On Friday, January 12, 2018 at 6:10:00 PM UTC-8, Matt Palmer wrote: > On Fri, Jan 12, 2018 at 02:52:54PM +0000, Doug Beattie via > dev-security-policy wrote: > > I’d like to follow up on our investigation and provide the community with > > some more information about how we use Method 9. > > > > 1) Client requests a test certificate for a domain (only one FQDN) > > Does this test certificate chain to a publicly-trusted root? If so, on what > basis are you issuing a publicly-trusted certificate for a name which > doesn't appear to have been domain-control validated? If not, doesn't this > test certificate break the customer's SSL validation for the period the > certificate is installed, while you do the validation? > > - Matt
The certificate comes from a private PKI, not public one. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy