Return-Path: <milly@bitcoins.info>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 77B71AF3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 11:19:59 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.help.org (mail.help.org [70.90.2.18])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DB28F112
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 14 Jul 2015 11:19:58 +0000 (UTC)
Received: from [10.1.10.25] (B [10.1.10.25]) by mail.help.org with ESMTPA
	; Tue, 14 Jul 2015 07:19:53 -0400
To: bitcoin-dev@lists.linuxfoundation.org
References: <CA+w+GKQbOMz5nb_SnLB6Xb0FYzNZ_rEj5nbNjm2jY0+L8JJGAA@mail.gmail.com>
	<55A4AF62.4090607@electrum.org>
From: Milly Bitcoin <milly@bitcoins.info>
Message-ID: <55A4F058.4020800@bitcoins.info>
Date: Tue, 14 Jul 2015 07:19:52 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
	Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <55A4AF62.4090607@electrum.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Proposal: extend bip70 with OpenAlias
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 11:19:59 -0000


> If your email account is hacked and someone else gets a certificate in
> your name, you'd be unable to *know* about it, because they would use a
> different CA.

Maybe I am confused but I thought you are using DNSSEC to sign the zones 
so only the domain owner could issue certificates for a zone (or 
corresponding email address).  If you have "example.com" the domain 
owner of the domain would sign zone "joe.example.com" which can 
correspond to the "joe@example.com" email address.  Under this scenario 
you would only have one CA per domain.

Russ