One limitation of the payment protocol as speced is that there is no way for a hidden service site to make use of its full authentication capability because they are unable to get SSL certificates issued to them.
A tor hidden service (onion site) is controlled by an RSA key. It would be trivial to pack a tor HS pubkey into a self-signed x509 certificate with the cn set to foooo.onion. If we specified in the payment protocol an additional validation procedure for [base32].onion hosts that just has it hash and base32 encode the pubkey (as tor does) then the payment protocol could work seamlessly with tor hosts. (Displaying that the payment request came from "foooo.onion"). I believe that the additional code for this would be trivial (and I'll write it if there is support for making this a standard feature). This would give us an fully supported option which is completely CA free... it would only work for tor sites, but the people concerned about CA trechery are likely to want to use tor in any case. Thoughts? ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
