Update BIP 21 with information about more modern usage of it

[TheBlueMatt]

As Bitcoin has grown, the introduction of new address formats describing new forms of payment instructions has become increasingly fraught with compatibility issues. Not only does there exist traditional on-chain addresses, but some recipients wish to receive Lightning (when the sender supports it) or newer formats such as Silent Payments.

This has led to increasing use of the BIP 21 query parameters to encode further optional payment instructions.

Looking forward, as new payment instructions get adopted, it makes much more sense to include them in query parameters rather than replace the existing address field, ensuring compatibility with senders and recipients who may or may not be upgraded to support all the latest payment instructions.

This updates BIP 21 to suggest that future address formats do this.

Further, it updates BIP 21 to allow an empty bitcoin address in cases where new payment instructions have moved to becoming mandatory. This isn't a backwards-incompatible change any more than switching to a new address format is, so doesn't impact existing BIP 21 implementations in a new way, however provides a nice conclusion to the query-parameter-based upgrade path - once a form of payment instructions has broad adoption, senders can simply drop the existing address field, keeping their existing query parameter encoding, rather than replace the existing address field. It also addresses the question of what to do if a wallet no longer wishes to receive some legacy on-chain address, but has multiple payment instruction formats that they wish to include - deciding which one to place in the address field would be a difficult task.

[josibake]

(Background discussion for context: https://delvingbitcoin.org/t/revisiting-bip21/630)

Thanks for starting this! Conceptually, I agree with the updates but I think we can get a bigger win by advising the use of HRPs directly instead of key-value pairs. The benefits of this approach are:

• Better taproot support: using HRPs directly would allow us to construct backwards compatible taproot URIs of the form bitcoin:bc1q...?bc1p...=o / bitcoin:bc1q...?bc1p...
• Support for future payment instructions: any new payment protocol that encodes their payment instructions using bech32m can be included directly, e.g. bitcoin:bc1q...?newprotocol1<bech32m encoded data>=o
• Existing unified QR codes can be made smaller: following an upgrade period to allow clients to update, we would be able to create URIs bitcoin:bc1q...?lnbc1...=o (instead of ?lightning=lnbc1...) and fully static URIs bitcoin:sp1q...?lno1...=o

For senders, this simplifies implementing support for new address types in that clients can implement support for a generic BIP21 URI using HRPs as keys. As the client supports new bech32m encoded addresses, they are supported automatically without any additional changes.

Clients would still need to support new payment instructions that instead decided to use a query parameter, but I would expect most (if not all) clients to prefer bech32m encodings now that they get BIP21 support for free.

I wrote a rough draft here, feel free use / modify as needed if you find it useful: josibake@07339bd

[TheBlueMatt]

Better taproot support: using HRPs directly would allow us to construct backwards compatible taproot URIs of the form bitcoin:bc1q...?bc1p...=o / bitcoin:bc1q...?bc1p...

I think this ship has sailed, but K/V-vs-no-K has no impact on this. We could do bitcoin:bc1q...?taproot=bc1p. or whatever just fine. Ultimately its probably too late to update how any taproot anything appears in QR codes/URIs.

Support for future payment instructions

This is similarly untrue, the only difference is it reduces the characters used for future instructions, but whether it supports future instructions or not, both do.

Existing unified QR codes can be made smaller: following an upgrade period to allow clients to update, we would be able to create URIs bitcoin:bc1q...?lnbc1...=o (instead of ?lightning=lnbc1...) and fully static URIs bitcoin:sp1q...?lno1...=o

Indeed, we can save a few characters here or there. I think the ship has similarly sailed for BOLT 11, but of course we can do something different for BOLT 12.

Ultimately I think the only difference between the two proposals are:

• Skipping the key has slightly less bytes in the QR code, which helps very slightly on the margin.
• Skipping the key means parsing is a bit trickier if/when we have some new payment instructions that don't use bech32m - do clients need to check the bech32m checksum for unknown payment instruction types? What do they do if its wrong? What happens when someone (without thinking) defines some payment instructions that match a bech32m HRP spuriously (but I guess probably the checksum would be wrong?). These should all be written out and considered if we want to go this path.

I think the right approach here is the simpler one, but there's not a really strong reason to prefer either over the other, honestly.

[josibake]

This is similarly untrue, the only difference is it reduces the characters used for future instructions, but whether it supports future instructions or not, both do.

No, they are not the same. This is especially relevant if wallets are using a BIP21 library: my wallet supports new address type abc1xxxx, which (according to your proposal) also gets a abc key defined (i.e. abc=abc1xxx. My wallet can parse the address but since my BIP21 library I am using hasn't added support for the new key, I am unable to parse these URIs. With my proposal of allowing bech32m encoded addresses to be used without a key, everything Just Works.

Skipping the key means parsing is a bit trickier if/when we have some new payment instructions that don't use bech32m - do clients need to check the bech32m checksum for unknown payment instruction types? What do they do if its wrong? What happens when someone (without thinking) defines some payment instructions that match a bech32m HRP spuriously (but I guess probably the checksum would be wrong?). These should all be written out and considered if we want to go this path.

I'm not really sure what you're getting at here? My proposal is that any new payment addresses must use bech32m if they want to be used without a key, otherwise they must define a key. Everything you just mentioned was predicated on the assumption "what if they don't use bech32m and don't define a key," which means they wouldn't be following the spec.

[TheBlueMatt]

No, they are not the same. This is especially relevant if wallets are using a BIP21 library: my wallet supports new address type abc1xxxx, which (according to your proposal) also gets a abc key defined (i.e. abc=abc1xxx. My wallet can parse the address but since my BIP21 library I am using hasn't added support for the new key, I am unable to parse these URIs. With my proposal of allowing bech32m encoded addresses to be used without a key, everything Just Works.

That applies both to a K/V parameter and a non-K/V parameter equally - there's really no difference here. A BIP21 parsing library should pass all parameters that it doesn't know.

I'm not really sure what you're getting at here? My proposal is that any new payment addresses must use bech32m if they want to be used without a key, otherwise they must define a key. Everything you just mentioned was predicated on the assumption "what if they don't use bech32m and don't define a key," which means they wouldn't be following the spec.

Ah, okay, I misunderstood the proposal. I'm not really super excited to bake "future addresses will use bech32m" into the spec in that way, because at some point we're gonna want "bech32n" or some other encoding (which would make sense for stuff that's only in QR codes as you could get the QR a bit denser) and then we'll be back having this same discussion, except now we have to shove everything in K/V pairs because we restricted non-K/V pairs to bech32m-only.

[josibake]

I'm not really super excited to bake "future addresses will use bech32m" into the spec in that way, because at some point we're gonna want "bech32n"

While certainly not perfect, I think this is better than the alternative of whitelisting a set of addresses that are allowed in a root in this BIP and requiring new formats to specify extension keys. My proposal gives us a way to specify a taproot address in a backwards compatible way, it allows for clients to save space by not needing to redundantly specify hrp=hrp..., leaves open the possibility for implementations to move to use the BOLT11 HRP directly to save space, and provides some future proofing for new address formats insomuch as bech32m continues to be the standard.

[TheBlueMatt]

While certainly not perfect, I think this is better than the alternative of whitelisting a set of addresses that are allowed in a root in this BIP and requiring new formats to specify extension keys. My proposal gives us a way to specify a taproot address in a backwards compatible way, it allows for clients to save space by not needing to redundantly specify hrp=hrp..., leaves open the possibility for implementations to move to use the BOLT11 HRP directly to save space, and provides some future proofing for new address formats insomuch as bech32m continues to be the standard.

To be clear, I think we should "whitelist the set of addresses that are allowed in the root" either way. IMO it was a (now-clear) mistake to have taproot at the root rather than in a parameter. Whether we go with K/V or not-K/V we still want to have all future address types in parameters rather than the URI root (and eventually basically phase out the URI root entirely, or at least make it taproot-only).

[josibake]

To be clear, I think we should "whitelist the set of addresses that are allowed in the root" either way.

Effectively, this is what you get with my proposal:

The bitcoinaddress body MUST be either a legacy base58 address (P2PKH, P2SH), or a bech32(m) encoded address. Future address formats that do not use bech32m encoding MUST instead be placed in query keys. Query keys SHOULD be defined by the respective BIP for the new address format.

The only distinction is newer bech32m address types can also be placed in the root. If you're planning to allow bitcoin:?hrp=hrpxxx...&anotherhrp=anotherhrpxxx&amount=<>, that's exactly the same as bitcoin:hrpxxx...?anotherhrpxxx&amount=<>, just more compact.

[TheBlueMatt]

Effectively, this is what you get with my proposal:

This is unrelated to the K/V/no-K/V discussion. We can get it either way.

The only distinction is newer bech32m address types can also be placed in the root.

I don't think we should allow this. It would be nice to only have one place to look for a given address type.

[murchandamus]

I noticed that there is another pending PR that seeks to amend BIP21 #1394. At first glance, it seems like the change suggested there could be incorporated here.

[katesalazar]

I have not been following, but did you consider rejecting empty string after colon, and removing unnecessary interrogation character?

Suggested change

	bitcoinurn = "bitcoin:" [ bitcoinaddress ] [ "?" bitcoinparams ]
	bitcoinurn = "bitcoin:" ( bitcoinaddress [ "?" bitcoinparams ] | bitcoinparams )

[murchandamus]

I’m a bit on the fence regarding this PR. There clearly exists a divergence of the practical use from the specification, and it makes sense to address this and make them line up better. On the other hand, it generally seems counterproductive to ship a new version of a spec under the same label.

I would at least request that the changes are discussed on the mailing list and a Change Log section be added to document when and how the spec was amended. Perhaps it would be better to place these changes into an Appendix that comments on the practical use today and proposes these amendments.

Overall I would prefer a new BIP over changes to a final BIP.

[murchandamus]

Suggested change

	New payment instructions using bech32 encodings SHOULD reuse their address format's Human Readable Part as the parameter key.
	New payment instructions using bech32m as address encoding SHOULD reuse their address format's Human Readable Part as the parameter key.

[TheBlueMatt]

They aren't always addresses.

[TheBlueMatt]

I’m a bit on the fence regarding this PR. There clearly exists a divergence of the practical use from the specification, and it makes sense to address this and make them line up better. On the other hand, it generally seems counterproductive to ship a new version of a spec under the same label.

Yea, I see that its a bit weird to update something "final", but I think there's also tremendous value in being able to update something so that people aren't led to something that is stale, which would almost certainly happen given the number of existing links and references to "BIP 21". I would also be fine copying + pasting BIP 21 to a new BIP number if we update the headers with a "Superseded: See BIP XXXX" header, however, if we really don't want to update it.

I'll wait to address feedback until we have clarity on the forward direction.

[murchandamus]

I'll wait to address feedback until we have clarity on the forward direction.

It might be useful to posit this amendment idea to the mailing list in order to get more input on the forward direction.

[TheBlueMatt]

It might be useful to posit this amendment idea to the mailing list in order to get more input on the forward direction.

Done

[harding]

I think there's a lot of advantage to updating even final BIPs with information about how those specifications are being widely used in practice, i.e. bitcoinaddress = *base58 / *bech32 / *bech32m.

I don't like adding proposed new features to a final BIP, i.e. defining new keys that haven't be used in practice (like sp). One reason I don't like adding new features to a final BIP is well illustrated in the discussion between @TheBlueMatt and @josibake: they each have slightly different visions for the future of bitcoin: URIs but Matt will be in a privileged position to push for his vision if the existing and widely linked-to standard of BIP21 is updated to reflect his preferences.

I'd prefer to see this PR revised to only document how BIP21 is used in practice today, with any new proposals placed in a new BIP (which can, of course, be a 99% copy of the existing text).

[TheBlueMatt]

I don't like adding proposed new features to a final BIP, i.e. defining new keys that haven't be used in practice (like sp).

The point of the proposed change isn't to define 'sp' specifically but to define the rules for new formats going forward.

One reason I don't like adding new features to a final BIP is well illustrated in the discussion between @TheBlueMatt and @josibake: they each have slightly different visions for the future of bitcoin: URIs but Matt will be in a privileged position to push for his vision if the existing and widely linked-to standard of BIP21 is updated to reflect his preferences.

I don't think this is a fair characterization. There was a lot of back-and-forth and my understanding is we got to a common ground (or at least equivalent suggestions where it didn't matter all that much where to go). If @josibake still has a different view I'm more than happy to amend the proposal here to make sure we're on the same page.

Rather, the back-and-forth there is a great example of why defining some new BIP just to suggest where to put new payment instructions in BIP 21s is going to lead to further fragmentation - lots of people have strong opinions about lots of equivalent naming schemes.

I'd prefer to see this PR revised to only document how BIP21 is used in practice today, with any new proposals placed in a new BIP (which can, of course, be a 99% copy of the existing text).

This would be pretty confusing, IMO, since we'd then specify "lighting" as a URI parameter here (since it's already in broad use) and then say "oh, but that's kinda a weird name, in the future please do something different and use the HRP instead" in a different doc. IMO that's likely to lead to a continued proliferation of unrelated keys which is less useful going forward.

[TheBlueMatt]

Thinking on this more, I think a policy of "we can update a final BIP to describe what is actually happening in practice but not to give forward guidance on how to do things people are going to do" is inconsistent. This results in a neverending stream of changes to add query parameters that are being used in practice, but we can't add guidance for what query parameters to use to avoid that.

[harding]

@TheBlueMatt

the back-and-forth there is a great example of why defining some new BIP just to suggest where to put new payment instructions in BIP 21s is going to lead to further fragmentation - lots of people have strong opinions about lots of equivalent naming schemes.

If there's a reasonable difference of opinion, each person should have equal access to the process for advocating for their position. Each person creating a new BIP is equal access IMO. One person being able to update a final BIP that is already widely deployed and referenced, while other parties can only create a new BIP and try to build support for it, is inequitable IMO.

[TheBlueMatt]

Right, I believe my above claim is that there isn't any (more) difference of opinion :). Still, more generally I'm not at all convinced that "access to a document" is somehow privileged, or at least its very explicitly not supposed to be - BIPs are author documents - they aren't somehow blessed and implementers can do whatever they want, as evidenced by the fact that no one complies with BIP 21 given BIP 21 currently doesn't allow bech32[m] payments :)

As I mentioned above I'm okay with just saying "no changes at all", but I think your position that we can make some changes (to describe reality) but not others (to provide forward-looking guidance) results in a pretty bad outcome.

[harding]

@TheBlueMatt

my above claim is that there isn't any (more) difference of opinion :)

I don't see the resolution to the discussion about bare keys vs key/values above, so it seems open to me, but perhaps you and @josibake hashed it out somewhere else (or I'm just misreading). If it was resolved somewhere else public, I'd appreciate a link, as I was favoring several of Josie's proposals and I'd like to see what persuaded him to accept the full k/v approach.

BIPs are author documents - they aren't somehow blessed and implementers can do whatever they want

BIPs in the draft and proposed stage are author documents for sure, but it doesn't seem clear to me that they should remain author documents once they enter the final state. If people implement a supposedly final specification and then the specification changes, that may unnecessarily lead to miscommunication.

@ajtowns dealt with this problem in BINANAs by giving them revision numbers, so e.g. if I want to reference that a particular implementation of OP_CAT is based on the original proposal, I can say BIN24-1.0 and be protected against changes that become BIN24-1.1, etc. We don't conveniently have that facility with BIPs (I'd have to refer to a commitish) and I think we deal with that by having a final state after which significant changes are not expected.

I'm okay with just saying "no changes at all", but I think your position that we can make some changes (to describe reality) but not others (to provide forward-looking guidance) results in a pretty bad outcome.

I'm also ok with "no changes at all". That said, I think describing reality, especially if it's made clear that it differs from the original specification, is very advantageous to later implementers and those attempting to understand how their modern software works. Not providing post-final forward-looking guidance in the updated BIP doesn't mean that we can't provide that guidance elsewhere, such as a new BIP or a link to a wiki page (in BIP125, I included a link to a wiki page to help foster collaboration among implementers and provide a source of living documentation).

I do want to mention that none of the above is a hill I care to die on; it's just my opinion about editing final BIPs. If nobody else thinks this is a problem, I'm ok with this PR being merged as-is.

[TheBlueMatt]

That said, I think describing reality, especially if it's made clear that it differs from the original specification, is very advantageous to later implementers and those attempting to understand how their modern software works.

The point of a BIP is to have the information people need to implement it in one convenient place. That includes guidance for how to do the things people want to do. Updating to say "btw, people put BOLT11s in the lightning key" without saying "and also we should put BOLT12s in the lno key" is possibly the worst outcome, IMO. I see the rationale for getting there, but the outcome is just confusing for everyone (how does one write a general BIP 21 parser? You might have K-V entries, you might have just values, they may be under colliding keys, etc.

Not providing post-final forward-looking guidance in the updated BIP doesn't mean that we can't provide that guidance elsewhere, such as a new BIP or a link to a wiki page.

As long as the BIP gets marked "superseded" with a big link to some new BIP I'm happy with that. Just providing a link in a footnote also does not accomplish this, though, because people will just miss it.

[harding]

@TheBlueMatt

The point of a BIP is to have the information people need to implement it in one convenient place.

That's certainly ideal. However, I think in the case of final BIPs, that ideal conflicts with the ideal of not giving anyone unnecessarily privileged access to the specification process. If there is more than one reasonable way to do something, I don't think the author of a long-adopted spec should be able to use that spec to favor their preferred choices.

Which ideal is more important, better documentation or less privilege? I don't know, which is why I'm ok with this PR being merged even if I'd prefer to see it reduced to only describing how current widely adopted behavior differs from the original spec.

[TheBlueMatt]

the ideal of not giving anyone unnecessarily privileged access to the specification process

I'll be honest, I'd never considered that an ideal of the BIP process, including the reason for final BIPs. Of course no one should have some kind of priviledged access to changing Bitcoin, but the BIP process hasn't historically been the gate for that.

Admittedly I'm not quite sure what ideal/goal we seek to meet with having a "final" state - I'd always considered it to exist because we don't have a concept of an "accepted" BIP (because the BIP process isn't for "accepting" ideas), but we still need some way to mark something as different from "draft"/proposed. In that context, the "final" concept only really makes any sense for consensus change BIPs. You could argue that a BIP in sufficient adoption is "final" in that future changes don't make sense as they invalidate existing implementations which makes no sense, but that doesn't really answer what to do about forward guidance as is proposed here (presumably it's fine?)