[Bitcoin-development] Error handling in payment protocol (BIP-0070 and BIP-0072)

Ross Nicoll jrn at jrn.me.uk
Sat Apr 26 17:43:50 UTC 2014

I'd be very cautious of security implications of embedding files into
the payment request. Even file formats one would presume safe, such as
images, have had security issues (i.e.
https://technet.microsoft.com/library/security/ms11-006 )

Longer term I was wondering about embedding the PaymentRequest into web
pages directly via the <object> tag, which could eliminate need for
BIP0072 and potentially improve user interface integration that way.
Obviously this would require browser plugins, however.


On 26/04/14 18:36, Mike Hearn wrote:
>> PaymentRequests are limited to 50,000 bytes. I can't think of a reason why
>> Payment messages would need to be any bigger than that. Submit a pull
>> request to the existing BIP.
> In future it might be nice to have images and things in the payment
> requests, to make UIs look prettier. But with the current version 50kb
> should be plenty indeed.

More information about the bitcoin-dev mailing list