The final signature is a signature of the payment request, it is not
part of DNSSEC. So, yes, that signature can be EC.

Right, got it. I think we've been talking about two related but separate issues (DNSSEC vs squeezing payment requests into URIs/qrcodes somehow). So: DNSSEC attests via an RSA chain to some EC key stored in the wallet which is then used to sign the payment request or URI, which also contains a domain name.

The payment requests I am currently playing with have the following values:

pki_type = "dnssec+btc" (btc means that the signature is checked against
a Bitcoin address stored in DNS)
pki_data = the user's alias (DNS key)

By "alias" you mean domain name? I'm not sure what DNS key means in this context.

I'm still not really convinced that a domain name under some new roots is an identity people will want to use, but yes, I guess your approach would work for those who do want it.

It still may be worth exploring the compact cert+optimized BIP70 (no DNSSEC) in a qrcode if making a network that stores small bits of data really is beyond us :(