Author: Mike Hearn 2014-03-02 10:57:39
Published on: 2014-03-02T10:57:39+00:00
In an email conversation, Dev Random raises concerns about the technical expertise required to perform delegation signature for small businesses or individuals. One solution proposed is for a simple GUI app to be produced that allows them to open CA cert files and produce the ExtendedCert file, which can then be sent to the PP. However, for small businesses without a CA cert, there are no great solutions yet, leaving a virgin market waiting to be tapped. The idea of having another scheme where a merchant can be name spaced under the payment processor is also discussed. This would require just one additional field - the merchant identifier. However, the question of what exactly the "merchant identifier" means is left unresolved, making it equivalent to putting the merchant name in the memo field. It is suggested that payment processors become certificate authorities themselves, with BitPay becoming their own CA that doesn't issue SSL certs but rather "local business certs" that contain a verified street address. However, setting up such a scheme requires real work, with questions around how the verification process would work and what it actually means when a payment processor issues a cert containing verified information.There is also discussion around ID requirements being low and cheap for the primary use case of making hardware wallets secure. One suggestion is posting a postcard with a nonce on it, while another is for bitcoin payment processor CAs to make visiting a business, gathering photo evidence and issuing a cert into a kind of microwork task with the PP/CA acting as a broker.
Updated on: 2023-06-08T03:32:36.651125+00:00