I believe the phrase "previously demonstrated" may be misinterpreted to mean the initial CSR submission, as Wilson and Ryan described.
There needs to be some sort of "fresh" or new demonstration of controlling the compromised key so that other Subscribers can be safe from the DoS scenario. Hope this sounds reasonable. Dimitris. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/1f7bb02b-a083-4fba-a6ea-1db462e98ac8%40it.auth.gr.
