On Tue, Nov 01, 2016 at 01:23:30PM -0700, gerhard.tin...@gmail.com wrote: > > Since you delegated your DNS server to Cloudflare, you implicitly allowed > > them to perform this certificate request on your behalf. > > This is where I strongly disagree! I have checked the TOS and Security > policy, ... etc. There is nowhere stated that Cloudflare is allowed > without the Users knowledge to manipulate there DNS settings.
That would be something to take up with Cloudflare. They certainly seem to think they've been sufficiently transparent (by mentioning it in passing in a blog post from 2014), but there's nothing in Mozilla policy, the CA/Browser forum baseline requirements, or otherwise that makes this something actionable for Mozilla. - Matt -- <Igloo> I remember going to my first tutorial in room 404. I was most upset when I found it. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
