1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1WK20a-0008Ke-30
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 08:44:28 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.214.180 as permitted sender)
client-ip=209.85.214.180; envelope-from=mh.in.england@gmail.com;
helo=mail-ob0-f180.google.com;
Received: from mail-ob0-f180.google.com ([209.85.214.180])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WK20Z-0005gb-0V
for bitcoin-development@lists.sourceforge.net;
Sun, 02 Mar 2014 08:44:28 +0000
Received: by mail-ob0-f180.google.com with SMTP id wn1so103651obc.11
for <bitcoin-development@lists.sourceforge.net>;
Sun, 02 Mar 2014 00:44:21 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.60.134.200 with SMTP id pm8mr10940515oeb.40.1393749861610;
Sun, 02 Mar 2014 00:44:21 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.76.71.231 with HTTP; Sun, 2 Mar 2014 00:44:21 -0800 (PST)
Received: by 10.76.71.231 with HTTP; Sun, 2 Mar 2014 00:44:21 -0800 (PST)
In-Reply-To: <op.xb2352ezyldrnw@laptop-air>
References: <op.xb05iptvyldrnw@laptop-air>
<op.xb2352ezyldrnw@laptop-air>
Date: Sun, 2 Mar 2014 09:44:21 +0100
X-Google-Sender-Auth: ffE3E78YETQGbVi5IGk0GFes7hg
Message-ID: <CANEZrP22SF4bD2pA3MyNmAojUmtZ20r=eL2Lgt=Fa4ZJyG=5SA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Jeremy Spilman <jeremy@taplink.co>
Content-Type: multipart/alternative; boundary=047d7b41783168435d04f39bad8b
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WK20Z-0005gb-0V
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Payment Protocol Hash Comments
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 08:44:28 -0000
--047d7b41783168435d04f39bad8b
Content-Type: text/plain; charset=UTF-8
SHA-1 support is there for PHP developers. Apparently it can't do SHA-2.
On 2 Mar 2014 08:53, "Jeremy Spilman" <jeremy@taplink.co> wrote:
> From BIP70:
>
> If pki_type is "x509+sha256", then the Payment message is hashed using
> the
> SHA256 algorithm to produce the message digest that is signed. If
> pki_type
> is "x509+sha1", then the SHA1 algorithm is used.
>
> A couple minor comments;
>
> - I think it meant to say the field to be hashed is 'PaymentRequest' not
> 'Payment' message -- probably got renamed at some point and this is an old
> reference calling it by its original name.
>
> - Could be a bit more explicit about the hashing, e.g. 'copy the
> PaymentRequest, set the signature field to the empty string, serialize to
> a byte[] and hash.
>
> - SHA1 is retiring, any particular reason to even have it in there at
> all?
>
> - Should there any way for the end-user to see details like the pki_type
> and the certificate chain, like browser do?
>
>
> Thanks,
> Jeremy
>
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--047d7b41783168435d04f39bad8b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">SHA-1 support is there for PHP developers. Apparently it can=
't do SHA-2.</p>
<div class=3D"gmail_quote">On 2 Mar 2014 08:53, "Jeremy Spilman" =
<<a href=3D"mailto:jeremy@taplink.co">jeremy@taplink.co</a>> wrote:<b=
r type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=C2=A0From BIP70:<br>
<br>
=C2=A0 =C2=A0If pki_type is "x509+sha256", then the Payment messa=
ge is hashed using<br>
the<br>
=C2=A0 =C2=A0SHA256 algorithm to produce the message digest that is signed.=
If<br>
pki_type<br>
=C2=A0 =C2=A0is "x509+sha1", then the SHA1 algorithm is used.<br>
<br>
A couple minor comments;<br>
<br>
=C2=A0 - I think it meant to say the field to be hashed is 'PaymentRequ=
est' not<br>
'Payment' message -- probably got renamed at some point and this is=
an old<br>
reference calling it by its original name.<br>
<br>
=C2=A0 - Could be a bit more explicit about the hashing, e.g. 'copy the=
<br>
PaymentRequest, set the signature field to the empty string, serialize to<b=
r>
a byte[] and hash.<br>
<br>
=C2=A0 - SHA1 is retiring, any particular reason to even have it in there a=
t all?<br>
<br>
=C2=A0 - Should there any way for the end-user to see details like the pki_=
type<br>
and the certificate chain, like browser do?<br>
<br>
<br>
Thanks,<br>
Jeremy<br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
Flow-based real-time traffic analytics software. Cisco certified tool.<br>
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer<br>
Customize your own dashboards, set traffic alerts and generate reports.<br>
Network behavioral analysis & security monitoring. All-in-one tool.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D126839071&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D126839071&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div>
--047d7b41783168435d04f39bad8b--
|
