public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Mike Hearn <mike@plan99.net>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
Date: Wed, 7 Aug 2013 23:36:48 +0200	[thread overview]
Message-ID: <CAPg+sBheF45bsx5it-0v1QjDW--t5UkZZjNjf9wt3d7XgUXLgw@mail.gmail.com> (raw)
In-Reply-To: <CANEZrP2+D4xu0t2efRPfg0t5gD8RRBk=KQEJH+0FF5J=vBmwiA@mail.gmail.com>

On Wed, Aug 7, 2013 at 11:17 PM, Mike Hearn <mike@plan99.net> wrote:
>
>> I'd like to hear from other wallet implementors. Do you have a notion
>> of 'locked inputs' ?  The tricky bit in constructing a transaction but
>> not broadcasting it right away is the inputs must be locked, so
>> they're not accidentally double-spent.
>
>> bitcoinj separates the concept of committing a tx to the wallet from
> broadcasting it. However by default transactions that weren't seen in the
> chain yet will be announced when a new peer is connected to. It'd take extra
> code to suppress that, and it's unclear to me why that's useful. I agree
> with Pieter that it should be the merchants responsibility to get the tx out
> there, but having the client do the broadcast as well can't really hurt
> (except perhaps some privacy impact).

My concerns here are:
* Making sure wallet applications can function without supporting the
P2P protocol (which drops a huge implementation overhead for simple -
perhaps hardware-based - wallets).
* Making sure the responsibility of confirming transactions is with
the receiver (while the responsibility of creating a confirmable
transaction is with the sender), which again simplifies wallet
implementation.
* Making receiving of metadata reliable, by minimizing cases where a
transaction is accidentally broadcast without the receiver being told
about it. This is perhaps not possible entirely, but it should be
possible to reduce it to a point where the remaining cases can be
dealt with manually. This also means indeed being able to give a
bitcoin URI (or why not just a URL to a payment descriptor?) that does
not contain a static Bitcoin address. I understand the compatibility
concern here, but IMHO we should do all effort to get rid of static
addresses were possible - the public key should be negotiated be
sender and receiver.

I worry about the scenario where some evil hotspot owner observes a
payment request, and later sees a bitcoin P2P transaction crediting
that key, but without payment being sent to the payment_uri (because
he blocked it), thus allowing him to construct a payment message
himself with the request + transaction, and adding his own refund
address or delivery location, or ... To fix problems related to this
completely, we'd need transactions that commit to the payment message,
instead of the other way around. I believe the pay-to-contract scheme
presented by Timo Hanke at the San Jose conference solved this.

-- 
Pieter



  reply	other threads:[~2013-08-07 21:36 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-31  6:28 [Bitcoin-development] Payment Protocol: BIP 70, 71, 72 Gavin Andresen
2013-07-31  8:45 ` Roy Badami
     [not found]   ` <CABsx9T3Xvnw2H6awgnT7mr-HzJOqCp_nOVM57BD-B9mY4R43aQ@mail.gmail.com>
2013-07-31 11:33     ` Gavin Andresen
2013-07-31 11:45       ` Melvin Carvalho
2013-07-31 23:30       ` E willbefull
2013-07-31 23:38         ` Gavin Andresen
2013-07-31 23:52           ` E willbefull
2013-08-07 20:12         ` Roy Badami
2013-07-31  8:59 ` Mike Hearn
2013-07-31 11:19   ` Gavin Andresen
2013-08-07 20:31 ` Pieter Wuille
2013-08-07 21:10   ` Gavin Andresen
2013-08-07 21:17     ` Mike Hearn
2013-08-07 21:36       ` Pieter Wuille [this message]
2013-08-07 21:44         ` Mike Hearn
2013-08-07 21:49           ` Pieter Wuille
2013-08-07 21:28     ` Roy Badami
2013-08-07 21:47     ` Alan Reiner
2013-08-14 10:56     ` Jouke Hofman
2013-08-07 21:47 ` Roy Badami
2013-08-07 21:54   ` Pieter Wuille
2013-08-07 22:03     ` Roy Badami
2013-08-08  0:48       ` Gavin Andresen
2013-08-08  9:13         ` Mike Hearn
2013-08-08 14:13         ` Pieter Wuille
2013-08-19 22:15 ` Andreas Petersson
2013-08-19 23:19   ` Gavin Andresen
2013-08-20 10:05     ` Mike Hearn
2013-09-24 13:52       ` Mike Hearn
2013-09-24 23:35         ` Gavin Andresen
2013-09-25  9:27           ` Mike Hearn
2013-09-25 10:28             ` Andreas Schildbach
2013-09-25 11:15               ` Mike Hearn
2013-09-25 11:33                 ` Andreas Schildbach
2013-09-25 11:45                   ` Mike Hearn
2013-09-25 11:59                     ` Andreas Schildbach
2013-09-25 14:31                       ` Jeff Garzik
2013-09-25 14:38                         ` Mike Hearn
2013-09-25 11:35                 ` Melvin Carvalho
2013-09-25 16:12                   ` The Doctor
2013-09-26  6:37                   ` Peter Todd
2013-09-25 14:26               ` Jeff Garzik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPg+sBheF45bsx5it-0v1QjDW--t5UkZZjNjf9wt3d7XgUXLgw@mail.gmail.com \
    --to=pieter.wuille@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox