📅 Original date posted:2017-03-06
📝 Original message:On Mon, 2017-03-06 at 07:09 +0000, Luke Dashjr wrote:
> On Monday, March 06, 2017 5:37:24 AM Tim Ruffing via bitcoin-dev
> wrote:
> > But ignoring this, the server should be authenticated at a
> > minimum. Otherwise manipulating exchange rates seems to be a nice
> > way for the attacker on the wire to make money...
>
> HTTPS would be used for that. It's not something that needs to be at
> a higher
> layer.
Sure, HTTPS is the way to go. But I think that should be required or at
least noted in the BIP, because people could miss easily, e.g., "I
don't need TLS, all the data is public anyway."
> When displaying historical transactions, it doesn't really make sense
> to use
> the current market rate, but rather the market rate at the time the
> payment
> was made. While wallets might simply cache it with the transaction,
> it would
> be perhaps nicer if it could be automatically restored for seed-only
> recoveries. In any case, if a service/wallet doesn't want to
> provide/use
> historical information, it can simply not implement that part.
>
Having the rate at the time of payment is indeed very useful, yes.
However that requires just a single value per payment, and there is no
query that tells the server "give me the value closest to timestamp t"
or similar.
Of course the client can download and keep a large part of history and
extract the information on its own but I can imagine that not every
clients wants to do that, and also the client does not know in advance
the bounds (from, to) that it must query.
> > If yes, the client should be allowed to decide on which time scale
> the
> > data should be. (tick, min, hour, day, ...) That goes together with
> > clearly defining the type field (something like low, high, open,
> close,
> > but without flexibility). Think of a candle-stick chart basically.
>
> How is the current draft insufficient for this?
>
In the current draft the client or the server cannot specify
granularity. If the clients only wants one value per day but for an
entire year, then it has to perform many requests or download and
process a very large response.
Also, I think it's okay that the type field allows for arbitrary user-
defined values, but it should also have some precisely defined values
(e.g. the mentioned low/high/open/close/typical).
For example, it's not clear currently what "low" means for a timestamp
(as opposed to a time span). Is it the low of the entire day or the low
since the previous record or something different?
One has to be careful not to add too much complexity though. As soon as
one moves away from timestamps to something like hours or days, all
kind of issues with timezone, daylight saving time etc. appear. Maybe a
simple way to let the client ask "give me one value for every interval
of 3600 seconds" or similar.
> Pushing is what longpolling does.
>
That makes a lot of sense, yes.
Tim
Tim Ruffing [ARCHIVE] /
npub1cm…dwkls
2023-06-07 17:56:53
in reply to nevent1q…pm3y
Author Public Key
npub1cmt6gqyfw3sdngkq0wadtpe3kmgyyeld6ad0g2h5tar3kpzcrmpqddwklsPublished at
2023-06-07 17:56:53Event JSON
{
"id": "e4e642b2431492c64f9ce3f308a074c47f4b5ed9cc9e65c0c4088cb83675c980",
"pubkey": "c6d7a400897460d9a2c07bbad58731b6d04267edd75af42af45f471b04581ec2",
"created_at": 1686160613,
"kind": 1,
"tags": [
[
"e",
"7d71aaf3aaa91e1454a25f4f9688ba685bebb747e49a8ad14b817de1aa470d06",
"",
"root"
],
[
"e",
"58df4f97e921c15088f2fe0a4410eeb9325c92c08cdd63c0d5b7211658735fd2",
"",
"reply"
],
[
"p",
"9a463e0fab8963b013698c15a0f2449d19c97f3b88458e5874095b5006df9a0c"
]
],
"content": "📅 Original date posted:2017-03-06\n📝 Original message:On Mon, 2017-03-06 at 07:09 +0000, Luke Dashjr wrote:\n\u003e On Monday, March 06, 2017 5:37:24 AM Tim Ruffing via bitcoin-dev\n\u003e wrote:\n\u003e \u003e But ignoring this, the server should be authenticated at a\n\u003e \u003e minimum. Otherwise manipulating exchange rates seems to be a nice\n\u003e \u003e way for the attacker on the wire to make money...\n\u003e \n\u003e HTTPS would be used for that. It's not something that needs to be at\n\u003e a higher \n\u003e layer.\nSure, HTTPS is the way to go. But I think that should be required or at\nleast noted in the BIP, because people could miss easily, e.g., \"I\ndon't need TLS, all the data is public anyway.\"\n\n\u003e When displaying historical transactions, it doesn't really make sense\n\u003e to use \n\u003e the current market rate, but rather the market rate at the time the\n\u003e payment \n\u003e was made. While wallets might simply cache it with the transaction,\n\u003e it would \n\u003e be perhaps nicer if it could be automatically restored for seed-only \n\u003e recoveries. In any case, if a service/wallet doesn't want to\n\u003e provide/use \n\u003e historical information, it can simply not implement that part.\n\u003e \nHaving the rate at the time of payment is indeed very useful, yes.\nHowever that requires just a single value per payment, and there is no\nquery that tells the server \"give me the value closest to timestamp t\"\nor similar.\nOf course the client can download and keep a large part of history and\nextract the information on its own but I can imagine that not every\nclients wants to do that, and also the client does not know in advance\nthe bounds (from, to) that it must query.\n\n\u003e \u003e If yes, the client should be allowed to decide on which time scale\n\u003e the\n\u003e \u003e data should be. (tick, min, hour, day, ...) That goes together with\n\u003e \u003e clearly defining the type field (something like low, high, open,\n\u003e close,\n\u003e \u003e but without flexibility). Think of a candle-stick chart basically.\n\u003e \n\u003e How is the current draft insufficient for this?\n\u003e \nIn the current draft the client or the server cannot specify\ngranularity. If the clients only wants one value per day but for an\nentire year, then it has to perform many requests or download and\nprocess a very large response.\nAlso, I think it's okay that the type field allows for arbitrary user-\ndefined values, but it should also have some precisely defined values\n(e.g. the mentioned low/high/open/close/typical).\nFor example, it's not clear currently what \"low\" means for a timestamp\n(as opposed to a time span). Is it the low of the entire day or the low\nsince the previous record or something different? \n\nOne has to be careful not to add too much complexity though. As soon as\none moves away from timestamps to something like hours or days, all\nkind of issues with timezone, daylight saving time etc. appear. Maybe a\nsimple way to let the client ask \"give me one value for every interval\nof 3600 seconds\" or similar. \n\n\n\u003e Pushing is what longpolling does.\n\u003e \nThat makes a lot of sense, yes.\n\n\nTim",
"sig": "1a214756b10c9ebf970c0f341b43422ad65582f5e2efe51ee2567ba857693f06555e96c9f26165c31d2918a1e6abbfce329ec11747174fd41424986346735f30"
}