On Thu, Nov 03, 2016 at 02:08:04PM -0700, gerhard.tin...@gmail.com wrote: > Sadly, the shady behaviour is not with Comodo but with Cloudflare. As > cloudflare does not state anywhere that they issue certificates when SSL > and CDN features are explicitly switched off from the beginning.
They do state it: in a blog post from 2014. They appear to believe this is sufficient notice. > 1. trust issue: Cloudflare issues certificates without asking permission > or staing it in TOS or elsewhere. Doing so when in DNS-only mode appears > to me illegal. Illegal? In which jurisdiction(s)? > 2. trust issue: Cloudflare modifies the DNS entries to validate without > consent of the domain owner or account holder. Again, no mention of it in > TOS or anywheer else. So the modification is not permitted in DNS-only > mode. So go tell Cloudflare. Take your business elsewhere. There is no need to keep banging on about it on this list. Everyone here knows what Cloudflare is doing, they have their opinion of it, and as a group this list can do nothing about it. > But from the moment on when the CA (Comodo) is informed about this shady > behavior by multiple domain owners / account owners, Comodo should start > acting. As the Wikipedians say: "Citation Needed". - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
