Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BIP 321: URI Scheme (Replace BIP 21 with a new BIP containing information about more modern usage of it) #1555

Open
wants to merge 13 commits into
base: master
Choose a base branch
from

Conversation

TheBlueMatt
Copy link
Contributor

As Bitcoin has grown, the introduction of new address formats describing new forms of payment instructions has become increasingly fraught with compatibility issues. Not only does there exist traditional on-chain addresses, but some recipients wish to receive Lightning (when the sender supports it) or newer formats such as Silent Payments.

This has led to increasing use of the BIP 21 query parameters to encode further optional payment instructions.

Looking forward, as new payment instructions get adopted, it makes much more sense to include them in query parameters rather than replace the existing address field, ensuring compatibility with senders and recipients who may or may not be upgraded to support all the latest payment instructions.

This updates BIP 21 to suggest that future address formats do this.

Further, it updates BIP 21 to allow an empty bitcoin address in cases where new payment instructions have moved to becoming mandatory. This isn't a backwards-incompatible change any more than switching to a new address format is, so doesn't impact existing BIP 21 implementations in a new way, however provides a nice conclusion to the query-parameter-based upgrade path - once a form of payment instructions has broad adoption, senders can simply drop the existing address field, keeping their existing query parameter encoding, rather than replace the existing address field. It also addresses the question of what to do if a wallet no longer wishes to receive some legacy on-chain address, but has multiple payment instruction formats that they wish to include - deciding which one to place in the address field would be a difficult task.

@josibake
Copy link
Member

josibake commented Mar 4, 2024

(Background discussion for context: https://delvingbitcoin.org/t/revisiting-bip21/630)

Thanks for starting this! Conceptually, I agree with the updates but I think we can get a bigger win by advising the use of HRPs directly instead of key-value pairs. The benefits of this approach are:

  • Better taproot support: using HRPs directly would allow us to construct backwards compatible taproot URIs of the form bitcoin:bc1q...?bc1p...=o / bitcoin:bc1q...?bc1p...
  • Support for future payment instructions: any new payment protocol that encodes their payment instructions using bech32m can be included directly, e.g. bitcoin:bc1q...?newprotocol1<bech32m encoded data>=o
  • Existing unified QR codes can be made smaller: following an upgrade period to allow clients to update, we would be able to create URIs bitcoin:bc1q...?lnbc1...=o (instead of ?lightning=lnbc1...) and fully static URIs bitcoin:sp1q...?lno1...=o

For senders, this simplifies implementing support for new address types in that clients can implement support for a generic BIP21 URI using HRPs as keys. As the client supports new bech32m encoded addresses, they are supported automatically without any additional changes.

Clients would still need to support new payment instructions that instead decided to use a query parameter, but I would expect most (if not all) clients to prefer bech32m encodings now that they get BIP21 support for free.

I wrote a rough draft here, feel free use / modify as needed if you find it useful: josibake@07339bd

@TheBlueMatt
Copy link
Contributor Author

Better taproot support: using HRPs directly would allow us to construct backwards compatible taproot URIs of the form bitcoin:bc1q...?bc1p...=o / bitcoin:bc1q...?bc1p...

I think this ship has sailed, but K/V-vs-no-K has no impact on this. We could do bitcoin:bc1q...?taproot=bc1p. or whatever just fine. Ultimately its probably too late to update how any taproot anything appears in QR codes/URIs.

Support for future payment instructions

This is similarly untrue, the only difference is it reduces the characters used for future instructions, but whether it supports future instructions or not, both do.

Existing unified QR codes can be made smaller: following an upgrade period to allow clients to update, we would be able to create URIs bitcoin:bc1q...?lnbc1...=o (instead of ?lightning=lnbc1...) and fully static URIs bitcoin:sp1q...?lno1...=o

Indeed, we can save a few characters here or there. I think the ship has similarly sailed for BOLT 11, but of course we can do something different for BOLT 12.

Ultimately I think the only difference between the two proposals are:

  • Skipping the key has slightly less bytes in the QR code, which helps very slightly on the margin.
  • Skipping the key means parsing is a bit trickier if/when we have some new payment instructions that don't use bech32m - do clients need to check the bech32m checksum for unknown payment instruction types? What do they do if its wrong? What happens when someone (without thinking) defines some payment instructions that match a bech32m HRP spuriously (but I guess probably the checksum would be wrong?). These should all be written out and considered if we want to go this path.

I think the right approach here is the simpler one, but there's not a really strong reason to prefer either over the other, honestly.

@josibake
Copy link
Member

josibake commented Mar 7, 2024

This is similarly untrue, the only difference is it reduces the characters used for future instructions, but whether it supports future instructions or not, both do.

No, they are not the same. This is especially relevant if wallets are using a BIP21 library: my wallet supports new address type abc1xxxx, which (according to your proposal) also gets a abc key defined (i.e. abc=abc1xxx. My wallet can parse the address but since my BIP21 library I am using hasn't added support for the new key, I am unable to parse these URIs. With my proposal of allowing bech32m encoded addresses to be used without a key, everything Just Works.

Skipping the key means parsing is a bit trickier if/when we have some new payment instructions that don't use bech32m - do clients need to check the bech32m checksum for unknown payment instruction types? What do they do if its wrong? What happens when someone (without thinking) defines some payment instructions that match a bech32m HRP spuriously (but I guess probably the checksum would be wrong?). These should all be written out and considered if we want to go this path.

I'm not really sure what you're getting at here? My proposal is that any new payment addresses must use bech32m if they want to be used without a key, otherwise they must define a key. Everything you just mentioned was predicated on the assumption "what if they don't use bech32m and don't define a key," which means they wouldn't be following the spec.

@TheBlueMatt
Copy link
Contributor Author

No, they are not the same. This is especially relevant if wallets are using a BIP21 library: my wallet supports new address type abc1xxxx, which (according to your proposal) also gets a abc key defined (i.e. abc=abc1xxx. My wallet can parse the address but since my BIP21 library I am using hasn't added support for the new key, I am unable to parse these URIs. With my proposal of allowing bech32m encoded addresses to be used without a key, everything Just Works.

That applies both to a K/V parameter and a non-K/V parameter equally - there's really no difference here. A BIP21 parsing library should pass all parameters that it doesn't know.

I'm not really sure what you're getting at here? My proposal is that any new payment addresses must use bech32m if they want to be used without a key, otherwise they must define a key. Everything you just mentioned was predicated on the assumption "what if they don't use bech32m and don't define a key," which means they wouldn't be following the spec.

Ah, okay, I misunderstood the proposal. I'm not really super excited to bake "future addresses will use bech32m" into the spec in that way, because at some point we're gonna want "bech32n" or some other encoding (which would make sense for stuff that's only in QR codes as you could get the QR a bit denser) and then we'll be back having this same discussion, except now we have to shove everything in K/V pairs because we restricted non-K/V pairs to bech32m-only.

@josibake
Copy link
Member

josibake commented Mar 7, 2024

I'm not really super excited to bake "future addresses will use bech32m" into the spec in that way, because at some point we're gonna want "bech32n"

While certainly not perfect, I think this is better than the alternative of whitelisting a set of addresses that are allowed in a root in this BIP and requiring new formats to specify extension keys. My proposal gives us a way to specify a taproot address in a backwards compatible way, it allows for clients to save space by not needing to redundantly specify hrp=hrp..., leaves open the possibility for implementations to move to use the BOLT11 HRP directly to save space, and provides some future proofing for new address formats insomuch as bech32m continues to be the standard.

@TheBlueMatt
Copy link
Contributor Author

While certainly not perfect, I think this is better than the alternative of whitelisting a set of addresses that are allowed in a root in this BIP and requiring new formats to specify extension keys. My proposal gives us a way to specify a taproot address in a backwards compatible way, it allows for clients to save space by not needing to redundantly specify hrp=hrp..., leaves open the possibility for implementations to move to use the BOLT11 HRP directly to save space, and provides some future proofing for new address formats insomuch as bech32m continues to be the standard.

To be clear, I think we should "whitelist the set of addresses that are allowed in the root" either way. IMO it was a (now-clear) mistake to have taproot at the root rather than in a parameter. Whether we go with K/V or not-K/V we still want to have all future address types in parameters rather than the URI root (and eventually basically phase out the URI root entirely, or at least make it taproot-only).

@josibake
Copy link
Member

josibake commented Mar 8, 2024

To be clear, I think we should "whitelist the set of addresses that are allowed in the root" either way.

Effectively, this is what you get with my proposal:

The bitcoinaddress body MUST be either a legacy base58 address (P2PKH, P2SH), or a bech32(m) encoded address. Future address formats that do not use bech32m encoding MUST instead be placed in query keys. Query keys SHOULD be defined by the respective BIP for the new address format.

The only distinction is newer bech32m address types can also be placed in the root. If you're planning to allow bitcoin:?hrp=hrpxxx...&anotherhrp=anotherhrpxxx&amount=<>, that's exactly the same as bitcoin:hrpxxx...?anotherhrpxxx&amount=<>, just more compact.

@TheBlueMatt
Copy link
Contributor Author

Effectively, this is what you get with my proposal:

This is unrelated to the K/V/no-K/V discussion. We can get it either way.

The only distinction is newer bech32m address types can also be placed in the root.

I don't think we should allow this. It would be nice to only have one place to look for a given address type.

@murchandamus
Copy link
Contributor

I noticed that there is another pending PR that seeks to amend BIP21 #1394. At first glance, it seems like the change suggested there could be incorporated here.

@@ -39,7 +39,7 @@ Elements of the query component may contain characters outside the valid range.

(See also [[#Simpler syntax|a simpler representation of syntax]])

bitcoinurn = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ]
bitcoinurn = "bitcoin:" [ bitcoinaddress ] [ "?" bitcoinparams ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have not been following, but did you consider rejecting empty string after colon, and removing unnecessary interrogation character?

Suggested change
bitcoinurn = "bitcoin:" [ bitcoinaddress ] [ "?" bitcoinparams ]
bitcoinurn = "bitcoin:" ( bitcoinaddress [ "?" bitcoinparams ] | bitcoinparams )

@murchandamus murchandamus added Proposed BIP modification PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author labels May 22, 2024
Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m a bit on the fence regarding this PR. There clearly exists a divergence of the practical use from the specification, and it makes sense to address this and make them line up better. On the other hand, it generally seems counterproductive to ship a new version of a spec under the same label.

I would at least request that the changes are discussed on the mailing list and a Change Log section be added to document when and how the spec was amended. Perhaps it would be better to place these changes into an Appendix that comments on the practical use today and proposes these amendments.

Overall I would prefer a new BIP over changes to a final BIP.

bip-0021.mediawiki Outdated Show resolved Hide resolved
*lno: Lightning BOLT12 offers
*sp: Silent Payment addresses

New payment instructions using bech32 encodings SHOULD reuse their address format's Human Readable Part as the parameter key.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
New payment instructions using bech32 encodings SHOULD reuse their address format's Human Readable Part as the parameter key.
New payment instructions using bech32m as address encoding SHOULD reuse their address format's Human Readable Part as the parameter key.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They aren't always addresses.

bip-0021.mediawiki Outdated Show resolved Hide resolved
bip-0021.mediawiki Outdated Show resolved Hide resolved
bip-0021.mediawiki Outdated Show resolved Hide resolved
@TheBlueMatt
Copy link
Contributor Author

I’m a bit on the fence regarding this PR. There clearly exists a divergence of the practical use from the specification, and it makes sense to address this and make them line up better. On the other hand, it generally seems counterproductive to ship a new version of a spec under the same label.

Yea, I see that its a bit weird to update something "final", but I think there's also tremendous value in being able to update something so that people aren't led to something that is stale, which would almost certainly happen given the number of existing links and references to "BIP 21". I would also be fine copying + pasting BIP 21 to a new BIP number if we update the headers with a "Superseded: See BIP XXXX" header, however, if we really don't want to update it.

I'll wait to address feedback until we have clarity on the forward direction.

@TheBlueMatt TheBlueMatt force-pushed the 2024-03-uris-without-bodies branch from 039f1e7 to 76c8049 Compare May 28, 2024 20:48
@murchandamus
Copy link
Contributor

I'll wait to address feedback until we have clarity on the forward direction.

It might be useful to posit this amendment idea to the mailing list in order to get more input on the forward direction.

@TheBlueMatt TheBlueMatt force-pushed the 2024-03-uris-without-bodies branch from 106b136 to fedb378 Compare May 30, 2024 21:54
@TheBlueMatt
Copy link
Contributor Author

It might be useful to posit this amendment idea to the mailing list in order to get more input on the forward direction.

Done

@harding
Copy link
Contributor

harding commented Jun 5, 2024

I think there's a lot of advantage to updating even final BIPs with information about how those specifications are being widely used in practice, i.e. bitcoinaddress = *base58 / *bech32 / *bech32m.

I don't like adding proposed new features to a final BIP, i.e. defining new keys that haven't be used in practice (like sp). One reason I don't like adding new features to a final BIP is well illustrated in the discussion between @TheBlueMatt and @josibake: they each have slightly different visions for the future of bitcoin: URIs but Matt will be in a privileged position to push for his vision if the existing and widely linked-to standard of BIP21 is updated to reflect his preferences.

I'd prefer to see this PR revised to only document how BIP21 is used in practice today, with any new proposals placed in a new BIP (which can, of course, be a 99% copy of the existing text).

@TheBlueMatt
Copy link
Contributor Author

TheBlueMatt commented Jun 5, 2024

I don't like adding proposed new features to a final BIP, i.e. defining new keys that haven't be used in practice (like sp).

The point of the proposed change isn't to define 'sp' specifically but to define the rules for new formats going forward.

One reason I don't like adding new features to a final BIP is well illustrated in the discussion between @TheBlueMatt and @josibake: they each have slightly different visions for the future of bitcoin: URIs but Matt will be in a privileged position to push for his vision if the existing and widely linked-to standard of BIP21 is updated to reflect his preferences.

I don't think this is a fair characterization. There was a lot of back-and-forth and my understanding is we got to a common ground (or at least equivalent suggestions where it didn't matter all that much where to go). If @josibake still has a different view I'm more than happy to amend the proposal here to make sure we're on the same page.

Rather, the back-and-forth there is a great example of why defining some new BIP just to suggest where to put new payment instructions in BIP 21s is going to lead to further fragmentation - lots of people have strong opinions about lots of equivalent naming schemes.

I'd prefer to see this PR revised to only document how BIP21 is used in practice today, with any new proposals placed in a new BIP (which can, of course, be a 99% copy of the existing text).

This would be pretty confusing, IMO, since we'd then specify "lighting" as a URI parameter here (since it's already in broad use) and then say "oh, but that's kinda a weird name, in the future please do something different and use the HRP instead" in a different doc. IMO that's likely to lead to a continued proliferation of unrelated keys which is less useful going forward.

@TheBlueMatt
Copy link
Contributor Author

Thinking on this more, I think a policy of "we can update a final BIP to describe what is actually happening in practice but not to give forward guidance on how to do things people are going to do" is inconsistent. This results in a neverending stream of changes to add query parameters that are being used in practice, but we can't add guidance for what query parameters to use to avoid that.

@harding
Copy link
Contributor

harding commented Jun 5, 2024

@TheBlueMatt

the back-and-forth there is a great example of why defining some new BIP just to suggest where to put new payment instructions in BIP 21s is going to lead to further fragmentation - lots of people have strong opinions about lots of equivalent naming schemes.

If there's a reasonable difference of opinion, each person should have equal access to the process for advocating for their position. Each person creating a new BIP is equal access IMO. One person being able to update a final BIP that is already widely deployed and referenced, while other parties can only create a new BIP and try to build support for it, is inequitable IMO.

@TheBlueMatt
Copy link
Contributor Author

Right, I believe my above claim is that there isn't any (more) difference of opinion :). Still, more generally I'm not at all convinced that "access to a document" is somehow privileged, or at least its very explicitly not supposed to be - BIPs are author documents - they aren't somehow blessed and implementers can do whatever they want, as evidenced by the fact that no one complies with BIP 21 given BIP 21 currently doesn't allow bech32[m] payments :)

As I mentioned above I'm okay with just saying "no changes at all", but I think your position that we can make some changes (to describe reality) but not others (to provide forward-looking guidance) results in a pretty bad outcome.

@harding
Copy link
Contributor

harding commented Jun 5, 2024

@TheBlueMatt

my above claim is that there isn't any (more) difference of opinion :)

I don't see the resolution to the discussion about bare keys vs key/values above, so it seems open to me, but perhaps you and @josibake hashed it out somewhere else (or I'm just misreading). If it was resolved somewhere else public, I'd appreciate a link, as I was favoring several of Josie's proposals and I'd like to see what persuaded him to accept the full k/v approach.

BIPs are author documents - they aren't somehow blessed and implementers can do whatever they want

BIPs in the draft and proposed stage are author documents for sure, but it doesn't seem clear to me that they should remain author documents once they enter the final state. If people implement a supposedly final specification and then the specification changes, that may unnecessarily lead to miscommunication.

@ajtowns dealt with this problem in BINANAs by giving them revision numbers, so e.g. if I want to reference that a particular implementation of OP_CAT is based on the original proposal, I can say BIN24-1.0 and be protected against changes that become BIN24-1.1, etc. We don't conveniently have that facility with BIPs (I'd have to refer to a commitish) and I think we deal with that by having a final state after which significant changes are not expected.

I'm okay with just saying "no changes at all", but I think your position that we can make some changes (to describe reality) but not others (to provide forward-looking guidance) results in a pretty bad outcome.

I'm also ok with "no changes at all". That said, I think describing reality, especially if it's made clear that it differs from the original specification, is very advantageous to later implementers and those attempting to understand how their modern software works. Not providing post-final forward-looking guidance in the updated BIP doesn't mean that we can't provide that guidance elsewhere, such as a new BIP or a link to a wiki page (in BIP125, I included a link to a wiki page to help foster collaboration among implementers and provide a source of living documentation).

I do want to mention that none of the above is a hill I care to die on; it's just my opinion about editing final BIPs. If nobody else thinks this is a problem, I'm ok with this PR being merged as-is.

@TheBlueMatt
Copy link
Contributor Author

That said, I think describing reality, especially if it's made clear that it differs from the original specification, is very advantageous to later implementers and those attempting to understand how their modern software works.

The point of a BIP is to have the information people need to implement it in one convenient place. That includes guidance for how to do the things people want to do. Updating to say "btw, people put BOLT11s in the lightning key" without saying "and also we should put BOLT12s in the lno key" is possibly the worst outcome, IMO. I see the rationale for getting there, but the outcome is just confusing for everyone (how does one write a general BIP 21 parser? You might have K-V entries, you might have just values, they may be under colliding keys, etc.

Not providing post-final forward-looking guidance in the updated BIP doesn't mean that we can't provide that guidance elsewhere, such as a new BIP or a link to a wiki page.

As long as the BIP gets marked "superseded" with a big link to some new BIP I'm happy with that. Just providing a link in a footnote also does not accomplish this, though, because people will just miss it.

@harding
Copy link
Contributor

harding commented Jun 6, 2024

@TheBlueMatt

The point of a BIP is to have the information people need to implement it in one convenient place.

That's certainly ideal. However, I think in the case of final BIPs, that ideal conflicts with the ideal of not giving anyone unnecessarily privileged access to the specification process. If there is more than one reasonable way to do something, I don't think the author of a long-adopted spec should be able to use that spec to favor their preferred choices.

Which ideal is more important, better documentation or less privilege? I don't know, which is why I'm ok with this PR being merged even if I'd prefer to see it reduced to only describing how current widely adopted behavior differs from the original spec.

@TheBlueMatt
Copy link
Contributor Author

the ideal of not giving anyone unnecessarily privileged access to the specification process

I'll be honest, I'd never considered that an ideal of the BIP process, including the reason for final BIPs. Of course no one should have some kind of priviledged access to changing Bitcoin, but the BIP process hasn't historically been the gate for that.

Admittedly I'm not quite sure what ideal/goal we seek to meet with having a "final" state - I'd always considered it to exist because we don't have a concept of an "accepted" BIP (because the BIP process isn't for "accepting" ideas), but we still need some way to mark something as different from "draft"/proposed. In that context, the "final" concept only really makes any sense for consensus change BIPs. You could argue that a BIP in sufficient adoption is "final" in that future changes don't make sense as they invalidate existing implementations which makes no sense, but that doesn't really answer what to do about forward guidance as is proposed here (presumably it's fine?)

@TheBlueMatt
Copy link
Contributor Author

TheBlueMatt commented Sep 30, 2024

BIP-0353 uses this BIP (even though it says it uses BIP-0021). This BIP (and BIP-21) result in long URI. This presents a problem for QR code encoding and just simple writing of them in messages, etc. Wondering if we can have another URI form that will resolve a BIP-0353 address?

In generally you should strongly prefer not to do this. BIP 353 even says so explicitly, saying

Bitcoin wallets MUST NOT prefer to use DNS-based resolving when methods with explicit public keys or addresses are available. In other words, if a standard Bitcoin address or direct BIP 21 URI is available or would suffice, Bitcoin wallets MUST prefer to use that instead.

This is because if at all possible we should strongly prefer to avoid trusting the entire DNS+domain infrastructure - if there's a communication channel between the sender and recipient, that should be used to exchange cryptographic keys directly, rather than introducing an entire centralized stack as a trusted third party. Addressing QR code size is something individual protocols should do on their own (eg BOLT 12 in the lightning world has very small "offers" by just communicating what's required to fetch further payment instructions.

The most important change (probably even only) to BIP21 that we need is to make the address part optional. I see that is already being proposed here. The URIs would then look something like this:

Nice!

bitcoin:?ark_aspid=deadbeef&ark_pk=02deadbeef&ark_roundconfs=6&lno=lnbc1sdfa

It would be kinda nice to stick with the recommendations here of using bech32 HRPs as the keys in the query parameters. I assume you'll want some kind of bech32 string to communicate ark recipient info anyway (yay checksums), so might as well use it as-is here?

Also, could this simply be an amendment to BIP21? Instead of getting a new number assigned?

Heh, lots of back-and-forth on that...BIP 21 is pretty ancient, so might as well just say we're replacing it and mark it DEPRECATED in bold at the top 🤷‍♂️

@AndySchroder
Copy link

This is because if at all possible we should strongly prefer to avoid trusting the entire DNS+domain infrastructure - if there's a communication channel between the sender and recipient, that should be used to exchange cryptographic keys directly, rather than introducing an entire centralized stack as a trusted third party. Addressing QR code size is something individual protocols should do on their own (eg BOLT 12 in the lightning world has very small "offers" by just communicating what's required to fetch further payment instructions.

I get what you are saying, but it seems like BOLT12 offers aren't really that small. Here is a comparison of QR codes for both examples above (which I took the offer example from your proposed spec).

bitcoin:bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l?lno=lno1qsg95t28fvk7aefdum96rgwq3psqzyxvqfcsq3pv8dulvphcpuezmxx5n8h0evrqtx00ch2wevqzp8pvk4qeqqhw37mc9659ses3xkamaksfd9dspq6gkgmvzcl7eppzd3er2w80rgpq9ys6szwh4e33p82jmu42e9zgay44rhg6whr4gq9l6xe6jd7penguqqeua845ptusy3xs5wxwrytm9ck6dh8l739jmw2rfsu8nudvtef90hfn4aj55aw0ezxxf2excmead9vaqvjtuq6s9a580e85rz8mdvp26kuc5vr2llmuexrgxhxx66l400275a3535qpqvemxtpdvuvrwh83qkjl53eagqckyypeq87wey4833z750a5kr5ppfzemeuhtemw6jpty2gznf76zakkj0c
image

BTC:matt@mattcorallo.com
image

I think there is a substantial difference, we may want to have the option to do such a thing, but not necessarily encourage it for the reasons you've suggested. I think LNURL brings the size down pretty small, and we are going to be competing with that.

@TheBlueMatt
Copy link
Contributor Author

Yea, sadly BOLT12 seeks to have privacy through blinded paths, but receivers who struggle to fit things in QR codes can opt to reduce size by trading off privacy. Also note that if you're putting a bech32 string in a QR code you really need to uppercase the entire thing, which makes things much less dense.

For people who want tons of options for payments in QR codes, we really should be thinking about something other than BIP 353 - we could publish full payment info in nostr or some other trivial bulletin board (in some kind of encrypted + blinded form where each fresh QR code leads to new payment details to avoid correlation), etc.

@AndySchroder
Copy link

For people who want tons of options for payments in QR codes, we really should be thinking about something other than BIP 353 - we could publish full payment info in nostr or some other trivial bulletin board (in some kind of encrypted + blinded form where each fresh QR code leads to new payment details to avoid correlation), etc.

This seems to me a bit like it is getting back to a heavy software stack, but maybe it is unavoidable.

I like to sticking to DNS as the datastore because it is fairly low on the software stack. Wondering if we can in any way to make a more compact URI that includes user@domain plus some hints to find their nameserver and a pubkey used to sign the DNS records? However, maybe at that point the length is approaching that of an offer with a blinded path...

@TheBlueMatt
Copy link
Contributor Author

Wondering if we can in any way to make a more compact URI that includes user@domain plus some hints to find their nameserver and a pubkey used to sign the DNS records? However, maybe at that point the length is approaching that of an offer with a blinded path...

Signing the DNS content via a direct key is great, but you start hitting censorship risk. Just telling people a nameserver IP doesn't really solve it, either, because in most cases people are trusting a third party to host that who can then censor them. You really just don't want to use DNS for this.

@TheBlueMatt
Copy link
Contributor Author

Responded to some of the feedback, but still need to answer more. Since I'm writing a new BIP I'm gonna take this opportunity to define a new callback scheme which allows for wallets to return proof of payment to the initiating application. This is critical for lightning payments initiated by one app if the app itself isn't the recipient of the payment.

@TheBlueMatt
Copy link
Contributor Author

Okay, I believe I've addressed all the comments here.

@jonatack jonatack removed the PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author label Oct 17, 2024
bip-XXXX.mediawiki Outdated Show resolved Hide resolved

The URI MAY include a "pop" (or "req-pop") parameter who's value can be used to build a URI which the wallet application can, after payment completes, "open" to provide proof the payment was completed or other information about the payment.

The value of a "pop" (or "req-pop") parameter shall be a percent-encoded (per RFC 3986 section 2.1) URI prefix. The wallet application, if it supports providing payment information SHOULD percent-decode the provided URI once then append the Payment Information to the resulting URI and open it with the default system handler for the given URI.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you choose to directly append instead of providing the pop as a query param? It feels easier to parse to me if the wallet adds the pop as one or multiple query params added to the provided URI, for example:

  • for on-chain payments: txid=<tx_id>&tx=<hex_encoded_tx>
  • for bolt 11 payments: preimage=<hex_encoded_payment_preimage>
  • for bolt 12 payments: preimage=<hex_encoded_payment_preimage>&invoice=lni...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you choose to directly append instead of providing the pop as a query param?

I originally had it this way, but decide its more generic to have the initiating wallet specify the URI how they want, as they can always specify a URI that ends in ?pop= and go from there.

multiple query params

Mmm, good point, I was thinking looking at something else that, duh, we need a way to expose which payment parameter was used...How about just doing payment arg=pop (with a special onchain arg if the address was in the uri body). So like it'd be onchain=hexencodedtx or lightning=preimage or lno=preimage_and_invoice (or whatever format we use for standardized bolt 12 pops)? That way its still clear what the PoP came from, it reuses the keys from the original bitcoin URI so its well known where they're gonna be (and we don't have to worry about defining them going forward and making sure things dont conflict) and the initiator can even pass &pop= at the end cause pop=lightning=preimage is a perfectly valid parameter!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, that sounds good to me!

bip-XXXX.mediawiki Show resolved Hide resolved
Copy link
Contributor

@t-bast t-bast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK d7c021a

@dpad85 @robbiehanson what do you think of this? It would be useful to have a prototype implementation of this in Phoenix.


The value of a "pop" (or "req-pop") parameter shall be a percent-encoded (per RFC 3986 section 2.1) URI prefix. The wallet application, if it supports providing payment information SHOULD percent-decode the provided URI once, append the query parameter key from which the payment instructions used were read, append a single =, and finally append the Payment Information to the resulting URI and open it with the default system handler for the URI. For payment instructions read from the body of the URI, "onchain" SHALL be used in place of the key.

A wallet MUST validate that the provided URI's scheme is not (case-insensitive) "http", "https", "file", "javascript", "mailto" or any other scheme which will open in a web browser prior to opening it.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to get feedback on this line. My thinking here is that there may be some link to a bitcoin: URI in, eg, a social media site or some other context where the user might click it, pay, but then doesn't want the callback to open a random website that then will reveal the sender's IP. However, it does limit the utility somewhat. Specifically web apps will be unable to get callbacks directly without registering a URI handler.

I'm curious if/on what platforms registering a URI handler for a web app is annoying to deal with, and if the tradeoff here makes sense. I strongly dont want to introduce an IP leak because of this, but also there may be some platforms where we really have to.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If IP address leak is the only concern, "http" and "https" could be allowed with .onion and .i2p hostnames as exception.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, some wallets could implement that, but in general if wallets are going to implement by opening with the system-default handler its pretty unlikely that a onion or .i2p is gonna work, so not sure its even worth calling out.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, system default handler then does not make much sense, but a lot of wallets already implement Tor and some also I2P and could handle http(s) themselves.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, I guess I just see no need for a remote call for these callbacks - the whole point of the callbacks is to keep things local, if you're going remote anyway the thing initiating the payment can just ask the recipient if they got it using HTTP...

Copy link
Contributor

@murchandamus murchandamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is coming along nicely. I left a few comments and questions. Please add the missing Copyright section.

Let’s call this proposal BIP 321.

</pre>

==Abstract==
This BIP proposes a URI scheme for describing Bitcoin payment receipt information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Invoice information" would make sense to me here, or "payment instructions", but receipt doesn’t make sense to me here.


==Abstract==
This BIP proposes a URI scheme for describing Bitcoin payment receipt information.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Th Copyright section is missing. Judging from the header:

Suggested change
==Copyright==
This BIP is licensed under the BSD 2-clause license.


Here, "qchar" corresponds to valid characters of an RFC 3986 URI query component, excluding the "=" and "&" characters, which this BIP takes as separators.

The scheme component ("bitcoin:") is case-insensitive, and implementations must accept any combination of uppercase and lowercase letters. The query parameter keys are also case-insensitive. Query parameter values and bitcoin address fields may be case-sensitive depending on their content.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It’s a good change, but please mention the case-insensitivity of query parameter keys in the Backwards Compatibility section, since BIP 21 specified query parameter keys to be case-sensitive.


=== Bitcoin Address ===

The bitcoinaddress body MUST be either a base58 P2SH or P2PKH address, bech32 Segwit version 0 address, bech32m Segwit address, or empty. Future address formats SHOULD instead be placed in query keys as optional payment instructions to provide backwards compatibility during upgrade cycles. After new address types are near-universally supported, or for recipients wishing to avoid a standard on-chain fallback, the bitcoinaddress part of the URI MAY be left empty.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m not sure what I exactly meant back then. Either way, it’s not clear to me why this mentions "After new address types are near-universally supported". If the receiver wants to only offer specific optional payment methods even while they are not broadly supported, that’s up to the receiver.

Suggested change
The bitcoinaddress body MUST be either a base58 P2SH or P2PKH address, bech32 Segwit version 0 address, bech32m Segwit address, or empty. Future address formats SHOULD instead be placed in query keys as optional payment instructions to provide backwards compatibility during upgrade cycles. After new address types are near-universally supported, or for recipients wishing to avoid a standard on-chain fallback, the bitcoinaddress part of the URI MAY be left empty.
The bitcoinaddress body MUST be either a base58 P2SH or P2PKH address, bech32 Segwit version 0 address, bech32m Segwit address, or empty. Future address formats SHOULD instead be placed in query keys as optional payment instructions to provide backwards compatibility during upgrade cycles. The bitcoinaddress part of the URI MAY be left empty, if there is at least one optional payment instruction provided and the recipient does not want to provide a static on-chain payment method.

The following keys are defined generally and apply to any URI regardless of payment instructions:

*label: Label for that address (e.g. name of receiver)
*address: bitcoin address
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the "address" query key used for, if all base58, bech32, and bech32m addresses are permitted in the body, and new payment instructions using bech32[m] should use the HRP? Is the intent to provide a fall-back address from the set of addresses permitted in the body, in case the address in the body is not supported by the sender’s client?

Alternatively, should the body contain the type that is most likely to be supported by the client? Is there a way for the receiver to express which address type they’d prefer if multiple were provided?

If I wanted to express a preference for P2TR, have a P2WPKH fallback, and for people from the last decade also provide a P2PKH address, how would I do that?

bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?address=bc1qp2wpkhaddress?bc=bc1ppaytotaprootaddress

bitcoin:bc1ppaytotaprootaddress?address=175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?bc=bc1qp2wpkhaddress


Additionally, this BIP describes the "pop" query parameter, which was unused and will be ignored by BIP 21 implementations.

Any existing BIP 21 implementation should automatically be fully compliant with this BIP, as the changes only describe existing practice or impact future address format inclusion.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned above, BIP 21 required query parameters to be case-sensitive

The rest of the URI is case-sensitive, including the query parameter keys.

while this proposal allows them to be any case. This should be mentioned in the Backward Compatibility section.


[foo] means optional, &lt;bar&gt; are placeholders

<nowiki>bitcoin:<address>[?amount=<amount>][?label=<label>][?message=<message>]</nowiki>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section confuses me. It feels like I’m missing some context. Is this supposed to provide a simplified syntax for some part of the implementers? Who is supposed to use the simplified syntax? Under what circumstances should this syntax be used? What are the trade-offs?

Just the address:
bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W

Address with name:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Address with name:
Address with recipient’s name as label:

==Motivation==
The purpose of this URI scheme is to enable users to easily make payments by simply clicking links on webpages or scanning QR Codes.

This BIP is a modification of [[bip-0021.mediawiki|BIP 0021]] to add information about the modern usage of bitcoin: URIs (including standard query parameters and modern address types) as well as provide forward-looking guidance on how to incorporate new payment instructions. It further adds an optional extension to provide the payment initiator with proof of payment. BIP 21 was based on BIP 20, which was, in turn based off an earlier document by Nils Schneider.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This BIP is a modification of [[bip-0021.mediawiki|BIP 0021]] to add information about the modern usage of bitcoin: URIs (including standard query parameters and modern address types) as well as provide forward-looking guidance on how to incorporate new payment instructions. It further adds an optional extension to provide the payment initiator with proof of payment. BIP 21 was based on BIP 20, which was, in turn based off an earlier document by Nils Schneider.
This BIP is a modification of [[bip-0021.mediawiki|BIP 0021]] to add information about the modern usage of bitcoin: URIs (including standard query parameters and modern address types) as well as provide forward-looking guidance on how to incorporate new payment instructions. It further adds an optional extension to provide the payment initiator with proof of payment. BIP 21 was based on BIP 20, which was, in turn based on an earlier document by Nils Schneider.


=== Examples ===

==== URIs ====
Copy link
Contributor

@murchandamus murchandamus Nov 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps it would be good to provide a couple more invalid examples. E.g. a common issue might be the reuse of a query parameter.

What is supposed to happen when e.g. two amounts are provided, or two addresses for the same key? Should that fail, use the first, or use the last value for the same query parameter key?

@murchandamus
Copy link
Contributor

There also have been a few questions and comments recently on this proposal. Some of the points brought up in response may be useful to retain as footnotes or in the Rationale.

@murchandamus murchandamus added the PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author label Nov 15, 2024
@murchandamus murchandamus changed the title Replace BIP 21 with a new BIP containing information about more modern usage of it BIP 321: URI Scheme (Replace BIP 21 with a new BIP containing information about more modern usage of it) Nov 15, 2024
@vitorpamplona
Copy link

Any comments on handling multiple invoices to separate receivers initially discussed at lightning/bolts#1111?

Common payment (zap) splits in Nostr have 2-3 receivers to be paid at once. Less common ones might have between 5 to 10 invoices. Some extreme cases include up to 100 lightning invoices to be paid.

They won't fit in the QR/URI, obviously, but it would be nice to accept what could fit in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
New BIP PR Author action required Needs updates, has unaddressed review comments, or is otherwise waiting for PR author
Projects
None yet
Development

Successfully merging this pull request may close these issues.