FAQ on the payment protocol

[Hyena]

What next? Adding support for http://www.bitcointrezor.com/ to the standard bitcoin wallet?

Absolutely.  It would be quite nice if wallets support Trezor, including Bitcoin-QT.

Well Trezor is cool, I don't argue that but it's conceptually wrong to add excess features to a bitcoin wallet program that should be the most trivial and standard one. You can always make a new program that would act as a proxy between bitcoin QT and Trezor. Thus, I still don't support the idea of bloating the standard wallet with anything other than what the bitcoin protocol needs.

Bitcoin QT should be commercially neutral. This means that it should not feature any entity that gets direct monetary profit from such features. Introducing features that glorify CAs is on the same level of wrongness as adding the following text to the Bitcoin-QT's GUI: "Click here to buy bitcoins from Mt. Gox!"

[1713865817]

1713865817

[1713865817]

1713865817

[1713865817]

1713865817

[jgarzik]

What next? Adding support for http://www.bitcointrezor.com/ to the standard bitcoin wallet?

Absolutely.  It would be quite nice if wallets support Trezor, including Bitcoin-QT.

Well Trezor is cool, I don't argue that but it's conceptually wrong to add excess features to a bitcoin wallet program that should be the most trivial and standard one. You can always make a new program that would act as a proxy between bitcoin QT and Trezor. Thus, I still don't support the idea of bloating the standard wallet with anything other than what the bitcoin protocol needs.

Bitcoin QT should be commercially neutral. This means that it should not feature any entity that gets direct monetary profit from such features. Introducing features that glorify CAs is on the same level of wrongness as adding the following text to the Bitcoin-QT's GUI: "Click here to buy bitcoins from Mt. Gox!"

Making the user experience more resistant to MITM attacks is not bloat.

[Hyena]

Making the user experience more resistant to MITM attacks is not bloat.

If MITM is such a great problem then go behind the bushes and exchange your keys there. Really, to me this whole thing seems like an excuse to make everyone pay more money to CAs.

Also, if you absolutely need to make user experience more resistant to MITM attack then please create a branch bitcoin wallet instead of ruining the core code with features that are not really needed for bitcoin to work.

[Mike Hearn]

By "MITM attack" we're also talking about viruses on your computer here, which is a not so uncommon occurrence unfortunately. In this case the "middle" is your computer and the "man" is whoever controls the virus. The Trezor manages your wallet so it can't get infected, the computer just provides support services and connectivity.

I think being able to handle the case of a virus infected computer is pretty much core wallet functionality. But, sure, opinions can differ on that. In the past month a couple of new desktop wallets appeared (both Mac only sadly), so it's definitely not that hard to create your own wallet with your own blend of features these days.

I think a Tor specific PKI sub-protocol for the payment protocol would be a great thing. Hidden services are already identified by public keys, so it should not be very hard to add support for that at all, if someone wanted to do it.

[Hyena]

I just generally support modularity. Trezor should have its own host program to connect it to bitcoin qt instead of bitcoin qt directly including the Trezor specific logic in its own code.

[malevolent]

I just generally support modularity. Trezor should have its own host program to connect it to bitcoin qt instead of bitcoin qt directly including the Trezor specific logic in its own code.

+1

I also believe Bitcoin should remain vendor-neutral, are the devs in any way affiliated with Trezor?

What happens when other companies start offering similar products, are the bitcoin devs also going to include support for them in the official bitcoin client?

What happens when by a string of back luck some design flaw in Trezor causes or contributes to the loss of someone's bitcoins?

If think there should at least be a Bitcoin-Qt client to download without Trezor-related or other products' code, or if the extra Trezor-supporting code was released as a separate plugin/add-on/whatever.

[Mike Hearn]

At the moment nobody is adding Trezor support to Bitcoin-Qt.

It'd be nice if there could be a standardised protocol so Trezor and its competitors were all compatible. It's a bit early for that though.

[Carlton Banks]

I'm just counting the days until ALL bitcoin transactions are going to be required by legal or regulatory measures to be via the surveillance dragnet payment protocol ... it's pretty transparent where this is heading.

Well, they're adding this implementation of the payment protocol too early for it to work out quite like that. But I'm with you guys in principle, I don't intend to encourage merchants that use this too much. And I'd be very positive about a real solution to the ease of use issue. I'm not sure if the developers haven't missed the point a little anyway: the more popular a genuinely free and open protocol gets, the more the culture will take on a life of it's own. They can't force merchants to use the payments protocol, and there are simple and secure ways to make homemade server-side payment processes for the merchants that don't want to deal with the CAs. This solution is for lazy, unimaginative and conformist/convention minded kinds of people, i.e. the sort that aren't that attracted to Bitcoin at all yet.

I expect this original incarnation of the Payments Protocol will be long forgotten in the not so distant future, especially if it's use gets pushed too hard by any significant figures within Bitcoin. There are too many idealistic people who can just innovate their own solution, I strongly encourage it. Core dev team is not a dictatorship, there's already independent teams doing work on the Satoshi client, and independent clients. We still have the power of choice, for now.

[callem]

At the moment nobody is adding Trezor support to Bitcoin-Qt.

It'd be nice if there could be a standardised protocol so Trezor and its competitors were all compatible. It's a bit early for that though.

^ Yes. Any support should be in the form of a general API for external tx signing. Nothing vendor specific (obviously). 

[Severian]

This solution is for lazy, unimaginative and conformist/convention minded kinds of people, i.e. the sort that aren't that attracted to Bitcoin at all yet.

You've just described the very people that I suspect some folks on the dev team and within the Bitcoin Foundation are trying to impress with this protocol: institutional investors and their related ilk in large online commercial concerns. I understand the desire some people have to see Bitcoin accepted in the wider world, but this isn't the way to do it. Some folks working with TLAs might be interested in this BIP also due to possibility of connecting real-world info to Bitcoin addresses and increasing their tracking capabilities on the blockchain.

[ineedit]

This solution is for lazy, unimaginative and conformist/convention minded kinds of people, i.e. the sort that aren't that attracted to Bitcoin at all yet.

You've just described the very people that I suspect some folks on the dev team and within the Bitcoin Foundation are trying to impress with this protocol: institutional investors and their related ilk in large online commercial concerns. I understand the desire some people have to see Bitcoin accepted in the wider world, but this isn't the way to do it. Some folks working with TLAs might be interested in this BIP also due to possibility of connecting real-world info to Bitcoin addresses and increasing their tracking capabilities on the blockchain.

+1   Well said!

If Bitcoin wants to be the first real independent world currency then it must standalone and ignore the interference and control of governments or commerce.

[Gavin Andresen]

"Impress with this protocol" ??

My primary motivation for the payment protocol can be seen in this mock-up of multi-signature transaction authorization:
  https://moqups.com/gavinandresen/no8mzUDB/p:af7339204

I want much more secure wallets, but we can't get there unless the "who am I paying" piece is authenticated.

You should save the "Gavin is trying to impress evil institutional investors" mud-slinging for when I get around to laying out the argument for increasing the block size, because that would be closer to the truth.

[Severian]

You should save the "Gavin is trying to impress evil institutional investors" mud-slinging for when I get around to laying out the argument for increasing the block size, because that would be closer to the truth.

Gavin, I have a higher opinion of your intentions than that. You're the only reason I ponied up 25 btc when the foundation started and you're still the only reason I don't regret having done so. But your antenna for realpolitik doesn't seem to be quite as attuned as your abilities in programming and organization are.
 
Lavabit's cert was just revoked. The inclusion of CAs in Bitcoin allows for a pressure point to those who use CAs to verify their identity to customers. Run afoul of someone in the regulatory/enforcement world and a seller's CA could end up like Lavabit's and their biz gets threatened or wiped out. Or they could just take a look at the CA-connected address that a merchant is using and make all kinds of links to the buyer's address and then follow the change address transactions after that. The CA-connected address is like an anchor in the intel ocean.

The strength of Bitcoin is, or was, in how it protected the merchant. This BIP opens up a weakness in that protection to both seller and buyer. I'm sorry to see it happen to the reference client and to Bitcoin.

[Mike Hearn]

That's absurd. The whole Lavabit episode actually indicates how strong the CA infrastructure really is - these guys were going after Snowden, public enemy number one at that time, and they had to ask Lavabit for their SSL keys. They didn't simply pop round to their local friendly CA and grab a fake cert (because that would have been spotted and the CA itself would have risked revocation) .... they spent weeks and months arguing in court to try and get the keys for the original cert instead.

How could the infrastructure have done any better here, exactly? Is that not the doomsday scenario you're worried about, and yet there was no fake cert? When the US government is reduced to "give us your keys or we'll throw you in jail", that's basically a 100% success for the crypto system, isn't it?

As was already explained in the FAQ, payment requests don't go into the block chain or anywhere else. They are sent between the merchant and you. If the NSA can obtain them, they can already obtain all your communications with the merchant anyway, at which point receipts are the least of your concerns.

Look, I'm all for reasonable paranoia. This has long since left the realm of the reasonable.

I'm going to lock this thread now because the arguments are going round in circles. The payment protocol is designed to support more than
just the SSL PKI. If you don't like it, design and implement a system you think is better and get people to adopt it.