[Bitcoin-development] Payment protocol and reliable Payment messages

[Pieter Wuille]

On Mon, Jan 13, 2014 at 6:44 PM, Andreas Schildbach
<andreas at schildbach.de> wrote:
> On 01/13/2014 05:43 PM, Pieter Wuille wrote:
>
>> As an optimization (and I believe this is what Mike plans to implement
>> in BitcoinJ), if a payment_url is present, it should be encouraged to
>> only send the payment there, and not broadcast the transaction at all
>> on the P2P network (minimizing the risk that the transaction confirms
>> without the payment being received; it can't be guaranteed however).

I want to avoid the case where a transaction confirms, but the
associated payment is not delivered. If there is a reasonable chance
that this case occurs in normal operation, it means the payment
transmission cannot be relied upon.

On the other hand, if the payment gets sent, but the transaction is
not broadcasted, it can be broadcasted by the receiver (who has much
more reason to do so; he wants to spend his money).
>
> Can you explain what the problem is here? The payment message can be
> transmitted after the payment has been received through the P2P network.
> Am I missing something?

So, yes, sending on the P2P network is fine, as long as everything is
done to get the payment delivered. Not broadcasting on P2P is just an
optimization that makes failures of not getting the transaction out
and not getting the payment delivered coincide better. I say just
optimization, as you can't rely on the fact that if the payment fails,
the transaction will also fail (the merchant may be malicious, make
the submission of the payment fail, but broadcast the transaction
anyway), so wallets must still be able to deal with this. Nonetheless,
I think it can increase the reliability of "payment being received for
otherwise confirming transactions".
>
> Furthermore, if we give up the robustness of the P2P network, we will
> likely end up with more failed payments. There is so much that can go
> wrong when trying to connect via HTTP (proxies etc.), Bluetooth
> endpoints can go away, etc. At least we should provide fallback
> payment_url's in this case.

That's a different issue. I'm very aware that payments over HTTP can
fail. The point is that I prefer the entire transaction to fail in
that case, instead, and focus on making the payment submission more
reliable.
>
> As for you proposal, just be aware I'd like to use the payment protocol
> for face to face payments as well. That meant payment request via NFC or
> QR, payment message and payment confirmations via Bluetooth. I think it
> can be done by putting a Bluetooth mac address into the payment_url.

I'm aware. What issues do you see?

-- 
Pieter