From rusty at rustcorp.com.au Mon Nov 5 06:09:01 2018 From: rusty at rustcorp.com.au (Rusty Russell) Date: Mon, 05 Nov 2018 16:39:01 +1030 Subject: [Lightning-dev] BOLT11 In the World of Scriptless Scripts In-Reply-To: <20181105021803.xbjek3qsr6vpvkpl@erisian.com.au> References: <87sh0ke4rt.fsf@rustcorp.com.au> <20181102031945.uyf74qr73wspsktb@erisian.com.au> <87d0rodppt.fsf@rustcorp.com.au> <20181103044332.el2ro3sso3rcmwpg@erisian.com.au> <875zxdczrz.fsf@rustcorp.com.au> <20181104042613.tbuhxkhxdtgzwtjw@erisian.com.au> <871s81b2zn.fsf@rustcorp.com.au> <20181105021803.xbjek3qsr6vpvkpl@erisian.com.au> Message-ID: <87d0rk839e.fsf@rustcorp.com.au> Anthony Towns writes: > FWIW, I don't see reddit as a particularly viable "court"; there's > no way for reddit to tell who's actually right in a dispute, eg if I > say blockstream didn't send stickers I paid for, and blockstream says > they did; ie there's no need for a sock puppet in the above scenario, > blockstream can just say "according to our records you signed for > delivery, stop whinging". Well, in that case they can show a tracking number and Canada Post link? We will eventually develop systems of arbitration better than "whining on reddit/twitter", but that's where bitcoin was in its early days, so I use it as a useful starting point to think about receipts when we lack an intermediary. > I think there's maybe four sorts of "proof of payment" people might > desire: > > 0) no proof: "completely" deniable payments (donations?) > > 1) shared secret: ability to prove directly to the payee that an > invoice was paid (what we have now) We also, importantly, have the ability to tie the receipt to the invoice. > 2) signed payment: ability to prove to a different business unit of > the payee that payment was made, so that you can keep all the > secrets in the payment-handling part, and have the service-delivery > part not be at risk for losing all your money Hmm, this requires auditing the current commitment transaction I think ("see, I'm holding the money!"). I have to think about this some more... > 3) third-party verifiable: so you can associate a payment with real > world identity information, and take them to court (or reddit) as a > contract dispute; needs PKI infrastructure so you can be confident > the pubkey maps to the real world people you think it does, etc Yes, we're still missing that last mile between the merchant and the nodeid. There's a proposal to do this with DNS records, there's the LetsEncrypt-style "serve this URL", but we also need something like Certificate Transparency so I can reliably get old nodeids... But the perfect is the enemy of the good, too. Cheers, Rusty.