The current version requires a signed cert yes. Whether that's difficult or
not depends on the policies of the cert authorities. Ultimately all they
have to do is verify an email address by sending it a clickable link, which
is why StartSSL do it for free. Probably they aren't optimised for
usability, but there's no technical reason why one couldn't be. It's a
competitive market, after all.

There's also the option of extending the payment protocol to support other
forms of PKI. But from a technical perspective the X.509 PKI is fine.
Someone can always set up their own CA for the Bitcoin community and
convince wallet developers to include their root cert, after all.


On Mon, Sep 9, 2013 at 9:26 AM, Wendell <w@grabhive.com> wrote:

> OK, I was under the impression that this was mostly developed for
> merchants. I've seen some discussion here that seemed to suggest it
> requiring some non-trivial (for an end user) steps like getting a CA-signed
> certificate.
>
> -wendell
>
> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
>
> On Sep 7, 2013, at 11:44 PM, Mike Hearn wrote:
>
> > This is the sort of thing the payment protocol is for. The recipient
> would vend a PaymentRequest containing identity details. The sender would
> submit a Payment containing his/hers. The wallet then understands what to
> do.
>
>