📅 Original date posted:2015-07-20 📝 Original message:Le 20/07/2015 16:42, Mike ...

Thomas Voegtlin [ARCHIVE] /

npub10f9…ej47

2023-06-07 15:42:08

in reply to nevent1q…mh32

📅 Original date posted:2015-07-20
📝 Original message:Le 20/07/2015 16:42, Mike Hearn a écrit :
>>
>> In my previous post, I was suggesting to *not* include the proof in the
>> request, because the payer can download it independently. Only the final
>> signature is needed. What makes DNSSEC interesting is not the size of
>> the proof, but rather the fact that you can request it easily, and in a
>> canonical way.
>>
>
> Yes, but you still need the final signature. Is it possible to use an EC
> signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong
> about that, and all you need is 32 bytes, then my argument does not hold.
>

The final signature is a signature of the payment request, it is not
part of DNSSEC. So, yes, that signature can be EC.

The DNSSEC proof is used to verify that the public key, which is
recovered from the signature, corresponds to the alias.

The payment requests I am currently playing with have the following values:

pki_type = "dnssec+btc" (btc means that the signature is checked against
a Bitcoin address stored in DNS)
pki_data = the user's alias (DNS key)

Author Public Key

npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47

Show more details

Published at

2023-06-07 15:42:08

Kind type

1 Short Text Note

Event JSON

{ "id": "923f68f65f1d8ee4b10a01cf3b51ef4823cc7c1b8a1695025b3ba85c2c78429e", "pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05", "created_at": 1686152528, "kind": 1, "tags": [ [ "e", "2b792280c7c77e1a9146c50dbbc2a8f3336e57397d73b26f225d7fe35c48cd85", "", "root" ], [ "e", "0cb11d91c737b3e88d13470d5fe8400bc79591cc5c3bbcd69c629336f0b78e3b", "", "reply" ], [ "p", "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2" ] ], "content": "📅 Original date posted:2015-07-20\n📝 Original message:Le 20/07/2015 16:42, Mike Hearn a écrit :\n\u003e\u003e\n\u003e\u003e In my previous post, I was suggesting to *not* include the proof in the\n\u003e\u003e request, because the payer can download it independently. Only the final\n\u003e\u003e signature is needed. What makes DNSSEC interesting is not the size of\n\u003e\u003e the proof, but rather the fact that you can request it easily, and in a\n\u003e\u003e canonical way.\n\u003e\u003e\n\u003e \n\u003e Yes, but you still need the final signature. Is it possible to use an EC\n\u003e signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong\n\u003e about that, and all you need is 32 bytes, then my argument does not hold.\n\u003e \n\nThe final signature is a signature of the payment request, it is not\npart of DNSSEC. So, yes, that signature can be EC.\n\nThe DNSSEC proof is used to verify that the public key, which is\nrecovered from the signature, corresponds to the alias.\n\nThe payment requests I am currently playing with have the following values:\n\npki_type = \"dnssec+btc\" (btc means that the signature is checked against\na Bitcoin address stored in DNS)\npki_data = the user's alias (DNS key)", "sig": "c6b548f5f1cd466e7e676576ae2e42b8abc628155c6396f2bdd32ca91ab2041647dc958d3b9e90ed5b148f8c4eade5995a39ad113cba0f78564d17a27d235c05" }