public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Chuck <chuck+bitcoindev@borboggle.com>
Cc: Bitcoin-Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP70 message delivery reliability
Date: Thu, 30 Jan 2014 12:46:30 +0100	[thread overview]
Message-ID: <CAPg+sBg8AGrbny=2tXp3gsok4TX7XV5307Cx1+ArBwxM6xL4jQ@mail.gmail.com> (raw)
In-Reply-To: <52EA343E.4010208@borboggle.com>

On Thu, Jan 30, 2014 at 12:15 PM, Chuck <chuck+bitcoindev@borboggle.com> wrote:
> Hi Mike.  Thanks for replying.
>
> On 1/30/2014 5:49 PM, Mike Hearn wrote:
>> Both Bitcoin Core and bitcoinj are about to ship with the protocol
>> as-is, so any changes from this point on have to be backwards compatible.
> Then I think it's critically important to talk about failure situations
> now, rather than trying to patch on solutions later; it's going to be
> very hard to wedge/"hack" in fixes for potential problems when they
> could be addressed now with minor changes.
>> Let's get some practical experience with what we've got so far. We can
>> evolve PaymentRequest/Payment/PaymentACK in the right direction with
>> backwards compatible upgrades, I am hoping.
> I think what I'm trying to discuss or find out here is whether the
> current PP description is defunct or incomplete in some manner, thus
> making any experience we gain from the current implementation moot.
>
> It seems the largest hole in the implementation is delivery of the
> Payment message, but I'm happy to accept that maybe I'm just missing
> something.  A malicious merchant could claim he never received the
> Payment message, or a faulty network connection could cause the message
> to never be delivered. In arbitration the merchant could argue the
> transactions seen on the network were insufficient.

You don't even have to assume malicious intent. A payment message
could just fail to arrive because the server is unreachable. As the
specification currently doesn't even suggest retrying, there is no way
the merchant can rely at all on the memo and refund address being
delivered, which makes them in my opinion useless.

Your proposal makes the whole protocol more atomic, which may be a
step too far at this point (though I like the idea very much), but I
really think the specification should do everything possible to
prevent transactions confirming without the payment message ever being
delivered (i.e., store them in the sender's client, retry when
necessary, exponential backoff, ...).

-- 
Pieter



  parent reply	other threads:[~2014-01-30 11:46 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-30  5:47 [Bitcoin-development] BIP70 message delivery reliability Chuck
2014-01-30 10:49 ` Mike Hearn
2014-01-30 11:15   ` Chuck
2014-01-30 11:31     ` Mike Hearn
2014-01-30 11:42       ` Chuck
2014-01-30 11:46     ` Pieter Wuille [this message]
2014-01-30 11:59       ` Mike Hearn
2014-01-30 12:02         ` Pieter Wuille
2014-01-30 12:03           ` Chuck
2014-01-30 12:20             ` Roy Badami
2014-01-30 12:38             ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPg+sBg8AGrbny=2tXp3gsok4TX7XV5307Cx1+ArBwxM6xL4jQ@mail.gmail.com' \
    --to=pieter.wuille@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=chuck+bitcoindev@borboggle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox