Published on: 2014-09-17T19:28:08+00:00
In a series of discussions on the Bitcoin-development mailing list, various topics related to Bitcoin payment protocols were addressed. One discussion focused on the implementation of a "pass around" method, which was considered simpler and easier to implement for experts in the early stages. Another topic discussed was the launch of Crypto-Games.net, an online gambling platform designed specifically for slot machine betting using cryptocurrencies like Bitcoin, Litecoin, and Dogecoin.The need for a secure and private messaging system as the first step in implementing a payment protocol was emphasized by Stephen Pair. A proposal suggested using signed and authenticated "invoices" and "receipts" with X.509 certificates as an identity system for merchants. The proposal also covered multi-signature wallet scenarios and the use of Protocol Buffers as an encoding format.The debate between binary and text formats in the Bitcoin protocol was addressed, with arguments for both sides. The advantages of JSON for accessibility were acknowledged, but concerns were raised about maintaining field order and complexity. The discussion highlighted the lack of compelling arguments for text formats and the need for further research before making a final decision.Other discussions covered topics such as the migration to textual representation, the use of root CAs in the system, and the challenges of confirming the validity of addresses displayed on computer screens. There were also proposals for extending the protocol, handling payment failures, and ensuring the security of paying invoices with Bitcoin.Ensuring consistency and security in Bitcoin transactions is a top priority for sellers. The use of Certificate Authorities (CAs) plays a crucial role in verifying website or server identities and establishing secure connections. In a discussion on November 26, 2012, Mike Hearn emphasized the need for consistency in Bitcoin transactions and suggested supporting all CAs used by popular browsers. However, he expressed a preference for user-accepted certificates at the operating system level to address potential restrictions. The goal was to establish secure communication between users and servers.The limitations of X.509 for the web were also discussed, particularly regarding delegation and the potential undermining of the benefits of chained certificates. To enhance security for payment processors, the proposal suggests issuing a new certificate specifically for signing Bitcoin transactions. It is recommended to redefine the certificate chain part of the protocol to allow for the introduction of new minimal certificate formats with desired features. Compatibility issues may arise for old clients encountering unfamiliar invoice cert types, so the suggestion is made to include a protocol version number when downloading invoices to ensure safe utilization of new invoice features.In addition to certificate discussions, the Bitcoin development community is considering various new features for the digital currency. This includes switching from JSON to a binary format for more efficient and secure data transfer. Another proposed feature is the ability for merchants to cover transaction processing fees. Three potential methods are suggested for implementing this feature, such as adding a 'maxfee' field to the invoice, altering the transaction selection code used by Bitcoin miners, and signing Payment.transactions[0] using the SIGHASH_ANYONECANPAY flag.Another protocol proposal involves utilizing protocol buffer-based formats for signed, authenticated "invoices" and "receipts." Invoices serve as payment requests from merchants to customers and contain outputs specifying where Bitcoins are to be sent. These invoices must include one or more DER-encoded X.509 certificates identifying the merchant, validated according to [RFC5280]. Authenticated identities are linked to invoices, which also include a description of the payment, refund details, and a cryptographically signed receipt that serves as proof-of-payment during disputes with merchants. Merchants will incorporate this proposal into their checkout process, while customers receive SignedInvoice, authorize payment, and create the Payment message, which is then submitted to the site's payment URI.After the payment transaction is validated and broadcasted, a SignedReceipt is returned, indicating either a "You win" or "You lost" memo. The Bitcoin development community is also exploring the possibility of using the Online Certificate Checking Protocol (OCSP) to check for revoked certificates. However, concerns exist regarding the effectiveness of this approach, as it may introduce delays or false-positive rejections if the OCSP endpoint experiences downtime or becomes overwhelmed.Overall, the discussions revolve around improving security and authentication in Bitcoin invoice payments, exploring different identification types, clarifying terminology, and considering alternative approaches to achieve the desired functionality. The Bitcoin development community is actively seeking feedback from other developers to refine these proposals and ensure the continued growth and security of the digital currency.
Updated on: 2023-08-01T04:10:51.910113+00:00