Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1TdLmv-000115-K8 for bitcoin-development@lists.sourceforge.net; Tue, 27 Nov 2012 14:05:25 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.171 as permitted sender) client-ip=209.85.212.171; envelope-from=gavinandresen@gmail.com; helo=mail-wi0-f171.google.com; Received: from mail-wi0-f171.google.com ([209.85.212.171]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1TdLmq-0007ed-7W for bitcoin-development@lists.sourceforge.net; Tue, 27 Nov 2012 14:05:25 +0000 Received: by mail-wi0-f171.google.com with SMTP id hn14so3481699wib.10 for ; Tue, 27 Nov 2012 06:05:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.82.10 with SMTP id n10mr5770640wee.126.1354025114094; Tue, 27 Nov 2012 06:05:14 -0800 (PST) Received: by 10.194.27.136 with HTTP; Tue, 27 Nov 2012 06:05:13 -0800 (PST) In-Reply-To: <98E8A2D6-56D1-4E28-BB63-71E13382B5B8@ceptacle.com> References: <895A1D97-68B4-4A2F-B4A1-34814B9BA8AC@ceptacle.com> <626D0E73-1111-4380-AABE-6C8C65F2FFCC@ceptacle.com> <98E8A2D6-56D1-4E28-BB63-71E13382B5B8@ceptacle.com> Date: Tue, 27 Nov 2012 09:05:13 -0500 Message-ID: From: Gavin Andresen To: Michael Gronager Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gavinandresen[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1TdLmq-0007ed-7W Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol Proposal: Invoices/Payments/Receipts X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2012 14:05:25 -0000 RE: SignedReceipt: I agree it is superfluous. I'll remove it from the spec. RE: "it is controversial use of the host key to use it for digital signing of documents" : The idea of embedding a x509 certificate chain comes from the IETF's JSON Object Signing and Encryption working group "JWS" specification, so I can't be TOO controversial. RE: the ifex-project and other electronic invoicing standards: Thanks for the pointers, Walter! I'm all for adopting the best ideas that have come before, as long as we end up with something useful and small enough to convince ourselves it is as secure as we can make it. I looked at the ifex spec, and quickly got lost. It would help me if you could write up what our motivating use cases would look like if implemented on top of ifex. RE: jgarzik's suggestion to allow txids in the Payment: that worries me, because it is trivial to create several different variations of the same transaction (same inputs to same outputs) with different txids (re-signing inputs uses a different signature nonce, which changes the signature/txid, for example). RE: using self-signed certificates: as Mike said, I assume Bitcoin clients will have some way of managing root certificates, so experts could add trusted self-signed certs. -- -- Gavin Andresen