在 2016年11月3日星期四 UTC+8下午7:09:48,Rob Stradling写道: > On 03/11/16 09:59, Gervase Markham wrote: > > On 02/11/16 23:26, gerhard.tin...@gmail.com wrote: > >> Befor I contacted this group, I contacted Cloudflare and asked them > >> to stop creating certificates with my domain. The answer in short > >> was, ... they cannot change it and as long as I am using there > >> service, they will continue. > > > > How would you expect the service to work without them doing that? > > > >> I also contacted Comodo as the CA and asked them. The answer was > >> different but also not helping. In short, ... I can use a CAA DNS > >> record (not supported by many DNS providers like Cloudflare) to avoid > >> it in the future. But in the next sentence telling me that those > >> records are not honoured by many CA's. > > > > Hopefully this will change before too long. > > > > However, I still don't get why you want to use Cloudflare's SSL > > termination services but are unwilling to allow them to get a > > certificate for your domain name. > > > > AIUI their free tier uses certs they obtain, but if you pay, you can > > provide your own cert. So if you want to use Cloudflare but don't want > > them obtaining certs for you, join the paying tier. > > In my experience, joining Cloudflare's paying tier doesn't guarantee > that Cloudflare won't also obtain a free cert. > > A few weeks ago we moved crt.sh onto Cloudflare. It was in the paying > tier from the start, and we uploaded an EV cert straight away. I was > surprised when https://crt.sh/atom?q=crt.sh alerted me to > https://crt.sh/?id=42619974 > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online
So it is impossible to request a revocation even I do refuse to let Cloudflare issue the certificate of my domain and keep using Cloudflare's DNS service under these rules(CA/B BR and COMODO CPS)? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
