[Bitcoin-development] Payment Protocol: BIP 70, 71, 72

Pieter Wuille pieter.wuille at gmail.com
Wed Aug 7 21:36:48 UTC 2013 

On Wed, Aug 7, 2013 at 11:17 PM, Mike Hearn <mike at plan99.net> wrote:
>
>> I'd like to hear from other wallet implementors. Do you have a notion
>> of 'locked inputs' ?  The tricky bit in constructing a transaction but
>> not broadcasting it right away is the inputs must be locked, so
>> they're not accidentally double-spent.
>
>> bitcoinj separates the concept of committing a tx to the wallet from
> broadcasting it. However by default transactions that weren't seen in the
> chain yet will be announced when a new peer is connected to. It'd take extra
> code to suppress that, and it's unclear to me why that's useful. I agree
> with Pieter that it should be the merchants responsibility to get the tx out
> there, but having the client do the broadcast as well can't really hurt
> (except perhaps some privacy impact).

My concerns here are:
* Making sure wallet applications can function without supporting the
P2P protocol (which drops a huge implementation overhead for simple -
perhaps hardware-based - wallets).
* Making sure the responsibility of confirming transactions is with
the receiver (while the responsibility of creating a confirmable
transaction is with the sender), which again simplifies wallet
implementation.
* Making receiving of metadata reliable, by minimizing cases where a
transaction is accidentally broadcast without the receiver being told
about it. This is perhaps not possible entirely, but it should be
possible to reduce it to a point where the remaining cases can be
dealt with manually. This also means indeed being able to give a
bitcoin URI (or why not just a URL to a payment descriptor?) that does
not contain a static Bitcoin address. I understand the compatibility
concern here, but IMHO we should do all effort to get rid of static
addresses were possible - the public key should be negotiated be
sender and receiver.

I worry about the scenario where some evil hotspot owner observes a
payment request, and later sees a bitcoin P2P transaction crediting
that key, but without payment being sent to the payment_uri (because
he blocked it), thus allowing him to construct a payment message
himself with the request + transaction, and adding his own refund
address or delivery location, or ... To fix problems related to this
completely, we'd need transactions that commit to the payment message,
instead of the other way around. I believe the pay-to-contract scheme
presented by Timo Hanke at the San Jose conference solved this.

-- 
Pieter

More information about the bitcoin-dev mailing list