Hi Doug, On 28/02/17 12:44, douglas.beat...@gmail.com wrote: > Sorry, I missed the last request. As outlined above, this domain was > added to this account for only a very short period of time and then > it was removed, so it's no longer being used. Further, we've > educated the groups involved that they must use real domains that are > then properly verified in accordance with the CPS and BRs.
That's lovely, but it doesn't answer my question. Let me restate it: why does GlobalSign believe it is necessary to give employees the power to add arbitrary domains to accounts without going through ownership validation? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
