On 04/11/2016 07:01, Nigel Jones wrote:
On 11/09/2016 12:37 AM, Han Yuwei wrote:
I am using Cloudflare's DNS service and I found that Cloudflare has
issued a certficate to their server including my domain. But I didn't
use any SSL service of theirs. Is that ok to Mozilla's policy?
Issued certificate:https://crt.sh/?id=31206531
My domain is BUPT.MOE
I'm just going to reply to the top of the thread because it addresses
something said in multiple places now.
Is it allowed? Surely yes.
From: https://www.cloudflare.com/plans/
"Free Includes... These great features:
* ...
* Shared SSL Certificate
* ..."
IMO it doesn't need to be in the Ts&Cs because it says right on the box
that an SSL certificate is included with your plan.
Great find.
Should Cloudflare allow an opt-out? Maybe, but that seems to be a
feature/enhancement request rather than a problem. (Rob's case with
crt.sh is an example where an opt-out would be a good thing)
- N
The following issues reported by others remain:
1. The shared SSL certificate is generated even if only the DNS part of
the plan is used.
2. The shared SSL certificate is generated even if a custom SSL
certificate is uploaded.
3. Some say the custom SSL certificate is not revoked when the
CloudFlare subscription/contract is ended by the subscriber.
4. Some posters think the CA has no obligation to revoke such
after-contract-ended certificates, even though the BRs clearly state
that the CA must do so if made aware that the "service agreement"
allowing the issuance has been terminated.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
