[bitcoin-dev] Proposal: extend bip70 with OpenAlias

Riccardo Spagni ric at spagni.net
Sat Jul 18 11:40:58 UTC 2015

> It is worth noting that DNS lookups can be done via Tor. In effect that
> gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that
> can do this.

Agreed, although I guess the bootstrap time for that is a little on
the high side, and maybe a little too chunky on mobile devices, but
it's absolutely worthwhile as an option. DNSSEC is great because it
doesn't allow resolvers to lie, they can't even pretend that a record
doesn't exist.

> I would agree that it makes sense for proxying of DNS requests to be an
> optional part of the protocol. Wallet developers can then compete on privacy
> vs robustness vs whatever other issues there may be.

My current thinking with Electrum (that ThomasV and I have bounced
around) is to make the default policy DNSCrypt -> fallback to
OpenAlias API pool (which can return DNSSEC data for verification) ->
fallback to default resolver. Turning off DNSCrypt will then make it
default resolver -> fallback to OpenAlias API pool. Turning off the
API pool will make it default resolver or fail. Default resolver can
be set to OS resolver (default) or custom resolvers (eg. Google Public


More information about the bitcoin-dev mailing list