On Friday, August 30, 2019 at 8:58:17 PM UTC+2, Ryan Sleevi wrote: > On Fri, Aug 30, 2019 at 11:26 AM Jeremy Rowley via dev-security-policy <
<snip> > Despite all of the writing above, I'm too lazy to copy/paste my comment > from the Let's Encrypt issue, but I would hope any CA contemplating things > should look at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652#c3 in > terms of a possible 'ideal' flow, and to share concerns or considerations > with that. Even better would be CAs that have suggestions on how best to > codify and memorialize that suggestion, if it's sensible and correct. I added a comment to the bugzilla. I think there are several ways the process can be made safe, depending on the way a CA operates and which technologies are used. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy