From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1We2ZS-0006US-Pf for bitcoin-development@lists.sourceforge.net; Sat, 26 Apr 2014 13:23:10 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.213.47 as permitted sender) client-ip=209.85.213.47; envelope-from=gavinandresen@gmail.com; helo=mail-yh0-f47.google.com; Received: from mail-yh0-f47.google.com ([209.85.213.47]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1We2ZQ-0001TL-W6 for bitcoin-development@lists.sourceforge.net; Sat, 26 Apr 2014 13:23:10 +0000 Received: by mail-yh0-f47.google.com with SMTP id 29so4546907yhl.20 for ; Sat, 26 Apr 2014 06:23:03 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.236.142.204 with SMTP id i52mr20809091yhj.6.1398518583484; Sat, 26 Apr 2014 06:23:03 -0700 (PDT) Received: by 10.170.188.149 with HTTP; Sat, 26 Apr 2014 06:23:03 -0700 (PDT) In-Reply-To: <535ABD5D.7070509@jrn.me.uk> References: <535ABD5D.7070509@jrn.me.uk> Date: Sat, 26 Apr 2014 09:23:03 -0400 Message-ID: From: Gavin Andresen To: J Ross Nicoll Content-Type: multipart/alternative; boundary=20cf301b66ad6165fc04f7f1fbdb X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gavinandresen[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1We2ZQ-0001TL-W6 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Error handling in payment protocol (BIP-0070 and BIP-0072) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Apr 2014 13:23:10 -0000 --20cf301b66ad6165fc04f7f1fbdb Content-Type: text/plain; charset=UTF-8 > > The main area of concern is handling unexpected problems while sending > the Payment message, or receiving the corresponding PaymentACK message. > For example, in case of a transport layer failure or non-200 HTTP status > code while sending the Payment message, what should the wallet software > do next? Is it safe to re-send the Payment message? I'd propose that for > any transport failure or 500 status code, the client retries after a > delay (suggested at 30-60 seconds). For 400 status codes, the request > should not be repeated, and as such the user should be alerted and a > copy of the Payment message saved to be resent later. > Why does error handling have to be standardized? I generally think that wallet software should be free to do whatever gives the user the best experience, so I'm in favor of restricting BIPs to things that must be standardized so that different implementations inter-operate. > For 300 (redirect and similar) status codes, is it considered safe to > follow redirects? I think we have to, but good to make it clear in the > specification. > Referencing whatever RFCs defines how to fetch URLs would be the best way to do this. Submit a pull request. > > On the merchant's side; I think it would be useful for there to be > guidance for handling of errors processing Payment messages. I'd suggest > that Payment messages should have a fixed maximum size to avoid merchant > systems theoretically having to accept files of any size; 10MB would > seem far larger than in any way practical, and therefore a good maximum > size? PaymentRequests are limited to 50,000 bytes. I can't think of a reason why Payment messages would need to be any bigger than that. Submit a pull request to the existing BIP. > A defined maximum time to wait (to avoid DDoS via connection > holding) might be useful too, although I'd need to do measurements to > find what values are tolerable. > Implementation detail that doesn't belong in the spec, in my humble opinion. > I would like to have the protocol state that merchant systems should > handle repeatedly receiving the same Payment message, and return an > equivalent (if not identical) PaymentACK to each. This is important in > case of a network failure while the client is sending the Payment > message, as outlined above. > I think this should be left to implementations to work out. > Lastly, I'm wondering about potential timing issues with transactions; > if a merchant system wants to see confirmation of a transaction before > sending a PaymentACK... .... not a good idea. The user should get feedback right away. Poking a "pay now" button and then waiting more than a second or three to get "your payment has been received and is being processed" is terrible UI. -- -- Gavin Andresen --20cf301b66ad6165fc04f7f1fbdb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
The main area of concern is handling unexpected = problems while sending
the Payment message, or receiving the corresponding PaymentACK message.
For example, in case of a transport layer failure or non-200 HTTP status code while sending the Payment message, what should the wallet software
do next? Is it safe to re-send the Payment message? I'd propose that fo= r
any transport failure or 500 status code, the client retries after a
delay (suggested at 30-60 seconds). For 400 status codes, the request
should not be repeated, and as such the user should be alerted and a
copy of the Payment message saved to be resent later.
=
Why does error handling have to be standardized?
<= br>
I generally think that wallet software should be free to do w= hatever gives the user the best experience, so I'm in favor of restrict= ing BIPs to things that must be standardized so that different implementati= ons inter-operate.
=C2=A0
For 300 (redirect and simil= ar) status codes, is it considered safe to
follow redirects? I think we have to, but good to make it clear in the
specification.

Referencing whatever RFC= s defines how to fetch URLs would be the best way to do this. Submit a pull= request.
=C2=A0

On the merchant's side; I think it would be useful for there to be
guidance for handling of errors processing Payment messages. I'd sugges= t
that Payment messages should have a fixed maximum size to avoid merchant systems theoretically having to accept files of any size; 10MB would
seem far larger than in any way practical, and therefore a good maximum
size?

PaymentRequests are limited to 50,000= bytes. I can't think of a reason why Payment messages would need to be= any bigger than that. Submit a pull request to the existing BIP.
=C2=A0
A defined maximum time to = wait (to avoid DDoS via connection
holding) might be useful too, although I'd need to do measurements to find what values are tolerable.

Impleme= ntation detail that doesn't belong in the spec, in my humble opinion.
=C2=A0
I would like to have the protocol state that merchant systems should
handle repeatedly receiving the same Payment message, and return an
equivalent (if not identical) PaymentACK to each. This is important in
case of a network failure while the client is sending the Payment
message, as outlined above.

I think thi= s should be left to implementations to work out.
=C2=A0
=
Lastly, I'm wondering about potential timing issues with transactions;<= br> if a merchant system wants to see confirmation of a transaction before
sending a PaymentACK...

.... not a good ide= a. The user should get feedback right away. Poking a "pay now" bu= tton and then waiting more than a second or three to get "your payment= has been received and is being processed" is terrible UI.


--
--
Gavin Andresen
--20cf301b66ad6165fc04f7f1fbdb--