[bitcoin-dev] Proposal: extend bip70 with OpenAlias

Milly Bitcoin milly at bitcoins.info
Tue Jul 14 11:19:52 UTC 2015

> If your email account is hacked and someone else gets a certificate in
> your name, you'd be unable to *know* about it, because they would use a
> different CA.

Maybe I am confused but I thought you are using DNSSEC to sign the zones 
so only the domain owner could issue certificates for a zone (or 
corresponding email address).  If you have "example.com" the domain 
owner of the domain would sign zone "joe.example.com" which can 
correspond to the "joe at example.com" email address.  Under this scenario 
you would only have one CA per domain.


More information about the bitcoin-dev mailing list