Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 77B71AF3 for ; Tue, 14 Jul 2015 11:19:59 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.help.org (mail.help.org [70.90.2.18]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DB28F112 for ; Tue, 14 Jul 2015 11:19:58 +0000 (UTC) Received: from [10.1.10.25] (B [10.1.10.25]) by mail.help.org with ESMTPA ; Tue, 14 Jul 2015 07:19:53 -0400 To: bitcoin-dev@lists.linuxfoundation.org References: <55A4AF62.4090607@electrum.org> From: Milly Bitcoin Message-ID: <55A4F058.4020800@bitcoins.info> Date: Tue, 14 Jul 2015 07:19:52 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <55A4AF62.4090607@electrum.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 11:19:59 -0000 > If your email account is hacked and someone else gets a certificate in > your name, you'd be unable to *know* about it, because they would use a > different CA. Maybe I am confused but I thought you are using DNSSEC to sign the zones so only the domain owner could issue certificates for a zone (or corresponding email address). If you have "example.com" the domain owner of the domain would sign zone "joe.example.com" which can correspond to the "joe@example.com" email address. Under this scenario you would only have one CA per domain. Russ