Error handling in payment protocol (BIP-0070 and BIP-0072) [combined summary]


Individual post summaries: Click here to read the original discussion on the bitcoin-dev mailing list

Published on: 2014-04-27T07:53:25+00:00

Summary:

In a discussion about payment requests, Ross Nicoll expressed caution regarding the security implications of embedding files into the payment request. He noted that even file formats that are presumed safe, such as images, have had security issues in the past. Mike Hearn responded by pointing out that PaymentRequests are limited to 50,000 bytes and that he couldn't think of a reason why payment messages would need to be any bigger than that.Ross suggested embedding the PaymentRequest directly into web pages via the tag in the longer term, which could eliminate the need for BIP0072 and potentially improve user interface integration. However, this would require browser plugins. It's important to keep in mind that links don't always come embedded in html and that native mobile apps also need to be considered in discussions about payment requests.The concern of embedding files into payment requests is due to the security implications it may have. Even file formats like images that are considered safe have had security issues in the past. In response to this, Ross suggests embedding PaymentRequest directly into web pages using the