On 2017-11-15 13:07, Nick Lamb wrote:
And at another extreme Mozilla could decide that Firefox, the browser, won't trust such names, and blacklist suffixes at its sole discretion, affected DNS names would simply never get treated as secure in Firefox - it would be acceptable to issue certificates but they won't make any difference for those names.
If you want to go for extreme, you could just refuse visit such domains. But I would instead try to pressure them into fixing things via IANA/ICANN. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy