On 2/22/17 7:30 PM, Gervase Markham wrote: > On Hacker News, Josh Aas writes: > > <snip> > > Update: Squarespace has confirmed that they did register the domain and > then released it after getting a certificate from us."
In this case, should Squarespace have requested that the certificate be revoked before releasing the domain? Is there a way to automatically detect that the domain was released? (I suspect the answer to this question is "not easily".) Would it make sense to prohibit certificate issuance during the grace period? -George _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy