[bitcoin-dev] Proposal: extend bip70 with OpenAlias
milly at bitcoins.info
Tue Jul 14 11:19:52 UTC 2015
> If your email account is hacked and someone else gets a certificate in
> your name, you'd be unable to *know* about it, because they would use a
> different CA.
Maybe I am confused but I thought you are using DNSSEC to sign the zones
so only the domain owner could issue certificates for a zone (or
corresponding email address). If you have "example.com" the domain
owner of the domain would sign zone "joe.example.com" which can
correspond to the "joe at example.com" email address. Under this scenario
you would only have one CA per domain.
More information about the bitcoin-dev