From 694314d296cff6871b9e58c2b2b8f07305cb8a4a Mon Sep 17 00:00:00 2001
From: Ross Nicoll <jrn@jrn.me.uk>
Date: Sat, 26 Apr 2014 16:44:13 +0100
Subject: Added file size limits for Payment and PaymentACK messages.

---
 bip-0070.mediawiki | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'bip-0070.mediawiki')

diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki
index 1ee56bd..84a8559 100644
--- a/bip-0070.mediawiki
+++ b/bip-0070.mediawiki
@@ -172,6 +172,9 @@ determine whether or not the transactions satisfy conditions of
 payment. If and only if they do, if should broadcast the
 transaction(s) on the Bitcoin p2p network.
 
+Payment messages larger than 50,000 bytes should be rejected by
+the merchant's server, to mitigate denial-of-service attacks.
+
 ===PaymentACK===
 
 PaymentACK is the final message in the payment protocol; it is sent
@@ -189,6 +192,11 @@ Payment message:
 | memo || UTF-8 encoded note that should be displayed to the customer giving the status of the transaction (e.g. "Payment of 1 BTC for eleven tribbles accepted for processing.")
 |}
 
+PaymentACK messages larger than 60,000 bytes should be rejected by
+the wallet application, to mitigate denial-of-service attacks. This
+is larger than the limits on Payment and PaymentRequest messages
+as PaymentACK contains a full Payment message within it.
+
 ==Localization==
 
 Merchants that support multiple languages should generate
-- 
cgit v1.2.3