Chuck [ARCHIVE] on Nostr: 📅 Original date posted:2014-01-30 📝 Original message:I spoke briefly with Peter ...
📅 Original date posted:2014-01-30
📝 Original message:I spoke briefly with Peter (sipa). He recommend I forward this post to
the mailing list for further discussion.
My apologies if this has been discussed before, but I was curious about
some things re BIP70 message delivery. In particular, I don't clearly
see the value of the PaymentACK message. Allow me to explain...
The current BIP70 workflow designates PaymentACK as the final message in
a payment exchange. However, it doesn't appear that any mention is made
of what happens if that delivery fails. I assume that re-delivery is
left as a detail to the implementation, actually.
For sake of argument, let's assume that PaymentACK is never delivered
either because of a network outage or a malicious merchant or
incompatible software between wallets or a bug. I ask myself: what
would be necessary for sufficient proof of payment, say, to an arbiter?
I presume the receipt R=(PaymentRequest,[transactions]) would suffice.
Am I correct there?
But if the PaymentRequest and broadcasted transactions are enough to
prove payment, what's the point of the Payment message? The merchant
never has to verify the Payment message, possibly maliciously ignoring
it. In the well-behaved case, I presume the point is to help the
merchant associate some arbitrary data with the purchase as well as
provide a refunding address for the customer. If that's the case,
couldn't this protocol be slightly improved like so:
Required steps:
1. Customer clicks "pay now"
2. Merchant sends PaymentRequest/PaymentDetails, which should be signed
3. Customer builds a set of transactions and sends a new
PaymentApprovalRequest message which includes a refund address and the
unsigned transactions and their associated fully-signed transaction
hash, the whole message signed with the private key of the refund address.
4. Merchant responds with PaymentApproved message, signing the
PaymentApprovalRequest message with the same key from step 2.
Optional steps:
5. The customer can send a Payment message, which is only a set of
signed transactions.
6. The merchant can respond with a PaymentACK message.
In Step 4, the merchant is acknowledging that if the transactions
provided PaymentApprovalRequest are broadcast, then payment is complete
and no other steps are required. Steps 5 and 6 aren't required but are
considered considerate:)
After step 4, all the merchant needs is to do is watch for the
transactions that were listed in PaymentApprovalRequest. The
(PaymentApproved,[signed transactions]) pair is the customer's proof of
payment and this proof of payment includes a refund address that the
merchant has agreed to prior to payment, instead of after. Step 3 & 4
also allow the merchant to verify transactions, providing an extra layer
of redundancy. The merchant will also be able to ack on fees, time lock
(time sensitive purchases?), sequence numbers, etc.
In Step 3, it's critical the customer sign the message with the private
key of the refund address, so that the merchant can be confident the
refund address is correct.
In each step along the way until step 5, if a message delivery fails
nobody is harmed because the purchase is incomplete.
Thoughts?
Chuck
Published at
2023-06-07 15:12:49Event JSON
{
"id": "1ec70f271ee7582fe2d75f72e16d0621fdd8e7c730f84ba0a6883983f5c34537",
"pubkey": "31fc418002a35b6a48e41e212021606bbb8b80d712f5f72b9df407cacad2761e",
"created_at": 1686150769,
"kind": 1,
"tags": [
[
"e",
"ca814c3187baf530859293da884d43f9b75d876aac144840146db91ec4b86815",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2014-01-30\n📝 Original message:I spoke briefly with Peter (sipa). He recommend I forward this post to \nthe mailing list for further discussion.\n\nMy apologies if this has been discussed before, but I was curious about \nsome things re BIP70 message delivery. In particular, I don't clearly \nsee the value of the PaymentACK message. Allow me to explain...\n\nThe current BIP70 workflow designates PaymentACK as the final message in \na payment exchange. However, it doesn't appear that any mention is made \nof what happens if that delivery fails. I assume that re-delivery is \nleft as a detail to the implementation, actually.\n\nFor sake of argument, let's assume that PaymentACK is never delivered \neither because of a network outage or a malicious merchant or \nincompatible software between wallets or a bug. I ask myself: what \nwould be necessary for sufficient proof of payment, say, to an arbiter? \nI presume the receipt R=(PaymentRequest,[transactions]) would suffice. \nAm I correct there?\n\nBut if the PaymentRequest and broadcasted transactions are enough to \nprove payment, what's the point of the Payment message? The merchant \nnever has to verify the Payment message, possibly maliciously ignoring \nit. In the well-behaved case, I presume the point is to help the \nmerchant associate some arbitrary data with the purchase as well as \nprovide a refunding address for the customer. If that's the case, \ncouldn't this protocol be slightly improved like so:\n\nRequired steps:\n1. Customer clicks \"pay now\"\n2. Merchant sends PaymentRequest/PaymentDetails, which should be signed\n3. Customer builds a set of transactions and sends a new \nPaymentApprovalRequest message which includes a refund address and the \nunsigned transactions and their associated fully-signed transaction \nhash, the whole message signed with the private key of the refund address.\n4. Merchant responds with PaymentApproved message, signing the \nPaymentApprovalRequest message with the same key from step 2.\n\nOptional steps:\n5. The customer can send a Payment message, which is only a set of \nsigned transactions.\n6. The merchant can respond with a PaymentACK message.\n\nIn Step 4, the merchant is acknowledging that if the transactions \nprovided PaymentApprovalRequest are broadcast, then payment is complete \nand no other steps are required. Steps 5 and 6 aren't required but are \nconsidered considerate:)\n\nAfter step 4, all the merchant needs is to do is watch for the \ntransactions that were listed in PaymentApprovalRequest. The \n(PaymentApproved,[signed transactions]) pair is the customer's proof of \npayment and this proof of payment includes a refund address that the \nmerchant has agreed to prior to payment, instead of after. Step 3 \u0026 4 \nalso allow the merchant to verify transactions, providing an extra layer \nof redundancy. The merchant will also be able to ack on fees, time lock \n(time sensitive purchases?), sequence numbers, etc.\n\nIn Step 3, it's critical the customer sign the message with the private \nkey of the refund address, so that the merchant can be confident the \nrefund address is correct.\n\nIn each step along the way until step 5, if a message delivery fails \nnobody is harmed because the purchase is incomplete.\n\nThoughts?\n\nChuck",
"sig": "79971921cd56a6b31cfe9bc5a157a995fea80f1579898527853f08720e485108b6a6be3d28fdabb07435945dde6217858bfafc884c2543b9d7a71d70006d0fe5"
}