Really man I don't even know what OCSP stands for, since I really don't care about such a useless technologies.

But sure, feel free to call me a giant fucking troll, as opposed to a member of the bitcoin elite that you are obviously representing here - from you, I actually take it as a compliment

oh, right - sorry.
so you are asking whether publishing a part of your private key creates a security risk?
yes it does - even bigger if you publish a corresponding public key along with it.

in other words: never publish any parts of your private key - the bigger part you publish, the more risky it is that someone will find it.
publishing one or two bits probably would not change much, but from what I understand you only change "one or more of the digits", which makes you pretty much exposed.

That was actually my initial understanding that SSL does not need CA server, as long as it has a trusted parent cert in local storage.

But still, this diagram does not mention SSL validation at all, and some people in this topic have clearly stated that it involves signing (verifying) transaction's hash with the CA server itself.
To be honest, I don't know if it is entirely true. All I know is that these are the same people who are sort of defending this new payment protocol.
And I also know that SSL certificate has a built in mechanism to be revoked - so it makes me wonder how it works with the payment protocol, since it's logical that it must connect to CA at least to revoke a cert. Having this in mind, I would not be surprised anymore finding out that it also connects to CA to verify the signature itself.

The problem is that we don't know how the validation process really works, step by step and Mike's "fantastic payment protocol FAQ" does not come handy here at all, does it?

Right.
So where/when is the SSL verification?
It's definitely missing in there.

yeah, but this diagram does not seem to cover the SSL authentication process at all.
WTF "Authorize?" means??

OK.
So on the 11th page of this topic, it is already sort of official: each time you use the new payment protocol, your PC connects to the CA server and leaves there the TxID and your IP.

Guys, you should have started from it - then we would tell you already at the first page to not waste a year of your time on developing such a crap.
Hell, if you put it into 0.9, I am not going to run it even once, on my PC. Thank you very much for such a great features, but I'm totally fine without them

FWIW, I don't think you helped Gavin at all, while stating: yes, the user's transaction along with his IP will be logged at the CA server, every time the new payment protocol handles an outgoing transaction.

But thank you - you definitely helped the rest of us.
Knowledge is power

You're right - I have not looked into it at all.
Sorry, but I never watch ads, no matter how good a movie is

But what I can tell you is that, as far as I know you, I would not trust you with protecting my anonymity.
I'd rather use Tor with enabled JavaScript.

You shouldn't be surprised, considering that you don't care about anonymity at all.
Any dev working for your money, would not have been much different from what Gavin or Mike are doing right now.
As much as the media admires them, the people who can actually develop stuff see that there is something wrong around it.
Nobody wants to take a part in building a worse future for his children, even if you pay them.

IMHO there is no lack of developers who would like to help with bitcoin.
What there is though, is a cartel controlling the development of the reference client, not letting in anyone who would try to invent anything that would have made bitcoin even a bigger threat to the establishment.

This is the only way I can explain the past 2 years of essentially no useful progress in this project.
Despite of the fact that the price of bitcoin went up tens of times fold.

It doesn't.
But it does affect bitcoin-qt.
There are millions of people using this s/w and ever since the new payment protocol is introduced they will be using it, unconsciously ignoring the fact that each time they make a "secured payment", they likely log it along with their IP, at the CA server that issued the recipient's cert.

No, you get it all right. That is exactly why I cleverly never pay BTC using BitPay.

Eeee...
Sorry, but what my unwillingness to broadcast each of my bitcoin transactions to a CA has to do with anyone paying taxes?

And once again: I really don't care about "major corporations".
If they all fucked off and died today - that would have been the best day of my life
Bitcoin is for people - not for corporations.

Well, IMHO the question you should be asking is: how is it going to be any better than what is already *standard*?

And this question I can even answer myself: it isn't.

Of course I wasn't serious.
But my concern is a really serious one.

It is a known fact that SSL certificates have a built in mechanism to be revoked by their CA.
And it is also a known fact that today SSL certificates are essentially validated by an OS, since the OS has the root certificates.
Maybe not in case of Firefox, but definitely in case of Chrome, and since we have a Google employee putting it into Bitcoin, it seems natural to assume that he would use the Chrome approach.

So once again: how can we be sure that our OS does not report each transaction we send, along with our IP, to the CA?

I would not expect it.
Some posts ago I asked another silly question: can anyone make a clear statement as to whether my PC will connect to the CA server to check if a certificate has not been revoked?
No answer whatsoever.
And that leaves us with three possible explanations:
1) They don't know - meaning: they don't know what they are doing adding these SSL stuff into bitcoin
2) Yes, my PC might connect to CA each time I do a payment - meaning: our IP gets exposed each time we pay, but they don't want to worry us
3) I don't deserve their answer - meaning: who besides me cares about such a minor concerns?
Since we don't know the correct number, maybe we should make a poll?

Hostility can have many faces.

There can surely be an open active hostility; e.g. when the bitcoin community accuses core devs of corruption (or at least a conflict of interest) and they demand an explanation. (which never comes, which makes them even more openly hostile)

But there can also be a hidden passive hostility; e.g. core devs intentionally sabotaging development of the project's original principles, by developing it in the opposite directions.

I totally get it, that Gavin and others perceive us as a bunch of assholes who don't even deserve an explanation - they are obviously too important piece of the bitcoin elite to explain anything to us, an average users from some bitcointalk forum. But since we have already established this position, and it's pretty clear who we are for them, we (just like them) still do the best we can to help the community in building a prosperous future of this project. And that (among other things that we do, which the bitcoin elite also doesn't give a shit about) is today, unfortunately warning people to be careful with trusting the cartel that took over the development of the satoshi client and to be careful with using the new incoming features.
You call it hostility - I call it sincerity.

Really?
Not to undermine anyone's useful input into the project, but to be honest, from this perspective it looks more like for the last two years or so, these "very intelligent people" have mostly been busy with "working on understanding".

I totally understand you. I also find boring almost every work that I do only because I get paid for it.
And it is especially boring when I know that what I am working on is going to be useless after all.

Personally, I don't like a software which assumes that I am so stupid that I cannot calculate a proper fee myself.
But I guess Gavin is doing it for his grandma...

Anyway, I will believe that this solution actually works when I see it.
And by "works" I mean that it can actually calculate the lowest fee possible, to get a tx mined within the assumed time window.

Moreover, like with many other extremely important features, I have no idea what it has to do with a development of the bitcoin core.
One could think of a webpage that would be doing exactly the same; tell a user what fee he shall include in a tx, to get it mined within a given time window.

Maybe Gaving should step down from the core bitcoin dev position and start developing websites for Bitcoin Foundation?
He seems to be much more into this kind of technologies, rather than a virtual currency that begs for more decentralization, anonymity and security.

But as you see, we at least don't underestimate the importance of the payment protocol work for Google and the rest of the cartel driving development of the satoshi client today.
The guy must be very proud seeing how quickly the steering wheel of his open source project got captured by such a fine set of corporations

Right. And one can only wonder how BTC got to $200 price, without a working payment protocol.
It was in Bitcoin 0.1 - how could we have lived without it ever since? We obviously don't know what we were loosing...