On 02/11/16 23:26, gerhard.tin...@gmail.com wrote: > Befor I contacted this group, I contacted Cloudflare and asked them > to stop creating certificates with my domain. The answer in short > was, ... they cannot change it and as long as I am using there > service, they will continue.
How would you expect the service to work without them doing that? > I also contacted Comodo as the CA and asked them. The answer was > different but also not helping. In short, ... I can use a CAA DNS > record (not supported by many DNS providers like Cloudflare) to avoid > it in the future. But in the next sentence telling me that those > records are not honoured by many CA's. Hopefully this will change before too long. However, I still don't get why you want to use Cloudflare's SSL termination services but are unwilling to allow them to get a certificate for your domain name. AIUI their free tier uses certs they obtain, but if you pay, you can provide your own cert. So if you want to use Cloudflare but don't want them obtaining certs for you, join the paying tier. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy