I prefer to leverage the signing of the (.) root in the DNS tree. The amount of effort in signing the root holds more weight than building a CA off the bitcoin blockchain. If you want to associate identifiers for payment addresses I suggest putting those in DNSSEC signed records in the DNS. For routing around x.509 CAs I suggest participating in the DANE working group in the IETF. -rick On Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke wrote: > There have been proposals to use the blockchain to establish > "identities". firstbits is a simple example. I would like to announce a > project that extends this idea to turn the blockchain into a "root CA" > that can sign arbitrary certificates. The purpose is to use these > certificates in the payment protocol, where some might consider > traditional centralized root CAs unsatisfactory. > > Code is here: https://github.com/bcpki > > Technical specification and full-length examples are found in the wiki. > I therefore spare myself from repeating the details here, even though, > of course, discussion about those details is welcome on this list. > > Excerpt from README.md follows: > > First, we have drafted a quite general specification for bitcoin > certificates (protobuf messages) that allow for a variety of payment > protocols (e.g. static as well as customer-side-generated payment > addresses). > This part has surely been done elsewhere as well and is orthogonal to the > goal of this project. > What is new here is the signatures _under_ the certificates. > > We have patched the bitcoind to handle certificates, submit signatures to > the blockchain, verify certificates against the blockchain, pay directly to > certificates (with various payment methods), revoke certificates. > Signatures in the blockchain are stored entirely in the UTXO set (i.e. the > unspend, unprunable outputs). > This seems to make signature lookup and verification reasonably fast: > it took us 10s in the mainnet test we performed (lookup is instant on the > testnet, of course). > > Payment methods include: static bitcoin addresses, client-side derived > payment addresses (pay-to-contract), pay-to-contract with multisig > destinations (P2SH) > > Full-length real-world examples for all payment methods are provided in > the tutorial pages. > These examples have actually been carried out on testnet3. > > For further details and specifications see the wiki. > > timo hanke > > > ------------------------------------------------------------------------------ > Free Next-Gen Firewall Hardware Offer > Buy your Sophos next-gen firewall before the end March 2013 > and get the hardware for free! Learn more. > http://p.sf.net/sfu/sophos-d2d-feb > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >