On Sat, Sep 17, 2016 at 04:38:50PM +0200, Florian Weimer wrote: > * Peter Bowen: > > > On Sat, Sep 10, 2016 at 10:40 PM, Han Yuwei <hanyuwe...@gmail.com> wrote: > >> So when I delegated the DNS service to Cloudflare, Cloudflare have > >> the privilege to issue the certificate by default? Can I understand > >> like that? > > > > I would guess that they have a clause in their terms of service or > > customer agreement that says they can update records in the DNS zone > > and/or calls out that the subscriber consents to them getting a > > certificate for any domain name hosted on CloudFlare DNS. > > I find it difficult to believe that the policies permit Cloudflare's > behavior, but are expected to prevent the issue of interception > certificates. Aren't they rather similar, structurally?
I'm not seeing any similarity, but I don't understand your use of "structurally", so if you could expand on your meaning, that would be useful. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
