On May 18, 2020, at 23:58, Peter Gutmann via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > > > > This isn't snark, it's a genuine question: If the CA isn't checking that the > entity they're certifying controls the key they're certifying, aren't they > then not acting as CAs any more?
They are really only certifying that the requester can control the dns for the domain name mentioned in the certificate anyway. The same function DNSSEC provides without middle men :) Paul _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy