From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W2ll1-0001vx-N6 for bitcoin-development@lists.sourceforge.net; Mon, 13 Jan 2014 17:57:03 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.171 as permitted sender) client-ip=209.85.223.171; envelope-from=pieter.wuille@gmail.com; helo=mail-ie0-f171.google.com; Received: from mail-ie0-f171.google.com ([209.85.223.171]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W2ll0-0005gd-M8 for bitcoin-development@lists.sourceforge.net; Mon, 13 Jan 2014 17:57:03 +0000 Received: by mail-ie0-f171.google.com with SMTP id to1so4277211ieb.2 for ; Mon, 13 Jan 2014 09:56:57 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.43.155.147 with SMTP id li19mr1322083icc.94.1389635817413; Mon, 13 Jan 2014 09:56:57 -0800 (PST) Received: by 10.50.90.42 with HTTP; Mon, 13 Jan 2014 09:56:57 -0800 (PST) In-Reply-To: References: Date: Mon, 13 Jan 2014 18:56:57 +0100 Message-ID: From: Pieter Wuille To: Andreas Schildbach Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pieter.wuille[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W2ll0-0005gd-M8 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment protocol and reliable Payment messages X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 17:57:03 -0000 On Mon, Jan 13, 2014 at 6:44 PM, Andreas Schildbach wrote: > On 01/13/2014 05:43 PM, Pieter Wuille wrote: > >> As an optimization (and I believe this is what Mike plans to implement >> in BitcoinJ), if a payment_url is present, it should be encouraged to >> only send the payment there, and not broadcast the transaction at all >> on the P2P network (minimizing the risk that the transaction confirms >> without the payment being received; it can't be guaranteed however). I want to avoid the case where a transaction confirms, but the associated payment is not delivered. If there is a reasonable chance that this case occurs in normal operation, it means the payment transmission cannot be relied upon. On the other hand, if the payment gets sent, but the transaction is not broadcasted, it can be broadcasted by the receiver (who has much more reason to do so; he wants to spend his money). > > Can you explain what the problem is here? The payment message can be > transmitted after the payment has been received through the P2P network. > Am I missing something? So, yes, sending on the P2P network is fine, as long as everything is done to get the payment delivered. Not broadcasting on P2P is just an optimization that makes failures of not getting the transaction out and not getting the payment delivered coincide better. I say just optimization, as you can't rely on the fact that if the payment fails, the transaction will also fail (the merchant may be malicious, make the submission of the payment fail, but broadcast the transaction anyway), so wallets must still be able to deal with this. Nonetheless, I think it can increase the reliability of "payment being received for otherwise confirming transactions". > > Furthermore, if we give up the robustness of the P2P network, we will > likely end up with more failed payments. There is so much that can go > wrong when trying to connect via HTTP (proxies etc.), Bluetooth > endpoints can go away, etc. At least we should provide fallback > payment_url's in this case. That's a different issue. I'm very aware that payments over HTTP can fail. The point is that I prefer the entire transaction to fail in that case, instead, and focus on making the payment submission more reliable. > > As for you proposal, just be aware I'd like to use the payment protocol > for face to face payments as well. That meant payment request via NFC or > QR, payment message and payment confirmations via Bluetooth. I think it > can be done by putting a Bluetooth mac address into the payment_url. I'm aware. What issues do you see? -- Pieter