[bitcoin-dev] Proposal: extend bip70 with OpenAlias

Thomas Voegtlin thomasv at electrum.org
Tue Jul 14 13:13:45 UTC 2015



Le 14/07/2015 13:19, Milly Bitcoin a écrit :
> 
>> If your email account is hacked and someone else gets a certificate in
>> your name, you'd be unable to *know* about it, because they would use a
>> different CA.
> 
> Maybe I am confused but I thought you are using DNSSEC to sign the zones
> so only the domain owner could issue certificates for a zone (or
> corresponding email address).  If you have "example.com" the domain
> owner of the domain would sign zone "joe.example.com" which can
> correspond to the "joe at example.com" email address.  Under this scenario
> you would only have one CA per domain.
> 

One CA per domain is indeed what I want to achieve. The paragraph you
quoted was about the current situation with email certs, where that is
not the case.


More information about the bitcoin-dev mailing list