summaryrefslogtreecommitdiff
path: root/9f/b945de34b979c43eb0c11809db001bd5830984
blob: e509c5172a5fec1e7e0757f59f3319078ae2c405 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1WIblN-0000y6-F1
	for bitcoin-development@lists.sourceforge.net;
	Wed, 26 Feb 2014 10:30:53 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.174 as permitted sender)
	client-ip=209.85.214.174; envelope-from=mh.in.england@gmail.com;
	helo=mail-ob0-f174.google.com; 
Received: from mail-ob0-f174.google.com ([209.85.214.174])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WIblL-0003tu-SP
	for bitcoin-development@lists.sourceforge.net;
	Wed, 26 Feb 2014 10:30:53 +0000
Received: by mail-ob0-f174.google.com with SMTP id uy5so559860obc.33
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 26 Feb 2014 02:30:46 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.60.37.99 with SMTP id x3mr917892oej.61.1393410646463; Wed,
	26 Feb 2014 02:30:46 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.71.231 with HTTP; Wed, 26 Feb 2014 02:30:46 -0800 (PST)
In-Reply-To: <BFA4F8CD-529B-418D-B3B9-599C89914CD1@kill-bill.org>
References: <E1FDB3F2-25ED-4B99-979E-12CE943CBD66@kill-bill.org>
	<CANEZrP10z6_UAHD97mj22kVEGyXgHPQ2PdP_8RxHT5Py+xRP_A@mail.gmail.com>
	<D6BCC0C4-EF22-4DE8-868E-825D19C387E3@kill-bill.org>
	<CANEZrP0FzTGmp1zbaW1VHJLk5117ZnTSehfF4uMX=+UFS+R_Dw@mail.gmail.com>
	<0CC0BE1D-1DAA-4994-B034-EB7712F845CF@kill-bill.org>
	<DBA255DB-4839-4C3A-BA62-BD3926995C12@kill-bill.org>
	<CAEY8wq6F33814d2+97AqDoAicvh=0PigHZ03wHadMq6JqtQMLg@mail.gmail.com>
	<EAEC76DA-A490-4A61-BFB7-611D4ADF1680@kill-bill.org>
	<CAEY8wq5=pAMTqDPM8yeCF+Z2=1GWmD0UDQdgacN1o3jAUh_BYA@mail.gmail.com>
	<CAEY8wq40RxeUYYJS2m=xq26iTd2NE64WR7QOUO0+yR-MJQCoxQ@mail.gmail.com>
	<5F91BEBF-ECDD-4CBD-A85E-FD7E7DB3F01F@kill-bill.org>
	<81FBEA67-45A9-4531-BEA0-071CE9FAEF7E@kill-bill.org>
	<CANEZrP0-LqFC8N500=mnKbKE+=UtFw_Y5cHR8JRC-zmmGsSAjA@mail.gmail.com>
	<BFA4F8CD-529B-418D-B3B9-599C89914CD1@kill-bill.org>
Date: Wed, 26 Feb 2014 16:00:46 +0530
X-Google-Sender-Auth: _IQKcuHE2AvCrawwga5EKY5SQx4
Message-ID: <CANEZrP2opmZhsgLvJ_WRAT0THHbtnGTZVFbcVkUYhM-DHiGxNA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Stephane Brossier <stephane@kill-bill.org>
Content-Type: multipart/alternative; boundary=089e011762799bdbf104f34cb22b
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WIblL-0003tu-SP
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Pierre-Alexandre Meyer <pierre@kill-bill.org>
Subject: Re: [Bitcoin-development] Extension for BIP-0070 to support
	recurring payments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 10:30:54 -0000

--089e011762799bdbf104f34cb22b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Thanks for the explanation. I agree that makes sense, and you did actually
explain this before, I just didn't connect the dots :)

The accompanying BIP should explain all this, so the rationale for the
design and how you use it is made clear to developers.

I've CCd Jeff and Stephen on this thread, so they can go review it and
weigh in with any comments. They may want to go back to customers who
requested this feature and ask if it'd satisfy their needs.


On Wed, Feb 26, 2014 at 9:23 AM, Stephane Brossier
<stephane@kill-bill.org>wrote:

>
>
>
>
>
>
> *Hi Mike, Jeremy, Drak,Before going through your questions, I would like
> to bring some clarity on a few key elements in that protocol. There are
> really two aspects to it: 1. The contract negotiation; when the user firs=
t
> subscribes, it is prompted by a contract that will define the payment
> bounds associated with that subscription. 2. Once accepted, the wallet is
> in charge and the user does not have to interact anymore -- this is the
> point of the recurring payment protocol. The wallet will poll the merchan=
t
> and issue payments as they are requested by the merchant as long as they
> stay within the bounds of what was specified by the contract (and accepte=
d
> by the customer).I think it would help to explain how we ended up with th=
e
> type of contract we introduced in that protocol. In an ideal world and in=
 a
> NON recurring scheme, the contract should simply be the exact amount to b=
e
> paid. In our case the exact amount may not be completely known in advance
> -- for e.g taxes, shipping, pro-rations, =E2=80=A6 and so we decided to i=
ntroduce
> first a max amount per payment, and also a max amount per period. It is u=
p
> to the merchant to decide whether to specify none, any or both bounds (ma=
x
> amount per payment and max amount per period). By specifying both, the
> contract is tighter and the client would feel safer to accept it. In the
> extreme case, by specifying none, the client would be presented with a
> contract to pay whatever is requested -- probably not a good option in th=
e
> Bitcoin world unless there is a high sense of trust with the merchant.
>   From reading your comments, it appears we have not been clear on how th=
at
> frequency (PaymentFrequencyType) is being used. Its sole purpose is to
> define the max amount per period in the contract. The frequency of the
> payment is implicitly dictated by the merchant but not specified in the
> protocol by design: the wallet has to poll with a fine granularity (ideal=
ly
> each day when it is up) to understand if there is something pending. In t=
he
> same way, a specified amount was not enough in the contract, we feel it
> would be restrictive to specify in advance when payments are due. There a=
re
> a lot of complex scenarios in the billing space, and having the wallet po=
ll
> the merchant to inquire for pending payments is the most flexible option
> and the contract is there to ensure the client will not be abused. To giv=
e
> a concrete example, imagine a data plan where you pay a base recurring
> price of $70 per month, but you are charged $10 per GB of data used beyon=
d
> your included limit. If you exceed your limit on the 15th and the 23rd of=
 a
> given month, two extra payment attempts will be requested by the merchant=
,
> that you couldn=E2=80=99t predict (this scenario is often referred to as =
usage
> billing with Prepay Credits and Top-up, where the customer pays in advanc=
e
> for blocks of N units, and once they are consumed another N are purchased=
).*
>
>
> *See answers in your questions inlined below:*
>
>
> I have the following comments:
>
>    1. There's no need to serialize RecurringPaymentDetails as bytes here.
>    It's done that way outside of PaymentDetails in order to support digit=
al
>    signatures over protobufs that may have extensions the wallet app isn'=
t
>    aware of, but it's a pain and inside PaymentDetails (and therefore for=
 most
>    extensions) it shouldn't be necessary. So you can just use "optional
>    RecurringPamentDetails recurring_payments =3D 8;"
>
>
>
> OK, we'll fix it.
>
>
>
>    1. There's only 4 possibilities here for recurrences. That seems
>    rather restrictive. Is the cost of being more expressive really so hig=
h?
>    Why not allow more flexible specification of periods?
>
>
>    1. If there's no payment_frequency_type field then what happens? A
>    quirk of protobufs to be aware of is that making an enum field "requir=
ed"
>    can hurt backwards compatibility. Because it will be expressed using a
>    languages underlying enum type, if there's a new enum member added lat=
er
>    old software that attempts to deserialize this will throw exceptions
>    because the new "unknown" member would be unrepresentable in the old m=
odel.
>    Making the field optional avoids this problem (it will be treated as
>    missing instead) but means software needs to be written to know what t=
o do
>    when it can't read the enum value / sees enum values from the future.
>
>
>
> I hope the explanation above answers the questions.
>
>
>    1. I assume the amounts are specified in terms of satoshi, and
>    timestamps are UNIX time, but better to make that explicit.
>
>
>
> Yes.
>
>
>    1. Seems there's an implicit value constraint that max_payment_amount
>    <=3D max_payment_per_period. What happens if that constraint is violat=
ed?
>    Best to document that.
>
>
>
> As explained above, contract would define none, 1 or both conditions.
>  First the merchant should not return such 'conditions' but if it does th=
e
> client should not accept the contract. If the client decides to accept it
> anyway, then the wallet just verifies both conditions are met separately
> regardless of whether there is such violation and if so, makes the paymen=
t.
>
>
>    1. What's the "merchant ID" namespace thing about? What's it for? What
>    happens if I set my competitors merchant ID there?
>
>
> I agree, we can easily get rid of it.
>
>
>    1. What's the "subscription ID"? Is this stuff not
>    duplicative/redundant with the existing merchant_data field?
>
>
> In an ideal world the merchant should return unique subscriptionId (UUID
> for instance). That subscriptionId is used in the code to identify the
> contracts associated with the subscription. The merchant_data if i
> understand correctly the payment protocol is opaque from the client point
> of view, so it cannot be used by the client for that purpose.
>
>
>    1. In what situations would you have >1 contract per payment request?
>    I'm not sure I understand why it's repeated. Presumably if there are z=
ero
>    contracts included the data should be ignored, or an error thrown and =
the
>    entire payment request rejected? Which should it be?
>
>
>
>
> There are many example where that could  happen; for instance if you
> subscribe to a service,  then later decide to downgrade to a lower produc=
t.
> The merchant may decide to only let you downgrade at the end of your paid
> period-- to avoid generating extra credit-- and in that situation you end
> up with two contracts: One for the current product you are in and one for
> the future product you will end up on when the downgrade becomes effectiv=
e.
>
>
>
>    1. It's unclear to me given such a contract when the payment should
>    actually occur. For instance if it's "monthly" then what day in the mo=
nth
>    would the payment occur?
>
>
>
> As outlined above in the introduction, the protocol is designed in such a
> way that the wallet does not have to know what is the exact date when
> payment should occur, but instead polls the merchant for pending payments=
.
> There are many situations when specifying an exact payment date is not an
> option so that flexibility is essential. A simple example would be for a
> customer who started subscribing on the 31th of a month. Since there will
> be months with 28/29/30 days, the payment date would change depending on
> the month.
>
>
>
>
>
>    1. You'll notice I moved the comments to be above the field
>    definitions. I know the current proto isn't done that way, but let's c=
hange
>    it - long comments are good and putting them above the field definitio=
ns
>    encourages people to write enough detail without being put off by line
>    length constraints
>
>
>
> Fine.
>
>
> I think the next step would be to talk to BitPay/get Jeff+Stephen involve=
d
> because I know they have customers that really want recurring payments, a=
nd
> those guys will have a clearer idea of customer requirements than we do. =
I
> feel uncomfortable with designing or reviewing in a vacuum without some
> actual people who would use it chiming in, as I don't really know much
> about the underlying business processes.
>
>
>
> We are totally open to receive feedbacks from them.. How do we bring them
> in the discussion?
>
>
> I have some other comments about the bitcoinj implementation specifically
> - for instance, we don't have a "wallet directory" concept: everything go=
es
> into the wallet file. So we'll need to think about how to structure the
> code to allow that. Also, just using a background polling thread is likel=
y
> not flexible enough, as on some platforms you can't stay running all the
> time (e.g. Android) without upsetting people, but the underlying OS can
> wake you up at the right times, so wallet apps should have an ability to
> control wakeup tasks. But we can discuss that over on the bitcoinj list
> specifically. Let's keep this thread for the general protocol design.
>
>
> Ok that makes sense.
>
>
> BIP 70 is indeed implemented in Bitcoin Core on the C++ side, so that
> isn't a concern. It could be done there too.
>
>
> Great to know.
>
>
>
>

--089e011762799bdbf104f34cb22b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thanks for the explanation. I agree that makes sense, and =
you did actually explain this before, I just didn&#39;t connect the dots :)=
<div><br></div><div>The accompanying BIP should explain all this, so the ra=
tionale for the design and how you use it is made clear to developers.</div=
>
<div><br></div><div>I&#39;ve CCd Jeff and Stephen on this thread, so they c=
an go review it and weigh in with any comments. They may want to go back to=
 customers who requested this feature and ask if it&#39;d satisfy their nee=
ds.</div>
<div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Wed, Feb 2=
6, 2014 at 9:23 AM, Stephane Brossier <span dir=3D"ltr">&lt;<a href=3D"mail=
to:stephane@kill-bill.org" target=3D"_blank">stephane@kill-bill.org</a>&gt;=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><div><b>=
<div style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span styl=
e=3D"font-size:15px;font-family:Arial;font-weight:normal;vertical-align:bas=
eline;white-space:pre-wrap">Hi Mike, Jeremy, Drak,</span></div>
<br><span style=3D"font-size:15px;font-family:Arial;font-weight:normal;vert=
ical-align:baseline;white-space:pre-wrap"></span><div style=3D"line-height:=
1.15;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:15px;font-f=
amily:Arial;font-weight:normal;vertical-align:baseline;white-space:pre-wrap=
">Before going through your questions, I would like to bring some clarity o=
n a few key elements in that protocol. There are really two aspects to it:<=
/span></div>
<ol style=3D"margin-top:0pt;margin-bottom:0pt"><li dir=3D"ltr" style=3D"lis=
t-style-type:decimal;font-size:15px;font-family:Arial;font-weight:normal;ve=
rtical-align:baseline"><div style=3D"line-height:1.15;margin-top:0pt;margin=
-bottom:0pt">
<span style=3D"vertical-align:baseline;white-space:pre-wrap">The contract n=
egotiation; when the user first subscribes, it is prompted by a contract th=
at will define the payment bounds associated with that subscription. </span=
></div>
</li><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:15px;font-f=
amily:Arial;font-weight:normal;vertical-align:baseline"><div style=3D"line-=
height:1.15;margin-top:0pt;margin-bottom:0pt"><span style=3D"vertical-align=
:baseline;white-space:pre-wrap">Once accepted, the wallet is in charge and =
the user does not have to interact anymore -- this is the point of the recu=
rring payment protocol. The wallet will poll the merchant and issue payment=
s as they are requested by the merchant as long as they stay within the bou=
nds of what was specified by the contract (and accepted by the customer).</=
span></div>
</li></ol><br><span style=3D"font-size:15px;font-family:Arial;font-weight:n=
ormal;vertical-align:baseline;white-space:pre-wrap"></span><div style=3D"li=
ne-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:1=
5px;font-family:Arial;font-weight:normal;vertical-align:baseline;white-spac=
e:pre-wrap">I think it would help to explain how we ended up with the type =
of contract we introduced in that protocol. In an ideal world and in a NON =
recurring scheme, the contract should simply be the exact amount to be paid=
. In our case the exact amount may not be completely known in advance -- fo=
r e.g taxes, shipping, pro-rations, =E2=80=A6 and so we decided to introduc=
e first a max amount per payment, and also a max amount per period. It is u=
p to the merchant to decide whether to specify none, any or both bounds (ma=
x amount per payment and max amount per period). By specifying both, the co=
ntract is tighter and the client would feel safer to accept it. In the extr=
eme case, by specifying none, the client would be presented with a contract=
 to pay whatever is requested -- probably not a good option in the Bitcoin =
world unless there is a high sense of trust with the merchant. =C2=A0=C2=A0=
</span></div>
<br><span style=3D"font-size:15px;font-family:Arial;font-weight:normal;vert=
ical-align:baseline;white-space:pre-wrap"></span><div style=3D"line-height:=
1.15;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:15px;font-f=
amily:Arial;font-weight:normal;vertical-align:baseline;white-space:pre-wrap=
">From reading your comments, it appears we have not been clear on how that=
 frequency (PaymentFrequencyType) is being used. Its sole purpose is to def=
ine the max amount per period in the contract. The frequency of the payment=
 is implicitly dictated by the merchant but not specified in the protocol b=
y design: the wallet has to poll with a fine granularity (ideally each day =
when it is up) to understand if there is something pending. In the same way=
, a specified amount was not enough in the contract, we feel it would be re=
strictive to specify in advance when payments are due. There are a lot of c=
omplex scenarios in the billing space, and having the wallet poll the merch=
ant to inquire for pending payments is the most flexible option and the con=
tract is there to ensure the client will not be abused. To give a concrete =
example, imagine a data plan where you pay a base recurring price of $70 pe=
r month, but you are charged $10 per GB of data used beyond your included l=
imit. If you exceed your limit on the 15th and the 23rd of a given month, t=
wo extra payment attempts will be requested by the merchant, that you could=
n=E2=80=99t predict (this scenario is often referred to as usage billing wi=
th Prepay Credits and Top-up, where the customer pays in advance for blocks=
 of N units, and once they are consumed another N are purchased).</span></d=
iv>
<br><span style=3D"font-size:15px;font-family:Arial;font-weight:normal;vert=
ical-align:baseline;white-space:pre-wrap"></span></b></div><div><br></div><=
div><b><div style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt"><sp=
an style=3D"font-size:15px;font-family:Arial;font-weight:normal;vertical-al=
ign:baseline;white-space:pre-wrap">See answers in your questions inlined be=
low:</span></div>
<div style=3D"line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span styl=
e=3D"font-size:15px;font-family:Arial;font-weight:normal;vertical-align:bas=
eline;white-space:pre-wrap"><br></span></div></b></div><div><div class=3D""=
><blockquote type=3D"cite">
<div dir=3D"ltr"><div><pre style=3D"font-family:Consolas,&#39;Liberation Mo=
no&#39;,Courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;c=
olor:rgb(51,51,51);line-height:18px"><div><span style=3D"color:rgb(153,153,=
136);font-style:italic"><br>
</span></div></pre></div><div>I have the following comments:</div>
<div><ol><li>There&#39;s no need to serialize RecurringPaymentDetails as by=
tes here. It&#39;s done that way outside of PaymentDetails in order to supp=
ort digital signatures over protobufs that may have extensions the wallet a=
pp isn&#39;t aware of, but it&#39;s a pain and inside PaymentDetails (and t=
herefore for most extensions) it shouldn&#39;t be necessary. So you can jus=
t use &quot;optional RecurringPamentDetails recurring_payments =3D 8;&quot;=
<br>

<br></li></ol></div></div></blockquote><div><br></div></div><div>OK, we&#39=
;ll fix it.</div><div class=3D""><div><br></div><br><blockquote type=3D"cit=
e"><div dir=3D"ltr"><div><ol start=3D"2"><li>There&#39;s only 4 possibiliti=
es here for recurrences. That seems rather restrictive. Is the cost of bein=
g more expressive really so high? Why not allow more flexible specification=
 of periods?</li>
</ol></div></div></blockquote><blockquote type=3D"cite"><div dir=3D"ltr"><d=
iv><ol start=3D"3"><li>
If there&#39;s no payment_frequency_type field then what happens? A quirk o=
f protobufs to be aware of is that making an enum field &quot;required&quot=
; can hurt backwards compatibility. Because it will be expressed using a la=
nguages underlying enum type, if there&#39;s a new enum member added later =
old software that attempts to deserialize this will throw exceptions becaus=
e the new &quot;unknown&quot; member would be unrepresentable in the old mo=
del. Making the field optional avoids this problem (it will be treated as m=
issing instead) but means software needs to be written to know what to do w=
hen it can&#39;t read the enum value / sees enum values from the future.<br=
>

<br></li></ol></div></div></blockquote><div><br></div></div><div>I hope the=
 explanation above answers the questions.</div><div class=3D""><br><blockqu=
ote type=3D"cite"><div dir=3D"ltr"><div><ol start=3D"4"><li>I assume the am=
ounts are specified in terms of satoshi, and timestamps are UNIX time, but =
better to make that explicit.<br>
<br></li></ol></div></div></blockquote><div><br></div></div>Yes.</div><div>=
<div class=3D""><br><blockquote type=3D"cite"><div dir=3D"ltr"><div><ol sta=
rt=3D"5"><li>Seems there&#39;s an implicit value constraint that max_paymen=
t_amount &lt;=3D max_payment_per_period. What happens if that constraint is=
 violated? Best to document that.<br>

<br></li></ol></div></div></blockquote><div><br></div></div>As explained ab=
ove, contract would define none, 1 or both conditions. =C2=A0First the merc=
hant should not return such &#39;conditions&#39; but if it does the client =
should not accept the contract. If the client decides to accept it anyway, =
then the wallet just verifies both conditions are met separately regardless=
 of whether there is such violation and if so, makes the payment.</div>
<div><br></div><div><div class=3D""><blockquote type=3D"cite"><div dir=3D"l=
tr"><div><ol start=3D"6"><li>What&#39;s the &quot;merchant ID&quot; namespa=
ce thing about? What&#39;s it for? What happens if I set my competitors mer=
chant ID there?</li>
</ol></div></div></blockquote><div><br></div></div>I agree, we can easily g=
et rid of it.</div><div><div class=3D""><br><blockquote type=3D"cite"><div =
dir=3D"ltr"><div><ol start=3D"6"><li>What&#39;s the &quot;subscription ID&q=
uot;? Is this stuff not duplicative/redundant with the existing merchant_da=
ta field?<br>
</li></ol></div></div></blockquote><div><br></div></div><div>In an ideal wo=
rld the merchant should return unique subscriptionId (UUID for instance). T=
hat subscriptionId is used in the code to identify the contracts associated=
 with the subscription. The merchant_data if i understand correctly the pay=
ment protocol is opaque from the client point of view, so it cannot be used=
 by the client for that purpose.=C2=A0</div>
<div class=3D""><blockquote type=3D"cite"><div dir=3D"ltr"><div><ol start=
=3D"6"><li>In what situations would you have &gt;1 contract per payment req=
uest? I&#39;m not sure I understand why it&#39;s repeated. Presumably if th=
ere are zero contracts included the data should be ignored, or an error thr=
own and the entire payment request rejected? Which should it be?<br>

<br></li></ol></div></div></blockquote><div><br></div><div><br></div></div>=
<div>There are many example where that could =C2=A0happen; for instance if =
you subscribe to a service, =C2=A0then later decide to downgrade to a lower=
 product. The merchant may decide to only let you downgrade at the end of y=
our paid period-- to avoid generating extra credit-- and in that situation =
you end up with two contracts: One for the current product you are in and o=
ne for the future product you will end up on when the downgrade becomes eff=
ective.</div>
<div class=3D""><div><br></div><br><blockquote type=3D"cite"><div dir=3D"lt=
r"><div><ol start=3D"8"><li>It&#39;s unclear to me given such a contract wh=
en the payment should actually occur. For instance if it&#39;s &quot;monthl=
y&quot; then what day in the month would the payment occur?<br>
<br></li></ol></div></div></blockquote><div><br></div></div><div>As outline=
d above in the introduction, the protocol is designed in such a way that th=
e wallet does not have to know what is the exact date when payment should o=
ccur, but instead polls the merchant for pending payments. There are many s=
ituations when specifying an exact payment date is not an option so that fl=
exibility is essential. A simple example would be for a customer who starte=
d subscribing on the 31th of a month. Since there will be months with 28/29=
/30 days, the payment date would change depending on the month.</div>
<div class=3D""><div><br></div><div><br></div><div><br></div><br><blockquot=
e type=3D"cite"><div dir=3D"ltr"><div><ol start=3D"9"><li>You&#39;ll notice=
 I moved the comments to be above the field definitions. I know the current=
 proto isn&#39;t done that way, but let&#39;s change it - long comments are=
 good and putting them above the field definitions encourages people to wri=
te enough detail without being put off by line length constraints</li>

</ol></div><div><br></div></div></blockquote><div><br></div></div><div>Fine=
.</div><div class=3D""><div><br></div><br><blockquote type=3D"cite"><div di=
r=3D"ltr"><div>I think the next step would be to talk to BitPay/get Jeff+St=
ephen involved because I know they have customers that really want recurrin=
g payments, and those guys will have a clearer idea of customer requirement=
s than we do. I feel uncomfortable with designing or reviewing in a vacuum =
without some actual people who would use it chiming in, as I don&#39;t real=
ly know much about the underlying business processes.</div>
</div></blockquote><div><br></div><div><br></div></div><div>We are totally =
open to receive feedbacks from them.. How do we bring them in the discussio=
n?</div><div class=3D""><br><blockquote type=3D"cite"><div dir=3D"ltr">
<div><br></div><div>I have some other comments about the bitcoinj implement=
ation specifically - for instance, we don&#39;t have a &quot;wallet directo=
ry&quot; concept: everything goes into the wallet file. So we&#39;ll need t=
o think about how to structure the code to allow that. Also, just using a b=
ackground polling thread is likely not flexible enough, as on some platform=
s you can&#39;t stay running all the time (e.g. Android) without upsetting =
people, but the underlying OS can wake you up at the right times, so wallet=
 apps should have an ability to control wakeup tasks. But we can discuss th=
at over on the bitcoinj list specifically. Let&#39;s keep this thread for t=
he general protocol design.</div>
</div></blockquote><div><br></div></div>Ok that makes sense.</div><div clas=
s=3D""><div><br><blockquote type=3D"cite"><div dir=3D"ltr">
<div><br></div><div class=3D"gmail_extra">BIP 70 is indeed implemented in B=
itcoin Core on the C++ side, so that isn&#39;t a concern. It could be done =
there too.<br><br></div></div>
</blockquote><br></div></div><div>Great to know.</div><div><br></div><div><=
br></div><br></div></blockquote></div><br></div></div>

--089e011762799bdbf104f34cb22b--