Added file size limits for Payment and PaymentACK messages.

author: Ross Nicoll <jrn@jrn.me.uk> 2014-04-26 16:44:13 +0100
committer: Ross Nicoll <jrn@jrn.me.uk> 2014-04-26 16:44:13 +0100
commit: 694314d296cff6871b9e58c2b2b8f07305cb8a4a (patch)
tree: 30534f62a30fa9682d29e5db7bf0d356f1df6c67 /bip-0070.mediawiki
parent: 22646636dd79518691a5ba5ed51bc35a84d11d49 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki
index 1ee56bd..84a8559 100644
--- a/bip-0070.mediawiki
+++ b/bip-0070.mediawiki
@@ -172,6 +172,9 @@ determine whether or not the transactions satisfy conditions of
 payment. If and only if they do, if should broadcast the
 transaction(s) on the Bitcoin p2p network.
 
+Payment messages larger than 50,000 bytes should be rejected by
+the merchant's server, to mitigate denial-of-service attacks.
+
 ===PaymentACK===
 
 PaymentACK is the final message in the payment protocol; it is sent
@@ -189,6 +192,11 @@ Payment message:
 | memo || UTF-8 encoded note that should be displayed to the customer giving the status of the transaction (e.g. "Payment of 1 BTC for eleven tribbles accepted for processing.")
 |}
 
+PaymentACK messages larger than 60,000 bytes should be rejected by
+the wallet application, to mitigate denial-of-service attacks. This
+is larger than the limits on Payment and PaymentRequest messages
+as PaymentACK contains a full Payment message within it.
+
 ==Localization==
 
 Merchants that support multiple languages should generate
author	Ross Nicoll <jrn@jrn.me.uk>	2014-04-26 16:44:13 +0100
committer	Ross Nicoll <jrn@jrn.me.uk>	2014-04-26 16:44:13 +0100
commit	694314d296cff6871b9e58c2b2b8f07305cb8a4a (patch)
tree	30534f62a30fa9682d29e5db7bf0d356f1df6c67 /bip-0070.mediawiki
parent	22646636dd79518691a5ba5ed51bc35a84d11d49 (diff)