I don't understand. The domain owner/admin is not a third party. -Rick
> On Jun 10, 2015, at 4:01 AM, Hubert Kario <hka...@redhat.com> wrote: > >> On Tuesday 09 June 2015 11:57:40 Rick Andrews wrote: >>> On Tuesday, June 9, 2015 at 3:05:30 AM UTC-7, Hubert Kario wrote: >>> True, OTOH, if a third party says that there was a misissuance, that means >>> there was one. >> >> I disagree. Only the domain owner knows for sure what is a misissuance, and >> what isn't. It seems likely that I might turn over all known certs for my >> domain to the third party, but they might find another one, and I might say >> "oh, yeah, I forgot about that one". So a third party can only report to >> the domain owner, but cannot know if the cert is legitimate. > > the implied situation was that the tool is run by the domain owner/admin > > -- > Regards, > Hubert Kario > Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy