On 11/09/2016 12:37 AM, Han Yuwei wrote:
I am using Cloudflare's DNS service and I found that Cloudflare has issued a
certficate to their server including my domain. But I didn't use any SSL
service of theirs. Is that ok to Mozilla's policy?
Issued certificate:https://crt.sh/?id=31206531
My domain is BUPT.MOE
I'm just going to reply to the top of the thread because it addresses
something said in multiple places now.
Is it allowed? Surely yes.
From: https://www.cloudflare.com/plans/
"Free Includes... These great features:
* ...
* Shared SSL Certificate
* ..."
IMO it doesn't need to be in the Ts&Cs because it says right on the box
that an SSL certificate is included with your plan.
Should Cloudflare allow an opt-out? Maybe, but that seems to be a
feature/enhancement request rather than a problem. (Rob's case with
crt.sh is an example where an opt-out would be a good thing)
- N
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
