Yet more comments (I guess at some point we need to stick a fork in it
- or at least move on to implementing a prototype version).
Yes, my next step is prototyping.
Note that this is not a BIP yet: I want to have a working implementation before making this an Official BIP.
Maybe don't require the payment URI to be HTTPS.
Changed:
receipt_url: Secure (usually https) location where...
Though it's not strictly necessary, it'd be nice to have defined
behavior for if you want to pay more than the requested amount, for a
tip.
yeah... I had similar thoughts on what to do if some Outputs specify an amount and others don't. I'm still waffling on whether or not I like allowing repeated Outputs; a single Output would make the spec a fair bit simpler, and if a merchant wants to split up a payment for some reason they could just generate another transaction.
I want to move on to actually implementing this before creating complicated rules. Maybe the best way to tip a waitress is to get two separate PaymentRequests, one for the restaurant and one that goes directly to the waitress (depends on whether or not the restaurant needs or wants to know how much their employees are getting tipped, I suppose). Maybe it would be best to have a separate "gratuity" Output in the PaymentRequest. That's the kind of detail I think doesn't need to be worked out right now, I'd rather restaurants tell us what they need/want.
"Display the proposed Outputs in as human-friendly a form as possible"
.... ??? Surely you'd just display the total amount requested? I don't
think it ever makes sense to try and display outputs to the user
directly.
This is the case of getting an UNSIGNED payment request; I've changed the wording a little to make that more clear.
If a bitcoin client accepts unsigned payment requests (a couple of people have asked if that would be possible so I think that is desired), then it doesn't have the payer's identity-- all it has is the Outputs that will be paid.
Re: the UI TODO - agreed but let's take it out of the BIP...
Not a BIP yet....
serialized_paymentrequest -> serialized_payment_request?
Done.
The question of root CAs still needs resolution. I stick with my recommendation to support all CAs that browsers support.
I still like the idea of only including the root CAs who have jumped through the hoops needed to get the "allowed to issue EV certs" blessing. I'm not suggesting that all bitcoin merchants must get EV certs, but I am suggesting that they must get a certificate from one of the most reputable certificate authorities, and the ability to issue EV certificates is, I think, a good proxy for that.
But, again: Not a BIP yet. Lets get something implemented and then hammer out details (implementing always turns up edge cases you forgot when spec'ing).