📅 Original date posted:2019-11-14
📝 Original message:
> - if `replacement`:
> - MUST fail if `signature` does not sign `offer` with same key as original.
> - MUST only fetch once (no double-redirects!)
The offer can only ever be replaced once or only once every so often?
Perhaps it can only be replaced once per invoice_request?
> - if description or amount significantly changes, must re-ask user.
Let's say we're talking about a 20 year monthly subscription and the
price rises 1% per year.
Did the price "significantly changed" because it ends up adding to a
lot in the 20 year compared to what the offer said, or it did not
because the individual 1% increases are considered small?
"significantly changes" sounds handwavy indeed.
Regarding slip-0173, I fear this end up becoming used in practice as
ids, given that they rely on a centralized manual registry vulnerable
to name squatting and all that.
It's probably nothing to worry much about, since the software can
configure them locally, for example, clightning does it in
https://github.com/ElementsProject/lightning/blob/master/bitcoin/chainparams.c
And thus if two chains happen to end up using the same string for the
bip173 hrp, it is the software maintainer and not who pushed to
slip-0173 first what decides.
I guess in addition to the hrp in bip173, we can add a chain_id field
to the offer and perhaps even repeated hrp for different chains could
be reused within the same software. Although it is certainly something
chain creators should try to avoid if possible.
I guess this applies to bolt11 invoices too, although for the invoices
sent through the lightning network it is redundant, since the chain_id
is already included in all messages.
On another note, perhaps I'm wrong, but I think this lacks a way for
people to potentially add their own custom fields, and I foresee
people abusing the description field, and ending up putting json,
protobuf or, even worse, xml in them. Oh, there's no description field
in invoice request, then whatever is big enough and it's not needed
for those specific use cases.
I was thinking how to abuse it for my own use case as I was reading,
and I don't think it's one covered by UBL. Perhaps it's too stupid to
ever be covered there, but here we go.
I'm just playing with a little protocol in which an http server (bob)
accepts requests from users (or alices) and gives an invoice in
response.
Then after alice pays the invoice, she can submit the payment hash and
preimage to bob to prove him that the invoice has indeed been paid so
that bob goes ahead and performs some "action", which can actually
fail, in which case there should be a refund, which I currently don't
handle in any way. But whether it fails in the "action" or not, bob
gives some response.
So far this seems pretty generic I bet many use cases follow this
pattern, with different fields for the "request" which will somehow
determine what the "action" will be. Perhaps not all require the extra
step of actively proving the payment, since bob could detect the
payment on his own.
The current bolt12 draft could be used and take care of the refund part.
So if we can somehow brainstorm all possible fields in the request
that can make sense for all cases, that would be great.
The current draft doesn't cover my case though. In my case, the
request contains a bolt11 invoice that bob is supposed to pay, that is
the "action" here. But after alice pays the invoice to bob.
This probably sounds quite stupidly unnecessary (and I actually hope
it is), but note that the invoice in the request may be for a
different chain. In that case, during "action", bob would need to try
to pay that invoice using another node connected to the lightning
network of that other chain.
But the details of my concrete use case matter much. The point is,
should we add a bolt11 field to invoice request only for my use case?
I don't think so, if the invoices of the 2 chains can be paid
atomically, this use case as it is would become obsolete, and then we
would want to remove the field from the spec again.
And I bet other people will think of other fields they would like to
add to the invoice_request but being something too specific they will
also feel it doesn't belong to the specs. So we'll simply put the
fields in the description.
Is that intended?
I'm assuming bob (the offer creator) will be able to use plugins or
something to do extra or custom validations on the invoice requests.
And perhaps alice could use plugins too to better handle custom errors
from particular types of bobs.
Perhaps I'm assuming too much?
Does that make sense to you?
If you're really curious, the code for my use case is in
https://github.com/jtimon/multi-ln-demo/tree/master/py-ln-gateway but
I already said I don't handle refunds and it doesn't even have a
database yet, so anybody using this with production chains is not
reckless but simply stupid.
Jorge Timón [ARCHIVE] /
npub1fx…cl2d8
2023-06-09 12:57:20
in reply to nevent1q…sppp
Author Public Key
npub1fx98zxt3lzspjs5f4msr0fxysx5euucm29ghysryju7vpc9j0jzqtcl2d8Published at
2023-06-09 12:57:20Event JSON
{
"id": "0e41dc6ba46f0556030a89693dc1a5c222266424a077de7af85ffca5a53624cf",
"pubkey": "498a711971f8a0194289aee037a4c481a99e731b5151724064973cc0e0b27c84",
"created_at": 1686315440,
"kind": 1,
"tags": [
[
"e",
"a9016896e78ef5f5473204edd89280667686b471d7f529d125afce8e0e678ed9",
"",
"root"
],
[
"e",
"041c4b08a126a36ab208a1cb102da5a7b50daaa534933aada3b4d26fba08f269",
"",
"reply"
],
[
"p",
"13fd0434c7ac300f7a468a5ad9464b7b94e8b03d7ae88259f3de3a84422822fd"
]
],
"content": "📅 Original date posted:2019-11-14\n📝 Original message:\n\u003e - if `replacement`:\n\u003e - MUST fail if `signature` does not sign `offer` with same key as original.\n\u003e - MUST only fetch once (no double-redirects!)\n\nThe offer can only ever be replaced once or only once every so often?\nPerhaps it can only be replaced once per invoice_request?\n\n\u003e - if description or amount significantly changes, must re-ask user.\n\nLet's say we're talking about a 20 year monthly subscription and the\nprice rises 1% per year.\nDid the price \"significantly changed\" because it ends up adding to a\nlot in the 20 year compared to what the offer said, or it did not\nbecause the individual 1% increases are considered small?\n\"significantly changes\" sounds handwavy indeed.\n\nRegarding slip-0173, I fear this end up becoming used in practice as\nids, given that they rely on a centralized manual registry vulnerable\nto name squatting and all that.\nIt's probably nothing to worry much about, since the software can\nconfigure them locally, for example, clightning does it in\nhttps://github.com/ElementsProject/lightning/blob/master/bitcoin/chainparams.c\nAnd thus if two chains happen to end up using the same string for the\nbip173 hrp, it is the software maintainer and not who pushed to\nslip-0173 first what decides.\n\nI guess in addition to the hrp in bip173, we can add a chain_id field\nto the offer and perhaps even repeated hrp for different chains could\nbe reused within the same software. Although it is certainly something\nchain creators should try to avoid if possible.\n\nI guess this applies to bolt11 invoices too, although for the invoices\nsent through the lightning network it is redundant, since the chain_id\nis already included in all messages.\n\nOn another note, perhaps I'm wrong, but I think this lacks a way for\npeople to potentially add their own custom fields, and I foresee\npeople abusing the description field, and ending up putting json,\nprotobuf or, even worse, xml in them. Oh, there's no description field\nin invoice request, then whatever is big enough and it's not needed\nfor those specific use cases.\nI was thinking how to abuse it for my own use case as I was reading,\nand I don't think it's one covered by UBL. Perhaps it's too stupid to\never be covered there, but here we go.\n\nI'm just playing with a little protocol in which an http server (bob)\naccepts requests from users (or alices) and gives an invoice in\nresponse.\nThen after alice pays the invoice, she can submit the payment hash and\npreimage to bob to prove him that the invoice has indeed been paid so\nthat bob goes ahead and performs some \"action\", which can actually\nfail, in which case there should be a refund, which I currently don't\nhandle in any way. But whether it fails in the \"action\" or not, bob\ngives some response.\nSo far this seems pretty generic I bet many use cases follow this\npattern, with different fields for the \"request\" which will somehow\ndetermine what the \"action\" will be. Perhaps not all require the extra\nstep of actively proving the payment, since bob could detect the\npayment on his own.\nThe current bolt12 draft could be used and take care of the refund part.\n\nSo if we can somehow brainstorm all possible fields in the request\nthat can make sense for all cases, that would be great.\nThe current draft doesn't cover my case though. In my case, the\nrequest contains a bolt11 invoice that bob is supposed to pay, that is\nthe \"action\" here. But after alice pays the invoice to bob.\n\nThis probably sounds quite stupidly unnecessary (and I actually hope\nit is), but note that the invoice in the request may be for a\ndifferent chain. In that case, during \"action\", bob would need to try\nto pay that invoice using another node connected to the lightning\nnetwork of that other chain.\n\nBut the details of my concrete use case matter much. The point is,\nshould we add a bolt11 field to invoice request only for my use case?\nI don't think so, if the invoices of the 2 chains can be paid\natomically, this use case as it is would become obsolete, and then we\nwould want to remove the field from the spec again.\nAnd I bet other people will think of other fields they would like to\nadd to the invoice_request but being something too specific they will\nalso feel it doesn't belong to the specs. So we'll simply put the\nfields in the description.\nIs that intended?\n\nI'm assuming bob (the offer creator) will be able to use plugins or\nsomething to do extra or custom validations on the invoice requests.\nAnd perhaps alice could use plugins too to better handle custom errors\nfrom particular types of bobs.\nPerhaps I'm assuming too much?\nDoes that make sense to you?\n\nIf you're really curious, the code for my use case is in\nhttps://github.com/jtimon/multi-ln-demo/tree/master/py-ln-gateway but\nI already said I don't handle refunds and it doesn't even have a\ndatabase yet, so anybody using this with production chains is not\nreckless but simply stupid.",
"sig": "d46490ba491635aab5fa776bb2a5ef7d4f507f003e6f7481675e56ae1238552695d21ec0cdb94e6cc6e764ae6434f0fb53baa48a77e4db33b067c393a682840e"
}