* Peter Bowen: > On Sat, Sep 10, 2016 at 10:40 PM, Han Yuwei <hanyuwe...@gmail.com> wrote: >> So when I delegated the DNS service to Cloudflare, Cloudflare have >> the privilege to issue the certificate by default? Can I understand >> like that? > > I would guess that they have a clause in their terms of service or > customer agreement that says they can update records in the DNS zone > and/or calls out that the subscriber consents to them getting a > certificate for any domain name hosted on CloudFlare DNS.
I find it difficult to believe that the policies permit Cloudflare's behavior, but are expected to prevent the issue of interception certificates. Aren't they rather similar, structurally? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy