We created this bug https://bugzilla.mozilla.org/show_bug.cgi?id=1588213
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Fri, Oct 11, 2019 at 3:14 PM Doug Beattie
wrote:
> Ryan,
>
> Are you recommending that:
> a) we need a new domain validation method that describes this, or
> b) those CAs that want to play with fire can go ahead and do that based on
> their own individual security analysis, or
> c) we need a
Ryan,
Are you recommending that:
a) we need a new domain validation method that describes this, or
b) those CAs that want to play with fire can go ahead and do that based on
their own individual security analysis, or
c) we need a clear policy/guideline in the BRs or root program that MUST be
On Fri, Oct 11, 2019 at 2:10 PM Clint Wilson wrote:
> Apologies, but this isn't entirely clear to me. I'm guessing (hoping) my
> misunderstanding centers around a difference between the Applicant fully
> delegating DNS to the CA vs the Applicant only configuring a single CNAME
> record? If the
Everything I have ever said on this thread can now be found in one article:
https://casecurity.org/2019/10/10/the-insecure-elephant-in-the-room/
This was by invitation of the CA Security Council a few months ago.
I have never worked for a CA and I have never had any reason to say anything in
I’ve replied for the record even though you say this is your last post on this
particular thread, or to me. I’m good with that as I don’t think you care about
what anything anyone says outside the browser vendor world anyway.
> On Oct 9, 2019, at 5:09 PM, Ryan Sleevi wrote:
>
>
>
> On Wed,
Hello,
I just want to add that Let's Encrypt also allows for this (at least if I
understand what you correctly)
This following is from https://letsencrypt.org/docs/challenge-types/
> Since Let’s Encrypt follows the DNS standards when looking up TXT records
for DNS-01 validation, you can use
7 matches
Mail list logo
