Published on: 2017-09-29T17:25:18+00:00
In a recent email exchange on the bitcoin-dev mailing list, concerns were raised about the security and attention to detail of Coinbase. It was discovered that their payment protocol SSL certificate had expired for several months, and this lack of communication from Coinbase regarding the issue has left some users feeling uneasy.Andreas Schildbach and Peter Todd engaged in a discussion about the use of payment protocol in Bitcoin addresses. Schildbach claimed that most merchant transactions and person-to-person transactions between Bitcoin wallet users use the payment protocol, while Todd disagreed, stating that he hadn't seen it used in ages.The idea of adding an expiration time to Bitcoin addresses was proposed by Peter Todd in the email thread. While Andreas Schildbach argued that the payment protocol already has an expiration time, Todd pointed out that it hasn't been widely adopted and doesn't cover all the use cases addressed by Bitcoin addresses. The discussion also touched on the potential downsides of making transactions invalid after the fact, including privacy concerns and the possibility of miners gaming the system.Another topic of discussion was the inclusion of the amount in Bitcoin addresses to prevent errors in payments. Todd suggested embedding the amount in the address checksum or in the address itself to ensure the correct amount is sent before the transaction proceeds.Gregory Maxwell and Peter Todd discussed the issue of address reuse, agreeing that it is a problem for privacy and operational reasons. However, they felt that adding features like dates and explicit amounts to address formats would be challenging and could slow down adoption due to debates over encodings and software requirements. They also mentioned the complexity of implementing multiple optional expiration dates and the potential for mismatched dates.Andreas Schildbach suggested that Bitcoin addresses should have an expiration time, even though the payment protocol already has this feature. Peter Todd supported the idea and shared his contact information with the recipients of the email.The discussion on the bitcoin-dev mailing list also delved into the compatibility of BIP-70 payment requests with bech32, a new address format introduced in Bitcoin SegWit. There were concerns about wallets being able to parse the expiry date from the script without violating the BIP70 specification. The conversation also touched on the complexity of having multiple optional expiration dates and the potential confusion caused by embedding amounts in addresses.In conclusion, the email exchanges on the bitcoin-dev mailing list covered various topics related to the security and functionality of Bitcoin addresses and payment protocols. The discussions highlighted concerns about the expiration time of addresses, the inclusion of amounts in addresses, the issue of address reuse, and the compatibility of different address formats with payment requests. The conversations provided insights into the challenges and considerations involved in implementing these features and improving the usability of Bitcoin transactions.Bitcoin developer Peter Todd has proposed adding an expiration time to the new BIP173 address format to address the issue of reusing old addresses. This practice can cause privacy and operational problems for services like exchanges. Todd suggests that wallets should consider addresses invalid as a destination for funds after the expiration time is reached. He also acknowledges that the concept of addresses is flawed and suggests they should be more like "payment codes" with short validity periods. Two options for resolution are suggested: hour or month. Hour resolution would provide up to 1914 years, while month resolution would provide up to 5458 years. Both options work well at the UI level, but hour-level precision could help reduce risks for services like exchanges. However, the proposal raises concerns about UI and terminology, which need to be addressed. Todd concludes by stating that every address should have an expiry and no address should be considered valid longer than the anticipated lifetime of the underlying cryptosystem.
Updated on: 2023-08-01T21:56:58.706358+00:00