Milly Bitcoin [ARCHIVE] on Nostr: š Original date posted:2015-07-14 š Original message:> If your email account is ...
š
Original date posted:2015-07-14
š Original message:> If your email account is hacked and someone else gets a certificate in
> your name, you'd be unable to *know* about it, because they would use a
> different CA.
Maybe I am confused but I thought you are using DNSSEC to sign the zones
so only the domain owner could issue certificates for a zone (or
corresponding email address). If you have "example.com" the domain
owner of the domain would sign zone "joe.example.com" which can
correspond to the "joe at example.com" email address. Under this scenario
you would only have one CA per domain.
Russ
š Original message:> If your email account is hacked and someone else gets a certificate in
> your name, you'd be unable to *know* about it, because they would use a
> different CA.
Maybe I am confused but I thought you are using DNSSEC to sign the zones
so only the domain owner could issue certificates for a zone (or
corresponding email address). If you have "example.com" the domain
owner of the domain would sign zone "joe.example.com" which can
correspond to the "joe at example.com" email address. Under this scenario
you would only have one CA per domain.
Russ