The current version requires a signed cert yes. Whether that's difficult or not depends on the policies of the cert authorities. Ultimately all they have to do is verify an email address by sending it a clickable link, which is why StartSSL do it for free. Probably they aren't optimised for usability, but there's no technical reason why one couldn't be. It's a competitive market, after all.

There's also the option of extending the payment protocol to support other forms of PKI. But from a technical perspective the X.509 PKI is fine. Someone can always set up their own CA for the Bitcoin community and convince wallet developers to include their root cert, after all.

On Mon, Sep 9, 2013 at 9:26 AM, Wendell <w@grabhive.com> wrote:

OK, I was under the impression that this was mostly developed for merchants. I've seen some discussion here that seemed to suggest it requiring some non-trivial (for an end user) steps like getting a CA-signed certificate.

-wendell

grabhive.com | twitter.com/grabhive | gpg: 6C0C9411

On Sep 7, 2013, at 11:44 PM, Mike Hearn wrote:

> This is the sort of thing the payment protocol is for. The recipient would vend a PaymentRequest containing identity details. The sender would submit a Payment containing his/hers. The wallet then understands what to do.