Topic: Extend BIP 21 (Read 552 times)
Write this up in BIP form and submit it the the BIPs repository and the bitcoin-dev mailing list.
Also with DANE the x.509 certificate used on the server can be self-signed, so that what certificate authorities are valid don't need to be specified.
Currently BIP 21 has :
I would like to optionally replace bitcoinaddress with a domain name of a TLS payment server that a client can connect to to retrieve the address.
e.g. bitcoin:payment.swampland.rich
When a client encounters such a URI it does a DNS lookup for a TLSA record associated with TCP port 443 for that domain and does a DNSSEC validation of the fingerprint. The client then (e.g. through libcurl) may make a connection to the domain, which will be a DNSSEC validating domain, to retrieve the actual payment address.
When a domain name is used in place of a bitcoinaddress, a new bitcoinparams parameter MUST be used, I propose cid for the parameter name. The keyword _fresh indicates the client is seeking a fresh address (e.g. for donation purposes). Otherwise it contains a transaction identification of some sort, such as a shopping cart identification number.
The bitcoin client will send the parameter as an http header when it connects to the specified URL.
Optionally a parameter vtx may also exist, that specifies a transaction fee that may be deducted from the payment amount and included in the transaction. This would allow commerce sites to specify a higher transaction fee that is taken from the final price but allows faster confirmation in the blockchain with the higher tx fee being deducted from the shopping cart amount.
The bitcoin client makes a TLS connection validating the fingerprint matches the TLSA record, and the server can use the cid parameter sent as a header to find and return the bitcoin address associated with the cid so that the client can create the transaction.
This I believe would make bitcoin easier to use, and help avoid the malware issues where a bitcoin address in the clipboard is modified to an address controlled by an attacker.
If DNSSEC is required from the start, it will not be susceptible to most DNS based attacks.
-=-
We use DNS to avoid humans needing to interact with IP addresses, even though IP addresses often are stable. It's about time something be done to make bitcoin addresses which often are single use friendlier for people to use.
Code:
bitcoinurn = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ]
I would like to optionally replace bitcoinaddress with a domain name of a TLS payment server that a client can connect to to retrieve the address.
e.g. bitcoin:payment.swampland.rich
When a client encounters such a URI it does a DNS lookup for a TLSA record associated with TCP port 443 for that domain and does a DNSSEC validation of the fingerprint. The client then (e.g. through libcurl) may make a connection to the domain, which will be a DNSSEC validating domain, to retrieve the actual payment address.
When a domain name is used in place of a bitcoinaddress, a new bitcoinparams parameter MUST be used, I propose cid for the parameter name. The keyword _fresh indicates the client is seeking a fresh address (e.g. for donation purposes). Otherwise it contains a transaction identification of some sort, such as a shopping cart identification number.
The bitcoin client will send the parameter as an http header when it connects to the specified URL.
Optionally a parameter vtx may also exist, that specifies a transaction fee that may be deducted from the payment amount and included in the transaction. This would allow commerce sites to specify a higher transaction fee that is taken from the final price but allows faster confirmation in the blockchain with the higher tx fee being deducted from the shopping cart amount.
The bitcoin client makes a TLS connection validating the fingerprint matches the TLSA record, and the server can use the cid parameter sent as a header to find and return the bitcoin address associated with the cid so that the client can create the transaction.
This I believe would make bitcoin easier to use, and help avoid the malware issues where a bitcoin address in the clipboard is modified to an address controlled by an attacker.
If DNSSEC is required from the start, it will not be susceptible to most DNS based attacks.
-=-
We use DNS to avoid humans needing to interact with IP addresses, even though IP addresses often are stable. It's about time something be done to make bitcoin addresses which often are single use friendlier for people to use.
Jump to: