Return-Path: <thomasv@electrum.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 58404BAC
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 13:13:50 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
	[217.70.183.195])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E08D51B3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 13:13:49 +0000 (UTC)
Received: from mfilter38-d.gandi.net (mfilter38-d.gandi.net [217.70.178.169])
	by relay3-d.mail.gandi.net (Postfix) with ESMTP id 6E769A80AC
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 15:13:48 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter38-d.gandi.net
Received: from relay3-d.mail.gandi.net ([217.70.183.195])
	by mfilter38-d.gandi.net (mfilter38-d.gandi.net [10.0.15.180])
	(amavisd-new, port 10024) with ESMTP id s7EvrTud2prr
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 15:13:46 +0200 (CEST)
X-Originating-IP: 92.229.101.74
Received: from [192.168.1.3] (x5ce5654a.dyn.telefonica.de [92.229.101.74])
	(Authenticated sender: thomasv@electrum.org)
	by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 6F525A80B1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 15:13:46 +0200 (CEST)
Message-ID: <55A50B09.4010005@electrum.org>
Date: Tue, 14 Jul 2015 15:13:45 +0200
From: Thomas Voegtlin <thomasv@electrum.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: bitcoin-dev@lists.linuxfoundation.org
References: <CA+w+GKQbOMz5nb_SnLB6Xb0FYzNZ_rEj5nbNjm2jY0+L8JJGAA@mail.gmail.com>	<55A4AF62.4090607@electrum.org>
	<55A4F058.4020800@bitcoins.info>
In-Reply-To: <55A4F058.4020800@bitcoins.info>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 13:13:50 -0000



Le 14/07/2015 13:19, Milly Bitcoin a =E9crit :
>=20
>> If your email account is hacked and someone else gets a certificate in
>> your name, you'd be unable to *know* about it, because they would use =
a
>> different CA.
>=20
> Maybe I am confused but I thought you are using DNSSEC to sign the zone=
s
> so only the domain owner could issue certificates for a zone (or
> corresponding email address).  If you have "example.com" the domain
> owner of the domain would sign zone "joe.example.com" which can
> correspond to the "joe@example.com" email address.  Under this scenario
> you would only have one CA per domain.
>=20

One CA per domain is indeed what I want to achieve. The paragraph you
quoted was about the current situation with email certs, where that is
not the case.