Topic: pay2email.net: A pay-to-email demo service (Read 2623 times)

Hello,

We have built a small website at https://pay2email.net that allows you to send payment requests to people by email.

For now it only works for testnet. If people find it useful we will enable mainnet support.

The added-value of this service is that it authenticates the source email: this way, the debitor will have a guarantee that the payment request indeed comes from who it says it is. Also, it is very simple on the debitor's side: he will receive an email containing a link that will open his wallet, validate the payment request and ask for user approval.

The service leverages BIP70, which basically allows a bitcoin payment request (amount, destination, description) to be signed. It was initially designed for use by merchants, so that users pay to a domain name instead of an obscure (and possibly altered) bitcoin address. But if the domain name acts as a trusted third party instead of the recipient of the payment, it allows for secure payment requests between individuals.

Obviously, a tech-savvy user who owns a domain name with a corresponding ssl certificate, and knows how to set up an http api could do that all by himself. Or he/she could just send a regular email containing the transaction details, signed by a well-known pgp key. But we think that it may be a bit too complicated for average users and developed a simple service that wraps it up for them.

* How does it work ? *
Suppose [email protected] wants to send a payment request to [email protected]
1) Alice connects to https://pay2email.net and enters her email, Bob's email, a bitcoin amount, a bitcoin address or script, and a short description
2) pay2email.net sends a verification email to [email protected] with a summary of the request and a link
3) Alice opens the verification email and clicks on the link
4) pay2email.net builds a bip70 request and signs it with its ssl certificate. In the memo field of the bip70 request there will be a note indicating that the request comes from alice's email, along with the description provided by alice.
5) pay2email.net sends an email to [email protected], containing a bitcoin:?r=... link
6) Bob clicks on the link, which opens his bitcoin wallet, and he will see that pay2email.net has signed a payment request on the account of alice

* Limitations *
- Obviously this won't work if Bob's wallet does not support bip70 requests
- Some wallets (eg bitcoin-core) display the request in a way that will make bob think that it pays pay2email.net, and do not display the actual destination address
- On bitcoin-core 0.9.3, opening a request will fail is the application is already running (regression from 0.9.2). You need to close it first
- Some wallets (eg android wallet from A. Schildbach) only display a short portion of the memo message.

* Why should I trust you? *
We play the role of a trusted third party here, and yes: we could very well change the destination address to one of ours if we were evil. This would effectively make debitors pay legit requests to us instead of you.
Anyway, you don't have to trust us: just use testnet addresses and you'll be safe.
Source code is available here: https://github.com/ACINQ/pay2email

This website will be maintained for some time. Maybe we will add support for BIP32 HD keys in the future, this would allow us to derivate public keys and not ask for a bitcoin address anymore.

Please tell us what you think of it.

Enjoy!