π
Original date posted:2015-07-14
π Original message:Le 14/07/2015 13:19, Milly Bitcoin a Γ©crit :
>
>> If your email account is hacked and someone else gets a certificate in
>> your name, you'd be unable to *know* about it, because they would use a
>> different CA.
>
> Maybe I am confused but I thought you are using DNSSEC to sign the zones
> so only the domain owner could issue certificates for a zone (or
> corresponding email address). If you have "example.com" the domain
> owner of the domain would sign zone "joe.example.com" which can
> correspond to the "joe at example.com" email address. Under this scenario
> you would only have one CA per domain.
>
One CA per domain is indeed what I want to achieve. The paragraph you
quoted was about the current situation with email certs, where that is
not the case.
Thomas Voegtlin [ARCHIVE] /
npub10fβ¦7ej47
2023-06-07 15:42:06
in reply to nevent1qβ¦e67n
Author Public Key
npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47Published at
2023-06-07 15:42:06Event JSON
{
"id": "2be2cc2aa574dc649de935999b6705832180bfa4f153873f09c67006513d8a2b",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686152526,
"kind": 1,
"tags": [
[
"e",
"2b792280c7c77e1a9146c50dbbc2a8f3336e57397d73b26f225d7fe35c48cd85",
"",
"root"
],
[
"e",
"409b410b7f27d44d4fb7c2099afe823fb88d865b10b70d217b1fc76bf5068c28",
"",
"reply"
],
[
"p",
"1b29d94ee81e1ee0479f1db4bc4ac887407bd470a0d7060e76f8ab27fdd57e50"
]
],
"content": "π
Original date posted:2015-07-14\nπ Original message:Le 14/07/2015 13:19, Milly Bitcoin a Γ©crit :\n\u003e \n\u003e\u003e If your email account is hacked and someone else gets a certificate in\n\u003e\u003e your name, you'd be unable to *know* about it, because they would use a\n\u003e\u003e different CA.\n\u003e \n\u003e Maybe I am confused but I thought you are using DNSSEC to sign the zones\n\u003e so only the domain owner could issue certificates for a zone (or\n\u003e corresponding email address). If you have \"example.com\" the domain\n\u003e owner of the domain would sign zone \"joe.example.com\" which can\n\u003e correspond to the \"joe at example.com\" email address. Under this scenario\n\u003e you would only have one CA per domain.\n\u003e \n\nOne CA per domain is indeed what I want to achieve. The paragraph you\nquoted was about the current situation with email certs, where that is\nnot the case.",
"sig": "7a4230bdc1d2ef6182884bc87414bdffdc2ae9b26d478fe50f13f16aab9573f33aaab13027a54ed6c98c21aac6749af62bf5fec1fa8c8ee96c0b62e262652f87"
}