[Bitcoin-development] BIP70 proposed changes

Bernd Jendrissek bitcoin at bpj-code.co.za
Tue Feb 18 23:41:36 UTC 2014

[Ick, resending to list due to From: snafu(s)]

On Tue, Feb 18, 2014 at 11:47 PM, Peter Todd <pete at petertodd.org> wrote:
> What specifically do you dislike about X.509? The technical standard or
> the infrastructure around it? (IE the centralized authorities)

I'm not the one who was complaining, but what I dislike is that a
certificate can have only one issuer. Cross-signing doesn't address my
dislike: it's different enough from being a certificate's single
issuer that it leaves too much power in the CAs' hands, IMHO.

It isn't so much the centralization per se that I object to, but the
way that the technical standard encourages concentration in the
infrastructure. See

I've been (slowly) working on a patch to allow pki_data to contain
more than just the single certificate chain that the
single-issuer-only format insists on, but I'm making as many steps
back as forward, being unsure of the right way to do it. Implementing
an OpenPGP-based pki_type would probably be better, but hacking x509+*
seems like a lower-hanging fruit.

More information about the bitcoin-dev mailing list