Author: Angel Leon 2015-01-28 17:17:54
Published on: 2015-01-28T17:17:54+00:00
The discussion revolves around the implementation of BIP70 and whether to allow both serializations or keep it as is. One of the goals of BIP70 was to support TREZOR and similar devices, which requires keeping the amount of code they need to run as small as possible. Doing it the way Nicolas Dorier suggested would mean increasing cost, complexity, and decreasing security. The embedding of certificates in BIP70 has a very good reason as it makes the signed payment request verifiable by third parties. BitcoinJ can use Android, JRE, Windows, and Mac certificate stores, and there is code to do iOS using Apple APIs. WinRT is a minority platform, and platforms that support HTTPS but not certificate handling are rare. There are pros and cons to bundling a custom root store, and Java can do OCSP checks. Implementing an OCSP stapling extension to BIP70 would be a better solution.
Updated on: 2023-06-09T15:30:07.497216+00:00