1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jrn@jrn.me.uk>) id 1We6ds-0005d8-9n
for bitcoin-development@lists.sourceforge.net;
Sat, 26 Apr 2014 17:44:00 +0000
X-ACL-Warn:
Received: from s3.neomailbox.net ([178.209.62.157])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1We6dr-0007qY-4I
for bitcoin-development@lists.sourceforge.net;
Sat, 26 Apr 2014 17:44:00 +0000
Message-ID: <535BF056.6080804@jrn.me.uk>
Date: Sat, 26 Apr 2014 18:43:50 +0100
From: Ross Nicoll <jrn@jrn.me.uk>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Mike Hearn <mike@plan99.net>,
Gavin Andresen <gavinandresen@gmail.com>
References: <535ABD5D.7070509@jrn.me.uk> <CABsx9T3boaWYuY8S-Xz=bAxe+ne5iP7m8AnuciaAOmDx_3D4Fg@mail.gmail.com>
<CANEZrP3TuN2LFi3_7z29JncojbOZX=C-1BsJMp1AJ56k8wjgBg@mail.gmail.com>
In-Reply-To: <CANEZrP3TuN2LFi3_7z29JncojbOZX=C-1BsJMp1AJ56k8wjgBg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1We6dr-0007qY-4I
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Error handling in payment protocol
(BIP-0070 and BIP-0072)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 26 Apr 2014 17:44:00 -0000
I'd be very cautious of security implications of embedding files into
the payment request. Even file formats one would presume safe, such as
images, have had security issues (i.e.
https://technet.microsoft.com/library/security/ms11-006 )
Longer term I was wondering about embedding the PaymentRequest into web
pages directly via the <object> tag, which could eliminate need for
BIP0072 and potentially improve user interface integration that way.
Obviously this would require browser plugins, however.
Ross
On 26/04/14 18:36, Mike Hearn wrote:
>> PaymentRequests are limited to 50,000 bytes. I can't think of a reason why
>> Payment messages would need to be any bigger than that. Submit a pull
>> request to the existing BIP.
>>
> In future it might be nice to have images and things in the payment
> requests, to make UIs look prettier. But with the current version 50kb
> should be plenty indeed.
>
|
