Le 14/07/2015 13:19, Milly Bitcoin a écrit : > >> If your email account is hacked and someone else gets a certificate in >> your name, you'd be unable to *know* about it, because they would use a >> different CA. > > Maybe I am confused but I thought you are using DNSSEC to sign the zones > so only the domain owner could issue certificates for a zone (or > corresponding email address). If you have "example.com" the domain > owner of the domain would sign zone "joe.example.com" which can > correspond to the "j...@example.com" email address. Under this scenario > you would only have one CA per domain. >
One CA per domain is indeed what I want to achieve. The paragraph you quoted was about the current situation with email certs, where that is not the case. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
