📅 Original date posted:2015-07-20 📝 Original message:> > The final signature is ...

Mike Hearn [ARCHIVE] /

npub17ty…qgyd

2023-06-07 15:42:08

in reply to nevent1q…0cw7

📅 Original date posted:2015-07-20
📝 Original message:>
> The final signature is a signature of the payment request, it is not
> part of DNSSEC. So, yes, that signature can be EC.
>

Right, got it. I think we've been talking about two related but separate
issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow).
So: DNSSEC attests via an RSA chain to some EC key stored in the wallet
which is then used to sign the payment request or URI, which also contains
a domain name.

> The payment requests I am currently playing with have the following values:
>
> pki_type = "dnssec+btc" (btc means that the signature is checked against
> a Bitcoin address stored in DNS)
> pki_data = the user's alias (DNS key)

By "alias" you mean domain name? I'm not sure what DNS key means in this
context.

I'm still not really convinced that a domain name under some new roots is
an identity people will want to use, but yes, I guess your approach would
work for those who do want it.

It still may be worth exploring the compact cert+optimized BIP70 (no
DNSSEC) in a qrcode if making a network that stores small bits of data
really is beyond us :(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150720/cbf39169/attachment.html>;

Author Public Key

npub17ty4mumkv43w8wtt0xsz2jypck0gvw0j8xrcg6tpea25z2nh7meqf4qgyd

Seen on

wss://relay.nostr.band

Show more details

Published at

2023-06-07 15:42:08

Kind type

1 Short Text Note

Event JSON

{ "id": "8fe50e96be97bb39c4120f6f1bd73929c8cf0d82d2e282353032e8bfa196d718", "pubkey": "f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2", "created_at": 1686152528, "kind": 1, "tags": [ [ "e", "2b792280c7c77e1a9146c50dbbc2a8f3336e57397d73b26f225d7fe35c48cd85", "", "root" ], [ "e", "923f68f65f1d8ee4b10a01cf3b51ef4823cc7c1b8a1695025b3ba85c2c78429e", "", "reply" ], [ "p", "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05" ] ], "content": "📅 Original date posted:2015-07-20\n📝 Original message:\u003e\n\u003e The final signature is a signature of the payment request, it is not\n\u003e part of DNSSEC. So, yes, that signature can be EC.\n\u003e\n\nRight, got it. I think we've been talking about two related but separate\nissues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow).\nSo: DNSSEC attests via an RSA chain to some EC key stored in the wallet\nwhich is then used to sign the payment request or URI, which also contains\na domain name.\n\n\n\u003e The payment requests I am currently playing with have the following values:\n\u003e\n\u003e pki_type = \"dnssec+btc\" (btc means that the signature is checked against\n\u003e a Bitcoin address stored in DNS)\n\u003e pki_data = the user's alias (DNS key)\n\n\nBy \"alias\" you mean domain name? I'm not sure what DNS key means in this\ncontext.\n\nI'm still not really convinced that a domain name under some new roots is\nan identity people will want to use, but yes, I guess your approach would\nwork for those who do want it.\n\nIt still may be worth exploring the compact cert+optimized BIP70 (no\nDNSSEC) in a qrcode if making a network that stores small bits of data\nreally is beyond us :(\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150720/cbf39169/attachment.html\u003e", "sig": "81c939214e1a4eb088df09dc578a8028156b64fd7a6524808d09b923dc8f9c53e7aae0e61bde990a638bf1ff58a6ef7fcb95bece1e9c4244d010cd1958b8578b" }