Hi Martin,

Thank you very much for your comments. See my answers inline:

Den 23 apr 2015 03:28 skrev "Martin Lie" <martin@datamagi.no>:
>
> Hej, Kalle.
>
> I love the idea of standardised PoPs, including a protocol for requesting/sending them as an extension of BIP-70.
>

Me too!

>
> A couple of comments:
>
> 1. You admit that the txid is just a convenience and not strictly necessary. Perhaps this should be reflected in the sequence of bits/bytes in the record you're proposing, e.g. "OP_RETURN POP_LITERAL <nonce> <txid>"?
>

I was thinking that txid should be mandatory just as the nonce so the order was arbitrarily chosen. I think you may be right that it's more intuitive to put txid last if it's not mandatory in a future version. It makes sense to swap order. I'll put that on my todo list.

> 2. Building on #1, perhaps there could be other identifying information than a txid? Perhaps a txid field shouldn't be "hardcoded" into the standard at all?
>
> How about taking the same approach as BIP-43 (and others) and use a prefix that determines how the rest of the records should be interpreted, i.e. a "type" (or "purpose" or "version" or whatever you'd like to call it) field. This would allow for different purposes/versions of a PoP, including as of now unforeseen ones.
>
> The new structure would then be:
> OP_RETURN POP_PREFIX POP_TYPE POP_NONCE POP_PAYLOAD
>
> POP_PREFIX (? bytes): I'll leave it up to you to specify the exact bits (and length) of the POP_PREFIX, but if your literal is used, it'd be 3 bytes: 0x506f50.
>
> Literals in Bitcoin protocols generally seem to be of the "binary" sort as opposed to human-readable text, so perhaps the devs wouldn't ACK something as "wasteful" as using 3 bytes just to identify it as a PoP record? Obviously, this is a small detail that can be changed at short notice, but as with all standards - once people start using it, you're mostly stuck with what you have. ;)
>

Yes, maybe we could drop POP_PREFIX altogether. The server is expecting a pop and can therefore just assume it's a pop. No need to explicitly write that inside the pop. Can you think of a scenario where it is actually needed. Keeping the POP_PREFIX makes sense only if other transaction-like data structures with OP_RETURN appears in the same contexts as pops. What do you think?

> POP_TYPE: (1 byte): 0x01 for your "standard" version, which would mean that the payload contains a txid.
>

This is a good idea. Todo!

> POP_NONCE: (4 bytes): "2^32 re-uses should be enough for everyone", no? ;)
>

Euhm, well, I don't know... The bigger the better. If we drop POP_PREFIX we could allow for 2 bytes version and 6 bytes nonce. Or 1 byte version and 7 bytes nonce.

> POP_PAYLOAD (32+ bytes): The contents of which is determined by POP_TYPE, e.g. a txid or possibly extra nonce data. Or perhaps some text that makes the purpose or context of this PoP human-readable? (This could then be stored by wallets in order to show a list of what kind of proofs you've sent.)
>

For now I think I'll stick to "txid is mandatory".

>
> 3. I noticed that your post-OP_RETURN structure included exactly 40 bytes. Is that due to the 40-byte limitation on OP_RETURN's "data"? Are you aware that it will be increased to 80 bytes? Cf. https://github.com/bitcoin/bitcoin/pull/5286
>

Yes, I deliberately limited the data to 40 bytes for that reason. With versioning, this may change in the future.

> :)
>
>
> Vennlig hilsen
> Martin Lie