Serverless PayJoin PoC (HTTP Long Polling)

[DanGould]

this way neither sender nor receiver have to operate a public endpoint secured by a certificate authority

See the bitcoin-dev writeup https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-January/021364.html

This PoC is much longer than the others because it adds source for NNpsk0 Noise protocol

[DanGould]

This PoC went through a couple of iterations, passing TURN and even magic-wormhole before settling on an http-only long-polling client let payjoins be relayed anywhere http is supported. This removes the need for any additional networking library. This example follows https://httprelay.io/features/proxy/

The goal is to give serverless payjoin the greatest chance of actually being adopted.

Removing noise might be worthwhile too if we find another simple way to authenticate receiver requests. While we may lose some forward-secrecy protections, the chance that one key gets compromised and not the other seems slim. Even with a single symmetric per-bip21 key, that's just like a per-session TLS key. Encrypt-then-mac with a sha256 hmac construction seems secure enough to me. BIP322 auth on the bip21 address would be more slick, but I think it's too early.