Integrate Payment Protocol from Bitpay (BIP 70) #28
Comments
|
If there's no gaping privacy hole in it as a sender or UX nightmare in it I'm all for implementing it. |
|
IMO BIP70 is a good solution for reducing MitM attacks and improving the usability of wallets. However, in our case I am not really sure we should implement it because the users' IP address are exposed to the payment server losing the privacy WW promises. Requesting the payment information through Tor is not a good idea because there is no way to prevent MitM attacks by exit nodes (the main selling point for bip70), and that's why payment processors like BiPay refuse connections from tor exit nodes. One could say that the users' IP addresses are already known by the payment processor because they have to visit their webpage in order to get the payment url. However, users can use tor or vpn for vising the merchant site and payment processor site. Also, many of these sites are behind firewall, IPSs and all kind of "privacy prevention" infrastructure (think about cloudflare and similars that blocks you or delay you with captchas and other annoying things if you use tor) In summary, IMHO this is only useful for improving the wallet UX by reducing the privacy level. UPDATE: I remember that @NicolasDorier was against it when BitPay introduced it but I don't remember why. |
|
BIP70 is poor for privacy. You need to make a request to bitpay to know where to send. Also it is a big headache because you need to validate the cert embedded inside the BIP70 request at the app level, which mean you introduce a dependency on the whole PKI stack (OpenSSL/Win crypto). NBitcoin support it and abstract it correctly, but I really plan to deprecate it. Other issue, Bitpay expect, as part of the protocol, that you send them the transaction instead of broadcasting it yourself. Right now they support broadcasting by yourself, but they might not in the future. BIP70 has been deprecated in Bitcoin Core bitcoin/bitcoin@9886590 . Not only because the dependency on OpenSSL but because of the issue where the node should not broadcast itself. Also it add a dependency to protobuf. The JSON payment req protocol is a bit better:
But it is not supported by NBitcoin. (I am open to support it) |
|
Thanks for the input. After reading what both of you wrote I can agree that implementing the BitPay protocol would be kind of a nightmare and would move Wasabi away from its goal of improved privacy. Its not a huge deal to move some coins to separate wallet that already supports it. I'm not happy about how BitPay forced this protocol, but I can understand their reasoning as a payment processor to streamline the users interaction and ensure payments are received in full. As noted before a potential work around could be to expose a private key so the other wallet could sweep and send a transaction directly from a Wasabi address. Though it is not clear if the current code would catch the amount change. Now that this has been discussed, feel free to close this request and it can be archived. |
|
@JuniperTonic I transferred this issue to the Meta repo. I don't want to close this until I take a look at it myself, too. |
|
I agree with @NicolasDorier here, BIP 70 has many flaws, some discussed here. |
BIP70 strictly increases the risk of MitM attacks compared to BIP21 as the address is not in the URI and has to be fetched by the wallet separately, unfortunately some payment processors make false claims in regards to this. |
|
Yes @jameshilliard, and notice that Wasabi has already implemented BIP21 in WalletWasabi/WalletWasabi#1949. [@nopara73 I think you can close this issue] |
|
This is a discussion about BIP 70, not BIP 21. |
|
Can we close the issue? |
|
No. I did not do my own research yet. |
|
I think Bitpay backtracked on BIP70. Sadly I could not check by myself, old services I was using which used bitpay have all switched to btcpayserver. |
|
Obsolated. As @NicolasDorier said, BitPay does not do BIP70 anymore. Replacement issue: WalletWasabi/WalletWasabi#3864 |
Just to start it looks like a variation of this topic is already being discussed, which already lays out some of my concerns. Meta/Bustapay integration
Is your feature request related to a problem? Please describe.
When trying to spend BTC from Wasabi wallet, there is no way to send BTC to BitPay backed merchants. I currently have to send to another wallet and process the payment from there.
Describe the solution you'd like
Here are some links to the "Payment Protocol" that BitPay uses. They created a JSON interface to help wallet integration.
FAQ of Payment Protocol
DEV Overview
JSON Payment Protocol Spec
This should serve as a starting point for anyone who want to look into it
Describe alternatives you've considered
Will the BitPay server be upset if the payment is received from a different IP than the one logged at the merchants website?
A work around would be exposing a private key and just sweeping/signing a transaction from the other wallet
To even test this you have to open a BitPay merchant account. Does anyone have one that can be used on the testnet?
Feel free to move this request or provide input if this is not something that would work with Wasabi
The text was updated successfully, but these errors were encountered: