On 01/06/17 01:48, Yuhong Bao wrote: > I don't think there is anything important on example.com though
How would you like it if a CA decided there was nothing important on your website and so decided it was OK to misissue certificates for it? This requirement is a positive requirement ("must have validated domain ownership or control by applicant"), not a negative requirement ("domain must not have anything important on it"). Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy