[bitcoin-dev] Proposal: extend bip70 with OpenAlias
thomasv at electrum.org
Mon Jul 20 14:32:09 UTC 2015
I hope you had a good trip!
> To get more specific, DNSSEC uses RSA 1024 bit. This causes two problems:
> 1. A DNSSEC proof is large, bytes wise. Even a single RSA signature
> won't fit nicely in a QR code, I think.
> 2. 1024 bit is the absolute minimum strength you can get away with,
> really. DNSSEC assumes frequent key rotations to try and help, which
> complicates things.
> So I'm not sure using DNSSEC fixes the usability problem we want to fix.
In my previous post, I was suggesting to *not* include the proof in the
request, because the payer can download it independently. Only the final
signature is needed. What makes DNSSEC interesting is not the size of
the proof, but rather the fact that you can request it easily, and in a
A typical lightweight payment request, serialized with EC signature and
without the proof, would be about 150 bytes long.
> I will do a separate reply to break out some thoughts on replacing QR codes.
> Would it be possible to create the same kind of "lightweight payment
>> requests" using SSL certificates? Probably, if the final signing key is
>> a EC key, and if the payment request does not include the whole chain of
> Given that the pre-existing value of the PKI is much lower for individuals
> than for companies/websites, where they all have certs already, building a
> Bitcoin-specific or entirely new/independent PKI for people is not so
> unthinkable, I agree.
> In theory such a cert could be as minimal as:
> <ECC signature>thomasv at electrum.org
> so literally just a signature + a UTF-8 string, and that's it! You don't
> need anything more if you're willing to sacrifice extensibility,
> revocability, etc.
Again, we don't have to sacrifice revocability, if the proof is
> The pubkey of the CA would be obtained by running the pubkey recovery
> algorithm on the signature, and then checked against a table of trusted
More information about the bitcoin-dev