[bitcoin-dev] Even more proposed BIP extensions to BIP 0070

[Erik Aronesty <erik@q32.com>]

[-- Attachment #1: Type: text/plain, Size: 2643 bytes --]

BIP 0070 has been a a moderate success, however, IMO:

- protocol buffers are inappropriate since ease of use and extensibility is
desired over the minor gains of efficiency in this protocol.  Not too late
to support JSON messages as the standard going forward

- problematic reliance on merchant-supplied https (X509) as the sole form
of mechant identification.   alternate schemes (dnssec/netki), pgp and
possibly keybase seem like good ideas.   personally, i like keybase, since
there is no reliance on the existing domain-name system (you can sell with
a github id, for example)

- missing an optional client supplied identification

- lack of basic subscription support

*Proposed for subscriptions:*

- BIP0047 payment codes are recommended instead of wallet addresses when
establishing subscriptions.  Or, merchants can specify replacement
addresses in ACK/NACK responses.   UI confirms are *required *when there
are no replacement addresses or payment codes used.

- Wallets must confirm and store subscriptions, and are responsible for
initiating them at the specified interval.

- Intervals can *only *be from a preset list: weekly, biweekly, or 1,
2,3,4,6 or 12 months.   Intervals missed by more than 3 days cause
suspension until the user re-verifies.

- Wallets *may *optionally ask the user whether they want to be notified
and confirm every interval - or not.   Wallets that do not ask *must *notify
before initiating each payment.   Interval confirmations should begin at *least
*1 day in advance of the next payment.


*Proposed in general:*
- JSON should be used instead of protocol buffers going forward.  Easier to
use, explain extend.

- "Extendible" URI-like scheme to support multi-mode identity mechanisms on
both payment and subscription requests.   Support for keybase://, netki://
and others as alternates to https://.

- Support for client as well as merchant multi-mode verification

- Ideally, the identity verification URI scheme is somewhat
orthogonal/independent of the payment request itself

Question:

Should this be a new BIP?  I know netki's BIP75 is out there - but I think
it's too specific and too reliant on the domain name system.

Maybe an identity-protocol-agnostic BIP + solid implementation of a couple
major protocols without any mention of payment URI's ... just a way of
sending and receiving identity verified messages in general?

I would be happy to implement plugins for identity protocols, if anyone
thinks this is a good idea.

Does anyone think https:// or keybase, or PGP or netki all by themselves,
is enough - or is it always better to have an extensible protocol?

- Erik Aronesty

[-- Attachment #2: Type: text/html, Size: 3104 bytes --]