[cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase domain

Brian Trzupek BTrzupek at trustwave.com
Wed Sep 11 05:48:26 MST 2013


Just to add. From a CA perspective, we have a "blacklist" that contains keywords of various forms, domains of various forms, and other attributes that we run the Certs through before issuance.

The challenge I have always seen is that when a domain triggers this trap, it is flagged for manual review.

During manual review there are a few items we perform ( high risk checks, known bad offenders, etc) - but if all that passes then we go look at the site and it comes down to a human decision based on the content of that domain at that point in time. That doesn't seem too steady, but its the best we have for now.

How do others deal with this?


Sent from my iPhone

On Sep 11, 2013, at 7:40 AM, Gervase Markham <gerv at mozilla.org> wrote:

> On 11/09/13 12:25, Ryan Sleevi wrote:
>> Given the number of new gTLDS being approved, many of which are common
>> English words, I don't feel that this 'common sense' approach actually
>> provides benefits.
>
> That is true. Perhaps it would be better for a CA to check for any of
> its "high value domain list" as a substring of the requested string.
>
> I agree that CAs should not be held solely responsible here, but this
> seems like a fairly simple addition (given that they are already
> checking for equality with the high value list!) that would have
> reasonably few false positives.
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.



More information about the Public mailing list