On Wed, Apr 30, 2014 at 7:59 PM, Luke Dashjr <luke@dashjr.org> wrote:

> Instead of TX0, TX1, etc, can you put some kind of meaningful identifier
> for
> these transactions?
>

Sorry, that is the names come from the original thread, where I was
outlining the idea.  I updated the names.


> TX1 and TX2 *cannot* be signed until after TX0 is completely signed by both
> parties.


The bail in transactions are only signed by one of the parties.  They are
kept secret until the refund/payout transactions are all properly signed.

There is a malleability risk though, hence the need for the 3rd party.

It works on the same refund principle as payment channels.

After TX0 is signed, but before TX2 is signed, either party could
> walk away or otherwise hold the funds hostage. The sequence of signing
> proposed in this BIP is *not possible to perform*.


TX0 is not broadcast until the refund transactions are complete.


> How did you implement and test this? :/
>

This is a draft at the moment.

There is an implementation of (almost) this system but not by me.  This
proposal reduces the number of non-standard transaction types required.

A full implement is the next step.


> What is the purpose of the OP_EQUAL_VERIFY in TX4? I don't see a use...
>

That is a typo, I have updated it.


> IMO, there should be separate BIPs for the exchange itself, and the
> protocol
> to negotiate the exchange.


I can do that.


> I would recommend changing the latter from JSON-RPC
> to some extension of the Payment Protocol, if possible.
>

I wanted it to be as simple as possible, but I guess MIME is just a
different way of doing things.

>
> Perhaps it would be good to only support compressed keys, to discourage
> use of
> uncompressed ones..
>

I would have no objection.


>
> Luke
>