在 2016年11月3日星期四 UTC+8下午5:59:53,Gervase Markham写道: > On 02/11/16 23:26, [email protected] wrote: > > Befor I contacted this group, I contacted Cloudflare and asked them > > to stop creating certificates with my domain. The answer in short > > was, ... they cannot change it and as long as I am using there > > service, they will continue. > > How would you expect the service to work without them doing that? > > > I also contacted Comodo as the CA and asked them. The answer was > > different but also not helping. In short, ... I can use a CAA DNS > > record (not supported by many DNS providers like Cloudflare) to avoid > > it in the future. But in the next sentence telling me that those > > records are not honoured by many CA's. > > Hopefully this will change before too long. > > However, I still don't get why you want to use Cloudflare's SSL > termination services but are unwilling to allow them to get a > certificate for your domain name. > > AIUI their free tier uses certs they obtain, but if you pay, you can > provide your own cert. So if you want to use Cloudflare but don't want > them obtaining certs for you, join the paying tier. > > Gerv
Somebody like me just want their DNS service because they support DNSSEC well and much more stable than others. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
