Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WK20a-0008Ke-30 for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 08:44:28 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.180 as permitted sender) client-ip=209.85.214.180; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f180.google.com; Received: from mail-ob0-f180.google.com ([209.85.214.180]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WK20Z-0005gb-0V for bitcoin-development@lists.sourceforge.net; Sun, 02 Mar 2014 08:44:28 +0000 Received: by mail-ob0-f180.google.com with SMTP id wn1so103651obc.11 for ; Sun, 02 Mar 2014 00:44:21 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.60.134.200 with SMTP id pm8mr10940515oeb.40.1393749861610; Sun, 02 Mar 2014 00:44:21 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.71.231 with HTTP; Sun, 2 Mar 2014 00:44:21 -0800 (PST) Received: by 10.76.71.231 with HTTP; Sun, 2 Mar 2014 00:44:21 -0800 (PST) In-Reply-To: References: Date: Sun, 2 Mar 2014 09:44:21 +0100 X-Google-Sender-Auth: ffE3E78YETQGbVi5IGk0GFes7hg Message-ID: From: Mike Hearn To: Jeremy Spilman Content-Type: multipart/alternative; boundary=047d7b41783168435d04f39bad8b X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WK20Z-0005gb-0V Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2014 08:44:28 -0000 --047d7b41783168435d04f39bad8b Content-Type: text/plain; charset=UTF-8 SHA-1 support is there for PHP developers. Apparently it can't do SHA-2. On 2 Mar 2014 08:53, "Jeremy Spilman" wrote: > From BIP70: > > If pki_type is "x509+sha256", then the Payment message is hashed using > the > SHA256 algorithm to produce the message digest that is signed. If > pki_type > is "x509+sha1", then the SHA1 algorithm is used. > > A couple minor comments; > > - I think it meant to say the field to be hashed is 'PaymentRequest' not > 'Payment' message -- probably got renamed at some point and this is an old > reference calling it by its original name. > > - Could be a bit more explicit about the hashing, e.g. 'copy the > PaymentRequest, set the signature field to the empty string, serialize to > a byte[] and hash. > > - SHA1 is retiring, any particular reason to even have it in there at > all? > > - Should there any way for the end-user to see details like the pki_type > and the certificate chain, like browser do? > > > Thanks, > Jeremy > > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --047d7b41783168435d04f39bad8b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

SHA-1 support is there for PHP developers. Apparently it can= 't do SHA-2.

On 2 Mar 2014 08:53, "Jeremy Spilman" = <jeremy@taplink.co> wrote:
=C2=A0From BIP70:

=C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa= ge is hashed using
the
=C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.= If
pki_type
=C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.

A couple minor comments;

=C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ= est' not
'Payment' message -- probably got renamed at some point and this is= an old
reference calling it by its original name.

=C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the=
PaymentRequest, set the signature field to the empty string, serialize to a byte[] and hash.

=C2=A0 - SHA1 is retiring, any particular reason to even have it in there a= t all?

=C2=A0 - Should there any way for the end-user to see details like the pki_= type
and the certificate chain, like browser do?


Thanks,
Jeremy


---------------------------------------------------------------------------= ---
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment
--047d7b41783168435d04f39bad8b--