Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W7nZt-0003VU-CG for bitcoin-development@lists.sourceforge.net; Mon, 27 Jan 2014 14:54:21 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.42 as permitted sender) client-ip=74.125.82.42; envelope-from=gavinandresen@gmail.com; helo=mail-wg0-f42.google.com; Received: from mail-wg0-f42.google.com ([74.125.82.42]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W7nZp-0007oq-59 for bitcoin-development@lists.sourceforge.net; Mon, 27 Jan 2014 14:54:21 +0000 Received: by mail-wg0-f42.google.com with SMTP id l18so4269492wgh.1 for ; Mon, 27 Jan 2014 06:54:09 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.180.79.73 with SMTP id h9mr10528380wix.3.1390834449451; Mon, 27 Jan 2014 06:54:09 -0800 (PST) Received: by 10.194.10.197 with HTTP; Mon, 27 Jan 2014 06:54:09 -0800 (PST) In-Reply-To: References: Date: Mon, 27 Jan 2014 09:54:09 -0500 Message-ID: From: Gavin Andresen To: Andreas Schildbach Content-Type: multipart/alternative; boundary=f46d041825e24d118104f0f4e17a X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gavinandresen[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W7nZp-0007oq-59 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] BIP70: PaymentACK semantics X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2014 14:54:21 -0000 --f46d041825e24d118104f0f4e17a Content-Type: text/plain; charset=ISO-8859-1 On Sun, Jan 26, 2014 at 4:56 PM, Andreas Schildbach wrote: > The BIP70 is very brief on what a PaymentACK is supposed to mean. Quote: > > "it [PaymentACK] is sent from the merchant's server to the bitcoin > wallet in response to a Payment message" > > Does it simply mean we received a syntactically correct Payment message? > Does it mean the Payment is valid? > Does it mean the Payment is valid and confirmed? > How long can we delay the ack until all conditions for payment are met? > I assume its not a good idea to keep the HTTP (or Bluetooth, for that > matter) connection open for an hour while waiting for a blockchain > confirmation. > The purpose of PaymentACK is to give the customer reassurance that their payment request has been received and will be processed (or not). If it is syntactically incorrect or invalid in a way that the payment processor can detect right away then a PaymentACK with a message saying that there is a problem should be the response. Waiting until confirmed is definitely not the right thing to do, but waiting a few seconds to detect a 0-confirmation double-spend attempt before sending back an ACK is fine. The BIP is intentionally vague on how long it might take to get an ACK, but, again, the intent is to give the customer reassurance that their payment was received and is being processed, whatever "processed" means (order sent to shipping for fulfillment, or awaiting 11 confirmations, or "your burger is paid for you can leave the restaurant and we won't chase after you"). -- Gavin Andresen --f46d041825e24d118104f0f4e17a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On S= un, Jan 26, 2014 at 4:56 PM, Andreas Schildbach <andreas@schildbach.de= > wrote:
The BIP70 is very brief on what a PaymentACK= is supposed to mean. Quote:

"it [PaymentACK] is sent from the merchant's server to the bitcoin=
wallet in response to a Payment message"

Does it simply mean we received a syntactically correct Payment message?
Does it mean the Payment is va= lid?
Does it mean the Payment is valid and confirmed?
How long can we delay the ack until all conditions for payment are met?
I assume its not a good idea to keep the HTTP (or Bluetooth, for that
matter) connection open for an hour while waiting for a blockchain
confirmation.

The purpose of PaymentACK= is to give the customer reassurance that their payment request has been re= ceived and will be processed (or not).

If it is sy= ntactically incorrect or invalid in a way that the payment processor can de= tect right away then a PaymentACK with a message saying that there is a pro= blem should be the response.

Waiting until confirmed is definitely not the right thi= ng to do, but waiting a few seconds to detect a 0-confirmation double-spend= attempt before sending back an ACK is fine. =A0The BIP is intentionally va= gue on how long it might take to get an ACK, but, again, the intent is to g= ive the customer reassurance that their payment was received and is being p= rocessed, whatever "processed" means (order sent to shipping for = fulfillment, or awaiting 11 confirmations, or "your burger is paid for= you can leave the restaurant and we won't chase after you").

=A0
--
Gavin Andresen
--f46d041825e24d118104f0f4e17a--