[Bitcoin-development] BIP70 proposed changes
andreas at schildbach.de
Tue Feb 18 21:40:13 UTC 2014
On 02/18/2014 08:14 PM, Ryan X. Charles wrote:
> The most important missing piece of the payment protocol is that is has
> no concept of the status of a payment after it has been made. What if
> the payment is too little? Too much? What if it is never confirmed? What
> if it is confirmed, but very late? These are regular occurrences at
> BitPay (although hopefully they will be a lot fewer after the payment
> protocol is widely adopted).
I would like to understand why this happens at BitPay? If this is
because people use cut and paste to copy the address and then type the
amount by hand... well this kind of usage will go away.
A program (like an app) should be capable of paying the exact amount. If
not, that's a bug of the app not the protocol.
> On an unrelated note, X.509 is a terrible standard that should be
> abandoned as quickly as possible.
> BitPay is working on a new standard
> based on bitcoin-like addresses for authentication. It would be great if
> we could work with the community to establish a complete, decentralized
> authentication protocol.
Sounds interesting, let us know as soon as you have anything.
>> - certificate chain in pki_data: I think it should be required that is
>> most contain the first certificate PLUS all intermediate certificates
>> (if any), but NOT the root certificate. Reason: We want to be able to
>> verify offline.
> So long as the root certificate remains an optional addition, this seems
> like a good idea.
In which case does it make sense to duplicate the root cert? I'm asking
because it should already be present in the trusted root store, right?
Maybe can you tell about which measures you needed to take to get X.509
working? To me it felt there very several problems.
> My experience with tls in node is that it is required
TLS? We're not using that for pki_data -- its just a byte array.
>> - definition of timezone: Its not clear if times (e.g. expires) are in
>> UTC or local. I suggest to require UTC. If if we can't agree on this,
>> there should be a sentence about timezones in the spec.
> The world needs to abandon timezones altogether for everything and only
> use UTC. So, agreed. Require UTC.
More information about the bitcoin-dev