1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1WK3np-0001i1-Eo
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 10:39:25 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.43 as permitted sender)
client-ip=209.85.219.43; envelope-from=mh.in.england@gmail.com;
helo=mail-oa0-f43.google.com;
Received: from mail-oa0-f43.google.com ([209.85.219.43])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WK3no-0006RD-AT
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 10:39:25 +0000
Received: by mail-oa0-f43.google.com with SMTP id g12so5913769oah.30
for <bitcoin-development@lists.sourceforge.net>;
Sun, 02 Mar 2014 02:39:19 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.182.2.42 with SMTP id 10mr354obr.73.1393756758948; Sun, 02
Mar 2014 02:39:18 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.71.231 with HTTP; Sun, 2 Mar 2014 02:39:18 -0800 (PST)
In-Reply-To: <CANAnSg1fwkzXebbCMEf6XeGD0SG+ny=vKW-2nC_40yhkn1LVkg@mail.gmail.com>
References: <op.xb05iptvyldrnw@laptop-air> <op.xb2352ezyldrnw@laptop-air>
<CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com>
<CANAnSg1fwkzXebbCMEf6XeGD0SG+ny=vKW-2nC_40yhkn1LVkg@mail.gmail.com>
Date: Sun, 2 Mar 2014 11:39:18 +0100
X-Google-Sender-Auth: BNtuMjWgQbhmRs1fJK88spj5pTY
Message-ID: <CANEZrP3owLtLnBHZ4vEBYcdkQ0WtpDDQ8CXK+92oNd1rgaEZyg@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Drak <drak@zikula.org>
Content-Type: multipart/alternative; boundary=001a1134ad0685423204f39d4816
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WK3no-0006RD-AT
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 10:39:25 -0000
--001a1134ad0685423204f39d4816
Content-Type: text/plain; charset=UTF-8
I'm just repeating the rationale Gavin gave me for adding this to the spec
last year when he was implementing it. Perhaps it only applied to some
versions of PHP or something like that.
Jeremy, good comments. A pull request to fix those would be good.
One issue I seem looming on the horizon is that we'll need a version of the
payment protocol document that's living. Trying to reverse engineer the
current spec by manually reading all the BIPs and layering them in your
head is a non starter.
On Sun, Mar 2, 2014 at 9:52 AM, Drak <drak@zikula.org> wrote:
> Not true, PHP does support sha2
>
> http://php.net/manual/en/mhash.constants.php
>
> http://php.net/manual/en/function.hash-algos.php#refsect1-function.hash-algos-examples
> On 2 Mar 2014 08:44, "Mike Hearn" <mike@plan99.net> wrote:
>
>> SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
>> On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy@taplink.co> wrote:
>>
>>> From BIP70:
>>>
>>> If pki_type is "x509+sha256", then the Payment message is hashed using
>>> the
>>> SHA256 algorithm to produce the message digest that is signed. If
>>> pki_type
>>> is "x509+sha1", then the SHA1 algorithm is used.
>>>
>>> A couple minor comments;
>>>
>>> - I think it meant to say the field to be hashed is 'PaymentRequest'
>>> not
>>> 'Payment' message -- probably got renamed at some point and this is an
>>> old
>>> reference calling it by its original name.
>>>
>>> - Could be a bit more explicit about the hashing, e.g. 'copy the
>>> PaymentRequest, set the signature field to the empty string, serialize to
>>> a byte[] and hash.
>>>
>>> - SHA1 is retiring, any particular reason to even have it in there at
>>> all?
>>>
>>> - Should there any way for the end-user to see details like the
>>> pki_type
>>> and the certificate chain, like browser do?
>>>
>>>
>>> Thanks,
>>> Jeremy
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Flow-based real-time traffic analytics software. Cisco certified tool.
>>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>>> Customize your own dashboards, set traffic alerts and generate reports.
>>> Network behavioral analysis & security monitoring. All-in-one tool.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Flow-based real-time traffic analytics software. Cisco certified tool.
>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
>> Customize your own dashboards, set traffic alerts and generate reports.
>> Network behavioral analysis & security monitoring. All-in-one tool.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
--001a1134ad0685423204f39d4816
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I'm just repeating the rationale Gavin gave me for add=
ing this to the spec last year when he was implementing it. Perhaps it only=
applied to some versions of PHP or something like that.<div><br></div><div=
>
Jeremy, good comments. A pull request to fix those would be good.</div><div=
><br></div><div>One issue I seem looming on the horizon is that we'll n=
eed a version of the payment protocol document that's living. Trying to=
reverse engineer the current spec by manually reading all the BIPs and lay=
ering them in your head is a non starter.</div>
<div><br></div><div><br></div></div><div class=3D"gmail_extra"><br><br><div=
class=3D"gmail_quote">On Sun, Mar 2, 2014 at 9:52 AM, Drak <span dir=3D"lt=
r"><<a href=3D"mailto:drak@zikula.org" target=3D"_blank">drak@zikula.org=
</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><p dir=3D"ltr">Not true, PHP does support sh=
a2</p>
<p dir=3D"ltr"><a href=3D"http://php.net/manual/en/mhash.constants.php" tar=
get=3D"_blank">http://php.net/manual/en/mhash.constants.php</a><br>
<a href=3D"http://php.net/manual/en/function.hash-algos.php#refsect1-functi=
on.hash-algos-examples" target=3D"_blank">http://php.net/manual/en/function=
.hash-algos.php#refsect1-function.hash-algos-examples</a></p><div class=3D"=
HOEnZb">
<div class=3D"h5">
<div class=3D"gmail_quote">On 2 Mar 2014 08:44, "Mike Hearn" <=
<a href=3D"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>>=
; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir=3D"ltr">SHA-1 support is there for PHP developers. Apparently it can=
't do SHA-2.</p>
<div class=3D"gmail_quote">On 2 Mar 2014 08:53, "Jeremy Spilman" =
<<a href=3D"mailto:jeremy@taplink.co" target=3D"_blank">jeremy@taplink.c=
o</a>> wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=C2=A0From BIP70:<br>
<br>
=C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa=
ge is hashed using<br>
the<br>
=C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.=
If<br>
pki_type<br>
=C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.<br>
<br>
A couple minor comments;<br>
<br>
=C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ=
est' not<br>
'Payment' message -- probably got renamed at some point and this is=
an old<br>
reference calling it by its original name.<br>
<br>
=C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the=
<br>
PaymentRequest, set the signature field to the empty string, serialize to<b=
r>
a byte[] and hash.<br>
<br>
=C2=A0 - SHA1 is retiring, any particular reason to even have it in there a=
t all?<br>
<br>
=C2=A0 - Should there any way for the end-user to see details like the pki_=
type<br>
and the certificate chain, like browser do?<br>
<br>
<br>
Thanks,<br>
Jeremy<br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
Flow-based real-time traffic analytics software. Cisco certified tool.<br>
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br>
Customize your own dashboards, set traffic alerts and generate reports.<br>
Network behavioral analysis & security monitoring. All-in-one tool.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>
<br>-----------------------------------------------------------------------=
-------<br>
Flow-based real-time traffic analytics software. Cisco certified tool.<br>
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br>
Customize your own dashboards, set traffic alerts and generate reports.<br>
Network behavioral analysis & security monitoring. All-in-one tool.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>__________________=
_____________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div>
</div></div></blockquote></div><br></div>
--001a1134ad0685423204f39d4816--
|
