Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.177 as permitted sender)
	client-ip=209.85.214.177; envelope-from=mh.in.england@gmail.com;
	helo=mail-ob0-f177.google.com; 
MIME-Version: 1.0
Sender: mh.in.england@gmail.com
In-Reply-To: <lghlbp$pef$1@ger.gmane.org>
References: <lc5hmg$1jh$1@ger.gmane.org> <leuunm$tjk$1@ger.gmane.org>
	<CANEZrP3nQfvDArKTRgje0Cus4G2JD_zpxSjA3fXfxM2TNAP80Q@mail.gmail.com>
	<CALDj+BafD+6KTNcYDBEu5gNPzYozSkiC-JCxrY-PzXL2DYBRsw@mail.gmail.com>
	<lge7lv$3mf$1@ger.gmane.org>
	<CALDj+BZRsXnU5w=1B+01PDfMPY-7zqU3GP_52vr9wknEdTJ59Q@mail.gmail.com>
	<lgh1q8$1dc$1@ger.gmane.org>
	<CALDj+Bb=CR1pL0Ze1M6k22wfQM1bL6-w+EyipJQWc1OHhAY0rg@mail.gmail.com>
	<lghlbp$pef$1@ger.gmane.org>
Date: Fri, 21 Mar 2014 16:24:24 +0100
Message-ID: <CANEZrP3t1t2+qgE6fPR3zQ=x5c=XU+mnJEazcT=HOWu91KnxUg@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Andreas Schildbach <andreas@schildbach.de>
Content-Type: multipart/alternative; boundary=047d7bd6c52c19fdfc04f51f7b51
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol for Face-to-face Payments
Precedence: list

--047d7bd6c52c19fdfc04f51f7b51
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

SPDY requires SSL and is even more complex than HTTP.

Really, the current protocol we've got (length prefixed protobufs) is just
fine except for the lack of encryption/authentication. For that you need to
do ECDH to establish a shared AES session key, and MAC each packet. Like I
said, it's not entirely trivial which is why it's worth trying SSL too, but
it's also not a massive effort.


On Fri, Mar 21, 2014 at 4:20 PM, Andreas Schildbach
<andreas@schildbach.de>wrote:

> On 03/21/2014 02:54 PM, Alex Kotenko wrote:
>
> >     > I wonder how complex it would be to implement HTTP-over-Bluetooth=
.
> Not
> >     > like I'm willing to do that now, but HTTP is well known and prove=
n
> >     to be
> >     > quite good for tasks like this, so in theory it would be handy to
> have
> >     > such capacities in here.
> >
> >     Thought of that as well. On the other hand, HTTP might be overkill
> and
> >     we inherit its potential downsides as well.
> >
> > =E2=80=8BIt definitely is an overkill. Don't think we should do it now =
unless we
> > will see later during implementation that we really have to.
>
> Btw. we could also consider SPDY. I'm not sure about the advantages, but
> its probably quicker and leaner.
>
>
>
>
>
> -------------------------------------------------------------------------=
-----
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and thei=
r
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--047d7bd6c52c19fdfc04f51f7b51
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">SPDY requires SSL and is even more complex than HTTP.<div>=
<br></div><div>Really, the current protocol we&#39;ve got (length prefixed =
protobufs) is just fine except for the lack of encryption/authentication. F=
or that you need to do ECDH to establish a shared AES session key, and MAC =
each packet. Like I said, it&#39;s not entirely trivial which is why it&#39=
;s worth trying SSL too, but it&#39;s also not a massive effort.</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Fri,=
 Mar 21, 2014 at 4:20 PM, Andreas Schildbach <span dir=3D"ltr">&lt;<a href=
=3D"mailto:andreas@schildbach.de" target=3D"_blank">andreas@schildbach.de</=
a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">On 03/21/2014 02:54 PM, Alex Kotenko wrote:<=
br>
<br>
&gt; =C2=A0 =C2=A0 &gt; I wonder how complex it would be to implement HTTP-=
over-Bluetooth. Not<br>
&gt; =C2=A0 =C2=A0 &gt; like I&#39;m willing to do that now, but HTTP is we=
ll known and proven<br>
&gt; =C2=A0 =C2=A0 to be<br>
&gt; =C2=A0 =C2=A0 &gt; quite good for tasks like this, so in theory it wou=
ld be handy to have<br>
&gt; =C2=A0 =C2=A0 &gt; such capacities in here.<br>
&gt;<br>
&gt; =C2=A0 =C2=A0 Thought of that as well. On the other hand, HTTP might b=
e overkill and<br>
&gt; =C2=A0 =C2=A0 we inherit its potential downsides as well.<br>
&gt;<br>
&gt; =E2=80=8BIt definitely is an overkill. Don&#39;t think we should do it=
 now unless we<br>
&gt; will see later during implementation that we really have to.<br>
<br>
Btw. we could also consider SPDY. I&#39;m not sure about the advantages, bu=
t<br>
its probably quicker and leaner.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
Learn Graph Databases - Download FREE O&#39;Reilly Book<br>
&quot;Graph Databases&quot; is the definitive new guide to graph databases =
and their<br>
applications. Written by three acclaimed leaders in the field,<br>
this first edition is now available. Download your free book today!<br>
<a href=3D"http://p.sf.net/sfu/13534_NeoTech" target=3D"_blank">http://p.sf=
.net/sfu/13534_NeoTech</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>

--047d7bd6c52c19fdfc04f51f7b51--