1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <melvincarvalho@gmail.com>) id 1UV2SH-00012t-Gc
for bitcoin-development@lists.sourceforge.net;
Wed, 24 Apr 2013 16:22:01 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.217.170 as permitted sender)
client-ip=209.85.217.170; envelope-from=melvincarvalho@gmail.com;
helo=mail-lb0-f170.google.com;
Received: from mail-lb0-f170.google.com ([209.85.217.170])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1UV2SG-0004ga-0o
for bitcoin-development@lists.sourceforge.net;
Wed, 24 Apr 2013 16:22:01 +0000
Received: by mail-lb0-f170.google.com with SMTP id r10so1360725lbi.1
for <bitcoin-development@lists.sourceforge.net>;
Wed, 24 Apr 2013 09:21:53 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.112.145.230 with SMTP id sx6mr9764374lbb.49.1366820513042;
Wed, 24 Apr 2013 09:21:53 -0700 (PDT)
Received: by 10.112.143.38 with HTTP; Wed, 24 Apr 2013 09:21:52 -0700 (PDT)
In-Reply-To: <CANEZrP2OPU8cpvUJ0B8z00PPp6jOGCjQ1ipZ9mq8_LSLo4Rebg@mail.gmail.com>
References: <CANEZrP2OPU8cpvUJ0B8z00PPp6jOGCjQ1ipZ9mq8_LSLo4Rebg@mail.gmail.com>
Date: Wed, 24 Apr 2013 18:21:52 +0200
Message-ID: <CAKaEYhJMr9mA50mC3xYsQ_L8B05PKTfXaW2aJ7FgF2sf+ZWC6Q@mail.gmail.com>
From: Melvin Carvalho <melvincarvalho@gmail.com>
To: Mike Hearn <mike@plan99.net>
Content-Type: multipart/alternative; boundary=047d7b3a7d9226d6f804db1db3ea
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(melvincarvalho[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1UV2SG-0004ga-0o
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] BIP21 bitcoin URIs and HTML5
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2013 16:22:01 -0000
--047d7b3a7d9226d6f804db1db3ea
Content-Type: text/plain; charset=ISO-8859-1
On 24 April 2013 09:42, Mike Hearn <mike@plan99.net> wrote:
> HTML5 allows web apps to register themselves for handling URI schemes,
> such as the bitcoin: URI that is already in use and being extended as part
> of the payment protocol.
>
> The bad news is that for security reasons there is a whitelist of
> acceptable schemes in the spec:
>
>
> http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-navigator-registerprotocolhandler
>
> The good news is that yesterday I talked to Hixie about it and he added
> bitcoin to the whitelist:
>
> http://html5.org/tools/web-apps-tracker?from=7849&to=7850
>
> I'm currently finding out what the process is for browser makers to notice
> the change (perhaps they watch the spec commit history and nothing needs to
> be done), but within a few months most users should have browsers that can
> accept bitcoin as a web-app handleable protocol scheme. I suppose IE10
> users may be the laggards, but I guess we can live with that for now.
>
This is great news for bitcon, and the IANA application will be improved if
there is evidence of it being used
>
> Ian pointed out some errors in the BIP21 spec. What's the process for
> amending the BIP? Do we need to create a new one and mark the old one as
> replaced, or can we just fix it in place given the relatively exotic nature
> of most of the issues? Here's his feedback:
>
>
> - BNF doesn't say what it's character set is (presumably it's Unicode)
>
> - "bitcoinparams" production doesn't define the separator, so in theory
> the syntax is ...?label=foomessage=fooother=foo (rather than
> ...?label=foo&message=foo etc)
>
> - the syntax allows ?amount=FOO&amount=1.1 as far as I can tell, since
> "otherparam" matches any name followed by any value, including "amount"
> followed by a bogus value.
>
> - "pchar" is referenced without definition.
>
> - the "simpler" syntax is just wrong (it would result in
> bitcoin:address?amount=1?label=FOO rather
> than bitcoin:address?amount=1&label=FOO)
>
> BTW the IETF URL specs are being obsoleted by http://url.spec.whatwg.org/,
> at least for Web purposes. In that case matters.
>
Not 100% sure how accurate this is, tho it may be the world view of some
folks in WHATWG. WHATWG is not a major standards body tho. Work on
improving the URL spec is always welcome, as it is the value proposition of
the Web.
>
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--047d7b3a7d9226d6f804db1db3ea
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 24 April 2013 09:42, Mike Hearn <span dir=3D"ltr"><<a href=3D=
"mailto:mike@plan99.net" target=3D"_blank">mike@plan99.net</a>></span> w=
rote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">HTML5 allows web apps to re=
gister themselves for handling URI schemes, such as the bitcoin: URI that i=
s already in use and being extended as part of the payment protocol.<div>
<br></div><div>The bad news is that for security reasons there is a whiteli=
st of acceptable schemes in the spec:</div>
<div><br></div><div><a href=3D"http://www.whatwg.org/specs/web-apps/current=
-work/multipage/timers.html#dom-navigator-registerprotocolhandler" target=
=3D"_blank">http://www.whatwg.org/specs/web-apps/current-work/multipage/tim=
ers.html#dom-navigator-registerprotocolhandler</a><br>
</div><div><br></div><div>The good news is that yesterday I talked to Hixie=
about it and he added bitcoin to the whitelist:</div><div><br></div><div><=
a href=3D"http://html5.org/tools/web-apps-tracker?from=3D7849&to=3D7850=
" target=3D"_blank">http://html5.org/tools/web-apps-tracker?from=3D7849&=
;to=3D7850</a></div>
<div><br></div><div>I'm currently finding out what the process is for b=
rowser makers to notice the change (perhaps they watch the spec commit hist=
ory and nothing needs to be done), but within a few months most users shoul=
d have browsers that can accept bitcoin as a web-app handleable protocol sc=
heme. I suppose IE10 users may be the laggards, but I guess we can live wit=
h that for now.</div>
</div></blockquote><div><br></div><div>This is great news for bitcon, and t=
he IANA application will be improved if there is evidence of it being used<=
br></div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr">
<div><br></div><div>Ian pointed out some errors in the BIP21 spec. What'=
;s the process for amending the BIP? Do we need to create a new one and mar=
k the old one as replaced, or can we just fix it in place given the relativ=
ely exotic nature of most of the issues? Here's his feedback:</div>
<div><br></div><div><br></div><div><div class=3D"gmail_extra">- BNF doesn&#=
39;t say what it's character set is (presumably it's Unicode)</div>=
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">
=A0- "bitcoinparams" production doesn't define the separator,=
so in theory the syntax is ...?label=3Dfoomessage=3Dfooother=3Dfoo (rather=
than ...?label=3Dfoo&message=3Dfoo etc)</div><div class=3D"gmail_extra=
"><br></div>
<div class=3D"gmail_extra">- the syntax allows ?amount=3DFOO&amount=3D1=
.1 as far as I can tell, since "otherparam" matches any name foll=
owed by any value, including "amount" followed by a bogus value.<=
/div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><span style=
=3D"font-family:arial,sans-serif;font-size:13px">- "pchar" is ref=
erenced without definition.</span><br style=3D"font-family:arial,sans-serif=
;font-size:13px">
<div class=3D"gmail_extra" style=3D"font-family:arial,sans-serif;font-size:=
13px"><br>- the "simpler" syntax is just wrong (it would result i=
n bitcoin:address?amount=3D1?label=3DFOO rather than=A0bitcoin:address?amou=
nt=3D1&label=3DFOO)</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">BTW the IETF URL specs=
are being obsoleted by=A0<a href=3D"http://url.spec.whatwg.org/" target=3D=
"_blank">http://url.spec.whatwg.org/</a>, at least for Web purposes. In tha=
t case matters.</div>
</div></div></div></blockquote><div><br></div><div>Not 100% sure how accura=
te this is, tho it may be the world view of some folks in WHATWG.=A0 WHATWG=
is not a major standards body tho.=A0 Work on improving the URL spec is al=
ways welcome, as it is the value proposition of the Web.<br>
</div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0=
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div><d=
iv class=3D"gmail_extra">
<div><br></div></div></div></div>
<br>-----------------------------------------------------------------------=
-------<br>
Try New Relic Now & We'll Send You this Cool Shirt<br>
New Relic is the only SaaS-based application performance monitoring service=
<br>
that delivers powerful full stack analytics. Optimize and monitor your<br>
browser, app, & servers with just a few lines of code. Try New Relic<br=
>
and get this awesome Nerd Life shirt! <a href=3D"http://p.sf.net/sfu/newrel=
ic_d2d_apr" target=3D"_blank">http://p.sf.net/sfu/newrelic_d2d_apr</a><br>_=
______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div></div>
--047d7b3a7d9226d6f804db1db3ea--
|