Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.214.177 as permitted sender)
	client-ip=209.85.214.177; envelope-from=mh.in.england@gmail.com;
	helo=mail-ob0-f177.google.com; 
MIME-Version: 1.0
Sender: mh.in.england@gmail.com
In-Reply-To: <CAJHLa0MGaxJTGPR-bduW36-4Msb348FANqFmw67jqFxq1CLwbw@mail.gmail.com>
References: <le05ca$qn5$1@ger.gmane.org> <5303B110.70603@bitpay.com>
	<le0jvf$i7d$1@ger.gmane.org>
	<CAJHLa0MGaxJTGPR-bduW36-4Msb348FANqFmw67jqFxq1CLwbw@mail.gmail.com>
Date: Wed, 19 Feb 2014 16:44:00 +0000
Message-ID: <CANEZrP1QS1Z0_=-sUjK2H5CkrnuCUsCu5PZhggAvEbW4Y2Y_kA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Jeff Garzik <jgarzik@bitpay.com>
Content-Type: multipart/alternative; boundary=001a1134a7e48c99ac04f2c51871
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [Bitcoin-development] BIP70 proposed changes
Precedence: list

--001a1134a7e48c99ac04f2c51871
Content-Type: text/plain; charset=UTF-8

Thanks for the feedback guys!

I would also like to understand the problems you've been having with
certificates in node.js. FYI the CA cert is *not* supposed to be included,
this matches what the code in Bitcoin Core and bitcoinj expects. It may be
that Bitcoin Core accepts a redundant CA cert being provided, but if so
that'd fall in the category of openssl being generous. If there are issues
here, it sounds like an issue with node and not the spec. I'm not even sure
why it would matter - certs are just byte arrays so if node can sign a hash
with a private key, the rest should be easy.

With regards to the PKI I'd appreciate it if we don't go around that circle
again. Please remember one of the primary goals of all of this is to show
to the user on their hardware wallet a meaningful name. Almost all
merchants on the Internet already went through the process of associating a
public key with their name, using X.509.

Whilst for now your payment requests will have to be signed as BitPay, this
isn't ideal for the longer term and I'd like to design a protocol extension
to allow merchants to delegate their signature authority to you. In this
way they would be able to sign a secondary key with their own ssl key as
part of the enrolment process, and after that you could sign payment
requests on their behalf. Kind of like a Bitcoin  specific subcert (and
there would be no reason to use X.509 format for that).

Re: feedback url. How is this different to a result code in PaymentAck
which already caused much debate? Surely we want a payment to either work
out boy work and for that decision to be made immediately? Your invoice
page switches to a completed state once you see a tx be broadcast so that's
the "done" state today even if there are caveats. I'd like to see a status
code added to PaymentAck so receivers can reject payments if they are bad
in some way.
 On 19 Feb 2014 19:41, "Jeff Garzik" <jgarzik@bitpay.com> wrote:

> On Tue, Feb 18, 2014 at 4:40 PM, Andreas Schildbach
> <andreas@schildbach.de> wrote:
> > On 02/18/2014 08:14 PM, Ryan X. Charles wrote:
> >> BitPay is working on a new standard
> >> based on bitcoin-like addresses for authentication. It would be great if
> >> we could work with the community to establish a complete, decentralized
> >> authentication protocol.
> >
> > Sounds interesting, let us know as soon as you have anything.
>
> SINs.  See https://en.bitcoin.it/wiki/Identity_protocol_v1
>
> --
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc.      https://bitpay.com/
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--001a1134a7e48c99ac04f2c51871
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Thanks for the feedback guys!</p>
<p dir=3D"ltr">I would also like to understand the problems you&#39;ve been=
 having with certificates in node.js. FYI the CA cert is *not* supposed to =
be included, this matches what the code in Bitcoin Core and bitcoinj expect=
s. It may be that Bitcoin Core accepts a redundant CA cert being provided, =
but if so that&#39;d fall in the category of openssl being generous. If the=
re are issues here, it sounds like an issue with node and not the spec. I&#=
39;m not even sure why it would matter - certs are just byte arrays so if n=
ode can sign a hash with a private key, the rest should be easy.</p>

<p dir=3D"ltr">With regards to the PKI I&#39;d appreciate it if we don&#39;=
t go around that circle again. Please remember one of the primary goals of =
all of this is to show to the user on their hardware wallet a meaningful na=
me. Almost all merchants on the Internet already went through the process o=
f associating a public key with their name, using X.509.</p>

<p dir=3D"ltr">Whilst for now your payment requests will have to be signed =
as BitPay, this isn&#39;t ideal for the longer term and I&#39;d like to des=
ign a protocol extension to allow merchants to delegate their signature aut=
hority to you. In this way they would be able to sign a secondary key with =
their own ssl key as part of the enrolment process, and after that you coul=
d sign payment requests on their behalf. Kind of like a Bitcoin=C2=A0 speci=
fic subcert (and there would be no reason to use X.509 format for that).</p=
>

<p dir=3D"ltr">Re: feedback url. How is this different to a result code in =
PaymentAck which already caused much debate? Surely we want a payment to ei=
ther work out boy work and for that decision to be made immediately? Your i=
nvoice page switches to a completed state once you see a tx be broadcast so=
 that&#39;s the &quot;done&quot; state today even if there are caveats. I&#=
39;d like to see a status code added to PaymentAck so receivers can reject =
payments if they are bad in some way.<br>

</p>
<div class=3D"gmail_quote">On 19 Feb 2014 19:41, &quot;Jeff Garzik&quot; &l=
t;<a href=3D"mailto:jgarzik@bitpay.com">jgarzik@bitpay.com</a>&gt; wrote:<b=
r type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Feb 18, 2014 at 4:40 PM, Andreas Schildbach<br>
&lt;<a href=3D"mailto:andreas@schildbach.de">andreas@schildbach.de</a>&gt; =
wrote:<br>
&gt; On 02/18/2014 08:14 PM, Ryan X. Charles wrote:<br>
&gt;&gt; BitPay is working on a new standard<br>
&gt;&gt; based on bitcoin-like addresses for authentication. It would be gr=
eat if<br>
&gt;&gt; we could work with the community to establish a complete, decentra=
lized<br>
&gt;&gt; authentication protocol.<br>
&gt;<br>
&gt; Sounds interesting, let us know as soon as you have anything.<br>
<br>
SINs. =C2=A0See <a href=3D"https://en.bitcoin.it/wiki/Identity_protocol_v1"=
 target=3D"_blank">https://en.bitcoin.it/wiki/Identity_protocol_v1</a><br>
<br>
--<br>
Jeff Garzik<br>
Bitcoin core developer and open source evangelist<br>
BitPay, Inc. =C2=A0 =C2=A0 =C2=A0<a href=3D"https://bitpay.com/" target=3D"=
_blank">https://bitpay.com/</a><br>
<br>
---------------------------------------------------------------------------=
---<br>
Managing the Performance of Cloud-Based Applications<br>
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.<br>
Read the Whitepaper.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D121054471&amp;iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D121054471&amp;iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>

--001a1134a7e48c99ac04f2c51871--