assume CA do domain validation by itself in parallel, can it ask 3rd
party service to assert if they see the same token and reject order if
3rd party couldn't see it?
wonder if it's delegating part of domain validation or can be considered
like additional checks like if customer paid or not.
for example, for agreed-upon change to website v2, it doesn't hurt to
see if a CA check over a 3rd party monitors to test if they see the same
page as over CA's own network, isn't it?
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6a9a5f18-03ab-d9db-2314-5251eedb6b3b%40gmail.com.
