Regarding the specific file verification method: It proves you control the web server that runs under the domain. Which is more or less all that you need to prove, since a TLS certificate is designed for web security.
If you don't control DNS, but you do control the web server, you essentially control the domain as far as web browsing goes, and thus you should be able to acquire a certificate for that domain. Which is probably why it is included in the Baseline Requirements as an acceptable validation method. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
