On Wed, Apr 30, 2014 at 7:59 PM, Luke Dashjr <luke@dashjr.org> wrote:
Instead of TX0, TX1, etc, can you put some kind of meaningful identifier for
these transactions?

Sorry, that is the names come from the original thread, where I was outlining the idea.  I updated the names.
 
TX1 and TX2 *cannot* be signed until after TX0 is completely signed by both
parties.

The bail in transactions are only signed by one of the parties.  They are kept secret until the refund/payout transactions are all properly signed.

There is a malleability risk though, hence the need for the 3rd party.

It works on the same refund principle as payment channels.

After TX0 is signed, but before TX2 is signed, either party could
walk away or otherwise hold the funds hostage. The sequence of signing
proposed in this BIP is *not possible to perform*.

TX0 is not broadcast until the refund transactions are complete.
 
How did you implement and test this? :/

This is a draft at the moment. 

There is an implementation of (almost) this system but not by me.  This proposal reduces the number of non-standard transaction types required.

A full implement is the next step.
 
What is the purpose of the OP_EQUAL_VERIFY in TX4? I don't see a use...

That is a typo, I have updated it.
 
IMO, there should be separate BIPs for the exchange itself, and the protocol
to negotiate the exchange.

I can do that.
 
I would recommend changing the latter from JSON-RPC
to some extension of the Payment Protocol, if possible.

I wanted it to be as simple as possible, but I guess MIME is just a different way of doing things.

Perhaps it would be good to only support compressed keys, to discourage use of
uncompressed ones..

I would have no objection.
 

Luke