[cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase domain
Ryan Sleevi
sleevi at google.com
Wed Sep 11 11:25:59 UTC 2013
On Sep 11, 2013 2:57 AM, "Gervase Markham" <gerv at mozilla.org> wrote:
>
> On 10/09/13 20:39, Eddy Nigg (StartCom Ltd.) wrote:
> > From time to time we get requests for certificates that contain possible
> > domains within the host name, for example:
> >
> > /domain.com.dom.net/
>
> I think that if a requested domain name has a public suffix somewhere
> within it other than at the end (obviously), CAs might want to flag that
> request for manual review.
>
> Certainly if "paypal" shows up as a domain component!
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
Given the number of new gTLDS being approved, many of which are common
English words, I don't feel that this 'common sense' approach actually
provides benefits.
Certainly, I'm not sure that the supposed threat being defended against
here is one that CAs can reasonably defend against, so I'm not sure why we
should suggest otherwise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130911/69ca40ac/attachment-0003.html>
More information about the Public
mailing list