I think the scope of this BIP is not so well defined right now. We need a way for merchants to translate a human readable, and more importantly human-writeable, address into a bitcoin address. I agree with Mike that a fixed address is not the way to go, because addresses should be used once for a single transaction to be able to track payments.

While firstbits sounds attractive at first, I think we can all agree that it just isn't feasible and would not allow per-transaction addresses. DNS sounds interesting for fixed addresses, but caching and propagation make it difficult to use for per-transaction addresses that are to be generated ad-hoc.

HTTP(S) is the best option I think, merchants are probably using HTTP anyway for their shops. So something like http://merchant.com/btc/transaction/1234 sounds reasonable. But I think it should not be over-engineered, it should be a simple HTTP(S) request to a merchant specified URL that returns an ASCII document containing either a bitcoin: URI or simply the bitcoin address or even a 301 redirect. It's no use to start defining URL schemes, it should be left to the merchants to define how to structure them.

This would allow a merchant to decide if he prefers per-transaction addresses, per-user transactions, fixed addresses or any combination.

Regards,
cdecker


On Tue, Dec 13, 2011 at 11:55 AM, Mike Hearn <mike@plan99.net> wrote:
I was in brmlab and wanted to pay 1 BTC for a Club Mate. They had on the wall a picture of their QR code and a bitcoin address. I don't own a mobile phone so the QR code is
useless.

Fixed addresses like that are a temporary thing during Bitcoins maturation period. They lead to merchants exposing data they probably don't realize they're exposing, like their income, which is basically unacceptable for any payment system.

There's no point trying to optimize a case where:

1) You are in the minority (no phone?)
2) The "perfect experience" leaks private data in such a way that would be deemed a gross security breach by any serious payment processor.

OK, some thoughts on the general proposal, from the POV of what it'd take for a large deployment, like for every Gmail or every Facebook user. In terms of ease of implementation it is ordered HTTPS/HTTP then DNS trailing by a large margin. Big sites, even small sites, typically have high-speed load balancing and demuxing already implemented for HTTP[S] and it's usually easy to add new endpoints. The same is not true of DNS, and whilst coding up a custom DNS server is possible it's definitely a worse fit.

FirstBits seems out of the question for the same privacy reasons as given above. No banking system worth its salt would let everyone look up other peoples income.

The simplest approach would be to request a full public key with an HTTPS request like

   foo@domain -> https://domain/_bitcoin/getnewkey?user=foo&label=Payment%20from%20Bob

If you then want to turn the resulting public key into an address before creating a transaction you can obviously do that.

BTW the BIP is pretty hard to read. Your spec for the HTTPS proposal is a big pile of source code. I think it's the same as above, but it's hard to tell without more effort.

------------------------------------------------------------------------------
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and
improve service delivery. Take 5 minutes to use this Systems Optimization
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development