๐
Original date posted:2015-07-20
๐ Original message:Le 20/07/2015 16:42, Mike Hearn a รฉcrit :
>>
>> In my previous post, I was suggesting to *not* include the proof in the
>> request, because the payer can download it independently. Only the final
>> signature is needed. What makes DNSSEC interesting is not the size of
>> the proof, but rather the fact that you can request it easily, and in a
>> canonical way.
>>
>
> Yes, but you still need the final signature. Is it possible to use an EC
> signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong
> about that, and all you need is 32 bytes, then my argument does not hold.
>
The final signature is a signature of the payment request, it is not
part of DNSSEC. So, yes, that signature can be EC.
The DNSSEC proof is used to verify that the public key, which is
recovered from the signature, corresponds to the alias.
The payment requests I am currently playing with have the following values:
pki_type = "dnssec+btc" (btc means that the signature is checked against
a Bitcoin address stored in DNS)
pki_data = the user's alias (DNS key)
Thomas Voegtlin [ARCHIVE] /
npub10fโฆ7ej47
2023-06-07 15:42:08
in reply to nevent1qโฆmh32
Author Public Key
npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47Published at
2023-06-07 15:42:08Event JSON
{
"id": "923f68f65f1d8ee4b10a01cf3b51ef4823cc7c1b8a1695025b3ba85c2c78429e",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686152528,
"kind": 1,
"tags": [
[
"e",
"2b792280c7c77e1a9146c50dbbc2a8f3336e57397d73b26f225d7fe35c48cd85",
"",
"root"
],
[
"e",
"0cb11d91c737b3e88d13470d5fe8400bc79591cc5c3bbcd69c629336f0b78e3b",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "๐
Original date posted:2015-07-20\n๐ Original message:Le 20/07/2015 16:42, Mike Hearn a รฉcrit :\n\u003e\u003e\n\u003e\u003e In my previous post, I was suggesting to *not* include the proof in the\n\u003e\u003e request, because the payer can download it independently. Only the final\n\u003e\u003e signature is needed. What makes DNSSEC interesting is not the size of\n\u003e\u003e the proof, but rather the fact that you can request it easily, and in a\n\u003e\u003e canonical way.\n\u003e\u003e\n\u003e \n\u003e Yes, but you still need the final signature. Is it possible to use an EC\n\u003e signature with DNSSEC? I thought it was an all-RSA system. If I'm wrong\n\u003e about that, and all you need is 32 bytes, then my argument does not hold.\n\u003e \n\nThe final signature is a signature of the payment request, it is not\npart of DNSSEC. So, yes, that signature can be EC.\n\nThe DNSSEC proof is used to verify that the public key, which is\nrecovered from the signature, corresponds to the alias.\n\nThe payment requests I am currently playing with have the following values:\n\npki_type = \"dnssec+btc\" (btc means that the signature is checked against\na Bitcoin address stored in DNS)\npki_data = the user's alias (DNS key)",
"sig": "c6b548f5f1cd466e7e676576ae2e42b8abc628155c6396f2bdd32ca91ab2041647dc958d3b9e90ed5b148f8c4eade5995a39ad113cba0f78564d17a27d235c05"
}