From: Erik Aronesty <erik@q32•com>
To: Luke Dashjr <luke@dashjr•org>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Even more proposed BIP extensions to BIP 0070
Date: Tue, 21 Jun 2016 17:42:39 -0400 [thread overview]
Message-ID: <CAJowKg+9kfOwvSH3GENr-=RYnctGHEw_7o-UmFqjAMJaaZ8AtA@mail.gmail.com> (raw)
In-Reply-To: <201606212044.38931.luke@dashjr.org>
[-- Attachment #1: Type: text/plain, Size: 5715 bytes --]
> keybase spam
good point about keybase spam, but i think it's limited to once hash per
hour (?), not really too bad... the tx's are just root signatures, so you
can verify a whole keybase tree (up to the last hour) with very minimal
bitcoin blockchain impact.
> What do you mean by "replacement addresses" and "UI confirms" here?
"Replacement addresses" would take the place of BIP 32/47 support, if
someone thought maybe that was too difficult to deal with. So each time i
paid Alice, Alice could generate a new payment address for the next monthly
payment. If you support BIP 32 pub seed, then there's no need for this.
I don't know any wallets that support a BIP 32 pub seed (and then what,
some random number generator?) as a destination address yet.
> Disagree with hard-coding intervals, or mandating specific policies from
the
service providers.
I think mandating is a harsh word here, but i I'm a strong believer in
providing strict guidelines that if people break, others can call them
on. Giving someone a 12.3 +/- 5 day interval for payments using this
protocol would suck. You should use payment channels for that stuff.
The idea is a lightweight protocol for getting monthly subscriptions
working.
On Tue, Jun 21, 2016 at 4:44 PM, Luke Dashjr <luke@dashjr•org> wrote:
> On Monday, June 20, 2016 5:33:32 PM Erik Aronesty via bitcoin-dev wrote:
> > BIP 0070 has been a a moderate success, however, IMO:
> >
> > - protocol buffers are inappropriate since ease of use and extensibility
> is
> > desired over the minor gains of efficiency in this protocol. Not too
> late
> > to support JSON messages as the standard going forward
>
> IMO JSON is too prone to gratuitous inefficiency (both at network and CPU
> level), parser bugs, etc. Even the best C implementation (jansson) has
> serious
> issues with Number handling.
>
> A few years ago, I looked into binary alternatives to JSON and concluded
> they
> all had problems, while it seems more than reasonable to do even dynamic
> parsing of protobuf messages. So to conclude, I prefer to stick to protobuf
> unless a clearly superior protocol turns up.
>
> > - problematic reliance on merchant-supplied https (X509) as the sole form
> > of mechant identification. alternate schemes (dnssec/netki), pgp and
> > possibly keybase seem like good ideas. personally, i like keybase,
> since
> > there is no reliance on the existing domain-name system (you can sell
> with
> > a github id, for example)
>
> X509 is entrenched, so it should remain supported. PGP might make sense for
> people already using it (it provides no real security for un-WoT-networked
> users), but unforunately, few people use it. Correct me if I'm wrong, but
> IIRC
> Keybase uses blockchain spam, so definitely not something to be encouraged
> if
> so. Namecoin seems like a more than reasonable decentralised solution, but
> will probably take some real work to implement (not that this is avoidable
> for
> a general-usage decentralised solution).
>
> > - missing an optional client supplied identification
>
> What do you mean by this? There's the memo field at least.
>
> > - lack of basic subscription support
> >
> > *Proposed for subscriptions:*
> >
> > - BIP0047 payment codes are recommended instead of wallet addresses when
> > establishing subscriptions. Or, merchants can specify replacement
> > addresses in ACK/NACK responses. UI confirms are *required *when there
> > are no replacement addresses or payment codes used.
>
> I'd discourage anything using BIP 47 due to its serious design flaws.
> No reason a regular BIP 32 pub seed can't be used instead.
>
> What do you mean by "replacement addresses" and "UI confirms" here?
>
> > - Wallets must confirm and store subscriptions, and are responsible for
> > initiating them at the specified interval.
> >
> > - Intervals can *only *be from a preset list: weekly, biweekly, or 1,
> > 2,3,4,6 or 12 months. Intervals missed by more than 3 days cause
> > suspension until the user re-verifies.
>
> Disagree with hard-coding intervals, or mandating specific policies from
> the
> service providers.
>
> > - Wallets *may *optionally ask the user whether they want to be notified
> > and confirm every interval - or not. Wallets that do not ask *must
> > *notify before initiating each payment. Interval confirmations should
> > begin at *least *1 day in advance of the next payment.
>
> This is wallet policy, but maybe makes sense as a "best practices" BIP.
>
> > *Proposed in general:*
> > - JSON should be used instead of protocol buffers going forward. Easier
> to
> > use, explain extend.
> >
> > - "Extendible" URI-like scheme to support multi-mode identity mechanisms
> on
> > both payment and subscription requests. Support for keybase://,
> netki://
> > and others as alternates to https://.
> >
> > - Support for client as well as merchant multi-mode verification
> >
> > - Ideally, the identity verification URI scheme is somewhat
> > orthogonal/independent of the payment request itself
> >
> > Question:
> >
> > Should this be a new BIP? I know netki's BIP75 is out there - but I
> think
> > it's too specific and too reliant on the domain name system.
> >
> > Maybe an identity-protocol-agnostic BIP + solid implementation of a
> couple
> > major protocols without any mention of payment URI's ... just a way of
> > sending and receiving identity verified messages in general?
> >
> > I would be happy to implement plugins for identity protocols, if anyone
> > thinks this is a good idea.
> >
> > Does anyone think https:// or keybase, or PGP or netki all by
> themselves,
> > is enough - or is it always better to have an extensible protocol?
> >
> > - Erik Aronesty
>
[-- Attachment #2: Type: text/html, Size: 6936 bytes --]
next prev parent reply other threads:[~2016-06-21 21:42 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-20 17:33 Erik Aronesty
2016-06-21 9:43 ` Andreas Schildbach
2016-06-21 17:09 ` Erik Aronesty
2016-06-21 19:50 ` Andy Schroder
2016-06-21 20:44 ` Luke Dashjr
2016-06-21 21:42 ` Erik Aronesty [this message]
2016-06-22 0:36 ` Luke Dashjr
2016-06-21 22:10 ` Peter Todd
2016-06-21 22:19 ` Peter Todd
2016-06-21 20:56 ` James MacWhyte
2016-06-21 21:17 ` Matt David
2016-06-21 22:13 ` Peter Todd
2016-06-21 22:50 ` James MacWhyte
2016-06-21 23:02 ` Peter Todd
2016-06-22 0:14 ` Justin Newton
2016-06-23 10:56 ` Peter Todd
2016-06-23 11:30 ` Pieter Wuille
2016-06-23 11:39 ` Peter Todd
2016-06-23 12:01 ` Pieter Wuille
2016-06-23 12:10 ` Peter Todd
2016-06-23 12:16 ` Pieter Wuille
2016-06-23 12:43 ` Peter Todd
2016-06-23 13:03 ` Erik Aronesty
2016-06-23 16:58 ` Aaron Voisine
2016-06-23 20:46 ` s7r
2016-06-23 21:07 ` Justin Newton
2016-06-23 21:31 ` Police Terror
2016-06-23 22:44 ` Justin Newton
2016-06-24 2:26 ` Erik Aronesty
2016-06-24 5:27 ` James MacWhyte
2016-06-22 7:57 ` Thomas Voegtlin
2016-06-22 14:25 ` Erik Aronesty
2016-06-22 15:12 ` Andy Schroder
2016-06-22 15:30 ` Erik Aronesty
2016-06-22 16:20 ` Andy Schroder
2016-06-22 17:07 ` Erik Aronesty
2016-06-22 20:11 ` James MacWhyte
2016-06-22 20:37 ` Erik Aronesty
2016-06-23 11:50 ` Andreas Schildbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJowKg+9kfOwvSH3GENr-=RYnctGHEw_7o-UmFqjAMJaaZ8AtA@mail.gmail.com' \
--to=erik@q32$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=luke@dashjr$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox