From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W88Q3-0005el-MU for bitcoin-development@lists.sourceforge.net; Tue, 28 Jan 2014 13:09:35 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.213.170 as permitted sender) client-ip=209.85.213.170; envelope-from=pieter.wuille@gmail.com; helo=mail-ig0-f170.google.com; Received: from mail-ig0-f170.google.com ([209.85.213.170]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W88Q1-00040d-QF for bitcoin-development@lists.sourceforge.net; Tue, 28 Jan 2014 13:09:35 +0000 Received: by mail-ig0-f170.google.com with SMTP id m12so14286341iga.1 for ; Tue, 28 Jan 2014 05:09:28 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.43.141.4 with SMTP id jc4mr10211icc.87.1390914568440; Tue, 28 Jan 2014 05:09:28 -0800 (PST) Received: by 10.50.100.10 with HTTP; Tue, 28 Jan 2014 05:09:28 -0800 (PST) In-Reply-To: References: Date: Tue, 28 Jan 2014 14:09:28 +0100 Message-ID: From: Pieter Wuille To: Gavin Andresen Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W88Q1-00040d-QF Cc: Bitcoin Dev , Andreas Schildbach Subject: Re: [Bitcoin-development] BIP70: PaymentACK semantics X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jan 2014 13:09:35 -0000 On Tue, Jan 28, 2014 at 1:53 PM, Gavin Andresen wrote: > On Tue, Jan 28, 2014 at 6:42 AM, Mike Hearn wrote: >> >> Yeah, that's the interpretation I think we should go with for now. There >> was a reason why this isn't specified and I forgot what it was - some >> inability to come to agreement on when to broadcast vs when to submit via >> HTTP, I think. > > > If the wallet software is doing automatic CoinJoin (for example), then > typically one or several of the other participants will broadcast the > transaction as soon as it is complete. > > If the spec said that wallets must not broadcast until they receive a > PaymentACK (if a payment_url is specified), then you'd have to violate the > spec to do CoinJoin. You cannot prevent transactions from being broadcasted, but an ACK can still mean "You're now relieved of the responsibility of getting the transaction confirmed". That's independent from being allowed to broadcast it. > And even if you don't care about CoinJoin, not broadcasting the transaction > as soon as the inputs are signed adds implementation complexity (should you > retry if payment_url is unavailable? how many times? if you eventually > unlock the probably-not-quite-spent-yet inputs, should you double-spend them > to yourself just in case the merchant eventually gets around to broadcasting > the transaction, or should you just unlock them and squirrel away the failed > Payment so if the merchant does eventually broadcast you have a record of > why the coins were spent). If a payment_url is unavailable, you should imho retry. If you broadcasted, and the payment_url is unavailable, you should *certainly* retry. Otherwise the recipient cannot rely on receiving memo and refund address, which would imho make these fields completely useless. I still like suggesting not broadcasting if a payment_uri to minimize that risk further, but as you say - there are enough cases where you cannot enforce that anyway. -- Pieter