Fine - so what?
Then just do what you do now: assume that he's bluffing and pay as little as you want.
But then you wont be sure that he will mine it, in the next block.

If you want to play poker with miners - I don't see anything wrong with that.


But the promise is only as for the fee that guarantees a certain service - that's a service they sell.
If you don't want to buy the guarantee to be mined withing in the next block, use your system; set you fee to ten times less and pray...

The idea of decentralized currency is about proof-of-work function, that is protected by the mining process.

You probably don't need to create a decentralized currency like this for your company private network.

I don't know why you assume that miners would be tricking the network.
They care about the consistency of this network and its well being just as much as we do - maybe even more.

If a miner isn't going to deliver his promise, nobody is going to hang him, but why would he do that?
Had you been mining blocks, would you be putting a fake information, just to mislead people like this?
It would be really bad for your business, also unethical, so such mining pool would likely soon get abandoned by their miners.

What better idea do you have for the fee discovery?

No - you are reading a promise.
Miners have no reason whatsoever to deliver a false promise.

Of course.
Is there anyone who says otherwise?

But the mining business is going to develop, and eventually the fees will be the only thing that keeps it alive - the only thing that protects a security of our money.

Miners will develop new business models around fees.
The idea of them announcing bids on what level of fee they plan to include in the next block - this seems not only a good business for miners, but also a nice fee discovery solution for the community.
And the best part is: we don't need to change Bitcon Core, in order to achieve that. I mean miner do a bit, but most of them use their own mods anyway.

Yes, but the trick is to predict the future, not to measure the past.
Otherwise you will always lag behind, whenever there is like a rush hour peek.
Miners can say what fee is needed to include a transaction of a certain size in the next block - literally.
And that's all you need.
If that works, then they will even agree to lift the block size limit, because it would let them to keep up to their promises. Which is important in the fee business

Fee discovery, the way for you to figure out how much fee you need to pay so your transaction would be mined withing the next N hours - this is going to be a useful thing in a future.
We don't know how far future, but probably we will get to see it.

I heard that they work on something like this in the bitcoin core, but obviously their solution isn't going to work.
Because they don't use the bitcoin community to solve the problem.

I was thinking how to solve it and I think the most efficient way is to ask miners (mining pools) to include their transaction queue statistics into the blocks they mine.
So nodes could figure out how much they have to pay to be mined, just by looking into the headers of past blocks.

I think this is the easiest solution, and putting such info inside the coinbase's payload, makes it totally backward compatible.

BTW, I am really surprised that miners don't yet use the extra space, inside the coinbases, as advertising space.
for all we know its going to last longer than piramids

hash and vout index refer to a UTXO record containing a spend script. the spend script refers to a public address, upon which a private key can be matched.

@phelix, Like I cared if they listen.
If I were more polite, I would not have caused Gavin to write a walkthrough on how to break his system

You and me perceive security differently.
Digital identity is something that you need to establish - gpg solution is very specific about it. But also provides a very useful web of trust.
Your solution is for kids - it isn't a security.
Your argument is that I first need to send my pgp key via email anyway.
You obviously don't understand what it is all about.
No sane pgp user will trust a key that he received only by email - and the system informs a user about it, all the time.
What you have made is a solution that you advertise as something that can verify identity, while in fact it doesn't seem to be more secure than just exchanging plain bitcoin addresses by email.
You've made a great job hiding from a user a misery of your lame security feature.
It is not a secured payment system - deal with it.
And it does not increase privacy - sooner endangers it.

I have option on many things, but all of them would be off topic, except the one that some of you guys serve us a cheap propaganda in this topic. Seriously, don't you see it?
As for the other things I know, knowledge is power, so don't think my friend that I will just share mine with you for free.

So it doesn't bother you that the payment protocol that took you few years to develop guarantees that a guy who had an access to your email address at any time in past can just issue payment requests in your name?
You still think it's great and people should use it for making sure that they send coins to the right address?
Well, I don't

Sure: conspiracy theorists blew up three WTC towers into pieces in 2001, just to blame it on the government.
And in 2014 the same conspiracy theorists try to break Bitcoin by not embracing the new payment protocol and speaking against increasing the block size, in favor of off-chain transactions.
It's all because we "repeatedly fail to listen to rational arguments"... and our arguments are obviously never rational, so it is completely fine to not listen to them.

Do we really need to call this guy a lead bitcoin developer? Because it seems like an insult for an actual bitcoin developers.
If he doesn't understand that gasoline has no potential to blow up buildings into pieces, then he doesn't even deserve to be called an engineer.
Unless in America you have different laws of physics. Or different criteria to become an engineer...

What is the Chief Scientist doing about our outrageous conspiracy theories, concerning his biased involvement in bitcoin development?
Just as every professional media puppet, he is debunking myths - that is his way of presenting "rational arguments".

How can you trust such a guy to develop a bitcoin wallet for you?
A wallet that should be able to resist the government's pressure!
If anyone can be forced or otherwise corrupt to put a backdoor into software, these kind of people are the first candidates.
Be careful trusting him - he is obviously not a honest person. He clearly acts like this lady: https://www.youtube.com/watch?v=NOnwdmpButo
States something like it was a fact, but when confronted, just does the standard "I think I already answered this question, we are ready to move to another topic".
Don't you see it?

Is that supposed to be a punishement?
If so, please be informed that you have been on my dicklist for like years already - never removed, not even planed.
But your posts don't scare me, so I have no reasons to hide them from reading - some of them are actually quite entertaining.



Wow - now you really assured all of us, what a great security you managed to develop for the comminuity during these couple of years of your intense work.
Man, you are a genius. Whenever I will need a real expert on IT security, now I know where to find one
You and Mike - he is another security expert: whenever NSA breaks his security, he says loudly: fuck you NSA!
It is definitely the kind of security experts that bitcoin development needs, isn't it?
You guys clearly identify all the possible points of failure and address them in the most efficient way; usually through deeper integration with openssl, or another useless lib, like protobufs.

Joking aside.
To those who don't ignore me, if you don't mind me asking:
Now, knowing how "simple" it is to create a "secured" certificate, are you seriously going to trust this payment system?
Because apparently, as Gavin has just explained, the entire payment system comes down to the security of an email address.
What they have done is just replacing the original satoshi's system where you could do MITM attacks on the IP end, to a system where you just need to attack an email address.
And you don't need to be a security genius to know that the later is often even easier to conduct.
But hey, if someone steals you money using the secure payment protocol, at least you will have a receipt

From other interesting facts:
 * satoshi needed like a month to implement his system, while these geniuses needed years.
 * satoshi quickly realized that his system wasn't secured and just abandoned it. these guys are too proud for it and are going to defend it as long as they can, using all kind of silly propaganda.

I mean, lets face it: "Myth: the Payment Protocol is bad for privacy" - this is a typical topic template for a propaganda content.
I wasn't born yesterday and I know very well what propaganda looks like.
What I don't know though is: who pays for it? Obviously they won't say and it's going to come down to my tinfoil hat again.

Not too bright.

It is better, because I don't need to send a stool sample to a corporation, in order to receive the signing key.



So what the court would do differently, with your digital receipt?
It would go just the same way; whoever signed it can simply testify that someone hacked his server, stole the key and therefore it wasn't him who signed this data.
Or better: the key leaked out through the heartbleed issue. Go ahead and prove that it didn't...

And at that moment the case is closed - you cannot use such a receipt even to wipe up your own ass.



Right... that must be the kind of signatures you use under the death sentences, when executing people all over the world. Shortly before the missile hits a peasant, or his kid, there is a quick and efficient algo, built into the system, that digitally signs the sentence, so they'd get executed in compliance with your very democratic constitution end extremely solid justice system.

Well, if I didn't know a few people who were told by their lawyers that digital receipts (issued by localbitcoins) would not be accepted as an evidence in court, then I would have also thought like this.

The problem is that our justice system is still in a previous century. They don't know what a digital signature is and they are more likely to accept a piece of paper that came from a printer, rather than a digitally signed file.

I am not saying that no court would ever accept a digitally signed receipt, but I am saying that they are very reluctant to do so.

Who said anything about screenshots?

I meant something like the receipts localbitcoins issues. Or whatever message "pay this amount, to this address, for this product", signed with a private key - that's all you need for a digital receipt, mr big smartass but small imagination.

And BTW, good luck taking your payment protocol receipt to court when the merchant claims you didn't pay.
You are obviously living in a dream world. Though most Americans do, so you are just following the pattern.

I said it, but if you insist, I can elaborate.

In order to acquire a certificate (which you need to sign the payment requests with), you must leave your personal details at a CA.
Your full name, your email, where you live, even your phone number.
Who is going to do this? Basically only corporations. Plus maybe a couple of crazy people..

Now, as a payer, you do not need a certificate, but then how does the payment protocol help you with anything?
Obviously you are not going to use it for sending money to your friends or buying stuff on black markets. You are also not going to use it for p2p bitcoin trading, nor for withdrawing your bitcoins from exchanges.
You may only be using it for sending your bitcoins to corporations (or the few crazy people). But each corporations already had a web page secured by SSL certificate - so why the hell to waste bitcoin development resources on them?
Better security? Give me a break! It does not make it anyhow more secure, to let a client extract a payment address from a binary file, rather than to let me just copy it from a web page, protected by the very same certificate.

Also, when you provide the refund address, this address identifies your wallet - another privacy concern.
And of course the recipient - a "very useful" thing, as someone has just said. The thing is that storing the receipts also keeps track of your past payments, which not everyone may be a fan of.
Not to mention that both; receipts and return addresses are already used in the bitcoin world, yet without the payment protocol.

In other words: they spent couple of years of development to reinvent the wheel.
A wheel which now needs a permission from a central certificate authority in order to work.
How crazy is that?


Moreover, let me remind you that very soon after 0.9.0 was released, there was a critical security issue reported in OpenSSL.
Basically a backdoor that could even cause your private keys to leak out from your wallet, through the "secured" payment protocol channel.
It was fixed - yes, but do you really believe that this is going to be the last critical security issue ever discovered in OpenSSL? Well, if you do, then you must be a very naive person and have no much experience with software development. Everyone who is so stubborn to build secured applications around the messy openssl lib is IMHO insane.

BTW, I remember someone once assured me that the bitcoin client would not connect to any server when doing the payment protocol things. No matter what, it wasn't supposed to connect anywhere!
But then it makes me wonder: how is it possible that a payment protocol was vulnerable to the heartbleed bug, if it wasn't connecting anywhere?
Obviously someone had lied to me - obviously there are some connections, just not quite official.
So why did that someone lie to us?
Well, either because he is incompetent and he has no clue what kind of software he develops, or because he is just a liar.
Either way - a wrong person to develop a software for my needs.

Exactly my point. This feature was developed for businesses, on their request, not for the bitcoin community on its request.


When I read that something is "very useful", the first question that comes to my mind is: how did you measure the very usefulness of it?
Obviously you didn't measure it - you are just giving us your subjective opinion.

As I said, had bitcoin users found these things "very useful" (and safe), they would have used them.
But they don't use the payment protocol and I seriously doubt that they ever will. Maybe a few, but definitely not most of us.

People are not stupid. You are not going to lure them into endangering their privacy by giving them a receipt of a payment.

Thank you for your permission. That's very generous.

In case you didn't notice, recently there has been major movement in alternative bitcoin solutions and alternative clients are already much further with new features, especially the ones that concern privacy. And mine is one of them, though it didn't have to come from any fork, I made it from scratch.

Considering that the Bitcoin Core goes against the current and the people's demand, it is rather inevitable that sooner or later it will only be used for mining.
Though only till the moment when miners finally realize that they have an alternative so they don't need to use software developed by a guy who proudly states in public that he doesn't care about mining.

What a bunch of crap.

First of all, had you invented a feature that people actually needed, the community would have embraced it without you advertising the shit all over.

Second, why would we want to "invent a better identity verification"?
Unlike you, there are people who don't like wasting time on developing useless features.
We've been doing really fine without your super payment protocol, just by using the old fashion GPG and its WoT.
And trust me: we are going to be still doing fine using these archaic tools.
The already implemented stealth addresses, combined with GPG's WoT, are far much better solution, then you shitty payment protocol based on central authorities run by corporations.
But how would you even know about an existence of such things, when you don't see anything behind the tip of your nose?

And last, but not least: it is bad for privacy!
You cannot get a certificate without providing your personal data to CA. And CA is a corporation that will always give this data out - if not for money than on a government's order. You cannot seriously pretend that you don't know it.
At the other hand, from the paying side, when I get to a merchant's web page that gives me SSL authenticated bitcoin deposit address and the amount I ought to send - why in a world would it not be enough for me?
Why would I need an additional, payment request, signed with exactly the same certificate?
Well, of course I don't need it, but you obviously very much care about us needing to use your payment requests... I just wonder why.

For me it is pretty obvious that you have developed this feature because some corporations delegated you to develop it.
And on this you spent like what, two years of development? And now you are disappointed because nobody wants to use it.

You wasted two years of time to develop this useless feature, while there were so much more important issues to address in the bitcoin software.
And here we are; few years later, the blocks are getting full and the only solution the bitcoin core lead dev has to address it, is still the same: we must increase the block size! Why we must increase the block size? Well, two reasons:
1) Because Gavin has not moved a finger to address any of the scalability issues. Decentralized off-chain transaction is apparently something that he was forbidden to purchase, since these solutions would make coin tracking much more complicated. Unlike the payment protocol..
2) Because he says, he doesn't care about mining. Well, keep not caring about mining, man - that will surely pay off for you

So to wrap up my post: well done, Gavin! As a bitcoin core developer, you can be really proud of yourself, for providing the community with features that one part doesn't care about, while the other part finds hostile to the actual bitcoin principles. And all at the cost of features that the community has been actually waiting for.

I just said: this feature was pretty useless.
It wasn't adding any security and was a hell lot a hassle to use it.

I don't see why anyone would want to extract hashes, just to sign numbers instead of the actual transaction file.
And then, to make it even more convoluted, use another tool to put the signatures + pubkeys into the unsigned transaction, before broadcasting.
The wallet can do all this things together, in much more secured way, where you can actually check what you are signing, instead of just signing a meaningless number.
This feature just didn't make any sense to me.

BTW, the latest version of wallet also supports Litecoin (add -ltc switch)
The client node does not, but you can fetch balance of your Litecoin addresses from http://ltc.blockr.io using tool/balio
Then broadcast a signed transaction to Litecoin network using this page: http://ltc.blockr.io/tx/push (or the official litecoin's client sendrawtransaction RPC).

---

From other useful changes in the wallet, now you can just do:
.. to sign all the multisig inputs that the current wallet knows keys for. (previously you had to specify a specific signing address with "-msign")