From: Mike Hearn <mike@plan99.net>
To: Drak <drak@zikula.org>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments
Date: Sun, 2 Mar 2014 11:39:18 +0100 [thread overview]
Message-ID: <CANEZrP3owLtLnBHZ4vEBYcdkQ0WtpDDQ8CXK+92oNd1rgaEZyg@mail.gmail.com> (raw)
In-Reply-To: <CANAnSg1fwkzXebbCMEf6XeGD0SG+ny=vKW-2nC_40yhkn1LVkg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3233 bytes --]
I'm just repeating the rationale Gavin gave me for adding this to the spec
last year when he was implementing it. Perhaps it only applied to some
versions of PHP or something like that.
Jeremy, good comments. A pull request to fix those would be good.
One issue I seem looming on the horizon is that we'll need a version of the
payment protocol document that's living. Trying to reverse engineer the
current spec by manually reading all the BIPs and layering them in your
head is a non starter.
On Sun, Mar 2, 2014 at 9:52 AM, Drak <drak@zikula.org> wrote:
> Not true, PHP does support sha2
>
> http://php.net/manual/en/mhash.constants.php
>
> http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples
> On 2 Mar 2014 08:44, "Mike Hearn" <mike@plan99.net> wrote:
>
>> SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
>> On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy@taplink.co> wrote:
>>
>>> From BIP70:
>>>
>>> If pki_type is "x509+sha256", then the Payment message is hashed using
>>> the
>>> SHA256 algorithm to produce the message digest that is signed. If
>>> pki_type
>>> is "x509+sha1", then the SHA1 algorithm is used.
>>>
>>> A couple minor comments;
>>>
>>> - I think it meant to say the field to be hashed is 'PaymentRequest'
>>> not
>>> 'Payment' message -- probably got renamed at some point and this is an
>>> old
>>> reference calling it by its original name.
>>>
>>> - Could be a bit more explicit about the hashing, e.g. 'copy the
>>> PaymentRequest, set the signature field to the empty string, serialize to
>>> a byte[] and hash.
>>>
>>> - SHA1 is retiring, any particular reason to even have it in there at
>>> all?
>>>
>>> - Should there any way for the end-user to see details like the
>>> pki_type
>>> and the certificate chain, like browser do?
>>>
>>>
>>> Thanks,
>>> Jeremy
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Flow-based real-time traffic analytics software. Cisco certified tool.
>>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>>> Customize your own dashboards, set traffic alerts and generate reports.
>>> Network behavioral analysis & security monitoring. All-in-one tool.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
[-- Attachment #2: Type: text/html, Size: 5064 bytes --]
next prev parent reply other threads:[~2014-03-02 10:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-01 6:26 [Bitcoin-development] Positive and negative feedback on certificate validation errors Jeremy Spilman
2014-03-01 7:26 ` Wladimir
2014-03-01 7:50 ` Jeremy Spilman
2014-03-02 10:37 ` Mike Hearn
2014-03-02 7:52 ` [Bitcoin-development] Payment Protocol Hash Comments Jeremy Spilman
2014-03-02 8:44 ` Mike Hearn
2014-03-02 8:52 ` Drak
2014-03-02 10:39 ` Mike Hearn [this message]
2014-03-03 12:39 ` Drak
2014-03-02 18:18 ` [Bitcoin-development] Positive and negative feedback on certificate validation errors Troy Benjegerdes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANEZrP3owLtLnBHZ4vEBYcdkQ0WtpDDQ8CXK+92oNd1rgaEZyg@mail.gmail.com \
--to=mike@plan99.net \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=drak@zikula.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox