Thomas Voegtlin [ARCHIVE] on Nostr: ๐ Original date posted:2015-07-20 ๐ Original message:Le 20/07/2015 16:42, Mike ...
๐
Original date posted:2015-07-20
๐ Original message:Le 20/07/2015 16:42, Mike Hearn a รฉcrit :
>>
>> In my previous post, I was suggesting to *not* include the proof in the
>> request, because the payer can download it independently. Only the final
>> signature is needed. What makes DNSSEC interesting is not the size of
>> the proof, but rather the fact that you can request it easily, and in a
>> canonical way.
>>
>
> Yes, but you still need the final signature. Is it possible to use an EC
> signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong
> about that, and all you need is 32 bytes, then my argument does not hold.
>
The final signature is a signature of the payment request, it is not
part of DNSSEC. So, yes, that signature can be EC.
The DNSSEC proof is used to verify that the public key, which is
recovered from the signature, corresponds to the alias.
The payment requests I am currently playing with have the following values:
pki_type = "dnssec+btc" (btc means that the signature is checked against
a Bitcoin address stored in DNS)
pki_data = the user's alias (DNS key)
๐ Original message:Le 20/07/2015 16:42, Mike Hearn a รฉcrit :
>>
>> In my previous post, I was suggesting to *not* include the proof in the
>> request, because the payer can download it independently. Only the final
>> signature is needed. What makes DNSSEC interesting is not the size of
>> the proof, but rather the fact that you can request it easily, and in a
>> canonical way.
>>
>
> Yes, but you still need the final signature. Is it possible to use an EC
> signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong
> about that, and all you need is 32 bytes, then my argument does not hold.
>
The final signature is a signature of the payment request, it is not
part of DNSSEC. So, yes, that signature can be EC.
The DNSSEC proof is used to verify that the public key, which is
recovered from the signature, corresponds to the alias.
The payment requests I am currently playing with have the following values:
pki_type = "dnssec+btc" (btc means that the signature is checked against
a Bitcoin address stored in DNS)
pki_data = the user's alias (DNS key)