|
| 1 | +--- |
| 2 | +title: BIP70 payment protocol |
| 3 | + |
| 4 | +## Optional. An entry will be added to the topics index for each alias |
| 5 | +#aliases: |
| 6 | +# - Foo |
| 7 | + |
| 8 | +## Required. At least one category to which this topic belongs. See |
| 9 | +## schema for options |
| 10 | +categories: |
| 11 | + - Wallet Collaboration Tools |
| 12 | + |
| 13 | +## Required. Use Markdown formatting. Only one paragraph. No links allowed. |
| 14 | +## Should be less than 500 characters |
| 15 | +excerpt: > |
| 16 | + **The BIP70 payment protocol** is an interactive protocol for |
| 17 | + sending payment requests and receiving payments. |
| 18 | +
|
| 19 | +## Optional. Use Markdown formatting. Multiple paragraphs. Links allowed. |
| 20 | +extended_summary: | |
| 21 | + The protocol involves several steps: |
| 22 | +
|
| 23 | + - Customer clicks a [BIP21][] `bitcoin:` URI extended with an |
| 24 | + additional `r` parameter (described in [BIP72][]). The URI handler |
| 25 | + opens the user's wallet in response |
| 26 | +
|
| 27 | + - The wallet contacts the merchant's server and asks for a payment request |
| 28 | + signed by the merchant's SSL certificate. Upon receipt and |
| 29 | + validation of the signed payment request, the payment details are |
| 30 | + automatically filled out on the wallet's *Send Transaction* screen. |
| 31 | + Optionally, the user is notified that they're paying the owner of |
| 32 | + the domain corresponding to signing certificate (e.g. |
| 33 | + "example.com") |
| 34 | +
|
| 35 | + - The customer reviews the payment details and clicks the *Send |
| 36 | + Transaction* button. The transaction is generated and broadcast to |
| 37 | + the Bitcoin network. A copy of the transaction is sent to the |
| 38 | + merchant, who then replies with an acknowledgment that the payment |
| 39 | + was received (optionally rebroadcasting the transaction from their |
| 40 | + own nodes) |
| 41 | +
|
| 42 | + The protocol had several advantages over plain BIP21 URIs: |
| 43 | +
|
| 44 | + - The merchant could request payment to any script---not just one |
| 45 | + of the popular address types---making the proposal forward |
| 46 | + compatible with new address formats |
| 47 | +
|
| 48 | + - The customer's wallet automatically sent their own script to be |
| 49 | + used in case a refund needed to be issued |
| 50 | +
|
| 51 | + - Payment requests had an expiration date after which point the quoted price |
| 52 | + would no longer apply |
| 53 | +
|
| 54 | + - It gave the spending transaction directly to the merchant, |
| 55 | + allowing them to broadcast it. This could allow a user to pay |
| 56 | + using Bluetooth or NFC even if they didn't currently have |
| 57 | + a connection to the Internet |
| 58 | +
|
| 59 | + Its main disadvantage was that it required that spenders support the SSL |
| 60 | + certificate system, which includes many algorithms not otherwise used |
| 61 | + in Bitcoin and a complex Public Key Infrastructure (PKI) system. In |
| 62 | + practice, this meant software needed to include a library such as |
| 63 | + OpenSSL as a dependency. Bugs in that library could then be used to |
| 64 | + exploit Bitcoin programs, such as the OpenSSL [heartbleed][] |
| 65 | + vulnerability that potentially allowed attackers to [access private |
| 66 | + keys][core heartbleed] from Bitcoin Core in 2014. |
| 67 | +
|
| 68 | + Ultimately, BIP70 never saw widespread adoption and almost all |
| 69 | + merchants and wallets that did once support it have either ended |
| 70 | + support or plan to end their support in the future. |
| 71 | +
|
| 72 | + [heartbleed]: http://heartbleed.com/ |
| 73 | + [core heartbleed]: https://bitcoin.org/en/alert/2014-04-11-heartbleed |
| 74 | +
|
| 75 | +## Optional. Produces a Markdown link with either "[title][]" or |
| 76 | +## "[title](link)" |
| 77 | +primary_sources: |
| 78 | + ## BIPs 70, 71, 72 were part of the original protocol. BIPs 73, 74, |
| 79 | + ## 75 are all related to BIP70 but were extensions that came later, so |
| 80 | + ## they probably shouldn't be linked as primary documentation |
| 81 | + - title: BIP70 |
| 82 | + - title: BIP71 |
| 83 | + - title: BIP72 |
| 84 | + |
| 85 | +## Optional. Each entry requires "title", "url", and "date". May also use "feature: |
| 86 | +## true" to bold entry |
| 87 | +optech_mentions: |
| 88 | + - title: Pay-to-EndPoint (P2EP) has elements similar to BIP70 |
| 89 | + url: /en/newsletters/2018/08/14/#pay-to-end-point-p2ep-idea-proposed |
| 90 | + date: 2018-08-14 |
| 91 | + |
| 92 | + - title: "Bitcoin Core PR#14451 allows building Bitcoin-Qt without BIP70 support" |
| 93 | + url: /en/newsletters/2018/10/30/#bitcoin-core-14451 |
| 94 | + date: 2018-10-30 |
| 95 | + |
| 96 | + - title: "Bitcoin Core PR#15063 allows falling back to BIP21 parsing of BIP72 URIs" |
| 97 | + url: /en/newsletters/2019/02/19/#bitcoin-core-15063 |
| 98 | + date: 2019-02-19 |
| 99 | + |
| 100 | + - title: "Bitcoin Core PR#15584 disables support for BIP70 by default" |
| 101 | + url: /en/newsletters/2019/09/18/#bitcoin-core-15584 |
| 102 | + date: 2019-09-18 |
| 103 | + |
| 104 | + - title: "Bitcoin Core PR#17165 removes support for BIP70 payment protocol" |
| 105 | + url: /en/newsletters/2019/10/30/#bitcoin-core-17165 |
| 106 | + date: 2019-10-30 |
| 107 | + |
| 108 | + - title: "Bitcoin Core 0.19 released with BIP70 support disabled by default" |
| 109 | + url: /en/newsletters/2019/11/27/#deprecated-or-removed-features |
| 110 | + date: 2019-11-27 |
| 111 | + |
| 112 | + - title: "2019 year-in-review: Bitcoin Core BIP70 deprecation and disablement" |
| 113 | + url: /en/newsletters/2019/12/28/#bip70 |
| 114 | + date: 2019-12-28 |
| 115 | + |
| 116 | +## Optional. Same format as "primary_sources" above |
| 117 | +# see_also: |
| 118 | +# - title: |
| 119 | +# link: |
| 120 | +--- |
0 commit comments