1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1VOqF8-0001cQ-8w
for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 14:39:06 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.214.54 as permitted sender)
client-ip=209.85.214.54; envelope-from=mh.in.england@gmail.com;
helo=mail-bk0-f54.google.com;
Received: from mail-bk0-f54.google.com ([209.85.214.54])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VOqF6-00082x-Np
for bitcoin-development@lists.sourceforge.net;
Wed, 25 Sep 2013 14:39:06 +0000
Received: by mail-bk0-f54.google.com with SMTP id mz12so2328341bkb.13
for <bitcoin-development@lists.sourceforge.net>;
Wed, 25 Sep 2013 07:38:58 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.204.168.197 with SMTP id v5mr28054280bky.24.1380119938206;
Wed, 25 Sep 2013 07:38:58 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.204.237.74 with HTTP; Wed, 25 Sep 2013 07:38:58 -0700 (PDT)
In-Reply-To: <CAJHLa0NbEjnQ2V8HPjVfC_mZ33ojMBMQP2i90KvmEsZik7h3kA@mail.gmail.com>
References: <CABsx9T0Ly67ZNJhoRQk0L9Q0-ucq3e=24b5Tg6GRKspRKKtP-g@mail.gmail.com>
<521298F0.20108@petersson.at>
<CABsx9T3b--tfUmaxJxsXyM2f3Cw4M1oX1nX8o9WkW_haBmLctA@mail.gmail.com>
<CANEZrP2BOWk4FOUx4eVHvXmdSgx3zo_o18J8YBi2Uc_WkBAXKA@mail.gmail.com>
<CANEZrP0H9TVfQ3AGv6aBmS1DUa6MTWhSFAN1Jo4eimBEBQhPZw@mail.gmail.com>
<CABsx9T0TQ6Gg=muNP-rCZxan8_nAqeJt6ErYVOfnLJKrsLs81w@mail.gmail.com>
<CANEZrP2V72+-m-FOCsW3C2GBO7+=-0casKadeHncmNTYjyqJRA@mail.gmail.com>
<l1udst$uos$1@ger.gmane.org>
<CANEZrP03KsGHvGqcNT1Qs6qkJ4i050CPjwvGqTRRhbdkgMf_dA@mail.gmail.com>
<l1uhld$d68$1@ger.gmane.org>
<CANEZrP2ZbSUvNk+0bHCWw40r00D8ja-crrZPjvN0mgG+NaD52w@mail.gmail.com>
<l1uj7g$vds$1@ger.gmane.org>
<CAJHLa0NbEjnQ2V8HPjVfC_mZ33ojMBMQP2i90KvmEsZik7h3kA@mail.gmail.com>
Date: Wed, 25 Sep 2013 16:38:58 +0200
X-Google-Sender-Auth: CncDn4aKkpCJbE0dqb5xgG_vn3w
Message-ID: <CANEZrP3KJL1+4ks7VNMDSzNtWGP-5B7fJemD3m-TPQVBAwc_jw@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Jeff Garzik <jgarzik@bitpay.com>
Content-Type: multipart/alternative; boundary=bcaec52c5efbaa41bf04e7363680
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VOqF6-00082x-Np
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
Andreas Schildbach <andreas@schildbach.de>
Subject: Re: [Bitcoin-development] Payment Protocol: BIP 70, 71, 72
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 14:39:06 -0000
--bcaec52c5efbaa41bf04e7363680
Content-Type: text/plain; charset=UTF-8
Low light shouldn't be an issue for QRcodes generated by phones. They have
backlit screens that should always be bright enough. I can see how it might
be an issue for printed codes.
If your phone has no Bitcoin app installed then being redirected to an
invoice page is pretty useless, you still won't be able to pay the bill no
matter what (where do you get the money from?). If they are just raw HTTP
URLs then it means the effect of scanning a QRcode with a standalone
scanner app is different to scanning it inside the wallet, which is unlike
all other uses of QRcodes I know of. So I'm not really convinced by that UX
yet. Perhaps we can thrash it out in Amsterdam. Right now I'm thinking
QRcodes should always contain bitcoin URIs.
On Wed, Sep 25, 2013 at 4:31 PM, Jeff Garzik <jgarzik@bitpay.com> wrote:
> BitPay experimented with QR codes in low light, restaurant and other
> conditions. QR codes become difficult to use even at 100 chars.
>
> On the merchant side, we prefer a short URL that speaks payment
> protocol if visited via bitcoin client, but will gracefully work if
> scanned by a phone with zero bitcoin support -- you will simply be
> redirected to a BitPay invoice page for a normal browser.
>
>
>
> On Wed, Sep 25, 2013 at 7:59 AM, Andreas Schildbach
> <andreas@schildbach.de> wrote:
> > On 09/25/2013 01:45 PM, Mike Hearn wrote:
> >
> >> OK, it might fit if you don't use any of the features the protocol
> >> provides :)
> >
> > Now you're dver-dramaticing (-:
> >
> > I'm just skipping one feature which I think is useless for QR codes
> > scanned in person.
> >
> >> You can try it here:
> >
> > Thanks. A typical request would be around 60 bytes, which should produce
> > an URL with around 100 chars. That should be fine for scanning, but I
> > will experiment.
> >
> >> If you're thinking about governments and so on subverting CA's, then
> >> there is a plan for handling that (outside the Bitcoin world) called
> >> certificate transparency which is being implemented now.
> >
> > Good to hear. Let's see if it gets momentum.
> >
> >> Now when you are getting a QR code from the web, it's already being
> >> served over HTTPS. So if you're up against an attacker who can break a
> >> CA in order to steal your money, then you already lose, the QRcode
> >> itself as MITMd.
> >
> > Sure. I was talking about QR codes scanned in person.
> >
> >> In the Bluetooth case we might have to keep the address around and use
> >> it to do ECDHE or something like that.
> >
> > Yeah, will look at that as soon as we're implementing the payment
> > protocol fully.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > October Webinars: Code for Performance
> > Free Intel webinars can help you accelerate application performance.
> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> > the latest Intel processors and coprocessors. See abstracts and register
> >
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
> --
> Jeff Garzik
> Senior Software Engineer and open source evangelist
> BitPay, Inc. https://bitpay.com/
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--bcaec52c5efbaa41bf04e7363680
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Low light shouldn't be an issue for QRcodes generated =
by phones. They have backlit screens that should always be bright enough. I=
can see how it might be an issue for printed codes.<div><br></div><div>If =
your phone has no Bitcoin app installed then being redirected to an invoice=
page is pretty useless, you still won't be able to pay the bill no mat=
ter what (where do you get the money from?). If they are just raw HTTP URLs=
then it means the effect of scanning a QRcode with a standalone scanner ap=
p is different to scanning it inside the wallet, which is unlike all other =
uses of QRcodes I know of. So I'm not really convinced by that UX yet. =
Perhaps we can thrash it out in Amsterdam. Right now I'm thinking QRcod=
es should always contain bitcoin URIs.</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Wed,=
Sep 25, 2013 at 4:31 PM, Jeff Garzik <span dir=3D"ltr"><<a href=3D"mail=
to:jgarzik@bitpay.com" target=3D"_blank">jgarzik@bitpay.com</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">BitPay experimented with QR codes in low lig=
ht, restaurant and other<br>
conditions. =C2=A0QR codes become difficult to use even at 100 chars.<br>
<br>
On the merchant side, we prefer a short URL that speaks payment<br>
protocol if visited via bitcoin client, but will gracefully work if<br>
scanned by a phone with zero bitcoin support -- you will simply be<br>
redirected to a BitPay invoice page for a normal browser.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
<br>
On Wed, Sep 25, 2013 at 7:59 AM, Andreas Schildbach<br>
<<a href=3D"mailto:andreas@schildbach.de">andreas@schildbach.de</a>> =
wrote:<br>
> On 09/25/2013 01:45 PM, Mike Hearn wrote:<br>
><br>
>> OK, it might fit if you don't use any of the features the prot=
ocol<br>
>> provides :)<br>
><br>
> Now you're dver-dramaticing (-:<br>
><br>
> I'm just skipping one feature which I think is useless for QR code=
s<br>
> scanned in person.<br>
><br>
>> You can try it here:<br>
><br>
> Thanks. A typical request would be around 60 bytes, which should produ=
ce<br>
> an URL with around 100 chars. That should be fine for scanning, but I<=
br>
> will experiment.<br>
><br>
>> If you're thinking about governments and so on subverting CA&#=
39;s, then<br>
>> there is a plan for handling that (outside the Bitcoin world) call=
ed<br>
>> certificate transparency which is being implemented now.<br>
><br>
> Good to hear. Let's see if it gets momentum.<br>
><br>
>> Now when you are getting a QR code from the web, it's already =
being<br>
>> served over HTTPS. So if you're up against an attacker who can=
break a<br>
>> CA in order to steal your money, then you already lose, the QRcode=
<br>
>> itself as MITMd.<br>
><br>
> Sure. I was talking about QR codes scanned in person.<br>
><br>
>> In the Bluetooth case we might have to keep the address around and=
use<br>
>> it to do ECDHE or something like that.<br>
><br>
> Yeah, will look at that as soon as we're implementing the payment<=
br>
> protocol fully.<br>
><br>
><br>
><br>
> ----------------------------------------------------------------------=
--------<br>
> October Webinars: Code for Performance<br>
> Free Intel webinars can help you accelerate application performance.<b=
r>
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the mo=
st from<br>
> the latest Intel processors and coprocessors. See abstracts and regist=
er ><br>
> <a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D60133471&am=
p;iu=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net=
/gampad/clk?id=3D60133471&iu=3D/4140/ostg.clktrk</a><br>
> _______________________________________________<br>
> Bitcoin-development mailing list<br>
> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
<br>
<br>
<br>
</div></div><div class=3D"im HOEnZb">--<br>
Jeff Garzik<br>
Senior Software Engineer and open source evangelist<br>
BitPay, Inc. =C2=A0 =C2=A0 =C2=A0<a href=3D"https://bitpay.com/" target=3D"=
_blank">https://bitpay.com/</a><br>
<br>
</div><div class=3D"HOEnZb"><div class=3D"h5">-----------------------------=
-------------------------------------------------<br>
October Webinars: Code for Performance<br>
Free Intel webinars can help you accelerate application performance.<br>
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most fr=
om<br>
the latest Intel processors and coprocessors. See abstracts and register &g=
t;<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D60133471&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D60133471&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--bcaec52c5efbaa41bf04e7363680--
|
