On Wednesday, 25 July 2018 21:08:59 UTC, [email protected] wrote: > Hello, > > My domain registrar who is also a certificate authority just issued a > precertificate (visible in CT logs) and a valid > certificate for my domain. This is part of their new offer to automatically > offer free certificates for all of their domains: > https://www.nazwa.pl/certyfikaty-ssl/ > > I had a CAA record that only allowed letsencrypt.org to issue > certificates for my domain: > `lebihan.pl. 3600 IN CAA 0 issue > "letsencrypt.org"` > > > I think my domain registrar just violated my CAA by issuing that > certificate. Where they allowed to issue this certificate?
Can you clarify if _you_ initiated the certificate request; or if the certificate was created and signed without any action from you? I think those are two very difference cases. If you initiated it, they didn't CAA (because they weren't required to.) If you didn't... isn't that a rogue issuance? -tom _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
