Re: [Bitcoin-development] Fwd: [BIP 15] Aliases

[Christian Decker <decker.christian@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3822 bytes --]

I think the scope of this BIP is not so well defined right now. We need a
way for merchants to translate a human readable, and more importantly
human-writeable, address into a bitcoin address. I agree with Mike that a
fixed address is not the way to go, because addresses should be used once
for a single transaction to be able to track payments.

While firstbits sounds attractive at first, I think we can all agree that
it just isn't feasible and would not allow per-transaction addresses. DNS
sounds interesting for fixed addresses, but caching and propagation make it
difficult to use for per-transaction addresses that are to be generated
ad-hoc.

HTTP(S) is the best option I think, merchants are probably using HTTP
anyway for their shops. So something like
http://merchant.com/btc/transaction/1234 sounds reasonable. But I think it
should not be over-engineered, it should be a simple HTTP(S) request to a
merchant specified URL that returns an ASCII document containing either a
bitcoin: URI or simply the bitcoin address or even a 301 redirect. It's no
use to start defining URL schemes, it should be left to the merchants to
define how to structure them.

This would allow a merchant to decide if he prefers per-transaction
addresses, per-user transactions, fixed addresses or any combination.

Regards,
cdecker


On Tue, Dec 13, 2011 at 11:55 AM, Mike Hearn <mike@plan99.net> wrote:

> I was in brmlab and wanted to pay 1 BTC for a Club Mate. They had on the
>> wall a picture of their QR code and a bitcoin address. I don't own a mobile
>> phone so the QR code is
>> useless.
>
>
> Fixed addresses like that are a temporary thing during Bitcoins maturation
> period. They lead to merchants exposing data they probably don't realize
> they're exposing, like their income, which is basically unacceptable for
> any payment system.
>
> There's no point trying to optimize a case where:
>
> 1) You are in the minority (no phone?)
> 2) The "perfect experience" leaks private data in such a way that would be
> deemed a gross security breach by any serious payment processor.
>
> OK, some thoughts on the general proposal, from the POV of what it'd take
> for a large deployment, like for every Gmail or every Facebook user. In
> terms of ease of implementation it is ordered HTTPS/HTTP then DNS trailing
> by a large margin. Big sites, even small sites, typically have high-speed
> load balancing and demuxing already implemented for HTTP[S] and it's
> usually easy to add new endpoints. The same is *not* true of DNS, and
> whilst coding up a custom DNS server is possible it's definitely a worse
> fit.
>
> FirstBits seems out of the question for the same privacy reasons as given
> above. No banking system worth its salt would let everyone look up other
> peoples income.
>
> The simplest approach would be to request a full public key with an HTTPS
> request like
>
>    foo@domain ->
> https://domain/_bitcoin/getnewkey?user=foo&label=Payment%20from%20Bob
>
> If you then want to turn the resulting public key into an address before
> creating a transaction you can obviously do that.
>
> BTW the BIP is pretty hard to read. Your spec for the HTTPS proposal is a
> big pile of source code. I think it's the same as above, but it's hard to
> tell without more effort.
>
>
> ------------------------------------------------------------------------------
> Systems Optimization Self Assessment
> Improve efficiency and utilization of IT resources. Drive out cost and
> improve service delivery. Take 5 minutes to use this Systems Optimization
> Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 4946 bytes --]