Gerv, This was for GlobalSign account used for testing, so it was a GlobalSIgn employee. Customers are not, nor have they ever been, permitted to add domains without GlobalSign enforcing the domain verification process.
> -----Original Message----- > From: Gervase Markham [mailto:g...@mozilla.org] > Sent: Wednesday, February 8, 2017 4:19 AM > To: Doug Beattie <doug.beat...@globalsign.com>; mozilla-dev-security- > pol...@lists.mozilla.org > Subject: Re: Suspicious test.com Cert Issued By GlobalSign > > On 01/02/17 19:47, Doug Beattie wrote: > > 9/11/2015 11:41:20 - test.com added as a prevetted domains > > Who added this - a customer, or a GlobalSign employee? > > Were customers permitted to add domains to the prevetted list in their > enterprise accounts without GlobalSign confirming that they actually own it? > Are they still? > > Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
