> > The final signature is a signature of the payment request, it is not > part of DNSSEC. So, yes, that signature can be EC. >
Right, got it. I think we've been talking about two related but separate issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow). So: DNSSEC attests via an RSA chain to some EC key stored in the wallet which is then used to sign the payment request or URI, which also contains a domain name. > The payment requests I am currently playing with have the following values: > > pki_type = "dnssec+btc" (btc means that the signature is checked against > a Bitcoin address stored in DNS) > pki_data = the user's alias (DNS key) By "alias" you mean domain name? I'm not sure what DNS key means in this context. I'm still not really convinced that a domain name under some new roots is an identity people will want to use, but yes, I guess your approach would work for those who do want it. It still may be worth exploring the compact cert+optimized BIP70 (no DNSSEC) in a qrcode if making a network that stores small bits of data really is beyond us :(
_______________________________________________ bitcoin-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
