Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1TJBKH-0003ko-GB for bitcoin-development@lists.sourceforge.net; Tue, 02 Oct 2012 22:52:29 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.175 as permitted sender) client-ip=209.85.223.175; envelope-from=gmaxwell@gmail.com; helo=mail-ie0-f175.google.com; Received: from mail-ie0-f175.google.com ([209.85.223.175]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1TJBKG-0007Et-NI for bitcoin-development@lists.sourceforge.net; Tue, 02 Oct 2012 22:52:29 +0000 Received: by iebc13 with SMTP id c13so16968861ieb.34 for ; Tue, 02 Oct 2012 15:52:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.43.46.194 with SMTP id up2mr167536icb.22.1349218343401; Tue, 02 Oct 2012 15:52:23 -0700 (PDT) Received: by 10.64.34.4 with HTTP; Tue, 2 Oct 2012 15:52:23 -0700 (PDT) In-Reply-To: References: Date: Tue, 2 Oct 2012 18:52:23 -0400 Message-ID: From: Gregory Maxwell To: Mike Hearn Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -0.7 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.9 AWL AWL: From: address is in the auto white-list X-Headers-End: 1TJBKG-0007Et-NI Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment protocol thoughts X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2012 22:52:29 -0000 On Tue, Oct 2, 2012 at 6:44 PM, Mike Hearn wrote: > A simple way to solve this problem is just use the SSL identity of the > server that is taking part in the protocol, but it's not much harder SSL itself (as opposed to using the certs as you suggest) is not non-reputablable, so it's not enough for the below concerns > A signed invoice + the blockchain transactions does this, BUT with a > major caveat: if you have not set up dispute mediation, there is > nobody to prove faultlessness to. To their prospective customer base. "I can prove to the public that you ripped me off" is protective, even if there isn't formal direct remedy available.