[bitcoin-dev] Proposal: extend bip70 with OpenAlias

Mike Hearn hearn at vinumeris.com
Mon Jul 20 15:14:03 UTC 2015

> The final signature is a signature of the payment request, it is not
> part of DNSSEC. So, yes, that signature can be EC.

Right, got it. I think we've been talking about two related but separate
issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow).
So: DNSSEC attests via an RSA chain to some EC key stored in the wallet
which is then used to sign the payment request or URI, which also contains
a domain name.

> The payment requests I am currently playing with have the following values:
> pki_type = "dnssec+btc" (btc means that the signature is checked against
> a Bitcoin address stored in DNS)
> pki_data = the user's alias (DNS key)

By "alias" you mean domain name? I'm not sure what DNS key means in this

I'm still not really convinced that a domain name under some new roots is
an identity people will want to use, but yes, I guess your approach would
work for those who do want it.

It still may be worth exploring the compact cert+optimized BIP70 (no
DNSSEC) in a qrcode if making a network that stores small bits of data
really is beyond us :(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150720/cbf39169/attachment.html>

More information about the bitcoin-dev mailing list