path: root/46/f12da0b7b99d1466a6bd5a35d4adbccf200628

Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <kgreenek@gmail.com>) id 1WeJuJ-00075L-Sq
	for bitcoin-development@lists.sourceforge.net;
	Sun, 27 Apr 2014 07:53:51 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.160.176 as permitted sender)
	client-ip=209.85.160.176; envelope-from=kgreenek@gmail.com;
	helo=mail-yk0-f176.google.com; 
Received: from mail-yk0-f176.google.com ([209.85.160.176])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WeJuJ-00057v-1n
	for bitcoin-development@lists.sourceforge.net;
	Sun, 27 Apr 2014 07:53:51 +0000
Received: by mail-yk0-f176.google.com with SMTP id 19so4716593ykq.21
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 27 Apr 2014 00:53:45 -0700 (PDT)
X-Received: by 10.236.125.12 with SMTP id y12mr28030044yhh.42.1398585225553;
	Sun, 27 Apr 2014 00:53:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.170.75.213 with HTTP; Sun, 27 Apr 2014 00:53:25 -0700 (PDT)
In-Reply-To: <535BF056.6080804@jrn.me.uk>
References: <535ABD5D.7070509@jrn.me.uk>
	<CABsx9T3boaWYuY8S-Xz=bAxe+ne5iP7m8AnuciaAOmDx_3D4Fg@mail.gmail.com>
	<CANEZrP3TuN2LFi3_7z29JncojbOZX=C-1BsJMp1AJ56k8wjgBg@mail.gmail.com>
	<535BF056.6080804@jrn.me.uk>
From: Kevin Greene <kgreenek@gmail.com>
Date: Sun, 27 Apr 2014 00:53:25 -0700
Message-ID: <CAEY8wq69Ev9B9fqJgBUBdjgh3pktWnfELHnau_0x7q6aAFtTEA@mail.gmail.com>
To: Ross Nicoll <jrn@jrn.me.uk>
Content-Type: multipart/alternative; boundary=20cf303a36a18eaa8d04f8017f4c
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(kgreenek[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WeJuJ-00057v-1n
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Error handling in payment protocol
 (BIP-0070 and BIP-0072)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2014 07:53:52 -0000

--20cf303a36a18eaa8d04f8017f4c
Content-Type: text/plain; charset=UTF-8

Keep in mind that links don't always come embedded in html. Think of native
mobile apps.



On Sat, Apr 26, 2014 at 10:43 AM, Ross Nicoll <jrn@jrn.me.uk> wrote:

> I'd be very cautious of security implications of embedding files into
> the payment request. Even file formats one would presume safe, such as
> images, have had security issues (i.e.
> https://technet.microsoft.com/library/security/ms11-006 )
>
> Longer term I was wondering about embedding the PaymentRequest into web
> pages directly via the <object> tag, which could eliminate need for
> BIP0072 and potentially improve user interface integration that way.
> Obviously this would require browser plugins, however.
>
> Ross
>
> On 26/04/14 18:36, Mike Hearn wrote:
> >> PaymentRequests are limited to 50,000 bytes. I can't think of a reason
> why
> >> Payment messages would need to be any bigger than that. Submit a pull
> >> request to the existing BIP.
> >>
> > In future it might be nice to have images and things in the payment
> > requests, to make UIs look prettier. But with the current version 50kb
> > should be plenty indeed.
> >
>
>
>
> ------------------------------------------------------------------------------
> Start Your Social Network Today - Download eXo Platform
> Build your Enterprise Intranet with eXo Platform Software
> Java Based Open Source Intranet - Social, Extensible, Cloud Ready
> Get Started Now And Turn Your Intranet Into A Collaboration Platform
> http://p.sf.net/sfu/ExoPlatform
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--20cf303a36a18eaa8d04f8017f4c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"color:#336666">Keep =
in mind that links don&#39;t always come embedded in html. Think of native =
mobile apps.<br></div><div class=3D"gmail_default" style=3D"color:#336666">=
<br></div>

</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sat,=
 Apr 26, 2014 at 10:43 AM, Ross Nicoll <span dir=3D"ltr">&lt;<a href=3D"mai=
lto:jrn@jrn.me.uk" target=3D"_blank">jrn@jrn.me.uk</a>&gt;</span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex">

I&#39;d be very cautious of security implications of embedding files into<b=
r>
the payment request. Even file formats one would presume safe, such as<br>
images, have had security issues (i.e.<br>
<a href=3D"https://technet.microsoft.com/library/security/ms11-006" target=
=3D"_blank">https://technet.microsoft.com/library/security/ms11-006</a> )<b=
r>
<br>
Longer term I was wondering about embedding the PaymentRequest into web<br>
pages directly via the &lt;object&gt; tag, which could eliminate need for<b=
r>
BIP0072 and potentially improve user interface integration that way.<br>
Obviously this would require browser plugins, however.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Ross<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
On 26/04/14 18:36, Mike Hearn wrote:<br>
&gt;&gt; PaymentRequests are limited to 50,000 bytes. I can&#39;t think of =
a reason why<br>
&gt;&gt; Payment messages would need to be any bigger than that. Submit a p=
ull<br>
&gt;&gt; request to the existing BIP.<br>
&gt;&gt;<br>
&gt; In future it might be nice to have images and things in the payment<br=
>
&gt; requests, to make UIs look prettier. But with the current version 50kb=
<br>
&gt; should be plenty indeed.<br>
&gt;<br>
<br>
<br>
</div></div><div class=3D"HOEnZb"><div class=3D"h5">-----------------------=
-------------------------------------------------------<br>
Start Your Social Network Today - Download eXo Platform<br>
Build your Enterprise Intranet with eXo Platform Software<br>
Java Based Open Source Intranet - Social, Extensible, Cloud Ready<br>
Get Started Now And Turn Your Intranet Into A Collaboration Platform<br>
<a href=3D"http://p.sf.net/sfu/ExoPlatform" target=3D"_blank">http://p.sf.n=
et/sfu/ExoPlatform</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>

--20cf303a36a18eaa8d04f8017f4c--