On Sat, Sep 17, 2016 at 04:38:50PM +0200, Florian Weimer wrote:
> * Peter Bowen:
> > On Sat, Sep 10, 2016 at 10:40 PM, Han Yuwei <hanyuwe...@gmail.com> wrote:
> >> So when I delegated the DNS service to Cloudflare, Cloudflare have
> >> the privilege to issue the certificate by default? Can I understand
> >> like that?
> >
> > I would guess that they have a clause in their terms of service or
> > customer agreement that says they can update records in the DNS zone
> > and/or calls out that the subscriber consents to them getting a
> > certificate for any domain name hosted on CloudFlare DNS.
> I find it difficult to believe that the policies permit Cloudflare's
> behavior, but are expected to prevent the issue of interception
> certificates.  Aren't they rather similar, structurally?

I'm not seeing any similarity, but I don't understand your use of
"structurally", so if you could expand on your meaning, that would be

- Matt

dev-security-policy mailing list

Reply via email to