I noticed there a several other domains listed on that cert besides Han's (and wildcard versions for each). Unless Han is the registrar or has some other affiliation with those domains it seems to me there is a risk of some private key compromise situation.
Also, if I want to add a new domain to a cert that has several other domains already on it, will I need to demonstrate control over all of the domains or only the new one? Original Message From: Rob Stradling Sent: Monday, September 12, 2016 4:18 AM To: Erwann Abalea; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Cerificate Concern about Cloudflare's DNS On 10/09/16 15:43, Erwann Abalea wrote: <snip> > In my opinion, the most plausible verification method in this case is the > last one: "Having the Applicant demonstrate practical control over the FQDN > by making an agreed-upon change to information found in the DNS containing > the FQDN"; Correct. That's what happened. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy