Sure I know that x509 is international standard. And that HTTPS uses TLS.

This is not my point, my point is that when we use HTTPS the developer delegates certificates verification to the plateform he is running on, so developer don't have to bother about it, making the implementation safer and easier.

On the other hand, if you charge the developer (and not the plateform) to check certificate validity, it means that you have to develop a different codebase for all plateform you are targeting, because each plateform store trusted root certificate in a different manner with different APIs, and also have different types representing a X509 Certificate.

So, let's say I want to target IOS + WP + Android + WinRT + desktop win, I need to develop 4 times chain verification and certificate parsing. (Because I can't verify a certificate if it is not in the specific type of the underlying plateform)

And since it would take too much time to do that, I end up delegating parsing and trust verification to a third party service.

2015-01-28 14:32 GMT+01:00 Wladimir <laanwj@gmail.com>:

On Wed, 28 Jan 2015, Nicolas DORIER wrote:

I agree that the use protocol buffer and x509 by BIP70 is a poor choice.

Well x509 is an international standard in common use, you can't do much better with regard to portability. Your suggestion about HTTPS makes little sense, you do know what TLS uses x509 internally as well?

Re: protocol buffers, I don't know if it's the best possible one, but one serialization method had to be picked. If it weren't, we could still have still been discussing which one to use by now. Just like for JSON there are bindings for many languages.

Though JSON parsers are much more diverse, which people using Bitcoin Core's RPC have bumped into e.g. some have some problems handling large numbers. Something you wouldn't expect using a straightforward binary format. There's no obvious best choice.

Wladimir