On Monday, September 12, 2016 at 2:33:47 PM UTC-7, Jakob Bohm wrote: > I find fault in CloudFlare (presuming the story is actually as > reported).
Why? Apologies, but I fail to see what you believe is "wrong", given how multiple people have pointed to you it being well-understood and permissible, under past and present guidelines. > From the story as reported, Comodo had every reason to believe that > CloudFlare was authorized by the domain owner to request that DV cert, > and had no additional preemptive tests to do (baring a future finding > that CloudFlare should be blacklisted from requesting DV certificates, > which would require a large number of cases given the huge number of > domains they handle without objection by domain owners). This gets further into "What you're proposing doesn't exist" territory, such as the notion of blacklisting an organization from requesting a DV cert, when the whole notion of DV is that the only thing validated is the domain (not the organization operating the domain or requesting the cert) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
