📅 Original date posted:2014-09-12
📝 Original message:On Fri, Sep 12, 2014 at 11:29 AM, Andreas Schildbach
<andreas at schildbach.de> wrote:
> This is the discussion post corresponding to this PR:
> https://github.com/bitcoin/bips/pull/106
>
> "Amend BIP72 by an "h" parameter, which contains a hash of the
> PaymentRequest message that is fetched via the "r" parameter.
>
> The hash is meant to link the trust anchor (e.g. the QR code) to the
> payment request message in a secure way. This will solve the problem
> several apps are comparing address+amount fields as a workaround
> instead, preventing some advanced BIP70 usecases. When these apps read a
> matching hash, they need not compare any of the other fields.
Sounds like a good idea to me.
I had no idea that some clients were comparing addresses and amounts
in the URI with the payment request for security, that seems like a
hacky and inflexible way. This is much better.
Wladimir
Wladimir [ARCHIVE] /
npub1xq…ymc2p
2023-06-07 15:25:40
in reply to nevent1q…3e7d
Author Public Key
npub1xqshkqv2g7uea4xzqwvmgjcz7u8vfavw6aazs999v0azsv3w7u3qpymc2pPublished at
2023-06-07 15:25:40Event JSON
{
"id": "f5531c0da44ecf336ea4e87759eff5501812908ef8d97d1a0e8471119e3bf980",
"pubkey": "30217b018a47b99ed4c20399b44b02f70ec4f58ed77a2814a563fa28322ef722",
"created_at": 1686151540,
"kind": 1,
"tags": [
[
"e",
"5045235f447739204820462b94c541446b82ef26097d3889eeeed0767ae1d197",
"",
"root"
],
[
"e",
"34f253f77642b47336cc4e33f03254cb3d82bf9e520fe46d4f1fb9d9e89c22f0",
"",
"reply"
],
[
"p",
"3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc"
]
],
"content": "📅 Original date posted:2014-09-12\n📝 Original message:On Fri, Sep 12, 2014 at 11:29 AM, Andreas Schildbach\n\u003candreas at schildbach.de\u003e wrote:\n\u003e This is the discussion post corresponding to this PR:\n\u003e https://github.com/bitcoin/bips/pull/106\n\u003e\n\u003e \"Amend BIP72 by an \"h\" parameter, which contains a hash of the\n\u003e PaymentRequest message that is fetched via the \"r\" parameter.\n\u003e\n\u003e The hash is meant to link the trust anchor (e.g. the QR code) to the\n\u003e payment request message in a secure way. This will solve the problem\n\u003e several apps are comparing address+amount fields as a workaround\n\u003e instead, preventing some advanced BIP70 usecases. When these apps read a\n\u003e matching hash, they need not compare any of the other fields.\n\nSounds like a good idea to me.\n\nI had no idea that some clients were comparing addresses and amounts\nin the URI with the payment request for security, that seems like a\nhacky and inflexible way. This is much better.\n\nWladimir",
"sig": "c719c14c6e2741a6bd5ede848af3e312b4c9fe0afa075d7a2be5c73e6924b4ca4fffedd1f82a3b062e18bae59f116c56969da6fb5664e27e2599bdf6eb254d17"
}