From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1We6ds-0005d8-9n for bitcoin-development@lists.sourceforge.net; Sat, 26 Apr 2014 17:44:00 +0000 X-ACL-Warn: Received: from s3.neomailbox.net ([178.209.62.157]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1We6dr-0007qY-4I for bitcoin-development@lists.sourceforge.net; Sat, 26 Apr 2014 17:44:00 +0000 Message-ID: <535BF056.6080804@jrn.me.uk> Date: Sat, 26 Apr 2014 18:43:50 +0100 From: Ross Nicoll User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Mike Hearn , Gavin Andresen References: <535ABD5D.7070509@jrn.me.uk> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1We6dr-0007qY-4I Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Error handling in payment protocol (BIP-0070 and BIP-0072) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Apr 2014 17:44:00 -0000 I'd be very cautious of security implications of embedding files into the payment request. Even file formats one would presume safe, such as images, have had security issues (i.e. https://technet.microsoft.com/library/security/ms11-006 ) Longer term I was wondering about embedding the PaymentRequest into web pages directly via the tag, which could eliminate need for BIP0072 and potentially improve user interface integration that way. Obviously this would require browser plugins, however. Ross On 26/04/14 18:36, Mike Hearn wrote: >> PaymentRequests are limited to 50,000 bytes. I can't think of a reason why >> Payment messages would need to be any bigger than that. Submit a pull >> request to the existing BIP. >> > In future it might be nice to have images and things in the payment > requests, to make UIs look prettier. But with the current version 50kb > should be plenty indeed. >