According to what I??ve known,
??Acknowledgment and Acceptance: An acknowledgment and acceptance that the CA is entitled to revoke the certificate immediately if the Applicant were to violate the terms of the Subscriber or Terms of Use Agreement or if the CA discovers that the Certificate is being used to enable criminal activities such as phishing attacks, fraud, or the distribution of malware.?? (Let??s Encrypt?? CP 9.6.3) Now that a phishing site has been detected with a valid certificate, but no immediate action was taken on it. I don??t think that this is what a CA, who states to ??Support a more secure and privacy-respecting Web?? is supposed to do. Quoted from Google??s Policy, ??it would be no different than a firefighter who was not responding to fires in which people died.?? It may be difficult to sort what types of domains are high risk, but when a certificate was used in this way without being revoked, it was no difference from the Google CP??s metaphor. As an Internet user I was disappointed about that, and those in the LE?? CP above can be treated as nonsense. Nio SZU On Fri, Feb 24, 2017 at 01:12:38AM +0000, Richard Wang via dev-security-policy wrote: > >I am sure this site: https://www.microsoftonline.us.com/ is a phishing site > >and a fade office 365 site that I wish LE can revoke this cert. >Why? It works just fine over HTTP, too. >- Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy ????????iPhone _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy