I think the scope of this BIP is not so well defined right now. We need a way for merchants to translate a human readable, and more importantly human-writeable, address into a bitcoin address. I agree with Mike that a fixed address is not the way to go, because addresses should be used once for a single transaction to be able to track payments. While firstbits sounds attractive at first, I think we can all agree that it just isn't feasible and would not allow per-transaction addresses. DNS sounds interesting for fixed addresses, but caching and propagation make it difficult to use for per-transaction addresses that are to be generated ad-hoc. HTTP(S) is the best option I think, merchants are probably using HTTP anyway for their shops. So something like http://merchant.com/btc/transaction/1234 sounds reasonable. But I think it should not be over-engineered, it should be a simple HTTP(S) request to a merchant specified URL that returns an ASCII document containing either a bitcoin: URI or simply the bitcoin address or even a 301 redirect. It's no use to start defining URL schemes, it should be left to the merchants to define how to structure them. This would allow a merchant to decide if he prefers per-transaction addresses, per-user transactions, fixed addresses or any combination. Regards, cdecker On Tue, Dec 13, 2011 at 11:55 AM, Mike Hearn wrote: > I was in brmlab and wanted to pay 1 BTC for a Club Mate. They had on the >> wall a picture of their QR code and a bitcoin address. I don't own a mobile >> phone so the QR code is >> useless. > > > Fixed addresses like that are a temporary thing during Bitcoins maturation > period. They lead to merchants exposing data they probably don't realize > they're exposing, like their income, which is basically unacceptable for > any payment system. > > There's no point trying to optimize a case where: > > 1) You are in the minority (no phone?) > 2) The "perfect experience" leaks private data in such a way that would be > deemed a gross security breach by any serious payment processor. > > OK, some thoughts on the general proposal, from the POV of what it'd take > for a large deployment, like for every Gmail or every Facebook user. In > terms of ease of implementation it is ordered HTTPS/HTTP then DNS trailing > by a large margin. Big sites, even small sites, typically have high-speed > load balancing and demuxing already implemented for HTTP[S] and it's > usually easy to add new endpoints. The same is *not* true of DNS, and > whilst coding up a custom DNS server is possible it's definitely a worse > fit. > > FirstBits seems out of the question for the same privacy reasons as given > above. No banking system worth its salt would let everyone look up other > peoples income. > > The simplest approach would be to request a full public key with an HTTPS > request like > > foo@domain -> > https://domain/_bitcoin/getnewkey?user=foo&label=Payment%20from%20Bob > > If you then want to turn the resulting public key into an address before > creating a transaction you can obviously do that. > > BTW the BIP is pretty hard to read. Your spec for the HTTPS proposal is a > big pile of source code. I think it's the same as above, but it's hard to > tell without more effort. > > > ------------------------------------------------------------------------------ > Systems Optimization Self Assessment > Improve efficiency and utilization of IT resources. Drive out cost and > improve service delivery. Take 5 minutes to use this Systems Optimization > Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > >