Gavin,

You have pretty much nailed my intent in both respects. This sets up a way to negotiate the address and abstract away the nasty details of finding public keys from bitcoin addresses, and provides a nice clean way for redemption abstracting away the long strings of hex.

For redemption, I think as each party signs the tx if the script returns true, it would be acceptable to just go right ahead and broadcast it, or maybe as you suggest all signatures go back to the initiating party and they do the final work.

I very much like the idea of assuming each party uses HD wallets, that certainly simplifies things greatly. I also like the use of email addresses as a negotiation medium, but I also wonder if this could be made agnostic in any BIP proposal so it could work with other communication mediums like bitmessage for example (just forward thinking anonymity a little).

I definitely think there is a need for a protocol because multisig, regardless of the application has two technically involved steps: negotiation of an address, and redemption of any subsequently encumbered funds. A protocol would enable different wallet implementations to participate in such a transaction and make wide-spread use much more likely and possible.

Drak

On 11 March 2014 01:15, Gavin Andresen <gavinandresen@gmail.com> wrote:

Multisig is orthogonal to the payment protocol (but payment protocol is needed first).

There need to be protocols for:

a) Establishing multisig wallets of various sorts. See:

  https://moqups.com/gavinandresen/no8mzUDB/
  https://moqups.com/gavinandresen/no8mzUDB/p:ab18547e0

... etc. for a UI mock-up.
There needs to be some protocol so all participants in a multisig wallet contribute keys (actually, we should just assume everybody uses BIP32 HD public keys so we get privacy from the start).

Multi-person shared wallets, escrows, and "wallet protection service" wallets (which might be protected with two-factor authentication) are different use cases and probably use slightly different protocols (and will probably need different BIPs eventually).

b) Gathering signatures for a multisig spend. Here is where the payment protocol is useful; the PaymentRequest message should be passed around so all participants know what is being paid for, and maybe a partially-signed Payment message is where the signatures are gathered (or maybe the signatures are sent separately and one of the participants creates and submits the Payment and gets the PaymentACK... "to be designed").

See:
https://moqups.com/gavinandresen/no8mzUDB/p:a7e81be96
  https://moqups.com/gavinandresen/no8mzUDB/p:af7339204

... for UI mock-up for the multi-person-spend case.

And maybe a protocol for "I don't want to be part of this multisig any more / I lost control of my private key don't trust me in this multisig any more".

On Mon, Mar 10, 2014 at 8:14 PM, Jeff Garzik <jgarzik@bitpay.com> wrote:

All of that only melds with the payment protocol under an extremely
expansive definition of "payment." The payment protocol is really
geared towards a direct one-to-one relationship....

--
Gavin Andresen

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development