On 2 November 2016 at 09:44, Jakob Bohm <jb-mozi...@wisemo.com> wrote: > The only thing that might be a CA / BR issue would be this:
There's been (some) mention that even if a user moves off Cloudflare, the CA is not obligated to revoke. I don't agree with that. If a user purchased a domain from someone (or bought a recently expired domain) and a TLS certificate was still valid for it, would the new owner not be able to get it revoked? If so, how is this different? Aside, it would be very interesting to watch domain renewals + contact info changes (if one can do this at scale) and pair it up with the CT logs to see how much of an issue this is/could be. -tom _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy