On 02/11/16 16:01, Nick Lamb wrote: > Maybe this can to some extent be fixed, but there are many other ways > in which DNS names now have a footprint that extends beyond the life > of the domain registration. Cookies and HSTS rules, spam blocks, > Google search karma, and so on. So arguably buying the domain name > foo.example "second hand" comes with many risks, pre-existing Web PKI > certs isn't one of the biggest.
I think this is probably a reasonable position; I'd say that the domain name sales market needs to evolve such that their contracts require sellers to disclose if the domain has ever had SSL certs issued, HSTS applied, etc. For all I know, that may be true even now. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy