with the key
> corresponding to the address (or raw pubkey). This means in your
> client the payment can be rendered and recorded as a payment to
> "foobar.com", which is much more helpful. That protocol could then be
> extended to support "user at foobar.com" type challenges so when a
> bitcoin: link is provided, the server is challenged to prove ownership
> by that user of that public key. It means the details are hidden and
> when the feature is present, the UI gets silently better, but there's
> never any demand on any users to do anything different. The "copy
> Bitcoin address" button in the UI can provide the clipboard with both
> text/plain and text/html content so the right one is picked depending
> on context.
>