Author: Mike Hearn 2013-07-31 08:59:37
Published on: 2013-07-31T08:59:37+00:00
Gavin Andresen has turned the preliminary payment protocol specification into three BIPs, which include Network protocol/messages, MIME types for the messages and bitcoin: URI extension. The wallet-side implementation is expected to be pulled into Bitcoin-Qt soon. There is also a reference implementation of server-side code for generating payment requests in PHP and C++. HD wallets have been shown interoperable, but deterministic wallets and payment protocol are both important. However, it is believed that the payment protocol would be easier to do and would benefit more from a second implementation. The PaymentRequest messages larger than 50,000 bytes should be rejected by the merchant's server to mitigate denial-of-service attacks. It is suggested that the merchant should not assume the merchant_data field is trustworthy, as malicious buyers could rewrite it. The PaymentDetails.payment_url must be secure against man-in-the-middle attacks that might alter Payment.refund_to, but if using HTTP, it must be TLS-protected. In the certificates section, "validation" means verification that it correctly chains to a trusted root authority, where trusted roots may be obtained from the operating system. If there is no operating system, the Mozilla root store is recommended.
Updated on: 2023-06-07T15:02:48.637998+00:00