Don't know nothin about any mailing list, but this scares me: "Requests for payment (Invoices) are tied to authenticated identities using the only widely-deployed identity authentication system we have right now (X.509 certificates signed by root certificate authorities)"
I'm certainly no expert on bitcoin's protocol or code, but it sounds like a bad idea to add any sort of centralization. I've never really trusted 'root certificate authorities' and I have heard of exploits being successful against them.
Why does anyone need identities when invoicing? Or more accurately, why must every invoice have an identity attached?
I too, felt uncomfortable about using the CA system. It feels like a psuedo-centralized, corporate-privileged system that milks little guys for high profits. I feel like it's not "in the spirit" of Bitcoin...
But then reality set in -- which is that the CA system does provide quite a bit of value. Regardless of how much you get pay to get a signed a certificate to run your website from some "corporate overlord," you
are getting security against MitM attacks. And that is important,
especially for invoices and payment requests with irreversible Bitcoin transactions. This protocol can slide right into the existing CA infrastructure, and instantly provide on the protections that the system already gives to most other security-sensitive internet services.
In that sense, it is a massive boon to be able to piggyback off the existing infrastructure, since Bitcoin already has enough hurdles to get wider acceptance. This won't be one of those hurdles.
