On Wednesday, November 2, 2016 at 2:16:34 AM UTC-7, gerhard...@gmail.com wrote: > This is where I strongly disagree! I have checked the TOS and Security > policy, ... etc. There is nowhere stated that Cloudflare is allowed without > the Users knowledge to manipulate there DNS settings. That sad, there is the > proxy service they offer which is changing the DNS settings. But as you > actively enable it, you are aware.
Certainly, this is stated via the CA/Browser Forum's Baseline Requirements, which is incorporated in to the Mozilla Policy by reference and which enumerates acceptable means to obtain certificates. You're focused on 'manipulation' of DNS (which is a bit of misnomer), but because you're delegating control of the IP to Cloudflare, they can just obtain a certificate that way. > And the CA (Comodo) informed about it, and not at least requesting a > statement from Cloudflare, means they support this, from my point of view, > wrong behavior. > > > As it seems the only thing that can be done is move to a different DNS > provider!! Still, this is a vialation of trust!!! If you feel that way, it may suggest Cloudflare may not be the right DNS provider for you. As you note, however, it's not an issue for the CA - it's a fully permitted and specified method - so if there's issue, this may not be the right forum for that. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
