On Wednesday, November 2, 2016 at 11:42:00 PM UTC+1, Kristian Fiskerstrand wrote: > On 11/02/2016 11:38 PM, Peter Kurrasch wrote: > > This raises an interesting point and I'd be interested in any comments > > that Comodo or other CA's might have. > > > > It really seems like a matter of discussion for the terms of agreement > and interaction between the user and service provider, and not a CA matter. >
This is true in general. But when the used practice of validating a domain is possible against the will and knowledge of the domain owner, ... I guess that puts the CA in trouble at some point as well. Even if it is only in form of a loss of trust. > > -- > ---------------------------- > Kristian Fiskerstrand > Blog: https://blog.sumptuouscapital.com > Twitter: @krifisk > ---------------------------- > Public OpenPGP keyblock at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > ---------------------------- > Aurum est Potestas > Gold is power _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy