Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1Td7uL-00059C-Gc
	for bitcoin-development@lists.sourceforge.net;
	Mon, 26 Nov 2012 23:16:09 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.219.47 as permitted sender)
	client-ip=209.85.219.47; envelope-from=mh.in.england@gmail.com;
	helo=mail-oa0-f47.google.com; 
Received: from mail-oa0-f47.google.com ([209.85.219.47])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1Td7uK-0005M0-Pd
	for bitcoin-development@lists.sourceforge.net;
	Mon, 26 Nov 2012 23:16:09 +0000
Received: by mail-oa0-f47.google.com with SMTP id h1so12456660oag.34
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 26 Nov 2012 15:16:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.29.70 with SMTP id i6mr11076296oeh.38.1353971763469; Mon,
	26 Nov 2012 15:16:03 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.128.139 with HTTP; Mon, 26 Nov 2012 15:16:03 -0800 (PST)
In-Reply-To: <201211262313.44463.luke@dashjr.org>
References: <CABsx9T0PsGLEAWRCjEDDFWQrb+DnJWQZ7mFLaZewAEX6vD1eHw@mail.gmail.com>
	<CANEZrP1MOabVfzdf5P-ODyG8igazWOo0B64cMj7dnvnqtiVpSA@mail.gmail.com>
	<201211262313.44463.luke@dashjr.org>
Date: Tue, 27 Nov 2012 00:16:03 +0100
X-Google-Sender-Auth: If-kLyTEW54CUXRrgatZv3-t17c
Message-ID: <CANEZrP3nmUHbKsJVTL=mT62OwBU0bPj7S__1ep1KvyqSzsy1jQ@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Luke-Jr <luke@dashjr.org>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.1 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	0.4 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1Td7uK-0005M0-Pd
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Proposal:
	Invoices/Payments/Receipts
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 23:16:09 -0000

They could be included as well of course, but from a seller
perspective the most important thing is consistency. You have to be
able to predict what CAs the user has, otherwise your invoice would
appear in the UI as unverified and is subject to manipulation by
viruses, etc.

So using the OS cert store would effectively restrict merchants to the
intersection of what ships in all the operating systems their users
use, which could be unnecessarily restrictive. As far as I know, every
browser has its own cert store for that reason.