[bitcoin-dev] Proposal: extend bip70 with OpenAlias
hearn at vinumeris.com
Mon Jul 20 15:14:03 UTC 2015
> The final signature is a signature of the payment request, it is not
> part of DNSSEC. So, yes, that signature can be EC.
Right, got it. I think we've been talking about two related but separate
issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow).
So: DNSSEC attests via an RSA chain to some EC key stored in the wallet
which is then used to sign the payment request or URI, which also contains
a domain name.
> The payment requests I am currently playing with have the following values:
> pki_type = "dnssec+btc" (btc means that the signature is checked against
> a Bitcoin address stored in DNS)
> pki_data = the user's alias (DNS key)
By "alias" you mean domain name? I'm not sure what DNS key means in this
I'm still not really convinced that a domain name under some new roots is
an identity people will want to use, but yes, I guess your approach would
work for those who do want it.
It still may be worth exploring the compact cert+optimized BIP70 (no
DNSSEC) in a qrcode if making a network that stores small bits of data
really is beyond us :(
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev