[Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts

Luke-Jr luke at dashjr.org
Mon Nov 26 23:19:34 UTC 2012


On Monday, November 26, 2012 11:16:03 PM Mike Hearn wrote:
> They could be included as well of course, but from a seller
> perspective the most important thing is consistency. You have to be
> able to predict what CAs the user has, otherwise your invoice would
> appear in the UI as unverified and is subject to manipulation by
> viruses, etc.

That's expected behaviour - except it's mainly be manipulated by *users*, not 
viruses (which can just as easily manipulate whatever custom cert store we 
use). If I don't trust Joe's certs, I don't want Bitcoin overriding that no 
matter who Joe is or what connections he has.

> So using the OS cert store would effectively restrict merchants to the
> intersection of what ships in all the operating systems their users
> use, which could be unnecessarily restrictive. As far as I know, every
> browser has its own cert store for that reason.

Browsers with this bug are not relevant IMO.




More information about the bitcoin-dev mailing list