I prefer to leverage the signing of the (.) root in the DNS tree. The amount of effort in signing the root holds more weight than building a CA off the bitcoin blockchain.<div><br></div><div>If you want to associate identifiers for payment addresses I suggest putting those in DNSSEC signed records in the DNS.</div>
<div><br></div><div>For routing around x.509 CAs I suggest participating in the DANE working group in the IETF.</div><div><br></div><div>-rick</div><div> <br><br><div class="gmail_quote">On Fri, Feb 8, 2013 at 2:03 AM, Timo Hanke <span dir="ltr">&lt;<a href="mailto:timo.hanke@web.de" target="_blank">timo.hanke@web.de</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">There have been proposals to use the blockchain to establish<br>
&quot;identities&quot;. firstbits is a simple example. I would like to announce a<br>
project that extends this idea to turn the blockchain into a &quot;root CA&quot;<br>
that can sign arbitrary certificates. The purpose is to use these<br>
certificates in the payment protocol, where some might consider<br>
traditional centralized root CAs unsatisfactory.<br>
<br>
Code is here: <a href="https://github.com/bcpki" target="_blank">https://github.com/bcpki</a><br>
<br>
Technical specification and full-length examples are found in the wiki.<br>
I therefore spare myself from repeating the details here, even though,<br>
of course, discussion about those details is welcome on this list.<br>
<br>
Excerpt from README.md follows:<br>
<br>
First, we have drafted a quite general specification for bitcoin certificates (protobuf messages) that allow for a variety of payment protocols (e.g. static as well as customer-side-generated payment addresses).<br>
This part has surely been done elsewhere as well and is orthogonal to the goal of this project.<br>
What is new here is the signatures _under_ the certificates.<br>
<br>
We have patched the bitcoind to handle certificates, submit signatures to the blockchain, verify certificates against the blockchain, pay directly to certificates (with various payment methods), revoke certificates.<br>
Signatures in the blockchain are stored entirely in the UTXO set (i.e. the unspend, unprunable outputs).<br>
This seems to make signature lookup and verification reasonably fast:<br>
it took us 10s in the mainnet test we performed (lookup is instant on the testnet, of course).<br>
<br>
Payment methods include: static bitcoin addresses, client-side derived<br>
payment addresses (pay-to-contract), pay-to-contract with multisig destinations (P2SH)<br>
<br>
Full-length real-world examples for all payment methods are provided in the tutorial pages.<br>
These examples have actually been carried out on testnet3.<br>
<br>
For further details and specifications see the wiki.<br>
<br>
timo hanke<br>
<br>
------------------------------------------------------------------------------<br>
Free Next-Gen Firewall Hardware Offer<br>
Buy your Sophos next-gen firewall before the end March 2013<br>
and get the hardware for free! Learn more.<br>
<a href="http://p.sf.net/sfu/sophos-d2d-feb" target="_blank">http://p.sf.net/sfu/sophos-d2d-feb</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
</blockquote></div><br></div>