On Wed, Jan 10, 2018 at 01:33:20AM -0800, josh--- via dev-security-policy wrote: > * Users have the ability to upload certificates for arbitrary names without > proving domain control.
So a user can always take over the domain of an other user on those providers just by installing a (self-signed) certificate? I guess it works easiest if the other just doesn't have SSL. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
