Hi, > > Since you delegated your DNS server to Cloudflare, you implicitly allowed > them to perform this certificate request on your behalf. > > This is where I strongly disagree! I have checked the TOS and Security policy, ... etc. There is nowhere stated that Cloudflare is allowed without the Users knowledge to manipulate there DNS settings. That sad, there is the proxy service they offer which is changing the DNS settings. But as you actively enable it, you are aware.
By delegating the DNS server to Cloudflare, you entrust Cloudflare to distribute the User defined DNS settings. To be able to validate for the certificate, the DNS settings are changed without the users knowledge. No TOS or any other policy states this. Even if that might not be issue for the CA itself (which i do not agree on), This is definitely braking the trust to its users. And the CA (Comodo) informed about it, and not at least requesting a statement from Cloudflare, means they support this, from my point of view, wrong behavior. As it seems the only thing that can be done is move to a different DNS provider!! Still, this is a vialation of trust!!! _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy