📅 Original date posted:2012-11-28
📝 Original message:The current spec is ambiguous in the case of what to do if the invoice
contains one output of a fixed amount and one or more outputs of an
unspecified amount. Should the user be prompted once per output? That
seems suboptimal. Prompted once for a value that's then randomly
distributed between all open-value outputs? It seems this ability of
the protocol is somewhat more complex than it appears. The ability to
have open outputs is nice for tips though.
You could consider moving pki_type and pki_data into a separate
message and making both fields required, then making the pki message
optional. Otherwise you can have pki_type set but no data or
vice-versa. It doesn't make much difference in the end, just slightly
improves the automatic sanity checks produced by the proto compiler.
w.r.t SIGHASH_ANYONECANPAY. I think it's best not to use this
routinely as it relaxes the signature checks in ways that may open
non-obvious holes when combined with other features. I thought we
pretty much had consensus on recursively calculating fees including
dependents in the memory pool?
Peter is correct that there are a few degrees of freedom in protobuf
serialization, though far fewer than with JSON. I'd like to think
upstream would be open to resolving these ambiguities.
Re-serialization of an Invoice message in the Payment message is a
potential source of mistakes. There's no need to ever concatenate
these messages and alternative implementations that don't order
serialized fields by tag number are missing an important optimization,
so they could be fixed. The main issue is treatment of unknown fields.
If/when the Invoice message is extended with other fields that are
round-tripped through an old client, the data may get lost. JSON
doesn't help resolve that either, of course. There are a few
solutions:
1) Change the type of the Invoice field in Payment to be "bytes" and
set it to be the hash of the originally received binary Invoice
message. Downside, requires merchants to track all outstanding
invoices.
2) Ask protobufs upstream to modify the spec/implementations so
ordering of unknown fields is specified. The Python implementation
could be extended to support them so Python implementors don't end up
with accidental message downgrades.
3) Language of the spec could be changed to explicitly state that the
received Invoice may not be binary-identical to the one that was sent,
in the case of a client that incorrectly downgrades the message. Thus
you'd be expected to check what the Invoice was using merchant_data
which is opaque and could just be, eg, a database key on your own end.
4) Instead of submitting the entire Invoice back to the merchant, just
the merchant_data could be in the Payment message.
Of the four options I prefer the last. What is the use case for
resubmitting the entire invoice anyway? Even if protobufs are improved
so handling of round-tripping new messages through old [Python]
clients is more rigorous, some implementors will probably convert the
protobuf objects into some internal forms for whatever reason (or
serialize them to a database, etc) and they're very likely to mess up
the handling of unknown fields when they do it.
Mike Hearn [ARCHIVE] /
npub17t…4qgyd
2023-06-07 10:41:35
in reply to nevent1q…5aar
Author Public Key
npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgydPublished at
2023-06-07 10:41:35Event JSON
{
"id": "2e08a5b860f90ef0307ebb2c18d00da5509913ab58894fc0b00c179310ba1096",
"pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2",
"created_at": 1686134495,
"kind": 1,
"tags": [
[
"e",
"f5f2400f8aa8a7067be3d080f096fd7cbfeecdd6e589c178b85b63a9338150a5",
"",
"root"
],
[
"e",
"f1770f609aeb5e4b9b17ee78a8335b7a90cd36767b01228e33302a036f1b0792",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2012-11-28\n📝 Original message:The current spec is ambiguous in the case of what to do if the invoice\ncontains one output of a fixed amount and one or more outputs of an\nunspecified amount. Should the user be prompted once per output? That\nseems suboptimal. Prompted once for a value that's then randomly\ndistributed between all open-value outputs? It seems this ability of\nthe protocol is somewhat more complex than it appears. The ability to\nhave open outputs is nice for tips though.\n\nYou could consider moving pki_type and pki_data into a separate\nmessage and making both fields required, then making the pki message\noptional. Otherwise you can have pki_type set but no data or\nvice-versa. It doesn't make much difference in the end, just slightly\nimproves the automatic sanity checks produced by the proto compiler.\n\nw.r.t SIGHASH_ANYONECANPAY. I think it's best not to use this\nroutinely as it relaxes the signature checks in ways that may open\nnon-obvious holes when combined with other features. I thought we\npretty much had consensus on recursively calculating fees including\ndependents in the memory pool?\n\nPeter is correct that there are a few degrees of freedom in protobuf\nserialization, though far fewer than with JSON. I'd like to think\nupstream would be open to resolving these ambiguities.\nRe-serialization of an Invoice message in the Payment message is a\npotential source of mistakes. There's no need to ever concatenate\nthese messages and alternative implementations that don't order\nserialized fields by tag number are missing an important optimization,\nso they could be fixed. The main issue is treatment of unknown fields.\nIf/when the Invoice message is extended with other fields that are\nround-tripped through an old client, the data may get lost. JSON\ndoesn't help resolve that either, of course. There are a few\nsolutions:\n\n1) Change the type of the Invoice field in Payment to be \"bytes\" and\nset it to be the hash of the originally received binary Invoice\nmessage. Downside, requires merchants to track all outstanding\ninvoices.\n2) Ask protobufs upstream to modify the spec/implementations so\nordering of unknown fields is specified. The Python implementation\ncould be extended to support them so Python implementors don't end up\nwith accidental message downgrades.\n3) Language of the spec could be changed to explicitly state that the\nreceived Invoice may not be binary-identical to the one that was sent,\nin the case of a client that incorrectly downgrades the message. Thus\nyou'd be expected to check what the Invoice was using merchant_data\nwhich is opaque and could just be, eg, a database key on your own end.\n4) Instead of submitting the entire Invoice back to the merchant, just\nthe merchant_data could be in the Payment message.\n\nOf the four options I prefer the last. What is the use case for\nresubmitting the entire invoice anyway? Even if protobufs are improved\nso handling of round-tripping new messages through old [Python]\nclients is more rigorous, some implementors will probably convert the\nprotobuf objects into some internal forms for whatever reason (or\nserialize them to a database, etc) and they're very likely to mess up\nthe handling of unknown fields when they do it.",
"sig": "954d7de68fe9045a285af92f694f47df29c68275f368060b1a96e2b3e984b54f9375e617bec93a7583e1b0ca3ffcb3267a895e9072b1774ccdf25cc23bc06df4"
}