If your email account is hacked and someone else gets a certificate in your name, you'd be unable to *know* about it, because they would use a different CA.
Maybe I am confused but I thought you are using DNSSEC to sign the zones so only the domain owner could issue certificates for a zone (or corresponding email address). If you have "example.com" the domain owner of the domain would sign zone "joe.example.com" which can correspond to the "j...@example.com" email address. Under this scenario you would only have one CA per domain.
Russ _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
